2 * This file is part of DisOrder.
3 * Copyright (C) 2004-2008 Richard Kettlewell
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 /** @file cgi/actions.c
19 * @brief DisOrder web actions
21 * Actions are anything that the web interface does beyond passive template
22 * expansion and inspection of state recieved from the server. This means
23 * playing tracks, editing prefs etc but also setting extra headers e.g. to
24 * auto-refresh the playing list.
26 * See @ref lib/macros-builtin.c for docstring syntax.
29 #include "disorder-cgi.h"
31 /** @brief Redirect to some other action or URL */
32 static void redirect(const char *url
) {
33 /* By default use the 'back' argument */
35 url
= cgi_get("back");
37 if(strncmp(url
, "http", 4))
38 /* If the target is not a full URL assume it's the action */
39 url
= cgi_makeurl(config
->url
, "action", url
, (char *)0);
41 /* If back= is not set just go back to the front page */
44 if(printf("Location: %s\n"
46 "\n", url
, dcgi_cookie_header()) < 0)
47 disorder_fatal(errno
, "error writing to stdout");
52 * Expands \fIplaying.tmpl\fR as if there was no special 'playing' action, but
53 * adds a Refresh: field to the HTTP header. The maximum refresh interval is
54 * defined by \fBrefresh\fR (see \fBdisorder_config\fR(5)) but may be less if
55 * the end of the track is near.
59 * Expands \fIplaying.tmpl\fR (NB not \fImanage.tmpl\fR) as if there was no
60 * special 'playing' action, and adds a Refresh: field to the HTTP header. The
61 * maximum refresh interval is defined by \Bfrefresh\fR (see
62 * \fBdisorder_config\fR(5)) but may be less if the end of the track is near.
64 static void act_playing(void) {
65 long refresh
= config
->refresh
;
71 dcgi_lookup(DCGI_PLAYING
|DCGI_QUEUE
|DCGI_ENABLED
|DCGI_RANDOM_ENABLED
);
73 && dcgi_playing
->state
== playing_started
/* i.e. not paused */
74 && !disorder_length(dcgi_client
, dcgi_playing
->track
, &length
)
76 && dcgi_playing
->sofar
>= 0) {
77 /* Try to put the next refresh at the start of the next track. */
79 fin
= now
+ length
- dcgi_playing
->sofar
;
80 if(now
+ refresh
> fin
)
83 if(dcgi_queue
&& dcgi_queue
->origin
== origin_scratch
) {
84 /* next track is a scratch, refresh immediately */
89 && dcgi_queue
->origin
!= origin_random
)
90 || dcgi_random_enabled
)
92 /* no track playing but playing is enabled and there is something coming
93 * up, so refresh immediately */
96 /* Bound the refresh interval below as a back-stop against the above
97 * calculations coming up with a stupid answer */
98 if(refresh
< config
->refresh_min
)
99 refresh
= config
->refresh_min
;
100 if((action
= cgi_get("action")))
101 url
= cgi_makeurl(config
->url
, "action", action
, (char *)0);
104 if(printf("Refresh: %ld;url=%s\n",
106 disorder_fatal(errno
, "error writing to stdout");
107 dcgi_expand("playing", 1);
114 static void act_disable(void) {
116 disorder_disable(dcgi_client
);
124 static void act_enable(void) {
126 disorder_enable(dcgi_client
);
132 * Disables random play.
134 static void act_random_disable(void) {
136 disorder_random_disable(dcgi_client
);
142 * Enables random play.
144 static void act_random_enable(void) {
146 disorder_random_enable(dcgi_client
);
152 * Pauses the current track (if there is one and it's not paused already).
154 static void act_pause(void) {
156 disorder_pause(dcgi_client
);
162 * Resumes the current track (if there is one and it's paused).
164 static void act_resume(void) {
166 disorder_resume(dcgi_client
);
172 * Removes the track given by the \fBid\fR argument. If this is the currently
173 * playing track then it is scratched.
