bool CGI::IsForbiddenToken(const std::string &key, const char *const array[], size_t size)
{
std::string c(key);
std::string k = neos_strip(&c[0]);
std::transform(k.begin(), k.end(), k.begin(), tolower);
for (size_t i = 0; i < size; ++i) {
const char *hay = array[i];
if (k.compare(hay) == 0) {
return true;
}
}
return false;
}
NEOERR* ldml_parse_file(char *dir, char *name, HASH *outhash)
{
char fname[_POSIX_PATH_MAX], *attrval = NULL;
HDF *node, *child, *dhdf;
STRING str;
NEOERR *err;
memset(fname, 0x0, sizeof(fname));
snprintf(fname, sizeof(fname), "%s/%s", dir, name);
err = hdf_init(&node);
if (err != STATUS_OK) return nerr_pass(err);
err = hdf_read_file(node, fname);
if (err != STATUS_OK) return nerr_pass(err);
child = hdf_obj_child(node);
while (child != NULL) {
mtc_dbg("parse node %s", hdf_obj_name(child));
string_init(&str);
attrval = mcs_obj_attr(child, "merge");
if (attrval) {
ULIST *list;
string_array_split(&list, attrval, ",", 10);
ITERATE_MLIST(list) {
snprintf(fname, sizeof(fname), "%s/%s",
dir, neos_strip((char*)list->items[t_rsv_i]));
err = hdf_init(&dhdf);
JUMP_NOK(err, wnext);
err = hdf_read_file(dhdf, fname);
JUMP_NOK(err, wnext);
err = hdf_copy(child, NULL, dhdf);
JUMP_NOK(err, wnext);
}
uListDestroy(&list, ULIST_FREE);
}
wnext:
string_clear(&str);
child = hdf_obj_next(child);
}
err = hash_insert(outhash, (void*)strdup(name), (void*)node);
JUMP_NOK(err, wnext);
return STATUS_OK;
}
NEOERR* session_init(CGI *cgi, HASH *dbh, session_t **ses)
{
session_t *lses;
HDF *node, *onode;
char tok[LEN_HDF_KEY], *s;
NEOERR *err;
/*
* follow cgi_parse(), to process _type_object
*/
s = hdf_get_value(cgi->hdf, PRE_QUERY"._type_object", NULL);
if (s) {
ULIST *list;
string_array_split(&list, s, ",", 50);
ITERATE_MLIST(list) {
snprintf(tok, sizeof(tok), "%s.%s",
PRE_QUERY, neos_strip((char*)list->items[t_rsv_i]));
onode = hdf_get_obj(cgi->hdf, tok);
if (onode) {
err = mjson_string_to_hdf(onode, NULL, MJSON_EXPORT_NONE);
TRACE_NOK(err);
}
}
uListDestroy(&list, ULIST_FREE);
}
*ses = NULL;
lses = calloc(1, sizeof(session_t));
if (!lses) return nerr_raise(NERR_NOMEM, "calloc memory for session_t failure");
/*
* mname
*/
HDF_FETCH_STR(cgi->hdf, PRE_COOKIE".mname", s);
if (!s) HDF_FETCH_STR(cgi->hdf, PRE_COOKIE".username", s);
if (s) lses->mname = strdup(s);
/*
* province
*/
HDF_FETCH_STR(cgi->hdf, PRE_COOKIE".province", s);
hdf_init(&lses->province);
if (s) {
neos_unescape((UINT8*)s, strlen(s), '%');
hdf_set_value(lses->province, NULL, s);
mjson_export_to_hdf(lses->province, NULL, MJSON_EXPORT_NONE, false);
}
/*
* city
*/
HDF_FETCH_STR(cgi->hdf, PRE_COOKIE".city", s);
hdf_init(&lses->city);
if (s) {
neos_unescape((UINT8*)s, strlen(s), '%');
hdf_set_value(lses->city, NULL, s);
mjson_export_to_hdf(lses->city, NULL, MJSON_EXPORT_NONE, false);
}
/*
* browser
*/
HDF_FETCH_STR(cgi->hdf, PRE_HTTP".UserAgent", s);
if (s) {
mstr_repchr(s, ' ', '\0');
for (int i = 0; i < m_browsers_size; i++) {
if (!strncasecmp(s, m_browsers[i], strlen(m_browsers[i]))) {
lses->browser = i;
break;
}
}
s = strchr(s, '/');
if (s) lses->bversion = strtof(s+1, NULL);
}
/*
* reqtype
*/
lses->reqtype = CGI_REQ_HTML;
char *uri = hdf_get_value(cgi->hdf, PRE_REQ_URI_RW, NULL);
if (!uri) {
uri = "terminal";
lses->reqtype = CGI_REQ_TERMINAL;
}
mstr_repchr(uri, '/', '_');
uri = mstr_strip(uri, '_');
if (!strncmp(uri, "json_", 5)) {
uri = uri+5;
lses->reqtype = CGI_REQ_AJAX;
} else if (!strncmp(uri, "image_", 6)) {
uri = uri+6;
lses->reqtype = CGI_REQ_IMAGE;
}
/*
* dataer, render
