[disorder] / server / cgi.c

/*
 * This file is part of DisOrder.
 * Copyright (C) 2004-2008 Richard Kettlewell
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA
 */

#include <config.h>
#include "types.h"

#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/stat.h>
#include <stddef.h>
#include <fcntl.h>
#include <unistd.h>
#include <pcre.h>
#include <limits.h>
#include <fnmatch.h>
#include <ctype.h>

#include "mem.h"
#include "log.h"
#include "hex.h"
#include "charset.h"
#include "configuration.h"
#include "table.h"
#include "syscalls.h"
#include "kvp.h"
#include "vector.h"
#include "split.h"
#include "inputline.h"
#include "regsub.h"
#include "defs.h"
#include "sink.h"
#include "cgi.h"
#include "printf.h"
#include "mime.h"
#include "unicode.h"
#include "hash.h"

struct kvp *cgi_args;

/* options */
struct column {
  struct column *next;
  char *name;
  int ncolumns;
  char **columns;
};

/* macros */
struct cgi_macro {
  int nargs;
  char **args;
  const char *value;
};

static hash *cgi_macros;

/** @brief Parse of a template */
struct cgi_element {
  /** @brief Next element */
  struct cgi_element *next;

  /** @brief Element type */
  int type;
#define ELEMENT_TEXT 0
#define ELEMENT_EXPANSION 1

  /** @brief Line number at start of element */
  int line;
  
  /** @brief Plain text */
  char *text;

  /** @brief Expansion name */
  char *name;

  /** @brief Argument count */
  int nargs;

  /** @brief Argument values (NOT recursively expanded) */
  char **args;
};

#define RELIST(x) struct re *x, **x##_tail = &x

static int have_read_options;
static struct kvp *labels;
static struct column *columns;

static void include_options(const char *name);

static void cgi_parse_get(void) {
  const char *q;

  if(!(q = getenv("QUERY_STRING"))) fatal(0, "QUERY_STRING not set");
  cgi_args = kvp_urldecode(q, strlen(q));
}

static void cgi_input(char **ptrp, size_t *np) {
  const char *cl;
  char *q;
  size_t n, m = 0;
  int r;

  if(!(cl = getenv("CONTENT_LENGTH"))) fatal(0, "CONTENT_LENGTH not set");
  n = atol(cl);
  q = xmalloc_noptr(n + 1);
  while(m < n) {
    r = read(0, q + m, n - m);
    if(r > 0)
      m += r;
    else if(r == 0)
      fatal(0, "unexpected end of file reading request body");
    else switch(errno) {
    case EINTR: break;
    default: fatal(errno, "error reading request body");
    }
  }
  if(memchr(q, 0, n)) fatal(0, "null character in request body");
  q[n + 1] = 0;
  *ptrp = q;
  if(np) *np = n;
}

static int cgi_field_callback(const char *name, const char *value,
			      void *u) {
  char *disposition, *pname, *pvalue;
  char **namep = u;

  if(!strcmp(name, "content-disposition")) {
    if(mime_rfc2388_content_disposition(value,
					&disposition,
					&pname,
					&pvalue))
      fatal(0, "error parsing Content-Disposition field");
    if(!strcmp(disposition, "form-data")
       && pname
       && !strcmp(pname, "name")) {
      if(*namep)
	fatal(0, "duplicate Content-Disposition field");
      *namep = pvalue;
    }
  }
  return 0;
}

static int cgi_part_callback(const char *s,
			     void attribute((unused)) *u) {
  char *name = 0;
  struct kvp *k;
  
  if(!(s = mime_parse(s, cgi_field_callback, &name)))
    fatal(0, "error parsing part header");
  if(!name) fatal(0, "no name found");
  k = xmalloc(sizeof *k);
  k->next = cgi_args;
  k->name = name;
  k->value = s;
  cgi_args = k;
  return 0;
}

static void cgi_parse_multipart(const char *boundary) {
  char *q;
  
  cgi_input(&q, 0);
  if(mime_multipart(q, cgi_part_callback, boundary, 0))
    fatal(0, "invalid multipart object");
}

static void cgi_parse_post(void) {
  const char *ct, *boundary;
  char *q, *type;
  size_t n;
  struct kvp *k;

  if(!(ct = getenv("CONTENT_TYPE")))
    ct = "application/x-www-form-urlencoded";
  if(mime_content_type(ct, &type, &k))
    fatal(0, "invalid content type '%s'", ct);
  if(!strcmp(type, "application/x-www-form-urlencoded")) {
    cgi_input(&q, &n);
    cgi_args = kvp_urldecode(q, n);
    return;
  }
  if(!strcmp(type, "multipart/form-data")) {
    if(!(boundary = kvp_get(k, "boundary")))
      fatal(0, "no boundary parameter found");
    cgi_parse_multipart(boundary);
    return;
  }
  fatal(0, "unrecognized content type '%s'", type);
}

void cgi_parse(void) {
  const char *p;
  struct kvp *k;

  if(!(p = getenv("REQUEST_METHOD"))) fatal(0, "REQUEST_METHOD not set");
  if(!strcmp(p, "GET"))
    cgi_parse_get();
  else if(!strcmp(p, "POST"))
    cgi_parse_post();
  else
    fatal(0, "unknown request method %s", p);
  for(k = cgi_args; k; k = k->next)
    if(!utf8_valid(k->name, strlen(k->name))
       || !utf8_valid(k->value, strlen(k->value)))
      fatal(0, "invalid UTF-8 sequence in cgi argument");
}

const char *cgi_get(const char *name) {
  return kvp_get(cgi_args, name);
}

void cgi_output(cgi_sink *output, const char *fmt, ...) {
  va_list ap;
  int n;
  char *r;

