#include "vector.h"
#include "sink.h"
#include "cgi.h"
-#include "dcgi.h"
#include "log.h"
#include "configuration.h"
#include "table.h"
#include "defs.h"
#include "trackname.h"
#include "charset.h"
+#include "dcgi.h"
+#include "url.h"
+#include "mime.h"
+#include "sendmail.h"
+
+char *login_cookie;
static void expand(cgi_sink *output,
const char *template,
return config->url;
}
+static void header_cookie(struct sink *output) {
+ struct dynstr d[1];
+ struct url u;
+
+ memset(&u, 0, sizeof u);
+ dynstr_init(d);
+ parse_url(config->url, &u);
+ if(login_cookie) {
+ dynstr_append_string(d, "disorder=");
+ dynstr_append_string(d, quote822(login_cookie, 0));
+ } else {
+ /* Force browser to discard cookie */
+ dynstr_append_string(d, "disorder=none;Max-Age=0");
+ }
+ if(u.path) {
+ /* The default domain matches the request host, so we need not override
+ * that. But the default path only goes up to the rightmost /, which would
+ * cause the browser to expose the cookie to other CGI programs on the same
+ * web server. */
+ dynstr_append_string(d, ";Path=");
+ dynstr_append_string(d, quote822(u.path, 0));
+ }
+ dynstr_terminate(d);
+ cgi_header(output, "Set-Cookie", d->vec);
+}
+
static void redirect(struct sink *output) {
const char *back;
- cgi_header(output, "Location",
- (back = cgi_get("back")) ? back : front_url());
+ back = cgi_get("back");
+ cgi_header(output, "Location", back && *back ? back : front_url());
+ header_cookie(output);
cgi_body(output);
}
+static void expand_template(dcgi_state *ds, cgi_sink *output,
+ const char *action) {
+ cgi_header(output->sink, "Content-Type", "text/html");
+ header_cookie(output->sink);
+ cgi_body(output->sink);
+ expand(output, action, ds);
+}
+
static void lookups(dcgi_state *ds, unsigned want) {
unsigned need;
struct queue_entry *r, *rnext;
const char *dir, *re;
+ char *rights;
if(ds->g->client && (need = want ^ (ds->g->flags & want)) != 0) {
if(need & DC_QUEUE)
&ds->g->files, &ds->g->nfiles))
ds->g->nfiles = 0;
}
+ if(need & DC_RIGHTS) {
+ ds->g->rights = RIGHT_READ; /* fail-safe */
+ if(!disorder_userinfo(ds->g->client, disorder_user(ds->g->client),
+ "rights", &rights))
+ parse_rights(rights, &ds->g->rights, 1);
+ }
ds->g->flags |= need;
}
}
byte_snprintf(r, sizeof r, "%ld;url=%s", refresh > 0 ? refresh : 1,
front_url());
cgi_header(output->sink, "Refresh", r);
+ header_cookie(output->sink);
cgi_body(output->sink);
expand(output, "playing", ds);
}
* URL) */
cgi_header(output->sink, "Location",
(back = cgi_get("back")) ? back : volume_url());
+ header_cookie(output->sink);
cgi_body(output->sink);
} else {
cgi_header(output->sink, "Content-Type", "text/html");
+ header_cookie(output->sink);
cgi_body(output->sink);
expand(output, "volume", ds);
}
for(numfile = 0; numfile < nfiles; ++numfile)
process_prefs(ds, numfile);
cgi_header(output->sink, "Content-Type", "text/html");
+ header_cookie(output->sink);
cgi_body(output->sink);
expand(output, "prefs", ds);
}
redirect(output->sink);
}
+static void act_login(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *username, *password, *back;
+ disorder_client *c;
+
+ username = cgi_get("username");
+ password = cgi_get("password");
+ if(!username || !password
+ || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
+ /* We're just visiting the login page */
+ expand_template(ds, output, "login");
+ return;
+ }
+ c = disorder_new(1);
+ if(disorder_connect_user(c, username, password)) {
+ cgi_set_option("error", "loginfailed");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(disorder_make_cookie(c, &login_cookie)) {
+ cgi_set_option("error", "cookiefailed");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* We have a new cookie */
+ header_cookie(output->sink);
+ cgi_set_option("status", "loginok");
+ if((back = cgi_get("back")) && *back)
+ /* Redirect back to somewhere or other */
+ redirect(output->sink);
+ else
+ /* Stick to the login page */