*/
switch (http_req_method(cgi)) {
case CGI_REQ_POST:
snprintf(tok, sizeof(tok), "%s_data_mod", uri);
break;
case CGI_REQ_PUT:
snprintf(tok, sizeof(tok), "%s_data_add", uri);
break;
case CGI_REQ_DEL:
snprintf(tok, sizeof(tok), "%s_data_del", uri);
break;
default:
case CGI_REQ_GET:
snprintf(tok, sizeof(tok), "%s_data_get", uri);
break;
}
lses->dataer = strdup(tok);
lses->render = strdup(uri);
/*
* tm_cache_browser
*/
node = hdf_get_obj(g_cfg, PRE_CFG_FILECACHE".0");
while (node != NULL) {
if (reg_search(hdf_get_value(node, "uri", "NULL"), uri)) {
lses->tm_cache_browser = hdf_get_int_value(node, "tm_cache", 0);
break;
}
node = hdf_obj_next(node);
}
/*
* DONE
*/
*ses = lses;
return STATUS_OK;
}
static NEOERR* _hdf_read_string (HDF *hdf, const char **str, STRING *line,
const char *path, int *lineno,
int include_handle)
{
NEOERR *err;
HDF *lower;
char *s;
char *name, *value;
HDF_ATTR *attr = NULL;
while (**str != '\0')
{
/* Reset string length, but don't free the reserved buffer */
line->len = 0;
err = _copy_line_advance(str, line);
if (err) return nerr_pass(err);
attr = NULL;
(*lineno)++;
s = line->buf;
SKIPWS(s);
if (!strncmp(s, "#include ", 9) && include_handle != INCLUDE_IGNORE)
{
if (include_handle == INCLUDE_ERROR)
{
return nerr_raise (NERR_PARSE,
"[%d]: #include not supported in string parse",
*lineno);
}
else if (include_handle < INCLUDE_MAX_DEPTH)
{
int l;
s += 9;
name = neos_strip(s);
l = strlen(name);
if (name[0] == '"' && name[l-1] == '"')
{
name[l-1] = '\0';
name++;
}
err = hdf_read_file_internal(hdf, name, include_handle + 1);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else
{
return nerr_raise (NERR_MAX_RECURSION,
"[%d]: Too many recursion levels.",
*lineno
);
}
}
else if (s[0] == '#')
{
/* comment: pass */
}
else if (s[0] == '}') /* up */
{
s = neos_strip(s);
if (strcmp(s, "}"))
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] Trailing garbage on line following }: %s", path, *lineno,
line->buf);
return err;
}
return STATUS_OK;
}
else if (s[0])
{
/* Valid hdf name is [0-9a-zA-Z_.]+ */
name = s;
while (*s && (isalnum(*s) || *s == '_' || *s == '.' || *(unsigned char*)s > 127)) s++;
SKIPWS(s);
if (s[0] == '[') /* attributes */
{
*s = '\0';
name = neos_strip(name);
s++;
err = parse_attr(&s, &attr);
if (err)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
SKIPWS(s);
}
if (s[0] == '=') /* assignment */
{
*s = '\0';
name = neos_strip(name);
s++;
value = neos_strip(s);
err = _set_value (hdf, name, value, 1, 1, 0, attr, NULL);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == ':' && s[1] == '=') /* copy */
{
*s = '\0';
name = neos_strip(name);
s+=2;
value = neos_strip(s);
value = hdf_get_value(hdf->top, value, "");
err = _set_value (hdf, name, value, 1, 1, 0, attr, NULL);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == ':') /* link */
{
*s = '\0';
name = neos_strip(name);
s++;
value = neos_strip(s);
err = _set_value (hdf, name, value, 1, 1, 1, attr, NULL);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == '{') /* deeper */
{
*s = '\0';
name = neos_strip(name);
lower = hdf_get_obj (hdf, name);
if (lower == NULL)
{
err = _set_value (hdf, name, NULL, 1, 1, 0, attr, &lower);
}
else
{
err = _set_value (lower, NULL, lower->value, 1, 1, 0, attr, NULL);
}
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
err = _hdf_read_string (lower, str, line, path, lineno, include_handle);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == '<' && s[1] == '<') /* multi-line assignment */
{