  va_start(ap, fmt);
  n = byte_vasprintf(&r, fmt, ap);
  if(n < 0)
    fatal(errno, "error calling byte_vasprintf");
  if(output->quote)
    r = cgi_sgmlquote(r, 0);
  output->sink->write(output->sink, r, strlen(r));
  va_end(ap);
}

void cgi_header(struct sink *output, const char *name, const char *value) {
  sink_printf(output, "%s: %s\r\n", name, value);
}

void cgi_body(struct sink *output) {
  sink_printf(output, "\r\n");
}

char *cgi_sgmlquote(const char *s, int raw) {
  uint32_t *ucs, *p, c;
  char *b, *bp;
  int n;

  if(!raw) {
    if(!(ucs = utf8_to_utf32(s, strlen(s), 0))) exit(EXIT_FAILURE);
  } else {
    ucs = xmalloc_noptr((strlen(s) + 1) * sizeof(uint32_t));
    for(n = 0; s[n]; ++n)
      ucs[n] = (unsigned char)s[n];
    ucs[n] = 0;
  }

  n = 1;
  /* estimate the length we'll need */
  for(p = ucs; (c = *p); ++p) {
    switch(c) {
    default:
      if(c > 127 || c < 32) {
      case '"':
      case '&':
      case '<':
      case '>':
	n += 12;
	break;
      } else
	n++;
    }
  }
  /* format the string */
  b = bp = xmalloc_noptr(n);
  for(p = ucs; (c = *p); ++p) {
    switch(c) {
    default:
      if(*p > 127 || *p < 32) {
      case '"':
      case '&':
      case '<':
      case '>':
	bp += sprintf(bp, "&#%lu;", (unsigned long)c);
	break;
      } else
	*bp++ = c;
    }
  }
  *bp = 0;
  return b;
}

void cgi_attr(struct sink *output, const char *name, const char *value) {
  if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz"
		   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		   "0123456789")])
    sink_printf(output, "%s=%s", name, value);
  else
    sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value, 0));
}

void cgi_opentag(struct sink *output, const char *name, ...) {
  va_list ap;
  const char *n, *v;
   
  sink_printf(output, "<%s", name);
  va_start(ap, name);
  while((n = va_arg(ap, const char *))) {
    sink_printf(output, " ");
    v = va_arg(ap, const char *);
    if(v)
      cgi_attr(output, n, v);
    else
      sink_printf(output, n);
  }
  sink_printf(output, ">");
}

void cgi_closetag(struct sink *output, const char *name) {
  sink_printf(output, "</%s>", name);
}

static int template_open(const char *name,
			 const char *ext,
			 const char **filenamep) {
  const char *dirs[2];
  int fd = -1, n;
  char *fullpath;

  dirs[0] = pkgconfdir;
  dirs[1] = pkgdatadir;
  if(name[0] == '/') {
    if((fd = open(name, O_RDONLY)) < 0) fatal(0, "cannot open %s", name);
    *filenamep = name;
  } else {
    for(n = 0; n < config->templates.n + (int)(sizeof dirs / sizeof *dirs); ++n) {
      byte_xasprintf(&fullpath, "%s/%s%s",
		     n < config->templates.n ? config->templates.s[n]
		                             : dirs[n - config->templates.n],
		     name, ext);
      if((fd = open(fullpath, O_RDONLY)) >= 0) break;
    }
    if(fd < 0) error(0, "cannot find %s%s in template path", name, ext);
    *filenamep = fullpath;
  }
  return fd;
}

static int valid_template_name(const char *name) {
  if(strchr(name, '/') || name[0] == '.')
    return 0;
  return 1;
}

void cgi_expand(const char *template,
		const struct cgi_expansion *expansions,
		size_t nexpansions,
		cgi_sink *output,
		void *u) {
  int fd = -1;
  int n;
  off_t m;
  char *b;
  struct stat sb;

  if(!valid_template_name(template))
    fatal(0, "invalid template name '%s'", template);
  if((fd = template_open(template, ".html", &template)) < 0)
    exitfn(EXIT_FAILURE);
  if(fstat(fd, &sb) < 0) fatal(errno, "cannot stat %s", template);
  m = 0;
  b = xmalloc_noptr(sb.st_size + 1);
  while(m < sb.st_size) {
    n = read(fd, b + m, sb.st_size - m);
    if(n > 0) m += n;
    else if(n == 0) fatal(0, "unexpected EOF reading %s", template);
    else if(errno != EINTR) fatal(errno, "error reading %s", template);
  }
  b[sb.st_size] = 0;
  xclose(fd);
  cgi_expand_string(template, b, expansions, nexpansions, output, u);
}

/** @brief Return a linked list of the parse of @p template */
static struct cgi_element *cgi_parse_string(const char *name,
					    const char *template) {
  int braces, line = 1, sline;
  const char *p;
  struct vector v;
  struct dynstr d;
  struct cgi_element *head = 0, **tailp = &head, *e;

