chiark / gitweb /
~mdw / disorder / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Catch up with new CGI location
[disorder] / cgi / actions.c
CommitLineData
bca4e2b7
RK		 1/*
2 * This file is part of DisOrder.
3 * Copyright (C) 2004-2008 Richard Kettlewell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
18 * USA
19 */
1e97629d
RK		 20/** @file server/actions.c
21 * @brief DisOrder web actions
22 *
23 * Actions are anything that the web interface does beyond passive template
24 * expansion and inspection of state recieved from the server. This means
25 * playing tracks, editing prefs etc but also setting extra headers e.g. to
26 * auto-refresh the playing list.
27 */
bca4e2b7 28
1e97629d 29#include "disorder-cgi.h"
5a7df048
RK		 30
31/** @brief Redirect to some other action or URL */
32static void redirect(const char *url) {
33 /* By default use the 'back' argument */
34 if(!url)
71634563 35 url = cgi_get("back");
04aa2c4f 36 if(url && *url) {
e7ce7665 37 if(strncmp(url, "http", 4))
5a7df048
RK		 38 /* If the target is not a full URL assume it's the action */
39 url = cgi_makeurl(config->url, "action", url, (char *)0);
40 } else {
41 /* If back= is not set just go back to the front page */
42 url = config->url;
43 }
44 if(printf("Location: %s\n"
45 "%s\n"
1e97629d 46 "\n", url, dcgi_cookie_header()) < 0)
5a7df048
RK		 47 fatal(errno, "error writing to stdout");
48}
49
5c1ae3bc
RK		 50/*! playing
51 *
52 * Expands \fIplaying.tmpl\fR as if there was no special 'playing' action, but
53 * adds a Refresh: field to the HTTP header. The maximum refresh interval is
54 * defined by \fBrefresh\fR (see \fBdisorder_config\fR(5)) but may be less if
55 * the end of the track is near.
56 */
57/*! manage
58 *
59 * Expands \fIplaying.tmpl\fR (NB not \fImanage.tmpl\fR) as if there was no
60 * special 'playing' action, and adds a Refresh: field to the HTTP header. The
61 * maximum refresh interval is defined by \Bfrefresh\fR (see
62 * \fBdisorder_config\fR(5)) but may be less if the end of the track is near.
63 */
448d3570
RK		 64static void act_playing(void) {
65 long refresh = config->refresh;
66 long length;
67 time_t now, fin;
68 char *url;
71634563 69 const char *action;
448d3570 70
1e97629d
RK		 71 dcgi_lookup(DCGI_PLAYING|DCGI_QUEUE|DCGI_ENABLED|DCGI_RANDOM_ENABLED);
72 if(dcgi_playing
73 && dcgi_playing->state == playing_started /* i.e. not paused */
74 && !disorder_length(dcgi_client, dcgi_playing->track, &length)
448d3570 75 && length
1e97629d 76 && dcgi_playing->sofar >= 0) {
448d3570
RK		 77 /* Try to put the next refresh at the start of the next track. */
78 time(&now);
1e97629d 79 fin = now + length - dcgi_playing->sofar + config->gap;
448d3570
RK		 80 if(now + refresh > fin)
81 refresh = fin - now;
82 }
1e97629d 83 if(dcgi_queue && dcgi_queue->state == playing_isscratch) {
448d3570
RK		 84 /* next track is a scratch, don't leave more than the inter-track gap */
85 if(refresh > config->gap)
86 refresh = config->gap;
87 }
1e97629d
RK		 88 if(!dcgi_playing
89 && ((dcgi_queue
90 && dcgi_queue->state != playing_random)
91 || dcgi_random_enabled)
92 && dcgi_enabled) {
448d3570
RK		 93 /* no track playing but playing is enabled and there is something coming
94 * up, must be in a gap */
95 if(refresh > config->gap)
96 refresh = config->gap;
97 }
98 if((action = cgi_get("action")))
99 url = cgi_makeurl(config->url, "action", action, (char *)0);
100 else
101 url = config->url;
e7ce7665
RK		 102 if(printf("Refresh: %ld;url=%s\n",
103 refresh, url) < 0)
448d3570 104 fatal(errno, "error writing to stdout");
e7ce7665 105 dcgi_expand("playing", 1);
1e97629d
RK		 106}
107
5c1ae3bc
RK		 108/*! disable
109 *
110 * Disables play.