175 static void act_remove(void) {
177 struct queue_entry
*q
;
180 if(!(id
= cgi_get("id")))
181 disorder_error(0, "missing 'id' argument");
182 else if(!(q
= dcgi_findtrack(id
)))
183 disorder_error(0, "unknown queue id %s", id
);
184 else if(q
->origin
== origin_scratch
)
185 /* can't scratch scratches */
186 disorder_error(0, "does not make sense to scratch or remove %s", id
);
187 else if(q
->state
== playing_paused
188 || q
->state
== playing_started
)
189 /* removing the playing track = scratching */
190 disorder_scratch(dcgi_client
, id
);
191 else if(q
->state
== playing_unplayed
)
192 /* otherwise it must be in the queue */
193 disorder_remove(dcgi_client
, id
);
195 /* various error states */
196 disorder_error(0, "does not make sense to scratch or remove %s", id
);
203 * Moves the track given by the \fBid\fR argument the distance given by the
204 * \fBdelta\fR argument. If this is positive the track is moved earlier in the
205 * queue and if negative, later.
207 static void act_move(void) {
208 const char *id
, *delta
;
209 struct queue_entry
*q
;
212 if(!(id
= cgi_get("id")))
213 disorder_error(0, "missing 'id' argument");
214 else if(!(delta
= cgi_get("delta")))
215 disorder_error(0, "missing 'delta' argument");
216 else if(!(q
= dcgi_findtrack(id
)))
217 disorder_error(0, "unknown queue id %s", id
);
218 else switch(q
->state
) {
219 case playing_random
: /* unplayed randomly chosen track */
220 case playing_unplayed
: /* haven't played this track yet */
221 disorder_move(dcgi_client
, id
, atol(delta
));
224 disorder_error(0, "does not make sense to scratch %s", id
);
233 * Play the track given by the \fBtrack\fR argument, or if that is not set all
234 * the tracks in the directory given by the \fBdir\fR argument.
236 static void act_play(void) {
237 const char *track
, *dir
;
240 struct tracksort_data
*tsd
;
244 if((track
= cgi_get("track"))) {
245 disorder_play(dcgi_client
, track
, &id
);
246 } else if((dir
= cgi_get("dir"))) {
247 if(disorder_files(dcgi_client
, dir
, 0, &tracks
, &ntracks
))
249 tsd
= tracksort_init(ntracks
, tracks
, "track");
250 for(n
= 0; n
< ntracks
; ++n
)
251 disorder_play(dcgi_client
, tsd
[n
].track
, &id
);
257 static int clamp(int n
, int min
, int max
) {
267 * If the \fBdelta\fR argument is set: adjust both channels by that amount (up
268 * if positive, down if negative).
270 * Otherwise if \fBleft\fR and \fBright\fR are set, set the channels
271 * independently to those values.
273 static void act_volume(void) {
274 const char *l
, *r
, *d
;
278 if((d
= cgi_get("delta"))) {
279 dcgi_lookup(DCGI_VOLUME
);
280 nd
= clamp(atoi(d
), -255, 255);
281 disorder_set_volume(dcgi_client
,
282 clamp(dcgi_volume_left
+ nd
, 0, 255),
283 clamp(dcgi_volume_right
+ nd
, 0, 255));
284 } else if((l
= cgi_get("left")) && (r
= cgi_get("right")))
285 disorder_set_volume(dcgi_client
, atoi(l
), atoi(r
));
290 /** @brief Expand the login template with @b @@error set to @p error
291 * @param e Error keyword
293 static void login_error(const char *e
) {
294 dcgi_error_string
= e
;
295 dcgi_expand("login", 1);
299 * @param username Login name
300 * @param password Password
301 * @return 0 on success, non-0 on error
303 * On error, calls login_error() to expand the login template.
305 static int login_as(const char *username
, const char *password
) {
308 if(dcgi_cookie
&& dcgi_client
)
309 disorder_revoke(dcgi_client
);
310 /* We'll need a new connection as we are going to stop being guest.
311 * Make sure it's unprivileged, so that the server actually bothers checking
312 * the password we supply.
315 disorder_force_unpriv(c
);
316 if(disorder_connect_user(c
, username
, password
)) {
317 login_error("loginfailed");
320 /* Generate a cookie so we can log in again later */
321 if(disorder_make_cookie(c
, &dcgi_cookie
)) {
322 login_error("cookiefailed");
325 /* Use the new connection henceforth */
333 * If \fBusername\fR and \fBpassword\fR are set (and the username isn't
334 * "guest") then attempt to log in using those credentials. On success,
335 * redirects to the \fBback\fR argument if that is set, or just expands
336 * \fIlogin.tmpl\fI otherwise, with \fB@status\fR set to \fBloginok\fR.
338 * If they aren't set then just expands \fIlogin.tmpl\fI.