  while(*template) {
    if(*template != '@') {
      sline = line;
      dynstr_init(&d);
      /* Gather up text without any expansions in. */
      while(*template && *template != '@') {
	if(*template == '\n')
	  ++line;
	dynstr_append(&d, *template++);
      }
      dynstr_terminate(&d);
      e = xmalloc(sizeof *e);
      e->next = 0;
      e->line = sline;
      e->type = ELEMENT_TEXT;
      e->text = d.vec;
      *tailp = e;
      tailp = &e->next;
      continue;
    }
    vector_init(&v);
    braces = 0;
    p = template;
    ++template;
    sline = line;
    while(*template != '@') {
      /* Skip whitespace */
      while(isspace((unsigned char)*template))
	++template;
      dynstr_init(&d);
      if(*template == '{') {
	/* bracketed arg */
	++template;
	while(*template && (*template != '}' || braces > 0)) {
	  switch(*template) {
	  case '{': ++braces; break;
	  case '}': --braces; break;
	  case '\n': ++line; break;
	  }
	  dynstr_append(&d, *template++);
	}
	if(!*template) fatal(0, "%s:%d: unterminated expansion '%.*s'",
			     name, sline, (int)(template - p), p);
	++template;
	if(isspace((unsigned char)*template)) {
	  /* We have @{...}<WHITESPACE><SOMETHING> */
	  for(p = template; isspace((unsigned char)*p); ++p)
	    ;
	  /* Now we are looking at <SOMETHING>.  If it's "{" then that
	   * must be the next argument.  Otherwise we infer that this
	   * is really the end of the expansion. */
	  if(*p != '{')
	    goto finished_expansion;
	}
      } else {
	/* unbracketed arg */
	while(*template
	      && *template != '@' && *template != '{' && *template != ':') {
	  if(*template == '\n') ++line;
	  dynstr_append(&d, *template++);
	}
	if(*template == ':')
	  ++template;
	if(!*template) fatal(0, "%s:%d: unterminated expansion '%.*s'",
			     name, sline, (int)(template - p), p);
	/* trailing whitespace is not significant in unquoted args */
	while(d.nvec && (isspace((unsigned char)d.vec[d.nvec - 1])))
	  --d.nvec;
      }
      dynstr_terminate(&d);
      vector_append(&v, d.vec);
    }
    ++template;
    finished_expansion:
    vector_terminate(&v);
    /* @@ terminates this file */
    if(v.nvec == 0)
      break;
    e = xmalloc(sizeof *e);
    e->next = 0;
    e->line = sline;
    e->type = ELEMENT_EXPANSION;
    e->name = v.vec[0];
    e->nargs = v.nvec - 1;
    e->args = &v.vec[1];
    *tailp = e;
    tailp = &e->next;
  }
  return head;
}

void cgi_expand_string(const char *name,
		       const char *template,
		       const struct cgi_expansion *expansions,
		       size_t nexpansions,
		       cgi_sink *output,
		       void *u) {
  int n, m;
  char *argname;
  struct dynstr d;
  cgi_sink parameter_output;
  const struct cgi_macro *macro;

  struct cgi_element *e;

  for(e = cgi_parse_string(name, template); e; e = e->next) {
    switch(e->type) {
    case ELEMENT_TEXT:
      output->sink->write(output->sink, e->text, strlen(e->text));
      break;
    case ELEMENT_EXPANSION:
      if((n = table_find(expansions,
			 offsetof(struct cgi_expansion, name),
			 sizeof (struct cgi_expansion),
			 nexpansions,
			 e->name)) >= 0) {
	/* We found a built-in */
	if(e->nargs < expansions[n].minargs)
	  fatal(0, "%s:%d: insufficient arguments to @%s@ (min %d, got %d)",
		name, e->line, e->name, expansions[n].minargs, e->nargs);
	if(e->nargs > expansions[n].maxargs)
	  fatal(0, "%s:%d: too many arguments to @%s@ (max %d, got %d)",
		name, e->line, e->name, expansions[n].maxargs, e->nargs);
	/* for ordinary expansions, recursively expand the arguments */
	if(!(expansions[n].flags & EXP_MAGIC)) {
	  for(m = 0; m < e->nargs; ++m) {
	    dynstr_init(&d);
	    byte_xasprintf(&argname, "<%s:%d arg #%d>", name, e->line, m);
	    parameter_output.quote = 0;
	    parameter_output.sink = sink_dynstr(&d);
	    cgi_expand_string(argname, e->args[m],
			      expansions, nexpansions,
			      &parameter_output, u);
	    dynstr_terminate(&d);
	    e->args[m] = d.vec;
	  }
	}
	expansions[n].handler(e->nargs, e->args, output, u);
      } else if(cgi_macros && (macro = hash_find(cgi_macros, e->name))) {
	/* We found a macro */
	if(e->nargs != macro->nargs)
	  fatal(0, "%s:%d: wrong number of arguments to @%s@ (need %d, got %d)",
		name, e->line, e->name, macro->nargs, e->nargs);
	/* We must substitute in argument values */
	/* TODO  */
	cgi_expand_string(e->name,
			  macro->value,
			  expansions,
			  nexpansions,
			  output,
			  u);
      } else {
	/* Totally undefined */
	fatal(0, "%s:%d: unknown expansion '%s'", name, e->line, e->name);
      }
      break;
    }
  }
}

char *cgi_makeurl(const char *url, ...) {
  va_list ap;
  struct kvp *kvp, *k, **kk = &kvp;
  struct dynstr d;
  const char *n, *v;
  
  dynstr_init(&d);
  dynstr_append_string(&d, url);
  va_start(ap, url);
  while((n = va_arg(ap, const char *))) {
    v = va_arg(ap, const char *);
    *kk = k = xmalloc(sizeof *k);
    kk = &k->next;
    k->name = n;
    k->value = v;
  }
  *kk = 0;
  if(kvp) {
    dynstr_append(&d, '?');
    dynstr_append_string(&d, kvp_urlencode(kvp, 0));
  }
  dynstr_terminate(&d);
  return d.vec;
}

void cgi_set_option(const char *name, const char *value) {
  struct kvp *k = xmalloc(sizeof *k);

  k->next = labels;
  k->name = name;
  k->value = value;
  labels = k;
}

static void option_label(int attribute((unused)) nvec,
			 char **vec) {
  cgi_set_option(vec[0], vec[1]);
}

static void option_include(int attribute((unused)) nvec,
			   char **vec) {
  include_options(vec[0]);
}

static void option_columns(int nvec,
			    char **vec) {
  struct column *c = xmalloc(sizeof *c);
  
  c->next = columns;
  c->name = vec[0];
  c->ncolumns = nvec - 1;
  c->columns = &vec[1];
  columns = c;
}

