chiark / gitweb /
~mdw / disorder / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Better visual feedback in users window: the apply button is
[disorder] / cgi / actions.c
CommitLineData
bca4e2b7
RK		 1/*
2 * This file is part of DisOrder.
3 * Copyright (C) 2004-2008 Richard Kettlewell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
18 * USA
19 */
1e97629d
RK		 20/** @file server/actions.c
21 * @brief DisOrder web actions
22 *
23 * Actions are anything that the web interface does beyond passive template
24 * expansion and inspection of state recieved from the server. This means
25 * playing tracks, editing prefs etc but also setting extra headers e.g. to
26 * auto-refresh the playing list.
27 */
bca4e2b7 28
1e97629d 29#include "disorder-cgi.h"
5a7df048
RK		 30
31/** @brief Redirect to some other action or URL */
32static void redirect(const char *url) {
33 /* By default use the 'back' argument */
34 if(!url)
71634563 35 url = cgi_get("back");
04aa2c4f 36 if(url && *url) {
e7ce7665 37 if(strncmp(url, "http", 4))
5a7df048
RK		 38 /* If the target is not a full URL assume it's the action */
39 url = cgi_makeurl(config->url, "action", url, (char *)0);
40 } else {
41 /* If back= is not set just go back to the front page */
42 url = config->url;
43 }
44 if(printf("Location: %s\n"
45 "%s\n"
1e97629d 46 "\n", url, dcgi_cookie_header()) < 0)
5a7df048
RK		 47 fatal(errno, "error writing to stdout");
48}
49
5c1ae3bc
RK		 50/*! playing
51 *
52 * Expands \fIplaying.tmpl\fR as if there was no special 'playing' action, but
53 * adds a Refresh: field to the HTTP header. The maximum refresh interval is
54 * defined by \fBrefresh\fR (see \fBdisorder_config\fR(5)) but may be less if
55 * the end of the track is near.
56 */
57/*! manage
58 *
59 * Expands \fIplaying.tmpl\fR (NB not \fImanage.tmpl\fR) as if there was no
60 * special 'playing' action, and adds a Refresh: field to the HTTP header. The
61 * maximum refresh interval is defined by \Bfrefresh\fR (see
62 * \fBdisorder_config\fR(5)) but may be less if the end of the track is near.
63 */
448d3570
RK		 64static void act_playing(void) {
65 long refresh = config->refresh;
66 long length;
67 time_t now, fin;
68 char *url;
71634563 69 const char *action;
448d3570 70
1e97629d
RK		 71 dcgi_lookup(DCGI_PLAYING|DCGI_QUEUE|DCGI_ENABLED|DCGI_RANDOM_ENABLED);
72 if(dcgi_playing
73 && dcgi_playing->state == playing_started /* i.e. not paused */
74 && !disorder_length(dcgi_client, dcgi_playing->track, &length)
448d3570 75 && length
1e97629d 76 && dcgi_playing->sofar >= 0) {
448d3570
RK		 77 /* Try to put the next refresh at the start of the next track. */
78 time(&now);
1e97629d 79 fin = now + length - dcgi_playing->sofar + config->gap;
448d3570
RK		 80 if(now + refresh > fin)
81 refresh = fin - now;
82 }
1e97629d 83 if(dcgi_queue && dcgi_queue->state == playing_isscratch) {
448d3570
RK		 84 /* next track is a scratch, don't leave more than the inter-track gap */
85 if(refresh > config->gap)
86 refresh = config->gap;
87 }
1e97629d
RK		 88 if(!dcgi_playing
89 && ((dcgi_queue
90 && dcgi_queue->state != playing_random)
91 || dcgi_random_enabled)
92 && dcgi_enabled) {
448d3570
RK		 93 /* no track playing but playing is enabled and there is something coming
94 * up, must be in a gap */
95 if(refresh > config->gap)
96 refresh = config->gap;
97 }
98 if((action = cgi_get("action")))
99 url = cgi_makeurl(config->url, "action", action, (char *)0);
100 else
101 url = config->url;
e7ce7665
RK		 102 if(printf("Refresh: %ld;url=%s\n",
103 refresh, url) < 0)
448d3570 104 fatal(errno, "error writing to stdout");
e7ce7665 105 dcgi_expand("playing", 1);
1e97629d
RK		 106}
107
5c1ae3bc
RK		 108/*! disable
109 *
110 * Disables play.