+ expand_template(ds, output, "login");
+}
+
+static void act_logout(cgi_sink *output,
+ dcgi_state *ds) {
+ disorder_revoke(ds->g->client);
+ login_cookie = 0;
+ /* Reconnect as guest */
+ disorder_cgi_login(ds, output);
+ /* Back to the login page */
+ cgi_set_option("status", "logoutok");
+ expand_template(ds, output, "login");
+}
+
+static void act_register(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *username, *password, *email;
+ char *confirm, *content_type;
+ const char *text, *encoding, *charset;
+
+ username = cgi_get("username");
+ password = cgi_get("password");
+ email = cgi_get("email");
+
+ if(!username || !*username) {
+ cgi_set_option("error", "nousername");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(!password || !*password) {
+ cgi_set_option("error", "nopassword");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(!email || !*email) {
+ cgi_set_option("error", "noemail");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* We could well do better address validation but for now we'll just do the
+ * minimum */
+ if(!strchr(email, '@')) {
+ cgi_set_option("error", "bademail");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(disorder_register(ds->g->client, username, password, email, &confirm)) {
+ cgi_set_option("error", "cannotregister");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* Send the user a mail */
+ /* TODO templatize this */
+ byte_xasprintf((char **)&text,
+ "Welcome to DisOrder. To active your login, please visit this URL:\n"
+ "\n"
+ "%s?c=%s\n", config->url, urlencodestring(confirm));
+ if(!(text = mime_encode_text(text, &charset, &encoding)))
+ fatal(0, "cannot encode email");
+ byte_xasprintf(&content_type, "text/plain;charset=%s",
+ quote822(charset, 0));
+ sendmail("", config->mail_sender, email, "Welcome to DisOrder",
+ encoding, content_type, text); /* TODO error checking */
+ /* We'll go back to the login page with a suitable message */
+ cgi_set_option("status", "registered");
+ expand_template(ds, output, "login");
+}
+
+static void act_confirm(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *confirmation;
+
+ if(!(confirmation = cgi_get("c"))) {
+ cgi_set_option("error", "noconfirm");
+ expand_template(ds, output, "login");
+ }
+ if(disorder_confirm(ds->g->client, confirmation)) {
+ cgi_set_option("error", "badconfirm");
+ expand_template(ds, output, "login");
+ }
+ cgi_set_option("status", "confirmed");
+ expand_template(ds, output, "login");
+}
+
static const struct action {
const char *name;
void (*handler)(cgi_sink *output, dcgi_state *ds);
} actions[] = {
+ { "confirm", act_confirm },
{ "disable", act_disable },
{ "enable", act_enable },
+ { "login", act_login },
+ { "logout", act_logout },
{ "move", act_move },
{ "pause", act_pause },
{ "play", act_play },
{ "prefs", act_prefs },
{ "random-disable", act_random_disable },
{ "random-enable", act_random_enable },
+ { "register", act_register },
{ "remove", act_remove },
{ "resume", act_resume },
{ "scratch", act_scratch },
char attribute((unused)) **args,
cgi_sink *output,
void attribute((unused)) *u) {
- cgi_output(output, "%s", disorder_version_string);
+ cgi_output(output, "%s", disorder_short_version_string);
}
static void exp_nonce(int attribute((unused)) nargs,
cgi_sink *output,
void attribute((unused)) *u) {
dcgi_state *ds = u;
- int result;
-
- if(config->restrictions & RESTRICT_SCRATCH) {
- lookups(ds, DC_PLAYING);
- result = (ds->g->playing
- && (!ds->g->playing->submitter
- || !strcmp(ds->g->playing->submitter,
- disorder_user(ds->g->client))));
- } else
- result = 1;
- sink_printf(output->sink, "%s", bool2str(result));
+
+ lookups(ds, DC_PLAYING|DC_RIGHTS);
+ sink_printf(output->sink, "%s",
+ bool2str(right_scratchable(ds->g->rights,
+ disorder_user(ds->g->client),
+ ds->g->playing)));
}
static void exp_removable(int attribute((unused)) nargs,
cgi_sink *output,