static struct option {
  const char *name;
  int minargs, maxargs;
  void (*handler)(int nvec, char **vec);
} options[] = {
  { "columns", 1, INT_MAX, option_columns },
  { "include", 1, 1, option_include },
  { "label", 2, 2, option_label },
};

struct read_options_state {
  const char *name;
  int line;
};

static void read_options_error(const char *msg,
			       void *u) {
  struct read_options_state *cs = u;
  
  error(0, "%s:%d: %s", cs->name, cs->line, msg);
}

static void include_options(const char *name) {
  int n, i;
  int fd;
  FILE *fp;
  char **vec, *buffer;
  struct read_options_state cs;

  if((fd = template_open(name, "", &cs.name)) < 0) return;
  if(!(fp = fdopen(fd, "r"))) fatal(errno, "error calling fdopen");
  cs.line = 0;
  while(!inputline(cs.name, fp, &buffer, '\n')) {
    ++cs.line;
    if(!(vec = split(buffer, &n, SPLIT_COMMENTS|SPLIT_QUOTES,
		     read_options_error, &cs)))
      continue;
    if(!n) continue;
    if((i = TABLE_FIND(options, struct option, name, vec[0])) == -1) {
      error(0, "%s:%d: unknown option '%s'", cs.name, cs.line, vec[0]);
      continue;
    }
    ++vec;
    --n;
    if(n < options[i].minargs) {
      error(0, "%s:%d: too few arguments to '%s'", cs.name, cs.line, vec[-1]);
      continue;
    }
    if(n > options[i].maxargs) {
      error(0, "%s:%d: too many arguments to '%s'", cs.name, cs.line, vec[-1]);
      continue;
    }
    options[i].handler(n, vec);
  }
  fclose(fp);
}

static void read_options(void) {
  if(!have_read_options) {
    have_read_options = 1;
    include_options("options");
  }
}

const char *cgi_label(const char *key) {
  const char *label;

  read_options();
  if(!(label = kvp_get(labels, key))) {
    /* No label found */
    if(!strncmp(key, "images.", 7)) {
      static const char *url_static;
      /* images.X defaults to <url.static>X.png */

      if(!url_static)
	url_static = cgi_label("url.static");
      byte_xasprintf((char **)&label, "%s%s.png", url_static, key + 7);
    } else if((label = strchr(key, '.')))
      /* X.Y defaults to Y */
      ++label;
    else
      /* otherwise default to label name */
      label = key;
  }
  return label;
}

int cgi_label_exists(const char *key) {
  read_options();
  return kvp_get(labels, key) ? 1 : 0;
}

char **cgi_columns(const char *name, int *ncolumns) {
  struct column *c;

  read_options();
  for(c = columns; c && strcmp(name, c->name); c = c->next)
    ;
  if(c) {
    if(ncolumns)
      *ncolumns = c->ncolumns;
    return c->columns;
  } else {
    if(ncolumns)
      *ncolumns = 0;
    return 0;
  }
}

void cgi_define(const char *name,
		int nargs,
		char **args,
		const char *value) {
  struct cgi_macro m;