char *m;
int msize = 0;
int mmax = 128;
int l;
*s = '\0';
name = neos_strip(name);
s+=2;
value = neos_strip(s);
l = strlen(value);
if (l == 0)
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] No multi-assignment terminator given: %s", path, *lineno,
line->buf);
return err;
}
m = (char *) malloc (mmax * sizeof(char));
if (m == NULL)
{
return nerr_raise(NERR_NOMEM,
"[%s:%d] Unable to allocate memory for multi-line assignment to %s",
path, *lineno, name);
}
while (_copy_line (str, m+msize, mmax-msize) != 0)
{
(*lineno)++;
if (!strncmp(value, m+msize, l) && isspace(m[msize+l]))
{
m[msize] = '\0';
break;
}
msize += strlen(m+msize);
if (msize + l + 10 > mmax)
{
void *new_ptr;
mmax += 128;
new_ptr = realloc (m, mmax * sizeof(char));
if (new_ptr == NULL)
{
free(m);
return nerr_raise(NERR_NOMEM,
"[%s:%d] Unable to allocate memory for multi-line assignment to %s: size=%d",
path, *lineno, name, mmax);
}
m = (char *) new_ptr;
}
}
err = _set_value (hdf, name, m, 0, 1, 0, attr, NULL);
if (err != STATUS_OK)
{
free (m);
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else
{
err = nerr_raise(NERR_PARSE, "[%s:%d] Unable to parse line %s", path,
*lineno, line->buf);
return err;
}
}
}
return STATUS_OK;
}
NEOERR* ltpl_parse_file(HASH *dbh, HASH *evth,
void *lib, char *dir, char *name, HASH *outhash)
{
char *tp = NULL, *tpl = NULL, *val = NULL;
HDF *node = NULL, *dhdf = NULL, *child = NULL, *thdf = NULL;
CSPARSE *cs = NULL;
STRING str;
char fname[_POSIX_PATH_MAX], tok[64], *outfile;
NEOERR* (*data_handler)(HDF *hdf, HASH *dbh, HASH *evth);
NEOERR *err;
memset(fname, 0x0, sizeof(fname));
snprintf(fname, sizeof(fname), "%s/%s", dir, name);
err = hdf_init(&node);
if (err != STATUS_OK) return nerr_pass(err);
err = hdf_read_file(node, fname);
if (err != STATUS_OK) return nerr_pass(err);
child = hdf_obj_child(node);
while (child != NULL) {
mtc_dbg("parse node %s", hdf_obj_name(child));
string_init(&str);
val = mcs_obj_attr(child, "merge");
if (val) {
ULIST *list;
string_array_split(&list, val, ",", 10);
ITERATE_MLIST(list) {
snprintf(fname, sizeof(fname), "%s/%s",
dir, neos_strip((char*)list->items[t_rsv_i]));
err = hdf_init(&dhdf);
JUMP_NOK(err, wnext);
err = hdf_read_file(dhdf, fname);
JUMP_NOK(err, wnext);
err = hdf_copy(child, NULL, dhdf);
JUMP_NOK(err, wnext);
}
uListDestroy(&list, ULIST_FREE);
}
/*
* can't use dataset directly, because we'll destroy the whole node
*/
err = hdf_init(&dhdf);
JUMP_NOK(err, wnext);
err = hdf_get_node(child, PRE_CFG_DATASET, &thdf);
JUMP_NOK(err, wnext);
err = hdf_copy(dhdf, NULL, thdf);
JUMP_NOK(err, wnext);
err = cs_init(&cs, dhdf);
JUMP_NOK(err, wnext);
hdf_set_value(cs->hdf, "hdf.loadpaths.tpl", PATH_TPL);
hdf_set_value(cs->hdf, "hdf.loadpaths.local", dir);
err = cgi_register_strfuncs(cs);
JUMP_NOK(err, wnext);
err = mcs_register_bitop_functions(cs);
JUMP_NOK(err, wnext);
err = mcs_register_mkd_functions(cs);
JUMP_NOK(err, wnext);
err = mcs_register_string_uslice(cs);
JUMP_NOK(err, wnext);
tpl = hdf_get_value(child, PRE_CFG_LAYOUT, "null.html");
snprintf(fname, sizeof(fname), "%s/%s", PATH_TPL, tpl);
err = cs_parse_file(cs, fname);
JUMP_NOK(err, wnext);
if (outhash != NULL) {
/*
* store template for rend stage use
*/
hdf_set_value(cs->hdf, PRE_RESERVE"."PRE_CFG_LAYOUT, tpl);
/*
* strdup the key, baby, because we'll free the hdf later
*/
err = hash_insert(outhash, (void*)strdup(hdf_obj_name(child)), (void*)cs);
JUMP_NOK(err, wnext);
snprintf(tok, sizeof(tok), "%s_hdf", hdf_obj_name(child));
