2 * This file is part of DisOrder.
3 * Copyright (C) 2004-2008 Richard Kettlewell
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 /** @file cgi/actions.c
19 * @brief DisOrder web actions
21 * Actions are anything that the web interface does beyond passive template
22 * expansion and inspection of state recieved from the server. This means
23 * playing tracks, editing prefs etc but also setting extra headers e.g. to
24 * auto-refresh the playing list.
26 * See @ref lib/macros-builtin.c for docstring syntax.
29 #include "disorder-cgi.h"
31 /** @brief Redirect to some other action or URL */
32 static void redirect(const char *url) {
33 /* By default use the 'back' argument */
35 url = cgi_get("back");
37 if(strncmp(url, "http", 4))
38 /* If the target is not a full URL assume it's the action */
39 url = cgi_makeurl(config->url, "action", url, (char *)0);
41 /* If back= is not set just go back to the front page */
44 if(printf("Location: %s\n"
46 "\n", url, dcgi_cookie_header()) < 0)
47 disorder_fatal(errno, "error writing to stdout");
52 * Expands \fIplaying.tmpl\fR as if there was no special 'playing' action, but
53 * adds a Refresh: field to the HTTP header. The maximum refresh interval is
54 * defined by \fBrefresh\fR (see \fBdisorder_config\fR(5)) but may be less if
55 * the end of the track is near.
59 * Expands \fIplaying.tmpl\fR (NB not \fImanage.tmpl\fR) as if there was no
60 * special 'playing' action, and adds a Refresh: field to the HTTP header. The
61 * maximum refresh interval is defined by \Bfrefresh\fR (see
62 * \fBdisorder_config\fR(5)) but may be less if the end of the track is near.
64 static void act_playing(void) {
65 long refresh = config->refresh;
71 dcgi_lookup(DCGI_PLAYING|DCGI_QUEUE|DCGI_ENABLED|DCGI_RANDOM_ENABLED);
73 && dcgi_playing->state == playing_started /* i.e. not paused */
74 && !disorder_length(dcgi_client, dcgi_playing->track, &length)
76 && dcgi_playing->sofar >= 0) {
77 /* Try to put the next refresh at the start of the next track. */
79 fin = now + length - dcgi_playing->sofar + config->gap;
80 if(now + refresh > fin)
83 if(dcgi_queue && dcgi_queue->origin == origin_scratch) {
84 /* next track is a scratch, don't leave more than the inter-track gap */
85 if(refresh > config->gap)
86 refresh = config->gap;
90 && dcgi_queue->origin != origin_random)
91 || dcgi_random_enabled)
93 /* no track playing but playing is enabled and there is something coming
94 * up, must be in a gap */
95 if(refresh > config->gap)
96 refresh = config->gap;
98 /* Bound the refresh interval below as a back-stop against the above
99 * calculations coming up with a stupid answer */
100 if(refresh < config->refresh_min)
101 refresh = config->refresh_min;
102 if((action = cgi_get("action")))
103 url = cgi_makeurl(config->url, "action", action, (char *)0);
106 if(printf("Refresh: %ld;url=%s\n",
108 disorder_fatal(errno, "error writing to stdout");
109 dcgi_expand("playing", 1);
116 static void act_disable(void) {
118 disorder_disable(dcgi_client);
126 static void act_enable(void) {
128 disorder_enable(dcgi_client);
134 * Disables random play.
136 static void act_random_disable(void) {
138 disorder_random_disable(dcgi_client);
144 * Enables random play.
146 static void act_random_enable(void) {
148 disorder_random_enable(dcgi_client);
154 * Pauses the current track (if there is one and it's not paused already).
156 static void act_pause(void) {
158 disorder_pause(dcgi_client);
164 * Resumes the current track (if there is one and it's paused).
166 static void act_resume(void) {
168 disorder_resume(dcgi_client);
174 * Removes the track given by the \fBid\fR argument. If this is the currently
175 * playing track then it is scratched.