111 */
1e97629d
RK		 112static void act_disable(void) {
113 if(dcgi_client)
114 disorder_disable(dcgi_client);
115 redirect(0);
116}
117
5c1ae3bc
RK		 118/*! enable
119 *
120 * Enables play.
121 */
1e97629d
RK		 122static void act_enable(void) {
123 if(dcgi_client)
124 disorder_enable(dcgi_client);
125 redirect(0);
126}
127
5c1ae3bc
RK		 128/*! random-disable
129 *
130 * Disables random play.
131 */
1e97629d
RK		 132static void act_random_disable(void) {
133 if(dcgi_client)
134 disorder_random_disable(dcgi_client);
135 redirect(0);
136}
137
5c1ae3bc
RK		 138/*! random-enable
139 *
140 * Enables random play.
141 */
1e97629d
RK		 142static void act_random_enable(void) {
143 if(dcgi_client)
144 disorder_random_enable(dcgi_client);
145 redirect(0);
448d3570
RK		 146}
147
5c1ae3bc
RK		 148/*! pause
149 *
150 * Pauses the current track (if there is one and it's not paused already).
151 */
6d9dd8d9
RK		 152static void act_pause(void) {
153 if(dcgi_client)
154 disorder_pause(dcgi_client);
155 redirect(0);
156}
157
5c1ae3bc
RK		 158/*! resume
159 *
160 * Resumes the current track (if there is one and it's paused).
161 */
6d9dd8d9
RK		 162static void act_resume(void) {
163 if(dcgi_client)
164 disorder_resume(dcgi_client);
165 redirect(0);
166}
167
5c1ae3bc
RK		 168/*! remove
169 *
170 * Removes the track given by the \fBid\fR argument. If this is the currently
171 * playing track then it is scratched.
172 */
a2c4ad5f
RK		 173static void act_remove(void) {
174 const char *id;
175 struct queue_entry *q;
176
177 if(dcgi_client) {
178 if(!(id = cgi_get("id")))
179 error(0, "missing 'id' argument");
180 else if(!(q = dcgi_findtrack(id)))
181 error(0, "unknown queue id %s", id);
182 else switch(q->state) {
183 case playing_isscratch:
184 case playing_failed:
185 case playing_no_player:
186 case playing_ok:
187 case playing_quitting:
188 case playing_scratched:
189 error(0, "does not make sense to scratch %s", id);
190 break;
191 case playing_paused: /* started but paused */
192 case playing_started: /* started to play */
193 disorder_scratch(dcgi_client, id);
194 break;
195 case playing_random: /* unplayed randomly chosen track */
196 case playing_unplayed: /* haven't played this track yet */
197 disorder_remove(dcgi_client, id);
198 break;
199 }
200 }
201 redirect(0);
202}
203
5c1ae3bc
RK		 204/*! move
205 *
206 * Moves the track given by the \fBid\fR argument the distance given by the
207 * \fBdelta\fR argument. If this is positive the track is moved earlier in the
208 * queue and if negative, later.
209 */
6d9dd8d9
RK		 210static void act_move(void) {
211 const char *id, *delta;
212 struct queue_entry *q;
213
214 if(dcgi_client) {
215 if(!(id = cgi_get("id")))
216 error(0, "missing 'id' argument");
217 else if(!(delta = cgi_get("delta")))
218 error(0, "missing 'delta' argument");
219 else if(!(q = dcgi_findtrack(id)))
220 error(0, "unknown queue id %s", id);
221 else switch(q->state) {
222 case playing_random: /* unplayed randomly chosen track */
223 case playing_unplayed: /* haven't played this track yet */
224 disorder_move(dcgi_client, id, atol(delta));
225 break;
226 default:
227 error(0, "does not make sense to scratch %s", id);
228 break;
229 }
230 }
231 redirect(0);
232}
233
5c1ae3bc
RK		 234/*! play
235 *
236 * Play the track given by the \fBtrack\fR argument, or if that is not set all
237 * the tracks in the directory given by the \fBdir\fR argument.
