static int GET_account(BlogRef const blog, SLNSessionRef const session, HTTPConnectionRef const conn, HTTPMethod const method, strarg_t const URI, HTTPHeadersRef const headers) {
if(HTTP_GET != method && HTTP_HEAD != method) return -1;
if(0 != uripathcmp("/account", URI, NULL)) return -1;
str_t *reponame_HTMLSafe = htmlenc(SLNRepoGetName(blog->repo));
if(!reponame_HTMLSafe) return 500;
TemplateStaticArg const args[] = {
{"reponame", reponame_HTMLSafe},
{"token", "asdf"}, // TODO
{"userlen", "32"},
{"passlen", "64"},
{NULL, NULL},
};
HTTPConnectionWriteResponse(conn, 200, "OK");
HTTPConnectionWriteHeader(conn, "Content-Type", "text/html; charset=utf-8");
HTTPConnectionWriteHeader(conn, "Transfer-Encoding", "chunked");
HTTPConnectionBeginBody(conn);
if(HTTP_HEAD != method) {
TemplateWriteHTTPChunk(blog->login, &TemplateStaticCBs, args, conn);
HTTPConnectionWriteChunkEnd(conn);
}
HTTPConnectionEnd(conn);
FREE(&reponame_HTMLSafe);
return 0;
}
static int GET_upload(BlogRef const blog, SLNSessionRef const session, HTTPConnectionRef const conn, HTTPMethod const method, strarg_t const URI, HTTPHeadersRef const headers) {
if(HTTP_GET != method) return -1;
if(0 != uripathcmp("/upload", URI, NULL)) return -1;
if(!SLNSessionHasPermission(session, SLN_WRONLY)) return 403;
str_t *reponame_HTMLSafe = htmlenc(SLNRepoGetName(blog->repo));
if(!reponame_HTMLSafe) return 500;
TemplateStaticArg const args[] = {
{"reponame", reponame_HTMLSafe},
{"token", "asdf"},
{NULL, NULL},
};
HTTPConnectionWriteResponse(conn, 200, "OK");
HTTPConnectionWriteHeader(conn, "Content-Type", "text/html; charset=utf-8");
HTTPConnectionWriteHeader(conn, "Transfer-Encoding", "chunked");
HTTPConnectionBeginBody(conn);
TemplateWriteHTTPChunk(blog->upload, &TemplateStaticCBs, args, conn);
HTTPConnectionWriteChunkEnd(conn);
HTTPConnectionEnd(conn);
FREE(&reponame_HTMLSafe);
return 0;
}
static int POST_auth(BlogRef const blog, SLNSessionRef const session, HTTPConnectionRef const conn, HTTPMethod const method, strarg_t const URI, HTTPHeadersRef const headers) {
if(HTTP_POST != method) return -1;
if(0 != uripathcmp("/auth", URI, NULL)) return -1;
// TODO: Check that Content-Type is application/x-www-form-urlencoded.
str_t formdata[AUTH_FORM_MAX];
ssize_t len = HTTPConnectionReadBodyStatic(conn, (byte_t *)formdata, sizeof(formdata)-1);
if(UV_EMSGSIZE == len) return 413; // Request Entity Too Large
if(len < 0) return 500;
formdata[len] = '\0';
SLNSessionCacheRef const cache = SLNRepoGetSessionCache(blog->repo);
static strarg_t const fields[] = {
"action-login",
"action-register",
"user",
"pass",
"token", // TODO: CSRF protection
};
str_t *values[numberof(fields)] = {};
QSValuesParse(formdata, values, fields, numberof(fields));
if(values[1]) {
QSValuesCleanup(values, numberof(values));
return 501; // TODO: Not Implemented
}
if(!values[0]) {
QSValuesCleanup(values, numberof(values));
return 400; // Not login?
