[chopwood] / cgi.py

### -*-python-*-
###
### CGI machinery
###
### (c) 2013 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of Chopwood: a password-changing service.
###
### Chopwood is free software; you can redistribute it and/or modify
### it under the terms of the GNU Affero General Public License as
### published by the Free Software Foundation; either version 3 of the
### License, or (at your option) any later version.
###
### Chopwood is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU Affero General Public License for more details.
###
### You should have received a copy of the GNU Affero General Public
### License along with Chopwood; if not, see
### <http://www.gnu.org/licenses/>.

from __future__ import with_statement

import contextlib as CTX
import os as OS; ENV = OS.environ
import re as RX
import sys as SYS
import time as T
import traceback as TB

from auto import HOME, PACKAGE, VERSION
import config as CONF; CFG = CONF.CFG
import format as F
import output as O; OUT = O.OUT; PRINT = O.PRINT
import subcommand as SC
import util as U

###--------------------------------------------------------------------------
### Configuration tweaks.

_script_name = ENV.get('SCRIPT_NAME', '/cgi-bin/chpwd')

CONF.DEFAULTS.update(

  ## The URL of this program, when it's run through CGI.
  SCRIPT_NAME = _script_name,

  ## A (maybe relative) URL for static content.  By default this comes from
  ## the main script, but we hope that user agents cache it.
  STATIC = _script_name + '/static')

###--------------------------------------------------------------------------
### Escaping and encoding.

## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
R_HTMLBAD = RX.compile('[&<>]')

def urldecode(s):
  """Decode a single form-url-encoded string S."""
  return R_URLESC.sub(lambda m: chr(int(m.group(1), 16)),
                      s.replace('+', ' '))
  return s

def urlencode(s):
  """Encode a single string S using form-url-encoding."""
  return R_URLBAD.sub(lambda m: '%%%02x' % ord(m.group(0)), s)

def htmlescape(s):
  """Escape a literal string S so that HTML doesn't misinterpret it."""
  return R_HTMLBAD.sub(lambda m: '&#x%02x;' % ord(m.group(0)), s)

## Some standard character sequences, and HTML entity names for prettier
## versions.
_quotify = U.StringSubst({
  "`": '&lsquo;',
  "'": '&rsquo;',
  "``": '&ldquo;',
  "''": '&rdquo;',
  "--": '&ndash;',
  "---": '&mdash;'
})
def html_quotify(s):
  """Return a pretty HTML version of S."""
  return _quotify(htmlescape(s))

###--------------------------------------------------------------------------
### Output machinery.

class HTTPOutput (O.FileOutput):
  """
  Output driver providing an automatic HTTP header.

  The `headerp' attribute is true if we've written a header.  The `header'
  method will print a custom header if this is wanted.
  """

  def __init__(me, *args, **kw):
    """Constructor: initialize `headerp' flag."""
    super(HTTPOutput, me).__init__(*args, **kw)
    me.headerp = False

  def write(me, msg):
    """Output protocol: print a header if we've not written one already."""
    if not me.headerp: me.header('text/plain')
    super(HTTPOutput, me).write(msg)

  def header(me, content_type = 'text/plain', **kw):
    """
    Print a header, if none has yet been printed.

    Keyword arguments can be passed to emit HTTP headers: see `http_header'
    for the formatting rules.
    """
    if me.headerp: return
    me.headerp = True
    for h in O.http_headers(content_type = content_type, **kw):
      me.writeln(h)
    me.writeln('')

def cookie(name, value, **kw):
  """
  Return a HTTP `Set-Cookie' header.

  The NAME and VALUE give the name and value of the cookie; both are
  form-url-encoded to prevent misinterpretation (fortunately, `cgiparse'
  knows to undo this transformation).  The KW are other attributes to
  declare: the names are forced to lower-case and underscores `_' are
  replaced by hyphens `-'; a `True' value is assumed to indicate that the
  attribute is boolean, and omitted.
  """
  attr = {}
  for k, v in kw.iteritems():
    k = '-'.join(i.lower() for i in k.split('_'))
    attr[k] = v
  try: maxage = int(attr['max-age'])
  except KeyError: pass
  else:
    attr['expires'] = T.strftime('%a, %d %b %Y %H:%M:%S GMT',
                                 T.gmtime(U.NOW + maxage))
  return '; '.join(['%s=%s' % (urlencode(name), urlencode(value))] +
                   [v is not True and '%s=%s' % (k, v) or k
                    for k, v in attr.iteritems()])

def action(*v, **kw):
  """
  Build a URL invoking this script.