177 static void act_remove(void) {
179 struct queue_entry *q;
182 if(!(id = cgi_get("id")))
183 disorder_error(0, "missing 'id' argument");
184 else if(!(q = dcgi_findtrack(id)))
185 disorder_error(0, "unknown queue id %s", id);
186 else if(q->origin == origin_scratch)
187 /* can't scratch scratches */
188 disorder_error(0, "does not make sense to scratch or remove %s", id);
189 else if(q->state == playing_paused
190 || q->state == playing_started)
191 /* removing the playing track = scratching */
192 disorder_scratch(dcgi_client, id);
193 else if(q->state == playing_unplayed)
194 /* otherwise it must be in the queue */
195 disorder_remove(dcgi_client, id);
197 /* various error states */
198 disorder_error(0, "does not make sense to scratch or remove %s", id);
205 * Moves the track given by the \fBid\fR argument the distance given by the
206 * \fBdelta\fR argument. If this is positive the track is moved earlier in the
207 * queue and if negative, later.
209 static void act_move(void) {
210 const char *id, *delta;
211 struct queue_entry *q;
214 if(!(id = cgi_get("id")))
215 disorder_error(0, "missing 'id' argument");
216 else if(!(delta = cgi_get("delta")))
217 disorder_error(0, "missing 'delta' argument");
218 else if(!(q = dcgi_findtrack(id)))
219 disorder_error(0, "unknown queue id %s", id);
220 else switch(q->state) {
221 case playing_random: /* unplayed randomly chosen track */
222 case playing_unplayed: /* haven't played this track yet */
223 disorder_move(dcgi_client, id, atol(delta));
226 disorder_error(0, "does not make sense to scratch %s", id);
235 * Play the track given by the \fBtrack\fR argument, or if that is not set all
236 * the tracks in the directory given by the \fBdir\fR argument.
238 static void act_play(void) {
239 const char *track, *dir;
242 struct tracksort_data *tsd;
245 if((track = cgi_get("track"))) {
246 disorder_play(dcgi_client, track);
247 } else if((dir = cgi_get("dir"))) {
248 if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks))
250 tsd = tracksort_init(ntracks, tracks, "track");
251 for(n = 0; n < ntracks; ++n)
252 disorder_play(dcgi_client, tsd[n].track);
258 static int clamp(int n, int min, int max) {
268 * If the \fBdelta\fR argument is set: adjust both channels by that amount (up
269 * if positive, down if negative).
271 * Otherwise if \fBleft\fR and \fBright\fR are set, set the channels
272 * independently to those values.
274 static void act_volume(void) {
275 const char *l, *r, *d;
279 if((d = cgi_get("delta"))) {
280 dcgi_lookup(DCGI_VOLUME);
281 nd = clamp(atoi(d), -255, 255);
282 disorder_set_volume(dcgi_client,
283 clamp(dcgi_volume_left + nd, 0, 255),
284 clamp(dcgi_volume_right + nd, 0, 255));
285 } else if((l = cgi_get("left")) && (r = cgi_get("right")))
286 disorder_set_volume(dcgi_client, atoi(l), atoi(r));
291 /** @brief Expand the login template with @b @@error set to @p error
292 * @param e Error keyword
294 static void login_error(const char *e) {
295 dcgi_error_string = e;
296 dcgi_expand("login", 1);
300 * @param username Login name
301 * @param password Password
302 * @return 0 on success, non-0 on error
304 * On error, calls login_error() to expand the login template.
306 static int login_as(const char *username, const char *password) {
309 if(dcgi_cookie && dcgi_client)
310 disorder_revoke(dcgi_client);
311 /* We'll need a new connection as we are going to stop being guest */
313 if(disorder_connect_user(c, username, password)) {
314 login_error("loginfailed");
317 /* Generate a cookie so we can log in again later */
318 if(disorder_make_cookie(c, &dcgi_cookie)) {
319 login_error("cookiefailed");
322 /* Use the new connection henceforth */
330 * If \fBusername\fR and \fBpassword\fR are set (and the username isn't
331 * "guest") then attempt to log in using those credentials. On success,
332 * redirects to the \fBback\fR argument if that is set, or just expands
333 * \fIlogin.tmpl\fI otherwise, with \fB@status\fR set to \fBloginok\fR.