}
SLNSessionRef s;
int rc = SLNSessionCacheCreateSession(cache, values[2], values[3], &s); // TODO
QSValuesCleanup(values, numberof(values));
if(rc < 0) {
HTTPConnectionSendRedirect(conn, 303, "/account?err=1");
return 0;
}
str_t *cookie = SLNSessionCopyCookie(s);
SLNSessionRelease(&s);
if(!cookie) return 500;
HTTPConnectionWriteResponse(conn, 303, "See Other");
HTTPConnectionWriteHeader(conn, "Location", "/");
HTTPConnectionWriteSetCookie(conn, cookie, "/", 60 * 60 * 24 * 365);
HTTPConnectionWriteContentLength(conn, 0);
HTTPConnectionBeginBody(conn);
HTTPConnectionEnd(conn);
FREE(&cookie);
return 0;
}
static int POST_post(BlogRef const blog,
SLNSessionRef const session,
HTTPConnectionRef const conn,
HTTPMethod const method,
strarg_t const URI,
HTTPHeadersRef const headers)
{
if(HTTP_POST != method) return -1;
if(0 != uripathcmp("/post", URI, NULL)) return -1;
// TODO: CSRF token
strarg_t const formtype = HTTPHeadersGet(headers, "content-type");
uv_buf_t boundary[1];
int rc = MultipartBoundaryFromType(formtype, boundary);
if(rc < 0) return 400;
MultipartFormRef form = NULL;
rc = MultipartFormCreate(conn, boundary, &form);
if(rc < 0) {
return 500;
}
SLNSubmissionRef sub = NULL;
SLNSubmissionRef meta = NULL;
str_t *title = NULL;
rc = parse_file(blog, session, form, &sub, &meta, &title);
if(UV_EACCES == rc) {
MultipartFormFree(&form);
return 403;
}
if(rc < 0) {
MultipartFormFree(&form);
return 500;
}
SLNSubmissionRef extra = NULL;
yajl_gen json = NULL;
str_t *target_QSEscaped = NULL;
str_t *location = NULL;
strarg_t const target = SLNSubmissionGetPrimaryURI(sub);
if(!target) rc = UV_ENOMEM;
if(rc < 0) goto cleanup;
target_QSEscaped = QSEscape(target, strlen(target), true);
if(!target_QSEscaped) rc = UV_ENOMEM;
if(rc < 0) goto cleanup;
rc = SLNSubmissionCreate(session, NULL, target, &extra);
if(rc < 0) goto cleanup;
rc = SLNSubmissionSetType(extra, SLN_META_TYPE);
if(rc < 0) goto cleanup;
SLNSubmissionWrite(extra, (byte_t const *)target, strlen(target));
SLNSubmissionWrite(extra, (byte_t const *)STR_LEN("\n\n"));
json = yajl_gen_alloc(NULL);
if(!json) rc = UV_ENOMEM;
if(rc < 0) goto cleanup;
yajl_gen_config(json, yajl_gen_print_callback, (void (*)())SLNSubmissionWrite, extra);
yajl_gen_config(json, yajl_gen_beautify, (int)true);
yajl_gen_map_open(json);
if(title) {
yajl_gen_string(json, (unsigned char const *)STR_LEN("title"));
yajl_gen_string(json, (unsigned char const *)title, strlen(title));
}
// TODO: Comment or description?
strarg_t const username = SLNSessionGetUsername(session);
if(username) {
yajl_gen_string(json, (unsigned char const *)STR_LEN("submitter-name"));
yajl_gen_string(json, (unsigned char const *)username, strlen(username));
}
strarg_t const reponame = SLNRepoGetName(blog->repo);
if(reponame) {
yajl_gen_string(json, (unsigned char const *)STR_LEN("submitter-repo"));
yajl_gen_string(json, (unsigned char const *)reponame, strlen(reponame));
}
time_t const now = time(NULL);
struct tm t[1];
gmtime_r(&now, t); // TODO: Error checking?
str_t tstr[31+1];
size_t const tlen = strftime(tstr, sizeof(tstr), "%FT%TZ", t); // ISO 8601
if(tlen) {
yajl_gen_string(json, (unsigned char const *)STR_LEN("submission-time"));
yajl_gen_string(json, (unsigned char const *)tstr, tlen);
}
yajl_gen_string(json, (unsigned char const *)STR_LEN("submission-software"));
yajl_gen_string(json, (unsigned char const *)STR_LEN("StrongLink Blog"));
str_t *fulltext = aasprintf("%s\n%s",
title ?: "",
NULL ?: ""); // TODO: Description, GNU-ism
if(fulltext) {
yajl_gen_string(json, (unsigned char const *)STR_LEN("fulltext"));
yajl_gen_string(json, (unsigned char const *)fulltext, strlen(fulltext));
}
FREE(&fulltext);
yajl_gen_map_close(json);
rc = SLNSubmissionEnd(extra);
if(rc < 0) goto cleanup;
SLNSubmissionRef subs[] = { sub, meta, extra };
rc = SLNSubmissionStoreBatch(subs, numberof(subs));
location = aasprintf("/?q=%s", target_QSEscaped);
if(!location) rc = UV_ENOMEM;
if(rc < 0) goto cleanup;
HTTPConnectionSendRedirect(conn, 303, location);
cleanup:
if(json) { yajl_gen_free(json); json = NULL; }
FREE(&title);
SLNSubmissionFree(&sub);
SLNSubmissionFree(&meta);
SLNSubmissionFree(&extra);
MultipartFormFree(&form);
FREE(&target_QSEscaped);
FREE(&location);
if(rc < 0) return 500;
return 0;
}
static int GET_query(BlogRef const blog, SLNSessionRef const session, HTTPConnectionRef const conn, HTTPMethod const method, strarg_t const URI, HTTPHeadersRef const headers) {
if(HTTP_GET != method && HTTP_HEAD != method) return -1;
strarg_t qs = NULL;
if(0 != uripathcmp("/", URI, &qs)) return -1;
if(HTTP_HEAD == method) return 501; // TODO
// TODO: This is the most complicated function in the whole program.