  The positional arguments V are used to construct a path which is appended
  to the (deduced or configured) script name (and presumably will be read
  back as `PATH_INFO').  The keyword arguments are (form-url-encoded and)
  appended as a query string, if present.
  """
  url = '/'.join([CFG.SCRIPT_NAME] + list(v))
  if kw:
    url += '?' + ';'.join('%s=%s' % (urlencode(k), urlencode(kw[k]))
                          for k in sorted(kw))
  return htmlescape(url)

def static(name):
  """Build a URL for the static file NAME."""
  return htmlescape(CFG.STATIC + '/' + name)

def redirect(where, **kw):
  """
  Write a complete redirection to some other URL.
  """
  OUT.header(content_type = 'text/html',
             status = 302, location = where,
             **kw)
  PRINT("""\
<html>
<head><title>No, sorry, it's moved again.</title></head>
<body><p>I'm <a href="%s">over here</a> now.<body>
</html>""" % htmlescape(where))

###--------------------------------------------------------------------------
### Templates.

## Where we find our templates.
TMPLDIR = HOME

## Keyword arguments for templates.
STATE = U.Fluid()
STATE.kw = {}

## Set some basic keyword arguments.
@CONF.hook
def set_template_keywords():
  STATE.kw.update(
    package = PACKAGE,
    version = VERSION,
    script = CFG.SCRIPT_NAME,
    static = CFG.STATIC)

class TemplateFinder (object):
  """
  A magical fake dictionary whose keys are templates.
  """
  def __init__(me, dir):
    me._cache = {}
    me._dir = dir
  def __getitem__(me, key):
    try: return me._cache[key]
    except KeyError: pass
    with open(OS.path.join(me._dir, key)) as f: tmpl = f.read()
    me._cache[key] = tmpl
    return tmpl
TMPL = TemplateFinder(TMPLDIR)

@CTX.contextmanager
def tmplkw(**kw):
  """
  Context manager: execute the body with additional keyword arguments
  """
  d = dict()
  d.update(STATE.kw)
  d.update(kw)
  with STATE.bind(kw = d): yield

FORMATOPS = {}

class FormatHTML (F.SimpleFormatOperation):
  """
  ~H: escape output suitable for inclusion in HTML.

  With `:', instead apply form-urlencoding.
  """
  def _convert(me, arg):
    if me.colonp: return html_quotify(arg)
    else: return htmlescape(arg)
FORMATOPS['H'] = FormatHTML

def format_tmpl(control, **kw):
  with F.COMPILE.bind(opmaps = [FORMATOPS, F.BASEOPS]):
    with tmplkw(**kw):
      F.format(OUT, control, **STATE.kw)

def page(template, header = {}, title = 'Chopwood', **kw):
  header = dict(header, content_type = 'text/html')
  OUT.header(**header)
  format_tmpl(TMPL['wrapper.fhtml'],
              title = title, payload = TMPL[template], **kw)

###--------------------------------------------------------------------------
### Error reporting.

@CTX.contextmanager
def cgi_errors(hook = None):
  """
  Context manager: report errors in the body as useful HTML.

  If HOOK is given, then call it before reporting errors.  It may have set up
  useful stuff.
  """
  try:
    yield None
  except Exception, e:
    if hook: hook()
    if isinstance(e, U.ExpectedError) and not OUT.headerp:
      page('error.fhtml',
           headers = dict(status = e.code),
           title = 'Chopwood: error', error = e)
    else:
      exty, exval, extb = SYS.exc_info()
      with tmplkw(exception = TB.format_exception_only(exty, exval),
                  traceback = TB.extract_tb(extb),
                  PARAM = sorted(PARAM),
                  COOKIE = sorted(COOKIE.items()),
                  PATH = PATH,
                  ENV = sorted(ENV.items())):
        if OUT.headerp:
          format_tmpl(TMPL['exception.fhtml'], toplevel = False)
        else:
          page('exception.fhtml',
               headers = dict(status = 500),
               title = 'Chopwood: internal error',
               toplevel = True)

###--------------------------------------------------------------------------
### CGI input.