340 static void act_login(void) {
341 const char *username
, *password
;
343 /* We try all this even if not connected since the subsequent connection may
346 username
= cgi_get("username");
347 password
= cgi_get("password");
350 || !strcmp(username
, "guest")/*bodge to avoid guest cookies*/) {
351 /* We're just visiting the login page, not performing an action at all. */
352 dcgi_expand("login", 1);
355 if(!login_as(username
, password
)) {
356 /* Report the succesful login */
357 dcgi_status_string
= "loginok";
358 /* Redirect back to where we came from, if necessary */
362 dcgi_expand("login", 1);
368 * Logs out the current user and expands \fIlogin.tmpl\fR with \fBstatus\fR or
369 * \fB@error\fR set according to the result.
371 static void act_logout(void) {
373 /* Ask the server to revoke the cookie */
374 if(!disorder_revoke(dcgi_client
))
375 dcgi_status_string
= "logoutok";
377 dcgi_error_string
= "revokefailed";
379 /* We can't guarantee a logout if we can't connect to the server to revoke
380 * the cookie, so we report an error. We'll still ask the browser to
381 * forget the cookie though. */
382 dcgi_error_string
= "connect";
384 /* Attempt to reconnect without the cookie */
387 /* Back to login page, hopefuly forcing the browser to forget the cookie. */
388 dcgi_expand("login", 1);
393 * Register a new user using \fBusername\fR, \fBpassword1\fR, \fBpassword2\fR
394 * and \fBemail\fR and expands \fIlogin.tmpl\fR with \fBstatus\fR or
395 * \fB@error\fR set according to the result.
397 static void act_register(void) {
398 const char *username
, *password
, *password2
, *email
;
399 char *confirm
, *content_type
;
400 const char *text
, *encoding
, *charset
;
402 /* If we're not connected then this is a hopeless exercise */
404 login_error("connect");
408 /* Collect arguments */
409 username
= cgi_get("username");
410 password
= cgi_get("password1");
411 password2
= cgi_get("password2");
412 email
= cgi_get("email");
414 /* Verify arguments */
415 if(!username
|| !*username
) {
416 login_error("nousername");
419 if(!password
|| !*password
) {
420 login_error("nopassword");
423 if(!password2
|| !*password2
|| strcmp(password
, password2
)) {
424 login_error("passwordmismatch");
427 if(!email
|| !*email
) {
428 login_error("noemail");
431 /* We could well do better address validation but for now we'll just do the
433 if(!email_valid(email
)) {
434 login_error("bademail");
437 if(disorder_register(dcgi_client
, username
, password
, email
, &confirm
)) {
438 login_error("cannotregister");
441 /* Send the user a mail */
442 /* TODO templatize this */
443 byte_xasprintf((char **)&text
,
444 "Welcome to DisOrder. To active your login, please visit this URL:\n"
446 "%s?c=%s\n", config
->url
, urlencodestring(confirm
));
447 if(!(text
= mime_encode_text(text
, &charset
, &encoding
)))
448 disorder_fatal(0, "cannot encode email");
449 byte_xasprintf(&content_type
, "text/plain;charset=%s",
450 quote822(charset
, 0));
451 sendmail("", config
->mail_sender
, email
, "Welcome to DisOrder",
452 encoding
, content_type
, text
); /* TODO error checking */
453 /* We'll go back to the login page with a suitable message */
454 dcgi_status_string
= "registered";
455 dcgi_expand("login", 1);
460 * Confirm a user registration using the nonce supplied in \fBc\fR and expands
461 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
464 static void act_confirm(void) {
465 const char *confirmation
;
467 /* If we're not connected then this is a hopeless exercise */
469 login_error("connect");
473 if(!(confirmation
= cgi_get("c"))) {
474 login_error("noconfirm");
477 /* Confirm our registration */
478 if(disorder_confirm(dcgi_client
, confirmation
)) {
479 login_error("badconfirm");
483 if(disorder_make_cookie(dcgi_client
, &dcgi_cookie
)) {
484 login_error("cookiefailed");
487 /* Junk cached data */
490 dcgi_status_string
= "confirmed";
491 dcgi_expand("login", 1);
496 * Edit user details using \fBusername\fR, \fBchangepassword1\fR,
497 * \fBchangepassword2\fR and \fBemail\fR and expands \fIlogin.tmpl\fR with
498 * \fBstatus\fR or \fB@error\fR set according to the result.