// It's unbearable.
str_t *query = NULL;
str_t *query_HTMLSafe = NULL;
str_t *parsed_HTMLSafe = NULL;
SLNFilterRef filter = NULL;
int rc;
static strarg_t const fields[] = {
"q",
};
str_t *values[numberof(fields)] = {};
QSValuesParse(qs, values, fields, numberof(fields));
query = values[0]; values[0] = NULL;
query_HTMLSafe = htmlenc(values[0]);
rc = SLNUserFilterParse(session, query, &filter);
QSValuesCleanup(values, numberof(values));
if(DB_EACCES == rc) {
FREE(&query);
FREE(&query_HTMLSafe);
return 403;
}
// SLNFilterPrintSexp(filter, stderr, 0); // DEBUG
if(DB_EINVAL == rc) rc = SLNFilterCreate(session, SLNVisibleFilterType, &filter);
if(rc < 0) {
FREE(&query);
FREE(&query_HTMLSafe);
return 500;
}
str_t tmp[URI_MAX]; tmp[0] = '\0'; // fmemopen shim ignores mode.
FILE *parsed = fmemopen(tmp, sizeof(tmp), "w");
if(!parsed) {
FREE(&query);
FREE(&query_HTMLSafe);
return 500;
}
SLNFilterPrintUser(filter, parsed, 0);
fclose(parsed);
tmp[sizeof(tmp)-1] = '\0'; // fmemopen(3) says this isn't guaranteed.
parsed_HTMLSafe = htmlenc(tmp);
SLNFilterPosition pos[1] = {{ .dir = -1 }};
str_t *URIs[RESULTS_MAX];
uint64_t max = numberof(URIs);
int outdir = -1;
SLNFilterParseOptions(qs, pos, &max, &outdir, NULL);
if(max < 1) max = 1;
if(max > numberof(URIs)) max = numberof(URIs);
bool const has_start = !!pos->URI;
uint64_t const t1 = uv_hrtime();
ssize_t const count = SLNFilterCopyURIs(filter, session, pos, outdir, false, URIs, (size_t)max);
SLNFilterPositionCleanup(pos);
if(count < 0) {
FREE(&query);
FREE(&query_HTMLSafe);
FREE(&parsed_HTMLSafe);
SLNFilterFree(&filter);
if(DB_NOTFOUND == count) {
// Possibly a filter age-function bug.