335 * If they aren't set then just expands \fIlogin.tmpl\fI.
337 static void act_login(void) {
338 const char *username, *password;
340 /* We try all this even if not connected since the subsequent connection may
343 username = cgi_get("username");
344 password = cgi_get("password");
347 || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
348 /* We're just visiting the login page, not performing an action at all. */
349 dcgi_expand("login", 1);
352 if(!login_as(username, password)) {
353 /* Report the succesful login */
354 dcgi_status_string = "loginok";
355 /* Redirect back to where we came from, if necessary */
359 dcgi_expand("login", 1);
365 * Logs out the current user and expands \fIlogin.tmpl\fR with \fBstatus\fR or
366 * \fB@error\fR set according to the result.
368 static void act_logout(void) {
370 /* Ask the server to revoke the cookie */
371 if(!disorder_revoke(dcgi_client))
372 dcgi_status_string = "logoutok";
374 dcgi_error_string = "revokefailed";
376 /* We can't guarantee a logout if we can't connect to the server to revoke
377 * the cookie, so we report an error. We'll still ask the browser to
378 * forget the cookie though. */
379 dcgi_error_string = "connect";
381 /* Attempt to reconnect without the cookie */
384 /* Back to login page, hopefuly forcing the browser to forget the cookie. */
385 dcgi_expand("login", 1);
390 * Register a new user using \fBusername\fR, \fBpassword1\fR, \fBpassword2\fR
391 * and \fBemail\fR and expands \fIlogin.tmpl\fR with \fBstatus\fR or
392 * \fB@error\fR set according to the result.
394 static void act_register(void) {
395 const char *username, *password, *password2, *email;
396 char *confirm, *content_type;
397 const char *text, *encoding, *charset;
399 /* If we're not connected then this is a hopeless exercise */
401 login_error("connect");
405 /* Collect arguments */
406 username = cgi_get("username");
407 password = cgi_get("password1");
408 password2 = cgi_get("password2");
409 email = cgi_get("email");
411 /* Verify arguments */
412 if(!username || !*username) {
413 login_error("nousername");
416 if(!password || !*password) {
417 login_error("nopassword");
420 if(!password2 || !*password2 || strcmp(password, password2)) {
421 login_error("passwordmismatch");
424 if(!email || !*email) {
425 login_error("noemail");
428 /* We could well do better address validation but for now we'll just do the
430 if(!email_valid(email)) {
431 login_error("bademail");
434 if(disorder_register(dcgi_client, username, password, email, &confirm)) {
435 login_error("cannotregister");
438 /* Send the user a mail */
439 /* TODO templatize this */
440 byte_xasprintf((char **)&text,
441 "Welcome to DisOrder. To active your login, please visit this URL:\n"
443 "%s?c=%s\n", config->url, urlencodestring(confirm));
444 if(!(text = mime_encode_text(text, &charset, &encoding)))
445 disorder_fatal(0, "cannot encode email");
446 byte_xasprintf(&content_type, "text/plain;charset=%s",
447 quote822(charset, 0));
448 sendmail("", config->mail_sender, email, "Welcome to DisOrder",
449 encoding, content_type, text); /* TODO error checking */
450 /* We'll go back to the login page with a suitable message */
451 dcgi_status_string = "registered";
452 dcgi_expand("login", 1);
457 * Confirm a user registration using the nonce supplied in \fBc\fR and expands
458 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
461 static void act_confirm(void) {
462 const char *confirmation;
464 /* If we're not connected then this is a hopeless exercise */
466 login_error("connect");
470 if(!(confirmation = cgi_get("c"))) {
471 login_error("noconfirm");
474 /* Confirm our registration */
475 if(disorder_confirm(dcgi_client, confirmation)) {
476 login_error("badconfirm");
480 if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) {
481 login_error("cookiefailed");
484 /* Junk cached data */
487 dcgi_status_string = "confirmed";
488 dcgi_expand("login", 1);
493 * Edit user details using \fBusername\fR, \fBchangepassword1\fR,
494 * \fBchangepassword2\fR and \fBemail\fR and expands \fIlogin.tmpl\fR with
495 * \fBstatus\fR or \fB@error\fR set according to the result.