## Lots of global variables to be filled in by `cgiparse'.
COOKIE = {}
SPECIAL = {}
PARAM = []
PARAMDICT = {}
PATH = []

## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
R_CSPLIT = RX.compile(';')

def split_keyvalue(string, delim, default):
  """
  Split a STRING, and generate the resulting KEY=VALUE pairs.

  The string is split at DELIM; the components are parsed into KEY[=VALUE]
  pairs.  The KEYs and VALUEs are stripped of leading and trailing
  whitespace, and form-url-decoded.  If the VALUE is omitted, then the
  DEFAULT is used unless the DEFAULT is `None' in which case the component is
  simply ignored.
  """
  for kv in delim.split(string):
    try:
      k, v = kv.split('=', 1)
    except ValueError:
      if default is None: continue
      else: k, v = kv, default
    k, v = k.strip(), v.strip()
    if not k: continue
    k, v = urldecode(k), urldecode(v)
    yield k, v

def cgiparse():
  """
  Process all of the various exciting CGI environment variables.

  We read environment variables and populate some tables left in global
  variables: it's all rather old-school.  Variables set are as follows.

  `COOKIE'
        A dictionary mapping cookie names to the values provided by the user
        agent.

  `SPECIAL'
        A dictionary holding some special query parameters which are of
        interest at a global level, and should not be passed to a subcommand
        handler.  No new entries will be added to this dictionary, though
        values will be modified to reflect the query parameters discovered.
        Conventionally, such parameters have names beginning with `%'.

  `PARAM'
        The query parameters as a list of (KEY, VALUE) pairs.  Special
        parameters are omitted.

  `PARAMDICT'
        The query parameters as a dictionary.  Special parameters, and
        parameters which appear more than once, are omitted.

  `PATH'
        The trailing `PATH_INFO' path, split at `/' markers, with any
        trailing empty component removed.
  """

  def getenv(var):
    try: return ENV[var]
    except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)

  ## Yes, we want the request method.
  method = getenv('REQUEST_METHOD')

  ## Acquire the query string.
  if method == 'GET':
    q = getenv('QUERY_STRING')

  elif method == 'POST':

    ## We must read the query string from stdin.
    n = getenv('CONTENT_LENGTH')
    if not n.isdigit():
      raise U.ExpectedError, (500, "Invalid CONTENT_LENGTH")
    n = int(n, 10)
    if getenv('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
      raise U.ExpectedError, (500, "Unexpected content type `%s'" % ct)
    q = SYS.stdin.read(n)
    if len(q) != n:
      raise U.ExpectedError, (500, "Failed to read correct length")

  else:
    raise U.ExpectedError, (500, "Unexpected request method `%s'" % method)

  ## Populate the `SPECIAL', `PARAM' and `PARAMDICT' tables.
  seen = set()
  for k, v in split_keyvalue(q, R_QSPLIT, 't'):
    if k in SPECIAL:
      SPECIAL[k] = v
    else:
      PARAM.append((k, v))
      if k in seen:
        del PARAMDICT[k]
      else:
        PARAMDICT[k] = v
        seen.add(k)

  ## Parse out the cookies, if any.
  try: c = ENV['HTTP_COOKIE']
  except KeyError: pass
  else:
    for k, v in split_keyvalue(c, R_CSPLIT, None): COOKIE[k] = v

  ## Set up the `PATH'.
  try: p = ENV['PATH_INFO']
  except KeyError: pass
  else:
    pp = p.lstrip('/').split('/')
    if pp and not pp[-1]: pp.pop()
    PATH[:] = pp

###--------------------------------------------------------------------------
### CGI subcommands.

class Subcommand (SC.Subcommand):
  """
  A CGI subcommand object.