err = hash_insert(outhash, (void*)strdup(tok), (void*)cs->hdf);
JUMP_NOK(err, wnext);
}
if ((outfile = hdf_get_value(child, PRE_CFG_OUTPUT, NULL)) != NULL) {
ltpl_prepare_rend(cs->hdf, tpl);
/*
* get_data
*/
val = hdf_get_value(child, PRE_CFG_DATAER, NULL);
if (val != NULL && lib) {
data_handler = dlsym(lib, val);
if( (tp = dlerror()) != NULL) {
mtc_err("%s", tp);
//continue;
} else {
err = (*data_handler)(cs->hdf, dbh, evth);
TRACE_NOK(err);
}
}
err = cs_render(cs, &str, mcs_strcb);
JUMP_NOK(err, wnext);
/*
* produce output filename
*/
val = mcs_hdf_attr(child, PRE_CFG_OUTPUT, "ftime");
if (val) {
char tm[LEN_TM];
mutil_getdatetime(tm, sizeof(tm), val, 0);
outfile = mstr_repstr(1, outfile, "$ftime$", tm);
}
snprintf(fname, sizeof(fname), PATH_DOC"%s", outfile);
/*
* output file
*/
err = mfile_makesure_dir(fname);
JUMP_NOK(err, wnext);
err = mcs_str2file(str, fname);
JUMP_NOK(err, wnext);
#ifdef DEBUG_HDF
snprintf(fname, sizeof(fname), "%s/hdf.%s",
TC_ROOT, hdf_obj_name(child));
hdf_write_file(child, fname);
#endif
}
wnext:
if (cs != NULL && outhash == NULL)
cs_destroy(&cs);
string_clear(&str);
child = hdf_obj_next(child);
}
if (node != NULL) hdf_destroy(&node);
return STATUS_OK;
}
static NEOERR* _hdf_read_string (HDF *hdf, const char **str, STRING *line,
const char *path, int *lineno,
int include_handle, int expect_end_brace) {
NEOERR *err;
HDF *lower;
char *s;
char *name, *value;
HDF_ATTR *attr = NULL;
while (**str != '\0')
{
/* Reset string length, but don't free the reserved buffer */
line->len = 0;
err = _copy_line_advance(str, line);
if (err) return nerr_pass(err);
attr = NULL;
(*lineno)++;
s = line->buf;
SKIPWS(s);
if ((!strncmp(s, "#include ", 9) || !strncmp(s, "-include ", 9)) && include_handle != INCLUDE_IGNORE)
{
int required = !strncmp(s, "#include ", 9);
if (include_handle == INCLUDE_ERROR)
{
return nerr_raise (NERR_PARSE,
"[%d]: #include not supported in string parse",
*lineno);
}
else if (include_handle < INCLUDE_MAX_DEPTH)
{
int l;
s += 9;
name = neos_strip(s);
l = strlen(name);
if (name[0] == '"' && name[l-1] == '"')
{
name[l-1] = '\0';
name++;
}
char fullpath[PATH_MAX];
if (name[0] != '/') {
memset(fullpath, 0, PATH_MAX);
char *p = strrchr(path, '/');
if (p == NULL) {
char pwd[PATH_MAX];
memset(pwd, 0, PATH_MAX);
getcwd(pwd, PATH_MAX);
snprintf(fullpath, PATH_MAX, "%s/%s", pwd, name);
} else {
int dir_len = p - path + 1;
snprintf(fullpath, PATH_MAX, "%s", path);
snprintf(fullpath + dir_len, PATH_MAX - dir_len, "%s", name);
}
name = fullpath;
}
err = hdf_read_file_internal(hdf, name, include_handle + 1);
if (err != STATUS_OK && required)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else {
return nerr_raise (NERR_MAX_RECURSION,
"[%d]: Too many recursion levels.",
*lineno
);
}
}
else if (s[0] == '#')
{
/* comment: pass */
}
else if (s[0] == '}') /* up */
{
s = neos_strip(s);
if (strcmp(s, "}"))
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] Trailing garbage on line following }: %s", path, *lineno,
line->buf);
return err;
}
return STATUS_OK;
}
else if (s[0])
{
/* Valid hdf name is [0-9a-zA-Z_.]+ */
int splice = *s == '@';
if (splice) s++;
name = s;
while (*s && (isalnum(*s) || *s == '_' || *s == '.' || *s == '*')) s++;
SKIPWS(s);
char num[16];
static int counter = 0;
if (*name == '*') {
snprintf(num, sizeof(num), "%d", counter++);
name = num;
}
if (s[0] == '[') /* attributes */
{
*s = '\0';
name = neos_strip(name);
s++;
err = parse_attr(&s, &attr);
if (err)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