238 */
6d9dd8d9
RK		 239static void act_play(void) {
240 const char *track, *dir;
241 char **tracks;
242 int ntracks, n;
243 struct dcgi_entry *e;
244
245 if(dcgi_client) {
02eaa49d 246 if((track = cgi_get("track"))) {
6d9dd8d9
RK		 247 disorder_play(dcgi_client, track);
248 } else if((dir = cgi_get("dir"))) {
249 if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks))
250 ntracks = 0;
251 e = xmalloc(ntracks * sizeof (struct dcgi_entry));
252 for(n = 0; n < ntracks; ++n) {
253 e[n].track = tracks[n];
254 e[n].sort = trackname_transform("track", tracks[n], "sort");
255 e[n].display = trackname_transform("track", tracks[n], "display");
256 }
257 qsort(e, ntracks, sizeof (struct dcgi_entry), dcgi_compare_entry);
258 for(n = 0; n < ntracks; ++n)
259 disorder_play(dcgi_client, e[n].track);
260 }
261 }
262 redirect(0);
263}
264
265static int clamp(int n, int min, int max) {
266 if(n < min)
267 return min;
268 if(n > max)
269 return max;
270 return n;
271}
272
5c1ae3bc
RK		 273/*! volume
274 *
275 * If the \fBdelta\fR argument is set: adjust both channels by that amount (up
276 * if positive, down if negative).
277 *
278 * Otherwise if \fBleft\fR and \fBright\fR are set, set the channels
279 * independently to those values.
280 */
6d9dd8d9
RK		 281static void act_volume(void) {
282 const char *l, *r, *d;
283 int nd;
284
285 if(dcgi_client) {
286 if((d = cgi_get("delta"))) {
287 dcgi_lookup(DCGI_VOLUME);
288 nd = clamp(atoi(d), -255, 255);
289 disorder_set_volume(dcgi_client,
290 clamp(dcgi_volume_left + nd, 0, 255),
291 clamp(dcgi_volume_right + nd, 0, 255));
292 } else if((l = cgi_get("left")) && (r = cgi_get("right")))
293 disorder_set_volume(dcgi_client, atoi(l), atoi(r));
294 }
295 redirect(0);
296}
297
e7ce7665 298/** @brief Expand the login template with @b @@error set to @p error
b7e452c7 299 * @param e Error keyword
e7ce7665 300 */
b7e452c7
RK		 301static void login_error(const char *e) {
302 dcgi_error_string = e;
e7ce7665
RK		 303 dcgi_expand("login", 1);
304}
305
306/** @brief Log in
307 * @param username Login name
308 * @param password Password
309 * @return 0 on success, non-0 on error
310 *
311 * On error, calls login_error() to expand the login template.
312 */
313static int login_as(const char *username, const char *password) {
314 disorder_client *c;
315
316 if(dcgi_cookie && dcgi_client)
317 disorder_revoke(dcgi_client);
318 /* We'll need a new connection as we are going to stop being guest */
319 c = disorder_new(0);
320 if(disorder_connect_user(c, username, password)) {
321 login_error("loginfailed");
322 return -1;
323 }
324 /* Generate a cookie so we can log in again later */
325 if(disorder_make_cookie(c, &dcgi_cookie)) {
326 login_error("cookiefailed");
327 return -1;
328 }
329 /* Use the new connection henceforth */
330 dcgi_client = c;
331 dcgi_lookup_reset();
332 return 0; /* OK */
333}
334
5c1ae3bc
RK		 335/*! login
336 *
337 * If \fBusername\fR and \fBpassword\fR are set (and the username isn't
338 * "guest") then attempt to log in using those credentials. On success,
339 * redirects to the \fBback\fR argument if that is set, or just expands
340 * \fIlogin.tmpl\fI otherwise, with \fB@status\fR set to \fBloginok\fR.
341 *
342 * If they aren't set then just expands \fIlogin.tmpl\fI.