111 */
1e97629d
RK		 112static void act_disable(void) {
113 if(dcgi_client)
114 disorder_disable(dcgi_client);
115 redirect(0);
116}
117
5c1ae3bc
RK		 118/*! enable
119 *
120 * Enables play.
121 */
1e97629d
RK		 122static void act_enable(void) {
123 if(dcgi_client)
124 disorder_enable(dcgi_client);
125 redirect(0);
126}
127
5c1ae3bc
RK		 128/*! random-disable
129 *
130 * Disables random play.
131 */
1e97629d
RK		 132static void act_random_disable(void) {
133 if(dcgi_client)
134 disorder_random_disable(dcgi_client);
135 redirect(0);
136}
137
5c1ae3bc
RK		 138/*! random-enable
139 *
140 * Enables random play.
141 */
1e97629d
RK		 142static void act_random_enable(void) {
143 if(dcgi_client)
144 disorder_random_enable(dcgi_client);
145 redirect(0);
448d3570
RK		 146}
147
5c1ae3bc
RK		 148/*! pause
149 *
150 * Pauses the current track (if there is one and it's not paused already).
151 */
6d9dd8d9
RK		 152static void act_pause(void) {
153 if(dcgi_client)
154 disorder_pause(dcgi_client);
155 redirect(0);
156}
157
5c1ae3bc
RK		 158/*! resume
159 *
160 * Resumes the current track (if there is one and it's paused).
161 */
6d9dd8d9
RK		 162static void act_resume(void) {
163 if(dcgi_client)
164 disorder_resume(dcgi_client);
165 redirect(0);
166}
167
5c1ae3bc
RK		 168/*! remove
169 *
170 * Removes the track given by the \fBid\fR argument. If this is the currently
171 * playing track then it is scratched.
172 */
a2c4ad5f
RK		 173static void act_remove(void) {
174 const char *id;
175 struct queue_entry *q;
176
177 if(dcgi_client) {
178 if(!(id = cgi_get("id")))
179 error(0, "missing 'id' argument");
180 else if(!(q = dcgi_findtrack(id)))
181 error(0, "unknown queue id %s", id);
182 else switch(q->state) {
183 case playing_isscratch:
184 case playing_failed:
185 case playing_no_player:
186 case playing_ok:
187 case playing_quitting:
188 case playing_scratched:
189 error(0, "does not make sense to scratch %s", id);
190 break;
191 case playing_paused: /* started but paused */
192 case playing_started: /* started to play */
193 disorder_scratch(dcgi_client, id);
194 break;
195 case playing_random: /* unplayed randomly chosen track */
196 case playing_unplayed: /* haven't played this track yet */
197 disorder_remove(dcgi_client, id);
198 break;
199 }
200 }
201 redirect(0);
202}
203
5c1ae3bc
RK		 204/*! move
205 *
206 * Moves the track given by the \fBid\fR argument the distance given by the
207 * \fBdelta\fR argument. If this is positive the track is moved earlier in the
208 * queue and if negative, later.
209 */
6d9dd8d9
RK		 210static void act_move(void) {
211 const char *id, *delta;
212 struct queue_entry *q;
213
214 if(dcgi_client) {
215 if(!(id = cgi_get("id")))
216 error(0, "missing 'id' argument");
217 else if(!(delta = cgi_get("delta")))
218 error(0, "missing 'delta' argument");
219 else if(!(q = dcgi_findtrack(id)))
220 error(0, "unknown queue id %s", id);
221 else switch(q->state) {
222 case playing_random: /* unplayed randomly chosen track */
223 case playing_unplayed: /* haven't played this track yet */
224 disorder_move(dcgi_client, id, atol(delta));
225 break;
226 default:
227 error(0, "does not make sense to scratch %s", id);
228 break;
229 }
230 }
231 redirect(0);
232}
233
5c1ae3bc
RK		 234/*! play
235 *
236 * Play the track given by the \fBtrack\fR argument, or if that is not set all
237 * the tracks in the directory given by the \fBdir\fR argument.