alogf("Invalid start parameter? %s\n", URI);
return 500;
}
alogf("Filter error: %s\n", sln_strerror(count));
return 500;
}
SLNFilterFree(&filter);
uint64_t const t2 = uv_hrtime();
str_t *reponame_HTMLSafe = htmlenc(SLNRepoGetName(blog->repo));
snprintf(tmp, sizeof(tmp), "Queried in %.6f seconds", (t2-t1) / 1e9);
str_t *querytime_HTMLSafe = htmlenc(tmp);
str_t *account_HTMLSafe;
if(0 == SLNSessionGetUserID(session)) {
account_HTMLSafe = htmlenc("Log In");
} else {
strarg_t const user = SLNSessionGetUsername(session);
snprintf(tmp, sizeof(tmp), "Account: %s", user);
account_HTMLSafe = htmlenc(tmp);
}
// TODO: Write a real function for building query strings
// Don't use ?: GNUism
// Preserve other query parameters like `dir`
str_t *query_encoded = !query ? NULL : QSEscape(query, strlen(query), true);
FREE(&query);
str_t *firstpage_HTMLSafe = NULL;
str_t *prevpage_HTMLSafe = NULL;
str_t *nextpage_HTMLSafe = NULL;
str_t *lastpage_HTMLSafe = NULL;
snprintf(tmp, sizeof(tmp), "?q=%s&start=-", query_encoded ?: "");
firstpage_HTMLSafe = htmlenc(tmp);
str_t *p = !count ? NULL : URIs[outdir > 0 ? 0 : count-1];
str_t *n = !count ? NULL : URIs[outdir > 0 ? count-1 : 0];
if(p) p = QSEscape(p, strlen(p), 1);
if(n) n = QSEscape(n, strlen(n), 1);
snprintf(tmp, sizeof(tmp), "?q=%s&start=%s", query_encoded ?: "", p ?: "");
prevpage_HTMLSafe = htmlenc(tmp);
snprintf(tmp, sizeof(tmp), "?q=%s&start=-%s", query_encoded ?: "", n ?: "");
nextpage_HTMLSafe = htmlenc(tmp);
snprintf(tmp, sizeof(tmp), "?q=%s", query_encoded ?: "");
lastpage_HTMLSafe = htmlenc(tmp);
FREE(&query_encoded);
FREE(&p);
FREE(&n);
str_t *qs_HTMLSafe = htmlenc(qs);
TemplateStaticArg const args[] = {
{"reponame", reponame_HTMLSafe},
{"querytime", querytime_HTMLSafe},
{"account", account_HTMLSafe},
{"query", query_HTMLSafe},
{"parsed", parsed_HTMLSafe},
{"firstpage", firstpage_HTMLSafe},
{"prevpage", prevpage_HTMLSafe},
{"nextpage", nextpage_HTMLSafe},
{"lastpage", lastpage_HTMLSafe},
{"qs", qs_HTMLSafe},
{NULL, NULL},
};
if(count > 0) {
HTTPConnectionWriteResponse(conn, 200, "OK");
} else {
HTTPConnectionWriteResponse(conn, 404, "Not Found");
}
HTTPConnectionWriteHeader(conn, "Content-Type", "text/html; charset=utf-8");
HTTPConnectionWriteHeader(conn, "Transfer-Encoding", "chunked");
if(0 == SLNSessionGetUserID(session)) {
HTTPConnectionWriteHeader(conn, "Cache-Control", "no-cache, public");
} else {
HTTPConnectionWriteHeader(conn, "Cache-Control", "no-cache, private");
}
HTTPConnectionBeginBody(conn);
TemplateWriteHTTPChunk(blog->header, &TemplateStaticCBs, args, conn);
if(0 == count) {
TemplateWriteHTTPChunk(blog->noresults, &TemplateStaticCBs, args, conn);
}
for(size_t i = 0; i < count; i++) {
str_t algo[SLN_ALGO_SIZE]; // SLN_INTERNAL_ALGO
str_t hash[SLN_HASH_SIZE];
SLNParseURI(URIs[i], algo, hash);
str_t *previewPath = BlogCopyPreviewPath(blog, hash);
rc = send_preview(blog, conn, session, URIs[i], previewPath);
FREE(&previewPath);
if(rc < 0) break;
}
// TODO: HACK
// Hide the pagination buttons when there are less than one full page of results.
if(count >= max || has_start) {
TemplateWriteHTTPChunk(blog->footer, &TemplateStaticCBs, args, conn);
}
FREE(&reponame_HTMLSafe);
FREE(&querytime_HTMLSafe);
FREE(&account_HTMLSafe);
FREE(&query_HTMLSafe);
FREE(&parsed_HTMLSafe);
FREE(&firstpage_HTMLSafe);
FREE(&prevpage_HTMLSafe);
FREE(&nextpage_HTMLSafe);
FREE(&lastpage_HTMLSafe);
FREE(&qs_HTMLSafe);
HTTPConnectionWriteChunkEnd(conn);
HTTPConnectionEnd(conn);
for(size_t i = 0; i < count; i++) FREE(&URIs[i]);
assert_zeroed(URIs, count);
return 0;
}
static int POST_file(SLNRepoRef const repo, SLNSessionRef const session, HTTPConnectionRef const conn, HTTPMethod const method, strarg_t const URI, HTTPHeadersRef const headers) {
if(HTTP_POST != method) return -1;
if(0 != uripathcmp("/sln/file", URI, NULL)) return -1;
return accept_sub(session, NULL, conn, headers);
}