343 */
e7ce7665
RK		 344static void act_login(void) {
345 const char *username, *password;
346
347 /* We try all this even if not connected since the subsequent connection may
348 * succeed. */
349
350 username = cgi_get("username");
351 password = cgi_get("password");
352 if(!username
353 || !password
354 || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
355 /* We're just visiting the login page, not performing an action at all. */
356 dcgi_expand("login", 1);
357 return;
358 }
359 if(!login_as(username, password)) {
360 /* Report the succesful login */
361 dcgi_status_string = "loginok";
2cc4c0ef
RK		 362 /* Redirect back to where we came from, if necessary */
363 if(cgi_get("back"))
364 redirect(0);
365 else
366 dcgi_expand("login", 1);
e7ce7665
RK		 367 }
368}
369
5c1ae3bc
RK		 370/*! logout
371 *
372 * Logs out the current user and expands \fIlogin.tmpl\fR with \fBstatus\fR or
373 * \fB@error\fR set according to the result.
374 */
e7ce7665
RK		 375static void act_logout(void) {
376 if(dcgi_client) {
377 /* Ask the server to revoke the cookie */
378 if(!disorder_revoke(dcgi_client))
379 dcgi_status_string = "logoutok";
380 else
381 dcgi_error_string = "revokefailed";
382 } else {
383 /* We can't guarantee a logout if we can't connect to the server to revoke
384 * the cookie, so we report an error. We'll still ask the browser to
385 * forget the cookie though. */
386 dcgi_error_string = "connect";
387 }
388 /* Attempt to reconnect without the cookie */
389 dcgi_cookie = 0;
390 dcgi_login();
391 /* Back to login page, hopefuly forcing the browser to forget the cookie. */
392 dcgi_expand("login", 1);
393}
394
5c1ae3bc
RK		 395/*! register
396 *
397 * Register a new user using \fBusername\fR, \fBpassword1\fR, \fBpassword2\fR
398 * and \fBemail\fR and expands \fIlogin.tmpl\fR with \fBstatus\fR or
399 * \fB@error\fR set according to the result.
400 */
e7ce7665
RK		 401static void act_register(void) {
402 const char *username, *password, *password2, *email;
403 char *confirm, *content_type;
404 const char *text, *encoding, *charset;
405
406 /* If we're not connected then this is a hopeless exercise */
407 if(!dcgi_client) {
408 login_error("connect");
409 return;
410 }
411
412 /* Collect arguments */
413 username = cgi_get("username");
414 password = cgi_get("password1");
415 password2 = cgi_get("password2");
416 email = cgi_get("email");
417
418 /* Verify arguments */
419 if(!username || !*username) {
420 login_error("nousername");
421 return;
422 }
423 if(!password || !*password) {
424 login_error("nopassword");
425 return;
426 }
427 if(!password2 || !*password2 || strcmp(password, password2)) {
428 login_error("passwordmismatch");
429 return;
430 }
431 if(!email || !*email) {
432 login_error("noemail");
433 return;
434 }
435 /* We could well do better address validation but for now we'll just do the
436 * minimum */
437 if(!strchr(email, '@')) {
438 login_error("bademail");
439 return;
440 }
441 if(disorder_register(dcgi_client, username, password, email, &confirm)) {
442 login_error("cannotregister");
443 return;
444 }
445 /* Send the user a mail */
446 /* TODO templatize this */
447 byte_xasprintf((char **)&text,
448 "Welcome to DisOrder. To active your login, please visit this URL:\n"
449 "\n"
450 "%s?c=%s\n", config->url, urlencodestring(confirm));
451 if(!(text = mime_encode_text(text, &charset, &encoding)))
452 fatal(0, "cannot encode email");
453 byte_xasprintf(&content_type, "text/plain;charset=%s",
454 quote822(charset, 0));
455 sendmail("", config->mail_sender, email, "Welcome to DisOrder",
456 encoding, content_type, text); /* TODO error checking */
457 /* We'll go back to the login page with a suitable message */
458 dcgi_status_string = "registered";
459 dcgi_expand("login", 1);
460}
461
5c1ae3bc
RK		 462/*! confirm
463 *
464 * Confirm a user registration using the nonce supplied in \fBc\fR and expands
465 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
466 * result.