  if(!cgi_macros)
    cgi_macros = hash_new(sizeof(struct cgi_macro));
  m.nargs = nargs;
  m.args = args;
  m.value = value;
  hash_add(cgi_macros, name, &m, HASH_INSERT_OR_REPLACE);
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
End:
*/
Commit	Line	Data
460b9539	1	/*
460b9539	2	* This file is part of DisOrder.
5aff007d	3	* Copyright (C) 2004-2008 Richard Kettlewell
460b9539	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License as published by
	7	* the Free Software Foundation; either version 2 of the License, or
	8	* (at your option) any later version.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	* General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with this program; if not, write to the Free Software
	17	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
	18	* USA
	19	*/
	20
	21	#include <config.h>
	22	#include "types.h"
	23
	24	#include <string.h>
	25	#include <stdio.h>
	26	#include <unistd.h>
	27	#include <stdlib.h>
	28	#include <errno.h>
	29	#include <sys/stat.h>
	30	#include <stddef.h>
	31	#include <fcntl.h>
	32	#include <unistd.h>
	33	#include <pcre.h>
	34	#include <limits.h>
	35	#include <fnmatch.h>
	36	#include <ctype.h>
	37
	38	#include "mem.h"
	39	#include "log.h"
	40	#include "hex.h"
	41	#include "charset.h"
	42	#include "configuration.h"
	43	#include "table.h"
	44	#include "syscalls.h"
	45	#include "kvp.h"
	46	#include "vector.h"
	47	#include "split.h"
	48	#include "inputline.h"
	49	#include "regsub.h"
	50	#include "defs.h"
	51	#include "sink.h"
	52	#include "cgi.h"
	53	#include "printf.h"
	54	#include "mime.h"
18cda350	55	#include "unicode.h"
3dddcfa4	56	#include "hash.h"
460b9539	57
	58	struct kvp *cgi_args;
	59
	60	/* options */
	61	struct column {
	62	struct column *next;
	63	char *name;
	64	int ncolumns;
	65	char **columns;
	66	};
	67
3dddcfa4 RK	68	/* macros */
	69	struct cgi_macro {
	70	int nargs;
	71	char **args;
	72	const char *value;
	73	};
	74
	75	static hash *cgi_macros;
	76
c582f1e8 RK	77	/** @brief Parse of a template */
	78	struct cgi_element {
	79	/** @brief Next element */
	80	struct cgi_element *next;
	81
	82	/** @brief Element type */
	83	int type;
	84	#define ELEMENT_TEXT 0
	85	#define ELEMENT_EXPANSION 1
	86
	87	/** @brief Line number at start of element */
	88	int line;
	89
	90	/** @brief Plain text */
	91	char *text;
	92
	93	/** @brief Expansion name */
	94	char *name;
	95
	96	/** @brief Argument count */
	97	int nargs;
	98
	99	/** @brief Argument values (NOT recursively expanded) */
	100	char **args;
	101	};
	102
460b9539	103	#define RELIST(x) struct re x, *x##_tail = &x
	104
	105	static int have_read_options;
	106	static struct kvp *labels;
	107	static struct column *columns;
	108
	109	static void include_options(const char *name);
	110
	111	static void cgi_parse_get(void) {
	112	const char *q;
	113
	114	if(!(q = getenv("QUERY_STRING"))) fatal(0, "QUERY_STRING not set");
	115	cgi_args = kvp_urldecode(q, strlen(q));
	116	}
	117
	118	static void cgi_input(char *ptrp, size_t np) {
	119	const char *cl;
	120	char *q;
	121	size_t n, m = 0;
	122	int r;
	123
	124	if(!(cl = getenv("CONTENT_LENGTH"))) fatal(0, "CONTENT_LENGTH not set");
	125	n = atol(cl);
	126	q = xmalloc_noptr(n + 1);
	127	while(m < n) {
	128	r = read(0, q + m, n - m);
	129	if(r > 0)
	130	m += r;
	131	else if(r == 0)
	132	fatal(0, "unexpected end of file reading request body");
	133	else switch(errno) {
	134	case EINTR: break;
	135	default: fatal(errno, "error reading request body");
	136	}
	137	}
	138	if(memchr(q, 0, n)) fatal(0, "null character in request body");
	139	q[n + 1] = 0;
	140	*ptrp = q;
	141	if(np) *np = n;
	142	}
	143
	144	static int cgi_field_callback(const char name, const char value,
	145	void *u) {
	146	char disposition, pname, *pvalue;
	147	char **namep = u;
	148
	149	if(!strcmp(name, "content-disposition")) {
	150	if(mime_rfc2388_content_disposition(value,
	151	&disposition,
	152	&pname,
	153	&pvalue))
	154	fatal(0, "error parsing Content-Disposition field");
	155	if(!strcmp(disposition, "form-data")
	156	&& pname
	157	&& !strcmp(pname, "name")) {
	158	if(*namep)
	159	fatal(0, "duplicate Content-Disposition field");
	160	*namep = pvalue;
	161	}
	162	}
	163	return 0;
	164	}
	165
	166	static int cgi_part_callback(const char *s,
167	void attribute((unused)) *u) {
168	char *name = 0;
169	struct kvp *k;
170
171	if(!(s = mime_parse(s, cgi_field_callback, &name)))
172	fatal(0, "error parsing part header");
173	if(!name) fatal(0, "no name found");
174	k = xmalloc(sizeof *k);
175	k->next = cgi_args;
176	k->name = name;
177	k->value = s;
178	cgi_args = k;
179	return 0;
180	}
181
182	static void cgi_parse_multipart(const char *boundary) {
183	char *q;
184
185	cgi_input(&q, 0);
186	if(mime_multipart(q, cgi_part_callback, boundary, 0))
187	fatal(0, "invalid multipart object");
188	}
189
190	static void cgi_parse_post(void) {
9bce81d1	191	const char ct, boundary;
9bce81d1	192	char q, type;
460b9539	193	size_t n;
9bce81d1	194	struct kvp *k;
460b9539	195
	196	if(!(ct = getenv("CONTENT_TYPE")))
	197	ct = "application/x-www-form-urlencoded";
9bce81d1	198	if(mime_content_type(ct, &type, &k))