497 static void act_edituser(void) {
498 const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
499 const char *password2 = cgi_get("changepassword2");
502 /* If we're not connected then this is a hopeless exercise */
504 login_error("connect");
510 /* If either password or password2 is set we insist they match. If they
511 * don't we report an error. */
512 if((password && *password) || (password2 && *password2)) {
513 if(!password || !password2 || strcmp(password, password2)) {
514 login_error("passwordmismatch");
518 password = password2 = 0;
519 if(email && !email_valid(email)) {
520 login_error("bademail");
526 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
528 login_error("badedit");
533 if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
534 "password", password)) {
535 login_error("badedit");
542 /* If we changed the password, the cookie is now invalid, so we must log
544 if(login_as(disorder_user(dcgi_client), password))
548 dcgi_status_string = "edited";
549 dcgi_expand("login", 1);
554 * Issue an email password reminder to \fBusername\fR and expands
555 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
558 static void act_reminder(void) {
559 const char *const username = cgi_get("username");
561 /* If we're not connected then this is a hopeless exercise */
563 login_error("connect");
567 if(!username || !*username) {
568 login_error("nousername");
571 if(disorder_reminder(dcgi_client, username)) {
572 login_error("reminderfailed");
576 dcgi_status_string = "reminded";
577 dcgi_expand("login", 1);
580 /** @brief Get the numbered version of an argument
581 * @param argname Base argument name
582 * @param numfile File number
583 * @return cgi_get(NUMFILE_ARGNAME)
585 static const char *numbered_arg(const char *argname, int numfile) {
588 byte_xasprintf(&fullname, "%d_%s", numfile, argname);
589 return cgi_get(fullname);
592 /** @brief Set preferences for file @p numfile
593 * @return 0 on success, -1 if there is no such track number
595 * The old @b nfiles parameter has been abolished, we just keep look for more
596 * files until we run out.
598 static int process_prefs(int numfile) {
599 const char *file, *name, *value, *part, *parts, *context;
602 if(!(file = numbered_arg("track", numfile)))
604 if(!(parts = cgi_get("parts")))
605 parts = "artist album title";
606 if(!(context = cgi_get("context")))
608 partslist = split(parts, 0, 0, 0, 0);
609 while((part = *partslist++)) {
610 if(!(value = numbered_arg(part, numfile)))
612 byte_xasprintf((char **)&name, "trackname_%s_%s", context, part);
613 disorder_set(dcgi_client, file, name, value);
615 if(numbered_arg("random", numfile))
616 disorder_unset(dcgi_client, file, "pick_at_random");
618 disorder_set(dcgi_client, file, "pick_at_random", "0");
619 if((value = numbered_arg("tags", numfile))) {
621 disorder_unset(dcgi_client, file, "tags");
623 disorder_set(dcgi_client, file, "tags", value);
625 if((value = numbered_arg("weight", numfile))) {
627 disorder_unset(dcgi_client, file, "weight");
629 disorder_set(dcgi_client, file, "weight", value);
636 * Set preferences on a number of tracks.
638 * The tracks to modify are specified in arguments \fB0_track\fR, \fB1_track\fR
639 * etc. The number sequence must be contiguous and start from 0.
641 * For each track \fIINDEX\fB_track\fR:
642 * - \fIINDEX\fB_\fIPART\fR is used to set the trackname preference for
643 * that part. (See \fBparts\fR below.)
644 * - \fIINDEX\fB_\fIrandom\fR if present enables random play for this track
645 * or disables it if absent.
646 * - \fIINDEX\fB_\fItags\fR sets the list of tags for this track.
647 * - \fIINDEX\fB_\fIweight\fR sets the weight for this track.
649 * \fBparts\fR can be set to the track name parts to modify. The default is
650 * "artist album title".
652 * \fBcontext\fR can be set to the context to modify. The default is
655 * If the server detects a preference being set to its default, it removes the
656 * preference, thus keeping the database tidy.