467 */
e7ce7665
RK		 468static void act_confirm(void) {
469 const char *confirmation;
470
471 /* If we're not connected then this is a hopeless exercise */
472 if(!dcgi_client) {
473 login_error("connect");
474 return;
475 }
476
477 if(!(confirmation = cgi_get("c"))) {
478 login_error("noconfirm");
479 return;
480 }
481 /* Confirm our registration */
482 if(disorder_confirm(dcgi_client, confirmation)) {
483 login_error("badconfirm");
484 return;
485 }
486 /* Get a cookie */
487 if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) {
488 login_error("cookiefailed");
489 return;
490 }
491 /* Junk cached data */
492 dcgi_lookup_reset();
493 /* Report success */
494 dcgi_status_string = "confirmed";
495 dcgi_expand("login", 1);
496}
497
5c1ae3bc
RK		 498/*! edituser
499 *
500 * Edit user details using \fBusername\fR, \fBchangepassword1\fR,
501 * \fBchangepassword2\fR and \fBemail\fR and expands \fIlogin.tmpl\fR with
502 * \fBstatus\fR or \fB@error\fR set according to the result.
503 */
e7ce7665
RK		 504static void act_edituser(void) {
505 const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
506 const char *password2 = cgi_get("changepassword2");
507 int newpassword = 0;
508
509 /* If we're not connected then this is a hopeless exercise */
510 if(!dcgi_client) {
511 login_error("connect");
512 return;
513 }
514
515 /* Verify input */
516
517 /* If either password or password2 is set we insist they match. If they
518 * don't we report an error. */
519 if((password && *password) || (password2 && *password2)) {
520 if(!password || !password2 || strcmp(password, password2)) {
521 login_error("passwordmismatch");
522 return;
523 }
524 } else
525 password = password2 = 0;
526 if(email && !strchr(email, '@')) {
527 login_error("bademail");
528 return;
529 }
530
531 /* Commit changes */
532 if(email) {
533 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
534 "email", email)) {
535 login_error("badedit");
536 return;
537 }
538 }
539 if(password) {
540 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
541 "password", password)) {
542 login_error("badedit");
543 return;
544 }
545 newpassword = 1;
546 }
547
548 if(newpassword) {
549 /* If we changed the password, the cookie is now invalid, so we must log
550 * back in. */
551 if(login_as(disorder_user(dcgi_client), password))
552 return;
553 }
554 /* Report success */
555 dcgi_status_string = "edited";
556 dcgi_expand("login", 1);
557}
558
5c1ae3bc
RK		 559/*! reminder
560 *
561 * Issue an email password reminder to \fBusername\fR and expands
562 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
563 * result.
564 */
e7ce7665
RK		 565static void act_reminder(void) {
566 const char *const username = cgi_get("username");
567
568 /* If we're not connected then this is a hopeless exercise */
569 if(!dcgi_client) {
570 login_error("connect");
571 return;
572 }
573
574 if(!username || !*username) {
575 login_error("nousername");
576 return;
577 }
578 if(disorder_reminder(dcgi_client, username)) {
579 login_error("reminderfailed");
580 return;
581 }
582 /* Report success */
583 dcgi_status_string = "reminded";
584 dcgi_expand("login", 1);
585}
586
02eaa49d
RK		 587/** @brief Get the numbered version of an argument
588 * @param argname Base argument name
589 * @param numfile File number
590 * @return cgi_get(NUMFILE_ARGNAME)
591 */
592static const char *numbered_arg(const char *argname, int numfile) {
593 char *fullname;
594
595 byte_xasprintf(&fullname, "%d_%s", numfile, argname);
596 return cgi_get(fullname);
597}
598
599/** @brief Set preferences for file @p numfile
600 * @return 0 on success, -1 if there is no such track number
601 *
602 * The old @b nfiles parameter has been abolished, we just keep look for more
603 * files until we run out.