  As for `subcommand.Subcommand', but with additional protocol for processing
  CGI parameters.
  """

  def cgi(me, param, path):
    """
    Invoke the subcommand given a collection of CGI parameters.

    PARAM is a list of (KEY, VALUE) pairs from the CGI query.  The CGI query
    parameters are checked against the subcommand's parameters (making sure
    that mandatory parameters are supplied, that any switches are given
    boolean values, and that only the `rest' parameter, if any, is
    duplicated).

    PATH is a list of trailing path components.  They are used to satisfy the
    `rest' parameter if there is one and there are no query parameters which
    satisfy the `rest' parameter; otherwise, an `ExpectedError' is raised if
    the list of path elements is non-empty.
    """

    ## We're going to make a pass over the supplied parameters, and we'll
    ## check them off against the formal parameters as we go; so we'll need
    ## to be able to look them up.  We'll also keep track of the ones we've
    ## seen so that we can make sure that all of the mandatory parameters
    ## were actually supplied.
    ##
    ## To that end: `want' is a dictionary mapping parameter names to
    ## functions which will do something useful with the value; `seen' is a
    ## set of the parameters which have been assigned; and `kw' is going to
    ## be the keyword-argument dictionary we pass to the handler function.
    want = {}
    kw = {}

    def set_value(k, v):
      """Set a simple value: we shouldn't see multiple values."""
      if k in kw:
        raise U.ExpectedError, (400, "Repeated parameter `%s'" % k)
      kw[k] = v
    def set_bool(k, v):
      """Set a simple boolean value: for switches."""
      set_value(k, v.lower() in ['true', 't', 'yes', 'y'])
    def set_list(k, v):
      """Append the value to a list: for the `rest' parameter."""
      kw.setdefault(k, []).append(v)

    ## Set up the `want' map.
    for o in me.opts:
      if o.argname: want[o.name] = set_value
      else: want[o.name] = set_bool
    for p in me.params: want[p.name] = set_value
    for p in me.oparams: want[p.name] = set_value
    if me.rparam: want[me.rparam.name] = set_list

    ## Work through the list of supplied parameters.
    for k, v in param:
      try:
        f = want[k]
      except KeyError:
        if v:
          raise U.ExpectedError, (400, "Unexpected parameter `%s'" % k)
      else:
        f(k, v)

    ## Deal with a path, if there is one.
    if path:
      if me.rparam and me.rparam.name not in kw:
        kw[me.rparam.name] = path
      else:
        raise U.ExpectedError, (404, "Superfluous path elements")

    ## Make sure we saw all of the mandatory parameters.
    for p in me.params:
      if p.name not in kw:
        raise U.ExpectedError, (400, "Missing parameter `%s'" % p.name)

    ## Invoke the subcommand.
    me.func(**kw)

def subcommand(name, contexts, desc, cls = Subcommand, *args, **kw):
  """Decorator for defining CGI subcommands."""
  return SC.subcommand(name, contexts, desc, cls = cls, *args, **kw)