void attribute((unused)) *u) {
dcgi_state *ds = u;
- int result;
- if(config->restrictions & RESTRICT_REMOVE)
- result = (ds->track
- && ds->track->submitter
- && !strcmp(ds->track->submitter,
- disorder_user(ds->g->client)));
- else
- result = 1;
- sink_printf(output->sink, "%s", bool2str(result));
+ lookups(ds, DC_RIGHTS);
+ sink_printf(output->sink, "%s",
+ bool2str(right_removable(ds->g->rights,
+ disorder_user(ds->g->client),
+ ds->track)));
+}
+
+static void exp_movable(int attribute((unused)) nargs,
+ char attribute((unused)) **args,
+ cgi_sink *output,
+ void attribute((unused)) *u) {
+ dcgi_state *ds = u;
+
+ lookups(ds, DC_RIGHTS);
+ sink_printf(output->sink, "%s",
+ bool2str(right_movable(ds->g->rights,
+ disorder_user(ds->g->client),
+ ds->track)));
}
static void exp_navigate(int attribute((unused)) nargs,
cgi_output(output, "1");
}
+static void exp_user(int attribute((unused)) nargs,
+ char attribute((unused)) **args,
+ cgi_sink *output,
+ void *u) {
+ dcgi_state *const ds = u;
+
+ cgi_output(output, "%s", disorder_user(ds->g->client));
+}
+
+static void exp_right(int attribute((unused)) nargs,
+ char **args,
+ cgi_sink *output,
+ void *u) {
+ dcgi_state *const ds = u;
+ const char *right = expandarg(args[0], ds);
+ rights_type r;
+
+ lookups(ds, DC_RIGHTS);
+ if(parse_rights(right, &r, 1/*report*/))
+ r = 0;
+ if(args[1] == 0)
+ cgi_output(output, "%s", bool2str(!!(r & ds->g->rights)));
+ else if(r & ds->g->rights)
+ expandstring(output, args[1], ds);
+ else if(args[2])
+ expandstring(output, args[2], ds);
+}
+
static const struct cgi_expansion expansions[] = {
{ "#", 0, INT_MAX, EXP_MAGIC, exp_comment },
{ "action", 0, 0, 0, exp_action },
{ "isrecent", 0, 0, 0, exp_isrecent },
{ "label", 1, 1, 0, exp_label },
{ "length", 0, 0, 0, exp_length },
+ { "movable", 0, 0, 0, exp_movable },
{ "navigate", 2, 2, EXP_MAGIC, exp_navigate },
{ "ne", 2, 2, 0, exp_ne },
{ "new", 1, 1, EXP_MAGIC, exp_new },
{ "recent", 1, 1, EXP_MAGIC, exp_recent },
{ "removable", 0, 0, 0, exp_removable },
{ "resolve", 1, 1, 0, exp_resolve },
+ { "right", 1, 3, EXP_MAGIC, exp_right },
{ "scratchable", 0, 0, 0, exp_scratchable },
{ "search", 2, 3, EXP_MAGIC, exp_search },
{ "server-version", 0, 0, 0, exp_server_version },
{ "transform", 2, 3, 0, exp_transform },
{ "url", 0, 0, 0, exp_url },
{ "urlquote", 1, 1, 0, exp_urlquote },
+ { "user", 0, 0, 0, exp_user },
{ "version", 0, 0, 0, exp_version },
{ "volume", 1, 1, 0, exp_volume },
{ "when", 0, 0, 0, exp_when },
const char *action) {
int n;
+ /* We don't ever want anything to be cached */
+ cgi_header(output->sink, "Cache-Control", "no-cache");
if((n = TABLE_FIND(actions, struct action, name, action)) >= 0)
actions[n].handler(output, ds);
- else {
- cgi_header(output->sink, "Content-Type", "text/html");
- cgi_body(output->sink);
- expand(output, action, ds);
- }
+ else
+ expand_template(ds, output, action);
}
void disorder_cgi(cgi_sink *output, dcgi_state *ds) {
const char *action = cgi_get("action");
- if(!action) action = "playing";
+ if(!action) {
+ /* We allow URLs which are just confirm=... in order to keep confirmation
+ * URLs, which are user-facing, as short as possible. */
+ if(cgi_get("c"))
+ action = "confirm";
+ else
+ action = "playing";
+ }
perform_action(output, ds, action);
}
perform_action(output, ds, "error");
}
+/** @brief Log in as the current user or guest if none */
+void disorder_cgi_login(dcgi_state *ds, cgi_sink *output) {
+ /* Create a new connection */
+ ds->g->client = disorder_new(0);
+ /* Forget everything we knew */
+ ds->g->flags = 0;
+ /* Reconnect */
+ if(disorder_connect_cookie(ds->g->client, login_cookie)) {
+ disorder_cgi_error(output, ds, "connect");
+ exit(0);
+ }
+ /* If there was a cookie but it went bad, we forget it */
+ if(login_cookie && !strcmp(disorder_user(ds->g->client), "guest"))
+ login_cookie = 0;
+}
+
/*
Local Variables:
c-basic-offset:2
~mdw / disorder / blobdiff