604 */
605static int process_prefs(int numfile) {
606 const char *file, *name, *value, *part, *parts, *context;
607 char **partslist;
608
609 if(!(file = numbered_arg("track", numfile)))
610 return -1;
611 if(!(parts = cgi_get("parts")))
612 parts = "artist album title";
613 if(!(context = cgi_get("context")))
614 context = "display";
615 partslist = split(parts, 0, 0, 0, 0);
616 while((part = *partslist++)) {
617 if(!(value = numbered_arg(part, numfile)))
618 continue;
619 byte_xasprintf((char **)&name, "trackname_%s_%s", context, part);
620 disorder_set(dcgi_client, file, name, value);
621 }
622 if((value = numbered_arg("random", numfile)))
623 disorder_unset(dcgi_client, file, "pick_at_random");
624 else
625 disorder_set(dcgi_client, file, "pick_at_random", "0");
626 if((value = numbered_arg("tags", numfile))) {
627 if(!*value)
628 disorder_unset(dcgi_client, file, "tags");
629 else
630 disorder_set(dcgi_client, file, "tags", value);
631 }
632 if((value = numbered_arg("weight", numfile))) {
633 if(!*value)
634 disorder_unset(dcgi_client, file, "weight");
635 else
636 disorder_set(dcgi_client, file, "weight", value);
637 }
638 return 0;
639}
640
5c1ae3bc
RK		 641/*! prefs
642 *
643 * Set preferences on a number of tracks.
644 *
645 * The tracks to modify are specified in arguments \fB0_track\fR, \fB1_track\fR
646 * etc. The number sequence must be contiguous and start from 0.
647 *
648 * For each track \fIINDEX\fB_track\fR:
649 * - \fIINDEX\fB_\fIPART\fR is used to set the trackname preference for
650 * that part. (See \fBparts\fR below.)
651 * - \fIINDEX\fB_\fIrandom\fR if present enables random play for this track
652 * or disables it if absent.
653 * - \fIINDEX\fB_\fItags\fR sets the list of tags for this track.
654 * - \fIINDEX\fB_\fIweight\fR sets the weight for this track.
655 *
656 * \fBparts\fR can be set to the track name parts to modify. The default is
657 * "artist album title".
658 *
659 * \fBcontext\fR can be set to the context to modify. The default is
660 * "display".
661 *
662 * If the server detects a preference being set to its default, it removes the
663 * preference, thus keeping the database tidy.
664 */
02eaa49d
RK		 665static void act_set(void) {
666 int numfile;
667
668 if(dcgi_client) {
669 for(numfile = 0; !process_prefs(numfile); ++numfile)
670 ;
671 }
672 redirect(0);
673}
674
bca4e2b7
RK		 675/** @brief Table of actions */
676static const struct action {
677 /** @brief Action name */
678 const char *name;
679 /** @brief Action handler */
680 void (*handler)(void);
02eaa49d
RK		 681 /** @brief Union of suitable rights */
682 rights_type rights;
bca4e2b7 683} actions[] = {
02eaa49d
RK		 684 { "confirm", act_confirm, 0 },
685 { "disable", act_disable, RIGHT_GLOBAL_PREFS },
686 { "edituser", act_edituser, 0 },
687 { "enable", act_enable, RIGHT_GLOBAL_PREFS },
688 { "login", act_login, 0 },
689 { "logout", act_logout, 0 },
690 { "manage", act_playing, 0 },
691 { "move", act_move, RIGHT_MOVE__MASK },
692 { "pause", act_pause, RIGHT_PAUSE },
693 { "play", act_play, RIGHT_PLAY },
694 { "playing", act_playing, 0 },
695 { "randomdisable", act_random_disable, RIGHT_GLOBAL_PREFS },
696 { "randomenable", act_random_enable, RIGHT_GLOBAL_PREFS },
697 { "register", act_register, 0 },
698 { "reminder", act_reminder, 0 },
699 { "remove", act_remove, RIGHT_MOVE__MASK|RIGHT_SCRATCH__MASK },
700 { "resume", act_resume, RIGHT_PAUSE },
701 { "set", act_set, RIGHT_PREFS },
702 { "volume", act_volume, RIGHT_VOLUME },
bca4e2b7
RK		 703};
704
40dcd866
RK		 705/** @brief Check that an action name is valid
706 * @param name Action
707 * @return 1 if valid, 0 if not
708 */
709static int dcgi_valid_action(const char *name) {
710 int c;
711
712 /* First character must be letter or digit (this also requires there to _be_
713 * a first character) */
714 if(!isalnum((unsigned char)*name))
715 return 0;
716 /* Only letters, digits, '.' and '-' allowed */
717 while((c = (unsigned char)*name++)) {
718 if(!(isalnum(c)
719 || c == '.'