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
a2916c06 MW	1	### --python--
	2	###
	3	### CGI machinery
	4	###
	5	### (c) 2013 Mark Wooding
	6	###
	7
	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This file is part of Chopwood: a password-changing service.
	11	###
	12	### Chopwood is free software; you can redistribute it and/or modify
	13	### it under the terms of the GNU Affero General Public License as
	14	### published by the Free Software Foundation; either version 3 of the
	15	### License, or (at your option) any later version.
	16	###
	17	### Chopwood is distributed in the hope that it will be useful,
	18	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	### GNU Affero General Public License for more details.
	21	###
	22	### You should have received a copy of the GNU Affero General Public
	23	### License along with Chopwood; if not, see
	24	### <http://www.gnu.org/licenses/>.
	25
	26	from __future__ import with_statement
	27
	28	import contextlib as CTX
	29	import os as OS; ENV = OS.environ
	30	import re as RX
	31	import sys as SYS
	32	import time as T
	33	import traceback as TB
	34
	35	from auto import HOME, PACKAGE, VERSION
	36	import config as CONF; CFG = CONF.CFG
	37	import format as F
	38	import output as O; OUT = O.OUT; PRINT = O.PRINT
	39	import subcommand as SC
	40	import util as U
	41
	42	###--------------------------------------------------------------------------
	43	### Configuration tweaks.
	44
	45	_script_name = ENV.get('SCRIPT_NAME', '/cgi-bin/chpwd')
	46
	47	CONF.DEFAULTS.update(
	48
	49	## The URL of this program, when it's run through CGI.
	50	SCRIPT_NAME = _script_name,
	51
	52	## A (maybe relative) URL for static content. By default this comes from
	53	## the main script, but we hope that user agents cache it.
	54	STATIC = _script_name + '/static')
	55
	56	###--------------------------------------------------------------------------
	57	### Escaping and encoding.
	58
	59	## Some handy regular expressions.
	60	R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
	61	R_URLBAD = RX.compile('[^-\\w,.!]')
	62	R_HTMLBAD = RX.compile('[&<>]')
	63
	64	def urldecode(s):
65	"""Decode a single form-url-encoded string S."""
66	return R_URLESC.sub(lambda m: chr(int(m.group(1), 16)),
67	s.replace('+', ' '))
68	return s
69
70	def urlencode(s):
71	"""Encode a single string S using form-url-encoding."""
72	return R_URLBAD.sub(lambda m: '%%%02x' % ord(m.group(0)), s)
73
74	def htmlescape(s):
75	"""Escape a literal string S so that HTML doesn't misinterpret it."""
76	return R_HTMLBAD.sub(lambda m: '&#x%02x;' % ord(m.group(0)), s)
77
78	## Some standard character sequences, and HTML entity names for prettier
79	## versions.
80	_quotify = U.StringSubst({
81	"`": '‘',
82	"'": '’',
83	"``": '“',
84	"''": '”',
85	"--": '–',
86	"---": '—'
87	})
88	def html_quotify(s):
89	"""Return a pretty HTML version of S."""
90	return _quotify(htmlescape(s))
91
92	###--------------------------------------------------------------------------
93	### Output machinery.
94
95	class HTTPOutput (O.FileOutput):
96	"""
97	Output driver providing an automatic HTTP header.
98
99	The `headerp' attribute is true if we've written a header. The `header'
100	method will print a custom header if this is wanted.
101	"""
102
103	def __init__(me, args, *kw):
104	"""Constructor: initialize `headerp' flag."""
105	super(HTTPOutput, me).__init__(args, *kw)
106	me.headerp = False
107
108	def write(me, msg):
109	"""Output protocol: print a header if we've not written one already."""
110	if not me.headerp: me.header('text/plain')
111	super(HTTPOutput, me).write(msg)
112
113	def header(me, content_type = 'text/plain', **kw):
114	"""
115	Print a header, if none has yet been printed.
116
117	Keyword arguments can be passed to emit HTTP headers: see `http_header'
118	for the formatting rules.
119	"""
120	if me.headerp: return
121	me.headerp = True
122	for h in O.http_headers(content_type = content_type, **kw):
123	me.writeln(h)
124	me.writeln('')
125