238 */
6d9dd8d9
RK		 239static void act_play(void) {
240 const char *track, *dir;
241 char **tracks;
242 int ntracks, n;
243 struct dcgi_entry *e;
244
245 if(dcgi_client) {
02eaa49d 246 if((track = cgi_get("track"))) {
6d9dd8d9
RK		 247 disorder_play(dcgi_client, track);
248 } else if((dir = cgi_get("dir"))) {
249 if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks))
250 ntracks = 0;
2fadbbc6 251 /* TODO use tracksort_init */
6d9dd8d9
RK		 252 e = xmalloc(ntracks * sizeof (struct dcgi_entry));
253 for(n = 0; n < ntracks; ++n) {
254 e[n].track = tracks[n];
255 e[n].sort = trackname_transform("track", tracks[n], "sort");
256 e[n].display = trackname_transform("track", tracks[n], "display");
257 }
258 qsort(e, ntracks, sizeof (struct dcgi_entry), dcgi_compare_entry);
259 for(n = 0; n < ntracks; ++n)
260 disorder_play(dcgi_client, e[n].track);
261 }
262 }
263 redirect(0);
264}
265
266static int clamp(int n, int min, int max) {
267 if(n < min)
268 return min;
269 if(n > max)
270 return max;
271 return n;
272}
273
5c1ae3bc
RK		 274/*! volume
275 *
276 * If the \fBdelta\fR argument is set: adjust both channels by that amount (up
277 * if positive, down if negative).
278 *
279 * Otherwise if \fBleft\fR and \fBright\fR are set, set the channels
280 * independently to those values.
281 */
6d9dd8d9
RK		 282static void act_volume(void) {
283 const char *l, *r, *d;
284 int nd;
285
286 if(dcgi_client) {
287 if((d = cgi_get("delta"))) {
288 dcgi_lookup(DCGI_VOLUME);
289 nd = clamp(atoi(d), -255, 255);
290 disorder_set_volume(dcgi_client,
291 clamp(dcgi_volume_left + nd, 0, 255),
292 clamp(dcgi_volume_right + nd, 0, 255));
293 } else if((l = cgi_get("left")) && (r = cgi_get("right")))
294 disorder_set_volume(dcgi_client, atoi(l), atoi(r));
295 }
296 redirect(0);
297}
298
e7ce7665 299/** @brief Expand the login template with @b @@error set to @p error
b7e452c7 300 * @param e Error keyword
e7ce7665 301 */
b7e452c7
RK		 302static void login_error(const char *e) {
303 dcgi_error_string = e;
e7ce7665
RK		 304 dcgi_expand("login", 1);
305}
306
307/** @brief Log in
308 * @param username Login name
309 * @param password Password
310 * @return 0 on success, non-0 on error
311 *
312 * On error, calls login_error() to expand the login template.
313 */
314static int login_as(const char *username, const char *password) {
315 disorder_client *c;
316
317 if(dcgi_cookie && dcgi_client)
318 disorder_revoke(dcgi_client);
319 /* We'll need a new connection as we are going to stop being guest */
320 c = disorder_new(0);
321 if(disorder_connect_user(c, username, password)) {
322 login_error("loginfailed");
323 return -1;
324 }
325 /* Generate a cookie so we can log in again later */
326 if(disorder_make_cookie(c, &dcgi_cookie)) {
327 login_error("cookiefailed");
328 return -1;
329 }
330 /* Use the new connection henceforth */
331 dcgi_client = c;
332 dcgi_lookup_reset();
333 return 0; /* OK */
334}
335
5c1ae3bc
RK		 336/*! login
337 *
338 * If \fBusername\fR and \fBpassword\fR are set (and the username isn't
339 * "guest") then attempt to log in using those credentials. On success,
340 * redirects to the \fBback\fR argument if that is set, or just expands
341 * \fIlogin.tmpl\fI otherwise, with \fB@status\fR set to \fBloginok\fR.
342 *
343 * If they aren't set then just expands \fIlogin.tmpl\fI.