720 || c == '_'))
721 return 0;
722 }
723 return 1;
724}
725
bca4e2b7
RK		 726/** @brief Expand a template
727 * @param name Base name of template, or NULL to consult CGI args
e7ce7665 728 * @param header True to write header
bca4e2b7 729 */
e7ce7665 730void dcgi_expand(const char *name, int header) {
99955407 731 const char *p, *found;
0d0253c9
RK		 732
733 /* Parse macros first */
f2d306b4
RK		 734 if((found = mx_find("macros.tmpl", 1/*report*/)))
735 mx_expand_file(found, sink_discard(), 0);
736 if((found = mx_find("user.tmpl", 0/*report*/)))
99955407 737 mx_expand_file(found, sink_discard(), 0);
bca4e2b7 738 /* For unknown actions check that they aren't evil */
40dcd866 739 if(!dcgi_valid_action(name))
71634563
RK		 740 fatal(0, "invalid action name '%s'", name);
741 byte_xasprintf((char **)&p, "%s.tmpl", name);
f2d306b4 742 if(!(found = mx_find(p, 0/*report*/)))
99955407 743 fatal(errno, "cannot find %s", p);
e7ce7665
RK		 744 if(header) {
745 if(printf("Content-Type: text/html\n"
746 "%s\n"
747 "\n", dcgi_cookie_header()) < 0)
748 fatal(errno, "error writing to stdout");
749 }
99955407 750 if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1
bca4e2b7
RK		 751 || fflush(stdout) < 0)
752 fatal(errno, "error writing to stdout");
753}
754
755/** @brief Execute a web action
756 * @param action Action to perform, or NULL to consult CGI args
757 *
758 * If no recognized action is specified then 'playing' is assumed.
759 */
1e97629d 760void dcgi_action(const char *action) {
bca4e2b7 761 int n;
bca4e2b7
RK		 762
763 /* Consult CGI args if caller had no view */
764 if(!action)
765 action = cgi_get("action");
766 /* Pick a default if nobody cares at all */
767 if(!action) {
768 /* We allow URLs which are just c=... in order to keep confirmation URLs,
769 * which are user-facing, as short as possible. Actually we could lose the
770 * c= for this... */
771 if(cgi_get("c"))
772 action = "confirm";
773 else
774 action = "playing";
5a7df048
RK		 775 /* Make sure 'action' is always set */
776 cgi_set("action", action);
bca4e2b7 777 }
ba937f01 778 if((n = TABLE_FIND(actions, name, action)) >= 0) {
02eaa49d
RK		 779 if(actions[n].rights) {
780 /* Some right or other is required */
781 dcgi_lookup(DCGI_RIGHTS);
782 if(!(actions[n].rights & dcgi_rights)) {
2cc4c0ef 783 const char *back = cgi_thisurl(config->url);
02eaa49d 784 /* Failed operations jump you to the login screen with an error
2cc4c0ef
RK		 785 * message. On success, the user comes back to the page they were
786 * after. */
787 cgi_clear();
788 cgi_set("back", back);
02eaa49d
RK		 789 login_error("noright");
790 return;
791 }
792 }
793 /* It's a known action */
bca4e2b7 794 actions[n].handler();
02eaa49d 795 } else {
bca4e2b7 796 /* Just expand the template */
e7ce7665 797 dcgi_expand(action, 1/*header*/);
448d3570 798 }
bca4e2b7
RK		 799}
800
801/** @brief Generate an error page */
0d0253c9
RK		 802void dcgi_error(const char *key) {
803 dcgi_error_string = xstrdup(key);
e7ce7665 804 dcgi_expand("error", 1);
bca4e2b7
RK		 805}
806
807/*
808Local Variables:
809c-basic-offset:2
810comment-column:40
811fill-column:79
812indent-tabs-mode:nil
813End:
814*/
Multi-user software jukebox -- https://www.greenend.org.uk/rjk/disorder/