460b9539	199	fatal(0, "invalid content type '%s'", ct);
	200	if(!strcmp(type, "application/x-www-form-urlencoded")) {
	201	cgi_input(&q, &n);
	202	cgi_args = kvp_urldecode(q, n);
	203	return;
	204	}
	205	if(!strcmp(type, "multipart/form-data")) {
9bce81d1	206	if(!(boundary = kvp_get(k, "boundary")))
	207	fatal(0, "no boundary parameter found");
	208	cgi_parse_multipart(boundary);
460b9539	209	return;
	210	}
	211	fatal(0, "unrecognized content type '%s'", type);
	212	}
	213
	214	void cgi_parse(void) {
	215	const char *p;
	216	struct kvp *k;
	217
	218	if(!(p = getenv("REQUEST_METHOD"))) fatal(0, "REQUEST_METHOD not set");
	219	if(!strcmp(p, "GET"))
	220	cgi_parse_get();
	221	else if(!strcmp(p, "POST"))
	222	cgi_parse_post();
	223	else
	224	fatal(0, "unknown request method %s", p);
	225	for(k = cgi_args; k; k = k->next)
18cda350 RK	226	if(!utf8_valid(k->name, strlen(k->name))
18cda350 RK	227	\|\| !utf8_valid(k->value, strlen(k->value)))
460b9539	228	fatal(0, "invalid UTF-8 sequence in cgi argument");
	229	}
	230
	231	const char cgi_get(const char name) {
	232	return kvp_get(cgi_args, name);
	233	}
	234
	235	void cgi_output(cgi_sink output, const char fmt, ...) {
	236	va_list ap;
	237	int n;
	238	char *r;
	239
	240	va_start(ap, fmt);
	241	n = byte_vasprintf(&r, fmt, ap);
	242	if(n < 0)
	243	fatal(errno, "error calling byte_vasprintf");
	244	if(output->quote)
	245	r = cgi_sgmlquote(r, 0);
	246	output->sink->write(output->sink, r, strlen(r));
	247	va_end(ap);
	248	}
	249
	250	void cgi_header(struct sink output, const char name, const char *value) {
	251	sink_printf(output, "%s: %s\r\n", name, value);
	252	}
	253
	254	void cgi_body(struct sink *output) {
	255	sink_printf(output, "\r\n");
	256	}
	257
	258	char cgi_sgmlquote(const char s, int raw) {
	259	uint32_t ucs, p, c;
	260	char b, bp;
	261	int n;
	262
	263	if(!raw) {
caecd4f4	264	if(!(ucs = utf8_to_utf32(s, strlen(s), 0))) exit(EXIT_FAILURE);
460b9539	265	} else {
	266	ucs = xmalloc_noptr((strlen(s) + 1) * sizeof(uint32_t));
	267	for(n = 0; s[n]; ++n)
	268	ucs[n] = (unsigned char)s[n];
	269	ucs[n] = 0;
	270	}
	271
	272	n = 1;
	273	/* estimate the length we'll need */
	274	for(p = ucs; (c = *p); ++p) {
	275	switch(c) {
	276	default:
	277	if(c > 127 \|\| c < 32) {
	278	case '"':
	279	case '&':
	280	case '<':
	281	case '>':
	282	n += 12;
	283	break;
	284	} else
	285	n++;
	286	}
	287	}
	288	/* format the string */
	289	b = bp = xmalloc_noptr(n);
	290	for(p = ucs; (c = *p); ++p) {
	291	switch(c) {
	292	default:
	293	if(p > 127 \|\| p < 32) {
	294	case '"':
	295	case '&':
	296	case '<':
	297	case '>':
	298	bp += sprintf(bp, "&#%lu;", (unsigned long)c);
	299	break;
	300	} else
	301	*bp++ = c;
	302	}
	303	}
	304	*bp = 0;
	305	return b;
	306	}
	307
	308	void cgi_attr(struct sink output, const char name, const char *value) {
	309	if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz"
	310	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	311	"0123456789")])
	312	sink_printf(output, "%s=%s", name, value);
	313	else
	314	sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value, 0));
	315	}
	316
	317	void cgi_opentag(struct sink output, const char name, ...) {
	318	va_list ap;
	319	const char n, v;
	320
	321	sink_printf(output, "<%s", name);
	322	va_start(ap, name);
	323	while((n = va_arg(ap, const char *))) {
	324	sink_printf(output, " ");
	325	v = va_arg(ap, const char *);
	326	if(v)
	327	cgi_attr(output, n, v);
	328	else
329	sink_printf(output, n);
330	}
331	sink_printf(output, ">");
332	}
333
334	void cgi_closetag(struct sink output, const char name) {
335	sink_printf(output, "</%s>", name);
336	}
337
338	static int template_open(const char *name,
339	const char *ext,
340	const char **filenamep) {
341	const char *dirs[2];
342	int fd = -1, n;
343	char *fullpath;
344
345	dirs[0] = pkgconfdir;
346	dirs[1] = pkgdatadir;
347	if(name[0] == '/') {
348	if((fd = open(name, O_RDONLY)) < 0) fatal(0, "cannot open %s", name);
349	*filenamep = name;
350	} else {
351	for(n = 0; n < config->templates.n + (int)(sizeof dirs / sizeof *dirs); ++n) {
352	byte_xasprintf(&fullpath, "%s/%s%s",
353	n < config->templates.n ? config->templates.s[n]
354	: dirs[n - config->templates.n],
355	name, ext);
356	if((fd = open(fullpath, O_RDONLY)) >= 0) break;
357	}
358	if(fd < 0) error(0, "cannot find %s%s in template path", name, ext);
359	*filenamep = fullpath;
360	}
361	return fd;
362	}
363
364	static int valid_template_name(const char *name) {
365	if(strchr(name, '/') \|\| name[0] == '.')
366	return 0;
367	return 1;
368	}
369
370	void cgi_expand(const char *template,
371	const struct cgi_expansion *expansions,
372	size_t nexpansions,
373	cgi_sink *output,
374	void *u) {
375	int fd = -1;
376	int n;
377	off_t m;
378	char *b;
379	struct stat sb;
380
381	if(!valid_template_name(template))
382	fatal(0, "invalid template name '%s'", template);
383	if((fd = template_open(template, ".html", &template)) < 0)
384	exitfn(EXIT_FAILURE);
385	if(fstat(fd, &sb) < 0) fatal(errno, "cannot stat %s", template);
386	m = 0;
387	b = xmalloc_noptr(sb.st_size + 1);
388	while(m < sb.st_size) {
389	n = read(fd, b + m, sb.st_size - m);