344 */
e7ce7665
RK		 345static void act_login(void) {
346 const char *username, *password;
347
348 /* We try all this even if not connected since the subsequent connection may
349 * succeed. */
350
351 username = cgi_get("username");
352 password = cgi_get("password");
353 if(!username
354 || !password
355 || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
356 /* We're just visiting the login page, not performing an action at all. */
357 dcgi_expand("login", 1);
358 return;
359 }
360 if(!login_as(username, password)) {
361 /* Report the succesful login */
362 dcgi_status_string = "loginok";
2cc4c0ef
RK		 363 /* Redirect back to where we came from, if necessary */
364 if(cgi_get("back"))
365 redirect(0);
366 else
367 dcgi_expand("login", 1);
e7ce7665
RK		 368 }
369}
370
5c1ae3bc
RK		 371/*! logout
372 *
373 * Logs out the current user and expands \fIlogin.tmpl\fR with \fBstatus\fR or
374 * \fB@error\fR set according to the result.
375 */
e7ce7665
RK		 376static void act_logout(void) {
377 if(dcgi_client) {
378 /* Ask the server to revoke the cookie */
379 if(!disorder_revoke(dcgi_client))
380 dcgi_status_string = "logoutok";
381 else
382 dcgi_error_string = "revokefailed";
383 } else {
384 /* We can't guarantee a logout if we can't connect to the server to revoke
385 * the cookie, so we report an error. We'll still ask the browser to
386 * forget the cookie though. */
387 dcgi_error_string = "connect";
388 }
389 /* Attempt to reconnect without the cookie */
390 dcgi_cookie = 0;
391 dcgi_login();
392 /* Back to login page, hopefuly forcing the browser to forget the cookie. */
393 dcgi_expand("login", 1);
394}
395
5c1ae3bc
RK		 396/*! register
397 *
398 * Register a new user using \fBusername\fR, \fBpassword1\fR, \fBpassword2\fR
399 * and \fBemail\fR and expands \fIlogin.tmpl\fR with \fBstatus\fR or
400 * \fB@error\fR set according to the result.
401 */
e7ce7665
RK		 402static void act_register(void) {
403 const char *username, *password, *password2, *email;
404 char *confirm, *content_type;
405 const char *text, *encoding, *charset;
406
407 /* If we're not connected then this is a hopeless exercise */
408 if(!dcgi_client) {
409 login_error("connect");
410 return;
411 }
412
413 /* Collect arguments */
414 username = cgi_get("username");
415 password = cgi_get("password1");
416 password2 = cgi_get("password2");
417 email = cgi_get("email");
418
419 /* Verify arguments */
420 if(!username || !*username) {
421 login_error("nousername");
422 return;
423 }
424 if(!password || !*password) {
425 login_error("nopassword");
426 return;
427 }
428 if(!password2 || !*password2 || strcmp(password, password2)) {
429 login_error("passwordmismatch");
430 return;
431 }
432 if(!email || !*email) {
433 login_error("noemail");
434 return;
435 }
436 /* We could well do better address validation but for now we'll just do the
f66203a2
RK		 437 * minimum
438 /* TODO use email_valid() */
e7ce7665
RK		 439 if(!strchr(email, '@')) {
440 login_error("bademail");
441 return;
442 }
443 if(disorder_register(dcgi_client, username, password, email, &confirm)) {
444 login_error("cannotregister");
445 return;
446 }
447 /* Send the user a mail */
448 /* TODO templatize this */
449 byte_xasprintf((char **)&text,
450 "Welcome to DisOrder. To active your login, please visit this URL:\n"
451 "\n"
452 "%s?c=%s\n", config->url, urlencodestring(confirm));
453 if(!(text = mime_encode_text(text, &charset, &encoding)))
454 fatal(0, "cannot encode email");
455 byte_xasprintf(&content_type, "text/plain;charset=%s",
456 quote822(charset, 0));
457 sendmail("", config->mail_sender, email, "Welcome to DisOrder",
458 encoding, content_type, text); /* TODO error checking */
459 /* We'll go back to the login page with a suitable message */
460 dcgi_status_string = "registered";
461 dcgi_expand("login", 1);
462}
463
5c1ae3bc
RK		 464/*! confirm
465 *
466 * Confirm a user registration using the nonce supplied in \fBc\fR and expands
467 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
468 * result.