500 static void act_edituser(void) {
501 const char *email
= cgi_get("email"), *password
= cgi_get("changepassword1");
502 const char *password2
= cgi_get("changepassword2");
505 /* If we're not connected then this is a hopeless exercise */
507 login_error("connect");
513 /* If either password or password2 is set we insist they match. If they
514 * don't we report an error. */
515 if((password
&& *password
) || (password2
&& *password2
)) {
516 if(!password
|| !password2
|| strcmp(password
, password2
)) {
517 login_error("passwordmismatch");
521 password
= password2
= 0;
522 if(email
&& !email_valid(email
)) {
523 login_error("bademail");
529 if(disorder_edituser(dcgi_client
, disorder_user(dcgi_client
),
531 login_error("badedit");
536 if(disorder_edituser(dcgi_client
, disorder_user(dcgi_client
),
537 "password", password
)) {
538 login_error("badedit");
545 /* If we changed the password, the cookie is now invalid, so we must log
547 if(login_as(disorder_user(dcgi_client
), password
))
551 dcgi_status_string
= "edited";
552 dcgi_expand("login", 1);
557 * Issue an email password reminder to \fBusername\fR and expands
558 * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the
561 static void act_reminder(void) {
562 const char *const username
= cgi_get("username");
564 /* If we're not connected then this is a hopeless exercise */
566 login_error("connect");
570 if(!username
|| !*username
) {
571 login_error("nousername");
574 if(disorder_reminder(dcgi_client
, username
)) {
575 login_error("reminderfailed");
579 dcgi_status_string
= "reminded";
580 dcgi_expand("login", 1);
583 /** @brief Get the numbered version of an argument
584 * @param argname Base argument name
585 * @param numfile File number
586 * @return cgi_get(NUMFILE_ARGNAME)
588 static const char *numbered_arg(const char *argname
, int numfile
) {
591 byte_xasprintf(&fullname
, "%d_%s", numfile
, argname
);
592 return cgi_get(fullname
);
595 /** @brief Set preferences for file @p numfile
596 * @return 0 on success, -1 if there is no such track number
598 * The old @b nfiles parameter has been abolished, we just keep look for more
599 * files until we run out.
601 static int process_prefs(int numfile
) {
602 const char *file
, *name
, *value
, *part
, *parts
, *context
;
605 if(!(file
= numbered_arg("track", numfile
)))
607 if(!(parts
= cgi_get("parts")))
608 parts
= "artist album title";
609 if(!(context
= cgi_get("context")))
611 partslist
= split(parts
, 0, 0, 0, 0);
612 while((part
= *partslist
++)) {
613 if(!(value
= numbered_arg(part
, numfile
)))
615 byte_xasprintf((char **)&name
, "trackname_%s_%s", context
, part
);
616 disorder_set(dcgi_client
, file
, name
, value
);
618 if(numbered_arg("random", numfile
))
619 disorder_unset(dcgi_client
, file
, "pick_at_random");
621 disorder_set(dcgi_client
, file
, "pick_at_random", "0");
622 if((value
= numbered_arg("tags", numfile
))) {
624 disorder_unset(dcgi_client
, file
, "tags");
626 disorder_set(dcgi_client
, file
, "tags", value
);
628 if((value
= numbered_arg("weight", numfile
))) {
630 disorder_unset(dcgi_client
, file
, "weight");
632 disorder_set(dcgi_client
, file
, "weight", value
);
639 * Set preferences on a number of tracks.
641 * The tracks to modify are specified in arguments \fB0_track\fR, \fB1_track\fR
642 * etc. The number sequence must be contiguous and start from 0.
644 * For each track \fIINDEX\fB_track\fR:
645 * - \fIINDEX\fB_\fIPART\fR is used to set the trackname preference for
646 * that part. (See \fBparts\fR below.)
647 * - \fIINDEX\fB_\fIrandom\fR if present enables random play for this track
648 * or disables it if absent.
649 * - \fIINDEX\fB_\fItags\fR sets the list of tags for this track.
650 * - \fIINDEX\fB_\fIweight\fR sets the weight for this track.
652 * \fBparts\fR can be set to the track name parts to modify. The default is
653 * "artist album title".
655 * \fBcontext\fR can be set to the context to modify. The default is
658 * If the server detects a preference being set to its default, it removes the
659 * preference, thus keeping the database tidy.