390	if(n > 0) m += n;
391	else if(n == 0) fatal(0, "unexpected EOF reading %s", template);
392	else if(errno != EINTR) fatal(errno, "error reading %s", template);
393	}
394	b[sb.st_size] = 0;
395	xclose(fd);
396	cgi_expand_string(template, b, expansions, nexpansions, output, u);
397	}
398
c582f1e8 RK	399	/** @brief Return a linked list of the parse of @p template */
	400	static struct cgi_element cgi_parse_string(const char name,
	401	const char *template) {
	402	int braces, line = 1, sline;
460b9539	403	const char *p;
	404	struct vector v;
	405	struct dynstr d;
c582f1e8 RK	406	struct cgi_element head = 0, tailp = &head, e;
c582f1e8 RK	407
460b9539	408	while(*template) {
460b9539	409	if(*template != '@') {
c582f1e8 RK	410	sline = line;
	411	dynstr_init(&d);
	412	/* Gather up text without any expansions in. */
	413	while(template && template != '@') {
	414	if(*template == '\n')
	415	++line;
	416	dynstr_append(&d, *template++);
460b9539	417	}
c582f1e8 RK	418	dynstr_terminate(&d);
	419	e = xmalloc(sizeof *e);
	420	e->next = 0;
	421	e->line = sline;
	422	e->type = ELEMENT_TEXT;
	423	e->text = d.vec;
	424	*tailp = e;
	425	tailp = &e->next;
460b9539	426	continue;
	427	}
	428	vector_init(&v);
	429	braces = 0;
c582f1e8	430	p = template;
460b9539	431	++template;
	432	sline = line;
	433	while(*template != '@') {
f6b388d0 RK	434	/* Skip whitespace */
	435	while(isspace((unsigned char)*template))
	436	++template;
460b9539	437	dynstr_init(&d);
	438	if(*template == '{') {
	439	/* bracketed arg */
	440	++template;
	441	while(template && (template != '}' \|\| braces > 0)) {
	442	switch(*template) {
	443	case '{': ++braces; break;
	444	case '}': --braces; break;
	445	case '\n': ++line; break;
	446	}
	447	dynstr_append(&d, *template++);
	448	}
c582f1e8 RK	449	if(!template) fatal(0, "%s:%d: unterminated expansion '%.s'",
c582f1e8 RK	450	name, sline, (int)(template - p), p);
460b9539	451	++template;
f6b388d0 RK	452	if(isspace((unsigned char)*template)) {
	453	/* We have @{...}<WHITESPACE><SOMETHING> */
	454	for(p = template; isspace((unsigned char)*p); ++p)
	455	;
	456	/* Now we are looking at <SOMETHING>. If it's "{" then that
	457	* must be the next argument. Otherwise we infer that this
	458	* is really the end of the expansion. */
	459	if(*p != '{')
	460	goto finished_expansion;
	461	}
460b9539	462	} else {
460b9539	463	/* unbracketed arg */
460b9539	464	while(*template
	465	&& template != '@' && template != '{' && *template != ':') {
	466	if(*template == '\n') ++line;
	467	dynstr_append(&d, *template++);
	468	}
	469	if(*template == ':')
	470	++template;
c582f1e8 RK	471	if(!template) fatal(0, "%s:%d: unterminated expansion '%.s'",
c582f1e8 RK	472	name, sline, (int)(template - p), p);
460b9539	473	/* trailing whitespace is not significant in unquoted args */
	474	while(d.nvec && (isspace((unsigned char)d.vec[d.nvec - 1])))
	475	--d.nvec;
	476	}
	477	dynstr_terminate(&d);
	478	vector_append(&v, d.vec);
	479	}
	480	++template;
c582f1e8	481	finished_expansion:
460b9539	482	vector_terminate(&v);
	483	/* @@ terminates this file */
	484	if(v.nvec == 0)
	485	break;
c582f1e8 RK	486	e = xmalloc(sizeof *e);
	487	e->next = 0;
	488	e->line = sline;
	489	e->type = ELEMENT_EXPANSION;
	490	e->name = v.vec[0];
	491	e->nargs = v.nvec - 1;
	492	e->args = &v.vec[1];
	493	*tailp = e;
	494	tailp = &e->next;
	495	}
	496	return head;
	497	}
	498
	499	void cgi_expand_string(const char *name,
	500	const char *template,
	501	const struct cgi_expansion *expansions,
	502	size_t nexpansions,
	503	cgi_sink *output,
	504	void *u) {
	505	int n, m;
	506	char *argname;
	507	struct dynstr d;
	508	cgi_sink parameter_output;
	509	const struct cgi_macro *macro;
	510
	511	struct cgi_element *e;
	512
	513	for(e = cgi_parse_string(name, template); e; e = e->next) {
	514	switch(e->type) {
	515	case ELEMENT_TEXT:
	516	output->sink->write(output->sink, e->text, strlen(e->text));
	517	break;
	518	case ELEMENT_EXPANSION:
	519	if((n = table_find(expansions,
	520	offsetof(struct cgi_expansion, name),
	521	sizeof (struct cgi_expansion),
	522	nexpansions,
	523	e->name)) >= 0) {
	524	/* We found a built-in */
	525	if(e->nargs < expansions[n].minargs)
	526	fatal(0, "%s:%d: insufficient arguments to @%s@ (min %d, got %d)",
	527	name, e->line, e->name, expansions[n].minargs, e->nargs);
	528	if(e->nargs > expansions[n].maxargs)
	529	fatal(0, "%s:%d: too many arguments to @%s@ (max %d, got %d)",
	530	name, e->line, e->name, expansions[n].maxargs, e->nargs);
	531	/* for ordinary expansions, recursively expand the arguments */
	532	if(!(expansions[n].flags & EXP_MAGIC)) {
	533	for(m = 0; m < e->nargs; ++m) {
	534	dynstr_init(&d);
	535	byte_xasprintf(&argname, "<%s:%d arg #%d>", name, e->line, m);
	536	parameter_output.quote = 0;
	537	parameter_output.sink = sink_dynstr(&d);
	538	cgi_expand_string(argname, e->args[m],
	539	expansions, nexpansions,
	540	&parameter_output, u);
	541	dynstr_terminate(&d);
	542	e->args[m] = d.vec;
	543	}
3dddcfa4	544	}
c582f1e8 RK	545	expansions[n].handler(e->nargs, e->args, output, u);
	546	} else if(cgi_macros && (macro = hash_find(cgi_macros, e->name))) {