126	def cookie(name, value, **kw):
127	"""
128	Return a HTTP `Set-Cookie' header.
129
130	The NAME and VALUE give the name and value of the cookie; both are
131	form-url-encoded to prevent misinterpretation (fortunately, `cgiparse'
132	knows to undo this transformation). The KW are other attributes to
133	declare: the names are forced to lower-case and underscores `_' are
134	replaced by hyphens `-'; a `True' value is assumed to indicate that the
135	attribute is boolean, and omitted.
136	"""
137	attr = {}
138	for k, v in kw.iteritems():
139	k = '-'.join(i.lower() for i in k.split('_'))
140	attr[k] = v
141	try: maxage = int(attr['max-age'])
142	except KeyError: pass
143	else:
144	attr['expires'] = T.strftime('%a, %d %b %Y %H:%M:%S GMT',
145	T.gmtime(U.NOW + maxage))
146	return '; '.join(['%s=%s' % (urlencode(name), urlencode(value))] +
147	[v is not True and '%s=%s' % (k, v) or k
148	for k, v in attr.iteritems()])
149
150	def action(v, *kw):
151	"""
152	Build a URL invoking this script.
153
154	The positional arguments V are used to construct a path which is appended
155	to the (deduced or configured) script name (and presumably will be read
156	back as `PATH_INFO'). The keyword arguments are (form-url-encoded and)
157	appended as a query string, if present.
158	"""
159	url = '/'.join([CFG.SCRIPT_NAME] + list(v))
160	if kw:
161	url += '?' + ';'.join('%s=%s' % (urlencode(k), urlencode(kw[k]))
162	for k in sorted(kw))
163	return htmlescape(url)
164
165	def static(name):
166	"""Build a URL for the static file NAME."""
167	return htmlescape(CFG.STATIC + '/' + name)
168
a2916c06 MW	169	def redirect(where, **kw):
	170	"""
	171	Write a complete redirection to some other URL.
	172	"""
	173	OUT.header(content_type = 'text/html',
	174	status = 302, location = where,
	175	**kw)
	176	PRINT("""\
	177	<html>
	178	<head><title>No, sorry, it's moved again.</title></head>
	179	<body><p>I'm <a href="%s">over here</a> now.<body>
	180	</html>""" % htmlescape(where))
	181
	182	###--------------------------------------------------------------------------
	183	### Templates.
	184
	185	## Where we find our templates.
	186	TMPLDIR = HOME
	187
	188	## Keyword arguments for templates.
	189	STATE = U.Fluid()
	190	STATE.kw = {}
	191
	192	## Set some basic keyword arguments.
	193	@CONF.hook
	194	def set_template_keywords():
	195	STATE.kw.update(
	196	package = PACKAGE,
	197	version = VERSION,
	198	script = CFG.SCRIPT_NAME,
	199	static = CFG.STATIC)
	200
	201	class TemplateFinder (object):
	202	"""
	203	A magical fake dictionary whose keys are templates.
	204	"""
	205	def __init__(me, dir):
	206	me._cache = {}
	207	me._dir = dir
	208	def __getitem__(me, key):
	209	try: return me._cache[key]
	210	except KeyError: pass
	211	with open(OS.path.join(me._dir, key)) as f: tmpl = f.read()
	212	me._cache[key] = tmpl
	213	return tmpl
	214	TMPL = TemplateFinder(TMPLDIR)
	215
	216	@CTX.contextmanager
	217	def tmplkw(**kw):
	218	"""
	219	Context manager: execute the body with additional keyword arguments
	220	"""
	221	d = dict()
	222	d.update(STATE.kw)
	223	d.update(kw)
	224	with STATE.bind(kw = d): yield
	225
	226	FORMATOPS = {}
	227
	228	class FormatHTML (F.SimpleFormatOperation):
	229	"""
	230	~H: escape output suitable for inclusion in HTML.
	231
	232	With `:', instead apply form-urlencoding.
233	"""
234	def _convert(me, arg):
235	if me.colonp: return html_quotify(arg)
236	else: return htmlescape(arg)
237	FORMATOPS['H'] = FormatHTML
238
239	def format_tmpl(control, **kw):
240	with F.COMPILE.bind(opmaps = [FORMATOPS, F.BASEOPS]):
241	with tmplkw(**kw):
242	F.format(OUT, control, **STATE.kw)
243
244	def page(template, header = {}, title = 'Chopwood', **kw):
245	header = dict(header, content_type = 'text/html')
246	OUT.header(**header)
247	format_tmpl(TMPL['wrapper.fhtml'],
248	title = title, payload = TMPL[template], **kw)
249
250	###--------------------------------------------------------------------------
251	### Error reporting.
252
a2916c06 MW	253	@CTX.contextmanager