658 static void act_set(void) {
662 for(numfile = 0; !process_prefs(numfile); ++numfile)
668 /** @brief Table of actions */
669 static const struct action {
670 /** @brief Action name */
672 /** @brief Action handler */
673 void (*handler)(void);
674 /** @brief Union of suitable rights */
677 { "confirm", act_confirm, 0 },
678 { "disable", act_disable, RIGHT_GLOBAL_PREFS },
679 { "edituser", act_edituser, 0 },
680 { "enable", act_enable, RIGHT_GLOBAL_PREFS },
681 { "login", act_login, 0 },
682 { "logout", act_logout, 0 },
683 { "manage", act_playing, 0 },
684 { "move", act_move, RIGHT_MOVE__MASK },
685 { "pause", act_pause, RIGHT_PAUSE },
686 { "play", act_play, RIGHT_PLAY },
687 { "playing", act_playing, 0 },
688 { "randomdisable", act_random_disable, RIGHT_GLOBAL_PREFS },
689 { "randomenable", act_random_enable, RIGHT_GLOBAL_PREFS },
690 { "register", act_register, 0 },
691 { "reminder", act_reminder, 0 },
692 { "remove", act_remove, RIGHT_MOVE__MASK|RIGHT_SCRATCH__MASK },
693 { "resume", act_resume, RIGHT_PAUSE },
694 { "set", act_set, RIGHT_PREFS },
695 { "volume", act_volume, RIGHT_VOLUME },
698 /** @brief Check that an action name is valid
700 * @return 1 if valid, 0 if not
702 static int dcgi_valid_action(const char *name) {
705 /* First character must be letter or digit (this also requires there to _be_
706 * a first character) */
707 if(!isalnum((unsigned char)*name))
709 /* Only letters, digits, '.' and '-' allowed */
710 while((c = (unsigned char)*name++)) {
719 /** @brief Expand a template
720 * @param name Base name of template, or NULL to consult CGI args
721 * @param header True to write header
723 void dcgi_expand(const char *name, int header) {
724 const char *p, *found;
726 /* Parse macros first */
727 if((found = mx_find("macros.tmpl", 1/*report*/)))
728 mx_expand_file(found, sink_discard(), 0);
729 if((found = mx_find("user.tmpl", 0/*report*/)))
730 mx_expand_file(found, sink_discard(), 0);
731 /* For unknown actions check that they aren't evil */
732 if(!dcgi_valid_action(name))
733 disorder_fatal(0, "invalid action name '%s'", name);
734 byte_xasprintf((char **)&p, "%s.tmpl", name);
735 if(!(found = mx_find(p, 0/*report*/)))
736 disorder_fatal(errno, "cannot find %s", p);
738 if(printf("Content-Type: text/html; charset=UTF-8\n"
740 "\n", dcgi_cookie_header()) < 0)
741 disorder_fatal(errno, "error writing to stdout");
743 if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1
744 || fflush(stdout) < 0)
745 disorder_fatal(errno, "error writing to stdout");
748 /** @brief Execute a web action
749 * @param action Action to perform, or NULL to consult CGI args
751 * If no recognized action is specified then 'playing' is assumed.
753 void dcgi_action(const char *action) {
756 /* Consult CGI args if caller had no view */
758 action = cgi_get("action");
759 /* Pick a default if nobody cares at all */
761 /* We allow URLs which are just c=... in order to keep confirmation URLs,
762 * which are user-facing, as short as possible. Actually we could lose the
768 /* Make sure 'action' is always set */
769 cgi_set("action", action);
771 if((n = TABLE_FIND(actions, name, action)) >= 0) {
772 if(actions[n].rights) {
773 /* Some right or other is required */
774 dcgi_lookup(DCGI_RIGHTS);
775 if(!(actions[n].rights & dcgi_rights)) {
776 const char *back = cgi_thisurl(config->url);
777 /* Failed operations jump you to the login screen with an error
778 * message. On success, the user comes back to the page they were
781 cgi_set("back", back);
782 login_error("noright");
786 /* It's a known action */
787 actions[n].handler();
789 /* Just expand the template */
790 dcgi_expand(action, 1/*header*/);
794 /** @brief Generate an error page */
795 void dcgi_error(const char *key) {
796 dcgi_error_string = xstrdup(key);
797 dcgi_expand("error", 1);