469 */
e7ce7665
RK		 470static void act_confirm(void) {
471 const char *confirmation;
472
473 /* If we're not connected then this is a hopeless exercise */
474 if(!dcgi_client) {
475 login_error("connect");
476 return;
477 }
478
479 if(!(confirmation = cgi_get("c"))) {
480 login_error("noconfirm");
481 return;
482 }
483 /* Confirm our registration */
484 if(disorder_confirm(dcgi_client, confirmation)) {
485 login_error("badconfirm");
486 return;
487 }
488 /* Get a cookie */
489 if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) {
490 login_error("cookiefailed");
491 return;
492 }
493 /* Junk cached data */
494 dcgi_lookup_reset();
495 /* Report success */
496 dcgi_status_string = "confirmed";
497 dcgi_expand("login", 1);
498}
499
5c1ae3bc
RK		 500/*! edituser
501 *
502 * Edit user details using \fBusername\fR, \fBchangepassword1\fR,
503 * \fBchangepassword2\fR and \fBemail\fR and expands \fIlogin.tmpl\fR with
504 * \fBstatus\fR or \fB@error\fR set according to the result.
505 */
e7ce7665
RK		 506static void act_edituser(void) {
507 const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
508 const char *password2 = cgi_get("changepassword2");
509 int newpassword = 0;
510
511 /* If we're not connected then this is a hopeless exercise */
512 if(!dcgi_client) {
513 login_error("connect");
514 return;
515 }
516
517 /* Verify input */
518
519 /* If either password or password2 is set we insist they match. If they
520 * don't we report an error. */
521 if((password && *password) || (password2 && *password2)) {
522 if(!password || !password2 || strcmp(password, password2)) {
523 login_error("passwordmismatch");
524 return;
525 }
526 } else
527 password = password2 = 0;
f66203a2 528 /* TODO use email_valid() */
e7ce7665
RK		 529 if(email && !strchr(email, '@')) {
530 login_error("bademail");
531 return;
532 }
533
534 /* Commit changes */
535 if(email) {
536 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
537 "email", email)) {
538 login_error("badedit");
539 return;
540 }
541 }
542 if(password) {
543 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
544 "password", password)) {
545 login_error("badedit");
546 return;
547 }
548 newpassword = 1;
549 }
550
551 if(newpassword) {
552 /* If we changed the password, the cookie is now invalid, so we must log
553 * back in. */
554 if(login_as(disorder_user(dcgi_client), password))
555 return;
556 }
557 /* Report success */
558 dcgi_status_string = "edited";
559 dcgi_expand("login", 1);
560}
561
5c1ae3bc
RK		 562/*! reminder
563 *
564 * Issue an email password reminder to \fBusername\fR and expands
565 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
566 * result.
567 */
e7ce7665
RK		 568static void act_reminder(void) {
569 const char *const username = cgi_get("username");
570
571 /* If we're not connected then this is a hopeless exercise */
572 if(!dcgi_client) {
573 login_error("connect");
574 return;
575 }
576
577 if(!username || !*username) {
578 login_error("nousername");
579 return;
580 }
581 if(disorder_reminder(dcgi_client, username)) {
582 login_error("reminderfailed");
583 return;
584 }
585 /* Report success */
586 dcgi_status_string = "reminded";
587 dcgi_expand("login", 1);
588}
589
02eaa49d
RK		 590/** @brief Get the numbered version of an argument
591 * @param argname Base argument name
592 * @param numfile File number
593 * @return cgi_get(NUMFILE_ARGNAME)
594 */
595static const char *numbered_arg(const char *argname, int numfile) {
596 char *fullname;
597
598 byte_xasprintf(&fullname, "%d_%s", numfile, argname);
599 return cgi_get(fullname);
600}
601
602/** @brief Set preferences for file @p numfile
603 * @return 0 on success, -1 if there is no such track number
604 *
605 * The old @b nfiles parameter has been abolished, we just keep look for more
606 * files until we run out.