SKIPWS(s);
}
if (splice) {
name = neos_strip(name);
HDF *h = hdf_get_obj(hdf->top, name);
if (h) {
HDF *c = hdf_obj_child(h);
while (c) {
err = hdf_copy (hdf, hdf_obj_name(c), c);
if (err != STATUS_OK) break;
c = hdf_obj_next(c);
}
}
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
} else if (s[0] == '=') /* assignment */
{
*s = '\0';
name = neos_strip(name);
s++;
value = neos_strip(s);
err = _set_value (hdf, name, value, 1, 1, 0, attr, NULL);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == ':' && s[1] == '=') /* copy */
{
*s = '\0';
name = neos_strip(name);
s+=2;
value = neos_strip(s);
HDF *h = hdf_get_obj(hdf->top, value);
if (!h)
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] Failed to copy a node that is not loaded "
"yet: %s", path, *lineno, value);
return err;
}
err = hdf_copy(hdf, name, h);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == '!' && s[1] == '=') /* exec */
{
*s = '\0';
name = neos_strip(name);
s+=2;
value = neos_strip(s);
FILE *f = popen(value, "r");
if (f == NULL)
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] Failed to exec specified command: %s",
path, *lineno, line->buf);
return err;
}
char *content = _read_file(f);
fclose(f);
int len = strlen(content);
if (len > 0 && content[len - 1] == '\n') {
content[len - 1] = '\0'; // remove \n artifact
}
err = _set_value (hdf, name, content, 1, 1, 0, attr, NULL);
free(content);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == ':') /* link */
{
*s = '\0';
name = neos_strip(name);
s++;
value = neos_strip(s);
err = _set_value (hdf, name, value, 1, 1, 1, attr, NULL);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == '{') /* deeper */
{
*s = '\0';
name = neos_strip(name);
lower = hdf_get_obj (hdf, name);
if (lower == NULL)
{
err = _set_value (hdf, name, NULL, 1, 1, 0, attr, &lower);
}
else
{
err = _set_value (lower, NULL, lower->value, 1, 1, 0, attr, NULL);
}
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
err = _hdf_read_string (lower, str, line, path, lineno, include_handle,
1);
if (err != STATUS_OK)
{
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else if (s[0] == '<' && s[1] == '<') /* multi-line assignment */
{
char *m;
int msize = 0;
int mmax = 128;
int l;
*s = '\0';
name = neos_strip(name);
s+=2;
value = neos_strip(s);
l = strlen(value);
if (l == 0)
{
err = nerr_raise(NERR_PARSE,
"[%s:%d] No multi-assignment terminator given: %s", path, *lineno,
line->buf);
return err;
}
m = (char *) malloc (mmax * sizeof(char));
if (m == NULL)
{
return nerr_raise(NERR_NOMEM,
"[%s:%d] Unable to allocate memory for multi-line assignment to %s",
path, *lineno, name);
}
while (_copy_line (str, m+msize, mmax-msize) != 0)
{
(*lineno)++;
if (!strncmp(value, m+msize, l) && isspace(m[msize+l]))
{
m[msize] = '\0';
break;
}
msize += strlen(m+msize);
if (msize + l + 10 > mmax)
{
void *new_ptr;
mmax += 128;
new_ptr = realloc (m, mmax * sizeof(char));
if (new_ptr == NULL)
{
free(m);
return nerr_raise(NERR_NOMEM,
"[%s:%d] Unable to allocate memory for multi-line assignment to %s: size=%d",
path, *lineno, name, mmax);
}
m = (char *) new_ptr;
}
}
err = _set_value (hdf, name, m, 0, 1, 0, attr, NULL);
if (err != STATUS_OK)
{
free (m);
return nerr_pass_ctx(err, "In file %s:%d", path, *lineno);
}
}
else
{
err = nerr_raise(NERR_PARSE, "[%s:%d] Unable to parse line %s", path,
*lineno, line->buf);
return err;
}
}
}
if (expect_end_brace) {
err = nerr_raise(NERR_PARSE, "[%s:%d] Missing matching }", path, *lineno);
return err;
}
return STATUS_OK;
}