	254	def cgi_errors(hook = None):
	255	"""
	256	Context manager: report errors in the body as useful HTML.
	257
	258	If HOOK is given, then call it before reporting errors. It may have set up
	259	useful stuff.
	260	"""
	261	try:
	262	yield None
	263	except Exception, e:
	264	if hook: hook()
	265	if isinstance(e, U.ExpectedError) and not OUT.headerp:
	266	page('error.fhtml',
	267	headers = dict(status = e.code),
	268	title = 'Chopwood: error', error = e)
	269	else:
	270	exty, exval, extb = SYS.exc_info()
	271	with tmplkw(exception = TB.format_exception_only(exty, exval),
	272	traceback = TB.extract_tb(extb),
	273	PARAM = sorted(PARAM),
	274	COOKIE = sorted(COOKIE.items()),
	275	PATH = PATH,
	276	ENV = sorted(ENV.items())):
	277	if OUT.headerp:
	278	format_tmpl(TMPL['exception.fhtml'], toplevel = False)
	279	else:
	280	page('exception.fhtml',
	281	headers = dict(status = 500),
	282	title = 'Chopwood: internal error',
	283	toplevel = True)
	284
	285	###--------------------------------------------------------------------------
	286	### CGI input.
	287
	288	## Lots of global variables to be filled in by `cgiparse'.
	289	COOKIE = {}
	290	SPECIAL = {}
	291	PARAM = []
	292	PARAMDICT = {}
	293	PATH = []
	294
	295	## Regular expressions for splitting apart query and cookie strings.
	296	R_QSPLIT = RX.compile('[;&]')
	297	R_CSPLIT = RX.compile(';')
	298
	299	def split_keyvalue(string, delim, default):
	300	"""
	301	Split a STRING, and generate the resulting KEY=VALUE pairs.
	302
	303	The string is split at DELIM; the components are parsed into KEY[=VALUE]
	304	pairs. The KEYs and VALUEs are stripped of leading and trailing
	305	whitespace, and form-url-decoded. If the VALUE is omitted, then the
	306	DEFAULT is used unless the DEFAULT is `None' in which case the component is
	307	simply ignored.
	308	"""
	309	for kv in delim.split(string):
	310	try:
	311	k, v = kv.split('=', 1)
	312	except ValueError:
	313	if default is None: continue
	314	else: k, v = kv, default
	315	k, v = k.strip(), v.strip()
	316	if not k: continue
317	k, v = urldecode(k), urldecode(v)
318	yield k, v
319
320	def cgiparse():
321	"""
322	Process all of the various exciting CGI environment variables.
323
324	We read environment variables and populate some tables left in global
325	variables: it's all rather old-school. Variables set are as follows.
326
327	`COOKIE'
328	A dictionary mapping cookie names to the values provided by the user
329	agent.
330
331	`SPECIAL'
332	A dictionary holding some special query parameters which are of
333	interest at a global level, and should not be passed to a subcommand
334	handler. No new entries will be added to this dictionary, though
335	values will be modified to reflect the query parameters discovered.
336	Conventionally, such parameters have names beginning with `%'.
337
338	`PARAM'
339	The query parameters as a list of (KEY, VALUE) pairs. Special
340	parameters are omitted.
341
342	`PARAMDICT'
343	The query parameters as a dictionary. Special parameters, and
344	parameters which appear more than once, are omitted.
345
346	`PATH'
347	The trailing `PATH_INFO' path, split at `/' markers, with any
348	trailing empty component removed.
349	"""
350
351	def getenv(var):
352	try: return ENV[var]
353	except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
354
355	## Yes, we want the request method.
356	method = getenv('REQUEST_METHOD')
357
358	## Acquire the query string.
359	if method == 'GET':
360	q = getenv('QUERY_STRING')
361
362	elif method == 'POST':
363
364	## We must read the query string from stdin.
365	n = getenv('CONTENT_LENGTH')
366	if not n.isdigit():
367	raise U.ExpectedError, (500, "Invalid CONTENT_LENGTH")
368	n = int(n, 10)
369	if getenv('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
370	raise U.ExpectedError, (500, "Unexpected content type `%s'" % ct)
371	q = SYS.stdin.read(n)
372	if len(q) != n:
373	raise U.ExpectedError, (500, "Failed to read correct length")
374
375	else:
376	raise U.ExpectedError, (500, "Unexpected request method `%s'" % method)
