X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/763d5e6ad88ef3ba1cd1d7742d060e4f1e54c6b8..ac152d06f4cfa9abcd4a88de7dbc6a9040f99c0d:/server/dcgi.c diff --git a/server/dcgi.c b/server/dcgi.c index 2892a43..27c77b1 100644 --- a/server/dcgi.c +++ b/server/dcgi.c @@ -1,6 +1,6 @@ /* * This file is part of DisOrder. - * Copyright (C) 2004, 2005, 2006 Richard Kettlewell + * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,14 +39,12 @@ #include "vector.h" #include "sink.h" #include "cgi.h" -#include "dcgi.h" #include "log.h" #include "configuration.h" #include "table.h" #include "queue.h" #include "plugin.h" #include "split.h" -#include "words.h" #include "wstat.h" #include "kvp.h" #include "syscalls.h" @@ -54,6 +52,13 @@ #include "regsub.h" #include "defs.h" #include "trackname.h" +#include "charset.h" +#include "dcgi.h" +#include "url.h" +#include "mime.h" +#include "sendmail.h" + +char *login_cookie; static void expand(cgi_sink *output, const char *template, @@ -99,24 +104,62 @@ static const char *front_url(void) { return config->url; } +static void header_cookie(struct sink *output) { + struct dynstr d[1]; + struct url u; + + memset(&u, 0, sizeof u); + dynstr_init(d); + parse_url(config->url, &u); + if(login_cookie) { + dynstr_append_string(d, "disorder="); + dynstr_append_string(d, quote822(login_cookie, 0)); + } else { + /* Force browser to discard cookie */ + dynstr_append_string(d, "disorder=none;Max-Age=0"); + } + if(u.path) { + /* The default domain matches the request host, so we need not override + * that. But the default path only goes up to the rightmost /, which would + * cause the browser to expose the cookie to other CGI programs on the same + * web server. */ + dynstr_append_string(d, ";Path="); + dynstr_append_string(d, quote822(u.path, 0)); + } + dynstr_terminate(d); + cgi_header(output, "Set-Cookie", d->vec); +} + static void redirect(struct sink *output) { const char *back; - cgi_header(output, "Location", - (back = cgi_get("back")) ? back : front_url()); + back = cgi_get("back"); + cgi_header(output, "Location", back && *back ? back : front_url()); + header_cookie(output); cgi_body(output); } +static void expand_template(dcgi_state *ds, cgi_sink *output, + const char *action) { + cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); + cgi_body(output->sink); + expand(output, action, ds); +} + static void lookups(dcgi_state *ds, unsigned want) { unsigned need; struct queue_entry *r, *rnext; const char *dir, *re; + char *rights; if(ds->g->client && (need = want ^ (ds->g->flags & want)) != 0) { if(need & DC_QUEUE) disorder_queue(ds->g->client, &ds->g->queue); if(need & DC_PLAYING) disorder_playing(ds->g->client, &ds->g->playing); + if(need & DC_NEW) + disorder_new_tracks(ds->g->client, &ds->g->new, &ds->g->nnew, 0); if(need & DC_RECENT) { /* we need to reverse the order of the list */ disorder_recent(ds->g->client, &r); @@ -143,6 +186,12 @@ static void lookups(dcgi_state *ds, unsigned want) { &ds->g->files, &ds->g->nfiles)) ds->g->nfiles = 0; } + if(need & DC_RIGHTS) { + ds->g->rights = RIGHT_READ; /* fail-safe */ + if(!disorder_userinfo(ds->g->client, disorder_user(ds->g->client), + "rights", &rights)) + parse_rights(rights, &ds->g->rights, 1); + } ds->g->flags |= need; } } @@ -243,6 +292,7 @@ static void act_playing(cgi_sink *output, dcgi_state *ds) { byte_snprintf(r, sizeof r, "%ld;url=%s", refresh > 0 ? refresh : 1, front_url()); cgi_header(output->sink, "Refresh", r); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "playing", ds); } @@ -309,9 +359,11 @@ static void act_volume(cgi_sink *output, dcgi_state *ds) { * URL) */ cgi_header(output->sink, "Location", (back = cgi_get("back")) ? back : volume_url()); + header_cookie(output->sink); cgi_body(output->sink); } else { cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "volume", ds); } @@ -380,6 +432,7 @@ static void act_prefs(cgi_sink *output, dcgi_state *ds) { for(numfile = 0; numfile < nfiles; ++numfile) process_prefs(ds, numfile); cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "prefs", ds); } @@ -398,12 +451,131 @@ static void act_resume(cgi_sink *output, redirect(output->sink); } +static void act_login(cgi_sink *output, + dcgi_state *ds) { + const char *username, *password, *back; + disorder_client *c; + + username = cgi_get("username"); + password = cgi_get("password"); + if(!username || !password + || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) { + /* We're just visiting the login page */ + expand_template(ds, output, "login"); + return; + } + c = disorder_new(1); + if(disorder_connect_user(c, username, password)) { + cgi_set_option("error", "loginfailed"); + expand_template(ds, output, "login"); + return; + } + if(disorder_make_cookie(c, &login_cookie)) { + cgi_set_option("error", "cookiefailed"); + expand_template(ds, output, "login"); + return; + } + /* We have a new cookie */ + header_cookie(output->sink); + cgi_set_option("status", "loginok"); + if((back = cgi_get("back")) && *back) + /* Redirect back to somewhere or other */ + redirect(output->sink); + else + /* Stick to the login page */ + expand_template(ds, output, "login"); +} + +static void act_logout(cgi_sink *output, + dcgi_state *ds) { + disorder_revoke(ds->g->client); + login_cookie = 0; + /* Reconnect as guest */ + disorder_cgi_login(ds, output); + /* Back to the login page */ + cgi_set_option("status", "logoutok"); + expand_template(ds, output, "login"); +} + +static void act_register(cgi_sink *output, + dcgi_state *ds) { + const char *username, *password, *email; + char *confirm, *content_type; + const char *text, *encoding, *charset; + + username = cgi_get("username"); + password = cgi_get("password"); + email = cgi_get("email"); + + if(!username || !*username) { + cgi_set_option("error", "nousername"); + expand_template(ds, output, "login"); + return; + } + if(!password || !*password) { + cgi_set_option("error", "nopassword"); + expand_template(ds, output, "login"); + return; + } + if(!email || !*email) { + cgi_set_option("error", "noemail"); + expand_template(ds, output, "login"); + return; + } + /* We could well do better address validation but for now we'll just do the + * minimum */ + if(!strchr(email, '@')) { + cgi_set_option("error", "bademail"); + expand_template(ds, output, "login"); + return; + } + if(disorder_register(ds->g->client, username, password, email, &confirm)) { + cgi_set_option("error", "cannotregister"); + expand_template(ds, output, "login"); + return; + } + /* Send the user a mail */ + /* TODO templatize this */ + byte_xasprintf((char **)&text, + "Welcome to DisOrder. To active your login, please visit this URL:\n" + "\n" + "%s?c=%s\n", config->url, urlencodestring(confirm)); + if(!(text = mime_encode_text(text, &charset, &encoding))) + fatal(0, "cannot encode email"); + byte_xasprintf(&content_type, "text/plain;charset=%s", + quote822(charset, 0)); + sendmail("", config->mail_sender, email, "Welcome to DisOrder", + encoding, content_type, text); /* TODO error checking */ + /* We'll go back to the login page with a suitable message */ + cgi_set_option("status", "registered"); + expand_template(ds, output, "login"); +} + +static void act_confirm(cgi_sink *output, + dcgi_state *ds) { + const char *confirmation; + + if(!(confirmation = cgi_get("c"))) { + cgi_set_option("error", "noconfirm"); + expand_template(ds, output, "login"); + } + if(disorder_confirm(ds->g->client, confirmation)) { + cgi_set_option("error", "badconfirm"); + expand_template(ds, output, "login"); + } + cgi_set_option("status", "confirmed"); + expand_template(ds, output, "login"); +} + static const struct action { const char *name; void (*handler)(cgi_sink *output, dcgi_state *ds); } actions[] = { + { "confirm", act_confirm }, { "disable", act_disable }, { "enable", act_enable }, + { "login", act_login }, + { "logout", act_logout }, { "move", act_move }, { "pause", act_pause }, { "play", act_play }, @@ -411,6 +583,7 @@ static const struct action { { "prefs", act_prefs }, { "random-disable", act_random_disable }, { "random-enable", act_random_enable }, + { "register", act_register }, { "remove", act_remove }, { "resume", act_resume }, { "scratch", act_scratch }, @@ -444,7 +617,7 @@ static void exp_version(int attribute((unused)) nargs, char attribute((unused)) **args, cgi_sink *output, void attribute((unused)) *u) { - cgi_output(output, "%s", disorder_version_string); + cgi_output(output, "%s", disorder_short_version_string); } static void exp_nonce(int attribute((unused)) nargs, @@ -483,7 +656,7 @@ static void exp_length(int attribute((unused)) nargs, cgi_sink *output, void *u) { dcgi_state *ds = u; - long length; + long length = 0; if(ds->track && (ds->track->state == playing_started @@ -491,8 +664,11 @@ static void exp_length(int attribute((unused)) nargs, && ds->track->sofar >= 0) cgi_output(output, "%ld:%02ld/", ds->track->sofar / 60, ds->track->sofar % 60); - if(!ds->track || disorder_length(ds->g->client, ds->track->track, &length)) - length = 0; + length = 0; + if(ds->track) + disorder_length(ds->g->client, ds->track->track, &length); + else if(ds->tracks) + disorder_length(ds->g->client, ds->tracks[0], &length); if(length) cgi_output(output, "%ld:%02ld", length / 60, length % 60); else @@ -562,8 +738,11 @@ static void exp_part(int nargs, default: abort(); } - if(disorder_part(ds->g->client, (char **)&s, track, context, part)) + if(disorder_part(ds->g->client, (char **)&s, track, + !strcmp(context, "short") ? "display" : context, part)) fatal(0, "disorder_part() failed"); + if(!strcmp(context, "short")) + s = truncate_for_display(s, config->short_display); cgi_output(output, "%s", s); } else sink_printf(output->sink, " "); @@ -627,6 +806,25 @@ static void exp_recent(int attribute((unused)) nargs, } } +static void exp_new(int attribute((unused)) nargs, + char **args, + cgi_sink *output, + void *u) { + dcgi_state *ds = u; + dcgi_state s; + + lookups(ds, DC_NEW); + memset(&s, 0, sizeof s); + s.g = ds->g; + s.first = 1; + for(s.index = 0; s.index < ds->g->nnew; ++s.index) { + s.last = s.index + 1 < ds->g->nnew; + s.tracks = &ds->g->new[s.index]; + expandstring(output, args[0], &s); + s.first = 0; + } +} + static void exp_url(int attribute((unused)) nargs, char attribute((unused)) **args, cgi_sink *output, @@ -918,6 +1116,16 @@ static void exp_isrecent(int attribute((unused)) nargs, sink_printf(output->sink, "%s", bool2str(!!ds->g->recent)); } +static void exp_isnew(int attribute((unused)) nargs, + char attribute((unused)) **args, + cgi_sink *output, + void *u) { + dcgi_state *ds = u; + + lookups(ds, DC_NEW); + sink_printf(output->sink, "%s", bool2str(!!ds->g->nnew)); +} + static void exp_id(int attribute((unused)) nargs, char attribute((unused)) **args, cgi_sink *output, @@ -1073,17 +1281,12 @@ static void exp_scratchable(int attribute((unused)) nargs, cgi_sink *output, void attribute((unused)) *u) { dcgi_state *ds = u; - int result; - - if(config->restrictions & RESTRICT_SCRATCH) { - lookups(ds, DC_PLAYING); - result = (ds->g->playing - && (!ds->g->playing->submitter - || !strcmp(ds->g->playing->submitter, - disorder_user(ds->g->client)))); - } else - result = 1; - sink_printf(output->sink, "%s", bool2str(result)); + + lookups(ds, DC_PLAYING|DC_RIGHTS); + sink_printf(output->sink, "%s", + bool2str(right_scratchable(ds->g->rights, + disorder_user(ds->g->client), + ds->g->playing))); } static void exp_removable(int attribute((unused)) nargs, @@ -1091,16 +1294,25 @@ static void exp_removable(int attribute((unused)) nargs, cgi_sink *output, void attribute((unused)) *u) { dcgi_state *ds = u; - int result; - if(config->restrictions & RESTRICT_REMOVE) - result = (ds->track - && ds->track->submitter - && !strcmp(ds->track->submitter, - disorder_user(ds->g->client))); - else - result = 1; - sink_printf(output->sink, "%s", bool2str(result)); + lookups(ds, DC_RIGHTS); + sink_printf(output->sink, "%s", + bool2str(right_removable(ds->g->rights, + disorder_user(ds->g->client), + ds->track))); +} + +static void exp_movable(int attribute((unused)) nargs, + char attribute((unused)) **args, + cgi_sink *output, + void attribute((unused)) *u) { + dcgi_state *ds = u; + + lookups(ds, DC_RIGHTS); + sink_printf(output->sink, "%s", + bool2str(right_movable(ds->g->rights, + disorder_user(ds->g->client), + ds->track))); } static void exp_navigate(int attribute((unused)) nargs, @@ -1364,6 +1576,34 @@ static void exp_nfiles(int attribute((unused)) nargs, cgi_output(output, "1"); } +static void exp_user(int attribute((unused)) nargs, + char attribute((unused)) **args, + cgi_sink *output, + void *u) { + dcgi_state *const ds = u; + + cgi_output(output, "%s", disorder_user(ds->g->client)); +} + +static void exp_right(int attribute((unused)) nargs, + char **args, + cgi_sink *output, + void *u) { + dcgi_state *const ds = u; + const char *right = expandarg(args[0], ds); + rights_type r; + + lookups(ds, DC_RIGHTS); + if(parse_rights(right, &r, 1/*report*/)) + r = 0; + if(args[1] == 0) + cgi_output(output, "%s", bool2str(!!(r & ds->g->rights))); + else if(r & ds->g->rights) + expandstring(output, args[1], ds); + else if(args[2]) + expandstring(output, args[2], ds); +} + static const struct cgi_expansion expansions[] = { { "#", 0, INT_MAX, EXP_MAGIC, exp_comment }, { "action", 0, 0, 0, exp_action }, @@ -1385,13 +1625,16 @@ static const struct cgi_expansion expansions[] = { { "isfiles", 0, 0, 0, exp_isfiles }, { "isfirst", 0, 0, 0, exp_isfirst }, { "islast", 0, 0, 0, exp_islast }, + { "isnew", 0, 0, 0, exp_isnew }, { "isplaying", 0, 0, 0, exp_isplaying }, { "isqueue", 0, 0, 0, exp_isqueue }, { "isrecent", 0, 0, 0, exp_isrecent }, { "label", 1, 1, 0, exp_label }, { "length", 0, 0, 0, exp_length }, + { "movable", 0, 0, 0, exp_movable }, { "navigate", 2, 2, EXP_MAGIC, exp_navigate }, { "ne", 2, 2, 0, exp_ne }, + { "new", 1, 1, EXP_MAGIC, exp_new }, { "nfiles", 0, 0, 0, exp_nfiles }, { "nonce", 0, 0, 0, exp_nonce }, { "not", 1, 1, 0, exp_not }, @@ -1409,6 +1652,7 @@ static const struct cgi_expansion expansions[] = { { "recent", 1, 1, EXP_MAGIC, exp_recent }, { "removable", 0, 0, 0, exp_removable }, { "resolve", 1, 1, 0, exp_resolve }, + { "right", 1, 3, EXP_MAGIC, exp_right }, { "scratchable", 0, 0, 0, exp_scratchable }, { "search", 2, 3, EXP_MAGIC, exp_search }, { "server-version", 0, 0, 0, exp_server_version }, @@ -1421,6 +1665,7 @@ static const struct cgi_expansion expansions[] = { { "transform", 2, 3, 0, exp_transform }, { "url", 0, 0, 0, exp_url }, { "urlquote", 1, 1, 0, exp_urlquote }, + { "user", 0, 0, 0, exp_user }, { "version", 0, 0, 0, exp_version }, { "volume", 1, 1, 0, exp_volume }, { "when", 0, 0, 0, exp_when }, @@ -1450,19 +1695,25 @@ static void perform_action(cgi_sink *output, dcgi_state *ds, const char *action) { int n; + /* We don't ever want anything to be cached */ + cgi_header(output->sink, "Cache-Control", "no-cache"); if((n = TABLE_FIND(actions, struct action, name, action)) >= 0) actions[n].handler(output, ds); - else { - cgi_header(output->sink, "Content-Type", "text/html"); - cgi_body(output->sink); - expand(output, action, ds); - } + else + expand_template(ds, output, action); } void disorder_cgi(cgi_sink *output, dcgi_state *ds) { const char *action = cgi_get("action"); - if(!action) action = "playing"; + if(!action) { + /* We allow URLs which are just confirm=... in order to keep confirmation + * URLs, which are user-facing, as short as possible. */ + if(cgi_get("c")) + action = "confirm"; + else + action = "playing"; + } perform_action(output, ds, action); } @@ -1472,6 +1723,22 @@ void disorder_cgi_error(cgi_sink *output, dcgi_state *ds, perform_action(output, ds, "error"); } +/** @brief Log in as the current user or guest if none */ +void disorder_cgi_login(dcgi_state *ds, cgi_sink *output) { + /* Create a new connection */ + ds->g->client = disorder_new(0); + /* Forget everything we knew */ + ds->g->flags = 0; + /* Reconnect */ + if(disorder_connect_cookie(ds->g->client, login_cookie)) { + disorder_cgi_error(output, ds, "connect"); + exit(0); + } + /* If there was a cookie but it went bad, we forget it */ + if(login_cookie && !strcmp(disorder_user(ds->g->client), "guest")) + login_cookie = 0; +} + /* Local Variables: c-basic-offset:2