661 static void act_set(void) {
665 for(numfile
= 0; !process_prefs(numfile
); ++numfile
)
671 /** @brief Table of actions */
672 static const struct action
{
673 /** @brief Action name */
675 /** @brief Action handler */
676 void (*handler
)(void);
677 /** @brief Union of suitable rights */
680 { "confirm", act_confirm
, 0 },
681 { "disable", act_disable
, RIGHT_GLOBAL_PREFS
},
682 { "edituser", act_edituser
, 0 },
683 { "enable", act_enable
, RIGHT_GLOBAL_PREFS
},
684 { "login", act_login
, 0 },
685 { "logout", act_logout
, 0 },
686 { "manage", act_playing
, 0 },
687 { "move", act_move
, RIGHT_MOVE__MASK
},
688 { "pause", act_pause
, RIGHT_PAUSE
},
689 { "play", act_play
, RIGHT_PLAY
},
690 { "playing", act_playing
, 0 },
691 { "randomdisable", act_random_disable
, RIGHT_GLOBAL_PREFS
},
692 { "randomenable", act_random_enable
, RIGHT_GLOBAL_PREFS
},
693 { "register", act_register
, 0 },
694 { "reminder", act_reminder
, 0 },
695 { "remove", act_remove
, RIGHT_MOVE__MASK
|RIGHT_SCRATCH__MASK
},
696 { "resume", act_resume
, RIGHT_PAUSE
},
697 { "set", act_set
, RIGHT_PREFS
},
698 { "volume", act_volume
, RIGHT_VOLUME
},
701 /** @brief Check that an action name is valid
703 * @return 1 if valid, 0 if not
705 static int dcgi_valid_action(const char *name
) {
708 /* First character must be letter or digit (this also requires there to _be_
709 * a first character) */
710 if(!isalnum((unsigned char)*name
))
712 /* Only letters, digits, '.' and '-' allowed */
713 while((c
= (unsigned char)*name
++)) {
722 /** @brief Expand a template
723 * @param name Base name of template, or NULL to consult CGI args
724 * @param header True to write header
726 void dcgi_expand(const char *name
, int header
) {
727 const char *p
, *found
;
729 /* Parse macros first */
730 if((found
= mx_find("macros.tmpl", 1/*report*/)))
731 mx_expand_file(found
, sink_discard(), 0);
732 if((found
= mx_find("user.tmpl", 0/*report*/)))
733 mx_expand_file(found
, sink_discard(), 0);
734 /* For unknown actions check that they aren't evil */
735 if(!dcgi_valid_action(name
))
736 disorder_fatal(0, "invalid action name '%s'", name
);
737 byte_xasprintf((char **)&p
, "%s.tmpl", name
);
738 if(!(found
= mx_find(p
, 0/*report*/)))
739 disorder_fatal(errno
, "cannot find %s", p
);
741 if(printf("Content-Type: text/html; charset=UTF-8\n"
743 "\n", dcgi_cookie_header()) < 0)
744 disorder_fatal(errno
, "error writing to stdout");
746 if(mx_expand_file(found
, sink_stdio("stdout", stdout
), 0) == -1
747 || fflush(stdout
) < 0)
748 disorder_fatal(errno
, "error writing to stdout");
751 /** @brief Execute a web action
752 * @param action Action to perform, or NULL to consult CGI args
754 * If no recognized action is specified then 'playing' is assumed.
756 void dcgi_action(const char *action
) {
759 /* Consult CGI args if caller had no view */
761 action
= cgi_get("action");
762 /* Pick a default if nobody cares at all */
764 /* We allow URLs which are just c=... in order to keep confirmation URLs,
765 * which are user-facing, as short as possible. Actually we could lose the
771 /* Make sure 'action' is always set */
772 cgi_set("action", action
);
774 if((n
= TABLE_FIND(actions
, name
, action
)) >= 0) {
775 if(actions
[n
].rights
) {
776 /* Some right or other is required */
777 dcgi_lookup(DCGI_RIGHTS
);
778 if(!(actions
[n
].rights
& dcgi_rights
)) {
779 const char *back
= cgi_thisurl(config
->url
);
780 /* Failed operations jump you to the login screen with an error
781 * message. On success, the user comes back to the page they were
784 cgi_set("back", back
);
785 login_error("noright");
789 /* It's a known action */
790 actions
[n
].handler();
792 /* Just expand the template */
793 dcgi_expand(action
, 1/*header*/);
797 /** @brief Generate an error page */
798 void dcgi_error(const char *key
) {
799 dcgi_error_string
= xstrdup(key
);
800 dcgi_expand("error", 1);