377
378	## Populate the `SPECIAL', `PARAM' and `PARAMDICT' tables.
379	seen = set()
380	for k, v in split_keyvalue(q, R_QSPLIT, 't'):
381	if k in SPECIAL:
382	SPECIAL[k] = v
383	else:
384	PARAM.append((k, v))
385	if k in seen:
386	del PARAMDICT[k]
387	else:
388	PARAMDICT[k] = v
389	seen.add(k)
390
391	## Parse out the cookies, if any.
392	try: c = ENV['HTTP_COOKIE']
393	except KeyError: pass
394	else:
395	for k, v in split_keyvalue(c, R_CSPLIT, None): COOKIE[k] = v
396
397	## Set up the `PATH'.
398	try: p = ENV['PATH_INFO']
399	except KeyError: pass
400	else:
401	pp = p.lstrip('/').split('/')
402	if pp and not pp[-1]: pp.pop()
403	PATH[:] = pp
404
405	###--------------------------------------------------------------------------
406	### CGI subcommands.
407
408	class Subcommand (SC.Subcommand):
409	"""
410	A CGI subcommand object.
411
412	As for `subcommand.Subcommand', but with additional protocol for processing
413	CGI parameters.
414	"""
415
416	def cgi(me, param, path):
417	"""
418	Invoke the subcommand given a collection of CGI parameters.
419
420	PARAM is a list of (KEY, VALUE) pairs from the CGI query. The CGI query
421	parameters are checked against the subcommand's parameters (making sure
422	that mandatory parameters are supplied, that any switches are given
423	boolean values, and that only the `rest' parameter, if any, is
424	duplicated).
425
426	PATH is a list of trailing path components. They are used to satisfy the
427	`rest' parameter if there is one and there are no query parameters which
428	satisfy the `rest' parameter; otherwise, an `ExpectedError' is raised if
429	the list of path elements is non-empty.
430	"""
431
432	## We're going to make a pass over the supplied parameters, and we'll
433	## check them off against the formal parameters as we go; so we'll need
434	## to be able to look them up. We'll also keep track of the ones we've
435	## seen so that we can make sure that all of the mandatory parameters
436	## were actually supplied.
437	##
438	## To that end: `want' is a dictionary mapping parameter names to
439	## functions which will do something useful with the value; `seen' is a
440	## set of the parameters which have been assigned; and `kw' is going to
441	## be the keyword-argument dictionary we pass to the handler function.
442	want = {}
443	kw = {}
444
445	def set_value(k, v):
446	"""Set a simple value: we shouldn't see multiple values."""
447	if k in kw:
448	raise U.ExpectedError, (400, "Repeated parameter `%s'" % k)
449	kw[k] = v
450	def set_bool(k, v):
451	"""Set a simple boolean value: for switches."""
452	set_value(k, v.lower() in ['true', 't', 'yes', 'y'])
453	def set_list(k, v):
454	"""Append the value to a list: for the `rest' parameter."""
455	kw.setdefault(k, []).append(v)
456
457	## Set up the `want' map.
458	for o in me.opts:
459	if o.argname: want[o.name] = set_value
460	else: want[o.name] = set_bool
461	for p in me.params: want[p.name] = set_value
462	for p in me.oparams: want[p.name] = set_value
463	if me.rparam: want[me.rparam.name] = set_list
464
465	## Work through the list of supplied parameters.
466	for k, v in param:
467	try:
468	f = want[k]
469	except KeyError:
470	if v:
471	raise U.ExpectedError, (400, "Unexpected parameter `%s'" % k)
472	else:
473	f(k, v)
474
475	## Deal with a path, if there is one.
476	if path:
477	if me.rparam and me.rparam.name not in kw:
478	kw[me.rparam.name] = path
479	else:
480	raise U.ExpectedError, (404, "Superfluous path elements")
481
482	## Make sure we saw all of the mandatory parameters.
483	for p in me.params:
484	if p.name not in kw:
485	raise U.ExpectedError, (400, "Missing parameter `%s'" % p.name)
486
487	## Invoke the subcommand.
488	me.func(**kw)
489
490	def subcommand(name, contexts, desc, cls = Subcommand, args, *kw):
491	"""Decorator for defining CGI subcommands."""
492	return SC.subcommand(name, contexts, desc, cls = cls, args, *kw)
493
494	###----- That's all, folks --------------------------------------------------