607 */
608static int process_prefs(int numfile) {
609 const char *file, *name, *value, *part, *parts, *context;
610 char **partslist;
611
612 if(!(file = numbered_arg("track", numfile)))
613 return -1;
614 if(!(parts = cgi_get("parts")))
615 parts = "artist album title";
616 if(!(context = cgi_get("context")))
617 context = "display";
618 partslist = split(parts, 0, 0, 0, 0);
619 while((part = *partslist++)) {
620 if(!(value = numbered_arg(part, numfile)))
621 continue;
622 byte_xasprintf((char **)&name, "trackname_%s_%s", context, part);
623 disorder_set(dcgi_client, file, name, value);
624 }
625 if((value = numbered_arg("random", numfile)))
626 disorder_unset(dcgi_client, file, "pick_at_random");
627 else
628 disorder_set(dcgi_client, file, "pick_at_random", "0");
629 if((value = numbered_arg("tags", numfile))) {
630 if(!*value)
631 disorder_unset(dcgi_client, file, "tags");
632 else
633 disorder_set(dcgi_client, file, "tags", value);
634 }
635 if((value = numbered_arg("weight", numfile))) {
636 if(!*value)
637 disorder_unset(dcgi_client, file, "weight");
638 else
639 disorder_set(dcgi_client, file, "weight", value);
640 }
641 return 0;
642}
643
5c1ae3bc
RK		 644/*! prefs
645 *
646 * Set preferences on a number of tracks.
647 *
648 * The tracks to modify are specified in arguments \fB0_track\fR, \fB1_track\fR
649 * etc. The number sequence must be contiguous and start from 0.
650 *
651 * For each track \fIINDEX\fB_track\fR:
652 * - \fIINDEX\fB_\fIPART\fR is used to set the trackname preference for
653 * that part. (See \fBparts\fR below.)
654 * - \fIINDEX\fB_\fIrandom\fR if present enables random play for this track
655 * or disables it if absent.
656 * - \fIINDEX\fB_\fItags\fR sets the list of tags for this track.
657 * - \fIINDEX\fB_\fIweight\fR sets the weight for this track.
658 *
659 * \fBparts\fR can be set to the track name parts to modify. The default is
660 * "artist album title".
661 *
662 * \fBcontext\fR can be set to the context to modify. The default is
663 * "display".
664 *
665 * If the server detects a preference being set to its default, it removes the
666 * preference, thus keeping the database tidy.
667 */
02eaa49d
RK		 668static void act_set(void) {
669 int numfile;
670
671 if(dcgi_client) {
672 for(numfile = 0; !process_prefs(numfile); ++numfile)
673 ;
674 }
675 redirect(0);
676}
677
bca4e2b7
RK		 678/** @brief Table of actions */
679static const struct action {
680 /** @brief Action name */
681 const char *name;
682 /** @brief Action handler */
683 void (*handler)(void);
02eaa49d
RK		 684 /** @brief Union of suitable rights */
685 rights_type rights;
bca4e2b7 686} actions[] = {
02eaa49d
RK		 687 { "confirm", act_confirm, 0 },
688 { "disable", act_disable, RIGHT_GLOBAL_PREFS },
689 { "edituser", act_edituser, 0 },
690 { "enable", act_enable, RIGHT_GLOBAL_PREFS },
691 { "login", act_login, 0 },
692 { "logout", act_logout, 0 },
693 { "manage", act_playing, 0 },
694 { "move", act_move, RIGHT_MOVE__MASK },
695 { "pause", act_pause, RIGHT_PAUSE },
696 { "play", act_play, RIGHT_PLAY },
697 { "playing", act_playing, 0 },
698 { "randomdisable", act_random_disable, RIGHT_GLOBAL_PREFS },
699 { "randomenable", act_random_enable, RIGHT_GLOBAL_PREFS },
700 { "register", act_register, 0 },
701 { "reminder", act_reminder, 0 },
702 { "remove", act_remove, RIGHT_MOVE__MASK|RIGHT_SCRATCH__MASK },
703 { "resume", act_resume, RIGHT_PAUSE },
704 { "set", act_set, RIGHT_PREFS },
705 { "volume", act_volume, RIGHT_VOLUME },
bca4e2b7
RK		 706};
707
40dcd866
RK		 708/** @brief Check that an action name is valid
709 * @param name Action
710 * @return 1 if valid, 0 if not
711 */
712static int dcgi_valid_action(const char *name) {
713 int c;
714
715 /* First character must be letter or digit (this also requires there to _be_
716 * a first character) */
717 if(!isalnum((unsigned char)*name))
718 return 0;
719 /* Only letters, digits, '.' and '-' allowed */
720 while((c = (unsigned char)*name++)) {
721 if(!(isalnum(c)
722 || c == '.'