	547	/* We found a macro */
	548	if(e->nargs != macro->nargs)
	549	fatal(0, "%s:%d: wrong number of arguments to @%s@ (need %d, got %d)",
	550	name, e->line, e->name, macro->nargs, e->nargs);
	551	/* We must substitute in argument values */
	552	/* TODO */
	553	cgi_expand_string(e->name,
	554	macro->value,
	555	expansions,
	556	nexpansions,
	557	output,
	558	u);
	559	} else {
	560	/* Totally undefined */
	561	fatal(0, "%s:%d: unknown expansion '%s'", name, e->line, e->name);
460b9539	562	}
c582f1e8	563	break;
460b9539	564	}
460b9539	565	}
	566	}
	567
	568	char cgi_makeurl(const char url, ...) {
	569	va_list ap;
	570	struct kvp kvp, k, **kk = &kvp;
	571	struct dynstr d;
	572	const char n, v;
	573
	574	dynstr_init(&d);
	575	dynstr_append_string(&d, url);
	576	va_start(ap, url);
	577	while((n = va_arg(ap, const char *))) {
	578	v = va_arg(ap, const char *);
	579	kk = k = xmalloc(sizeof k);
	580	kk = &k->next;
	581	k->name = n;
	582	k->value = v;
	583	}
	584	*kk = 0;
	585	if(kvp) {
	586	dynstr_append(&d, '?');
	587	dynstr_append_string(&d, kvp_urlencode(kvp, 0));
	588	}
	589	dynstr_terminate(&d);
	590	return d.vec;
	591	}
	592
	593	void cgi_set_option(const char name, const char value) {
	594	struct kvp k = xmalloc(sizeof k);
	595
	596	k->next = labels;
	597	k->name = name;
	598	k->value = value;
	599	labels = k;
	600	}
	601
	602	static void option_label(int attribute((unused)) nvec,
	603	char **vec) {
	604	cgi_set_option(vec[0], vec[1]);
	605	}
	606
	607	static void option_include(int attribute((unused)) nvec,
	608	char **vec) {
	609	include_options(vec[0]);
	610	}
	611
	612	static void option_columns(int nvec,
	613	char **vec) {
	614	struct column c = xmalloc(sizeof c);
	615
	616	c->next = columns;
	617	c->name = vec[0];
	618	c->ncolumns = nvec - 1;
	619	c->columns = &vec[1];
	620	columns = c;
	621	}
	622
	623	static struct option {
	624	const char *name;
	625	int minargs, maxargs;
	626	void (handler)(int nvec, char *vec);
	627	} options[] = {
	628	{ "columns", 1, INT_MAX, option_columns },
629	{ "include", 1, 1, option_include },
630	{ "label", 2, 2, option_label },
631	};
632
633	struct read_options_state {
634	const char *name;
635	int line;
636	};
637
638	static void read_options_error(const char *msg,
639	void *u) {
640	struct read_options_state *cs = u;
641
642	error(0, "%s:%d: %s", cs->name, cs->line, msg);
643	}
644
645	static void include_options(const char *name) {
646	int n, i;
647	int fd;
648	FILE *fp;
649	char *vec, buffer;
650	struct read_options_state cs;
651
652	if((fd = template_open(name, "", &cs.name)) < 0) return;
653	if(!(fp = fdopen(fd, "r"))) fatal(errno, "error calling fdopen");
654	cs.line = 0;
655	while(!inputline(cs.name, fp, &buffer, '\n')) {
656	++cs.line;
657	if(!(vec = split(buffer, &n, SPLIT_COMMENTS\|SPLIT_QUOTES,
658	read_options_error, &cs)))
659	continue;
660	if(!n) continue;
661	if((i = TABLE_FIND(options, struct option, name, vec[0])) == -1) {
662	error(0, "%s:%d: unknown option '%s'", cs.name, cs.line, vec[0]);
663	continue;
664	}
665	++vec;
666	--n;
667	if(n < options[i].minargs) {
668	error(0, "%s:%d: too few arguments to '%s'", cs.name, cs.line, vec[-1]);
669	continue;
670	}
671	if(n > options[i].maxargs) {
672	error(0, "%s:%d: too many arguments to '%s'", cs.name, cs.line, vec[-1]);
673	continue;
674	}
675	options[i].handler(n, vec);
676	}
677	fclose(fp);
678	}
679
680	static void read_options(void) {
681	if(!have_read_options) {
682	have_read_options = 1;
683	include_options("options");
684	}
685	}
686
687	const char cgi_label(const char key) {
688	const char *label;
689
690	read_options();
691	if(!(label = kvp_get(labels, key))) {
5e34540b	692	/* No label found */
	693	if(!strncmp(key, "images.", 7)) {
	694	static const char *url_static;
	695	/* images.X defaults to <url.static>X.png */
	696
	697	if(!url_static)
	698	url_static = cgi_label("url.static");
	699	byte_xasprintf((char **)&label, "%s%s.png", url_static, key + 7);
	700	} else if((label = strchr(key, '.')))
	701	/* X.Y defaults to Y */
460b9539	702	++label;
460b9539	703	else
5e34540b	704	/* otherwise default to label name */
460b9539	705	label = key;
	706	}
	707	return label;
	708	}
	709
8f9616f1 RK	710	int cgi_label_exists(const char *key) {
	711	read_options();
	712	return kvp_get(labels, key) ? 1 : 0;
	713	}
	714
460b9539	715	char *cgi_columns(const char name, int *ncolumns) {
	716	struct column *c;
	717
	718	read_options();
	719	for(c = columns; c && strcmp(name, c->name); c = c->next)
	720	;
	721	if(c) {
	722	if(ncolumns)
	723	*ncolumns = c->ncolumns;
	724	return c->columns;
	725	} else {
	726	if(ncolumns)
	727	*ncolumns = 0;
	728	return 0;
	729	}
	730	}
	731
3dddcfa4 RK	732	void cgi_define(const char *name,
	733	int nargs,
	734	char **args,
	735	const char *value) {
	736	struct cgi_macro m;
	737
	738	if(!cgi_macros)
	739	cgi_macros = hash_new(sizeof(struct cgi_macro));
	740	m.nargs = nargs;
	741	m.args = args;
	742	m.value = value;
	743	hash_add(cgi_macros, name, &m, HASH_INSERT_OR_REPLACE);
	744	}
	745
460b9539	746	/*
	747	Local Variables:
	748	c-basic-offset:2
	749	comment-column:40
	750	End:
	751	*/