723 || c == '_'))
724 return 0;
725 }
726 return 1;
727}
728
bca4e2b7
RK		 729/** @brief Expand a template
730 * @param name Base name of template, or NULL to consult CGI args
e7ce7665 731 * @param header True to write header
bca4e2b7 732 */
e7ce7665 733void dcgi_expand(const char *name, int header) {
99955407 734 const char *p, *found;
0d0253c9
RK		 735
736 /* Parse macros first */
f2d306b4
RK		 737 if((found = mx_find("macros.tmpl", 1/*report*/)))
738 mx_expand_file(found, sink_discard(), 0);
739 if((found = mx_find("user.tmpl", 0/*report*/)))
99955407 740 mx_expand_file(found, sink_discard(), 0);
bca4e2b7 741 /* For unknown actions check that they aren't evil */
40dcd866 742 if(!dcgi_valid_action(name))
71634563
RK		 743 fatal(0, "invalid action name '%s'", name);
744 byte_xasprintf((char **)&p, "%s.tmpl", name);
f2d306b4 745 if(!(found = mx_find(p, 0/*report*/)))
99955407 746 fatal(errno, "cannot find %s", p);
e7ce7665
RK		 747 if(header) {
748 if(printf("Content-Type: text/html\n"
749 "%s\n"
750 "\n", dcgi_cookie_header()) < 0)
751 fatal(errno, "error writing to stdout");
752 }
99955407 753 if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1
bca4e2b7
RK		 754 || fflush(stdout) < 0)
755 fatal(errno, "error writing to stdout");
756}
757
758/** @brief Execute a web action
759 * @param action Action to perform, or NULL to consult CGI args
760 *
761 * If no recognized action is specified then 'playing' is assumed.
762 */
1e97629d 763void dcgi_action(const char *action) {
bca4e2b7 764 int n;
bca4e2b7
RK		 765
766 /* Consult CGI args if caller had no view */
767 if(!action)
768 action = cgi_get("action");
769 /* Pick a default if nobody cares at all */
770 if(!action) {
771 /* We allow URLs which are just c=... in order to keep confirmation URLs,
772 * which are user-facing, as short as possible. Actually we could lose the
773 * c= for this... */
774 if(cgi_get("c"))
775 action = "confirm";
776 else
777 action = "playing";
5a7df048
RK		 778 /* Make sure 'action' is always set */
779 cgi_set("action", action);
bca4e2b7 780 }
ba937f01 781 if((n = TABLE_FIND(actions, name, action)) >= 0) {
02eaa49d
RK		 782 if(actions[n].rights) {
783 /* Some right or other is required */
784 dcgi_lookup(DCGI_RIGHTS);
785 if(!(actions[n].rights & dcgi_rights)) {
2cc4c0ef 786 const char *back = cgi_thisurl(config->url);
02eaa49d 787 /* Failed operations jump you to the login screen with an error
2cc4c0ef
RK		 788 * message. On success, the user comes back to the page they were
789 * after. */
790 cgi_clear();
791 cgi_set("back", back);
02eaa49d
RK		 792 login_error("noright");
793 return;
794 }
795 }
796 /* It's a known action */
bca4e2b7 797 actions[n].handler();
02eaa49d 798 } else {
bca4e2b7 799 /* Just expand the template */
e7ce7665 800 dcgi_expand(action, 1/*header*/);
448d3570 801 }
bca4e2b7
RK		 802}
803
804/** @brief Generate an error page */
0d0253c9
RK		 805void dcgi_error(const char *key) {
806 dcgi_error_string = xstrdup(key);
e7ce7665 807 dcgi_expand("error", 1);
bca4e2b7
RK		 808}
809
810/*
811Local Variables:
812c-basic-offset:2
813comment-column:40
814fill-column:79
815indent-tabs-mode:nil
816End:
817*/
Multi-user software jukebox -- https://www.greenend.org.uk/rjk/disorder/