X-Git-Url: https://git.distorted.org.uk/~mdw/disorder/blobdiff_plain/0d0253c93a64d2b5206e902c648e1e2c6bc5d510..e7ce7665fd98a41e5b2c76643a58cdbc053ed41a:/server/actions.c

diff --git a/server/actions.c b/server/actions.c
index c0a8cb4..4754a8c 100644
--- a/server/actions.c
+++ b/server/actions.c
@@ -34,7 +34,7 @@ static void redirect(const char *url) {
   if(!url)
     url = cgi_get("back");
   if(url) {
-    if(!strncmp(url, "http", 4))
+    if(strncmp(url, "http", 4))
       /* If the target is not a full URL assume it's the action */
       url = cgi_makeurl(config->url, "action", url, (char *)0);
   } else {
@@ -86,13 +86,10 @@ static void act_playing(void) {
     url = cgi_makeurl(config->url, "action", action, (char *)0);
   else
     url = config->url;
-  if(printf("Content-Type: text/html\n"
-            "Refresh: %ld;url=%s\n"
-            "%s\n"
-            "\n",
-            refresh, url, dcgi_cookie_header()) < 0)
+  if(printf("Refresh: %ld;url=%s\n",
+            refresh, url) < 0)
     fatal(errno, "error writing to stdout");
-  dcgi_expand("playing");
+  dcgi_expand("playing", 1);
 }
 
 static void act_disable(void) {
@@ -119,6 +116,18 @@ static void act_random_enable(void) {
   redirect(0);
 }
 
+static void act_pause(void) {
+  if(dcgi_client)
+    disorder_pause(dcgi_client);
+  redirect(0);
+}
+
+static void act_resume(void) {
+  if(dcgi_client)
+    disorder_resume(dcgi_client);
+  redirect(0);
+}
+
 static void act_remove(void) {
   const char *id;
   struct queue_entry *q;
@@ -150,6 +159,328 @@ static void act_remove(void) {
   redirect(0);
 }
 
+static void act_move(void) {
+  const char *id, *delta;
+  struct queue_entry *q;
+
+  if(dcgi_client) {
+    if(!(id = cgi_get("id")))
+      error(0, "missing 'id' argument");
+    else if(!(delta = cgi_get("delta")))
+      error(0, "missing 'delta' argument");
+    else if(!(q = dcgi_findtrack(id)))
+      error(0, "unknown queue id %s", id);
+    else switch(q->state) {
+    case playing_random:                /* unplayed randomly chosen track */
+    case playing_unplayed:              /* haven't played this track yet */
+      disorder_move(dcgi_client, id, atol(delta));
+      break;
+    default:
+      error(0, "does not make sense to scratch %s", id);
+      break;
+    }
+  }
+  redirect(0);
+}
+
+static void act_play(void) {
+  const char *track, *dir;
+  char **tracks;
+  int ntracks, n;
+  struct dcgi_entry *e;
+  
+  if(dcgi_client) {
+    if((track = cgi_get("file"))) {
+      disorder_play(dcgi_client, track);
+    } else if((dir = cgi_get("dir"))) {
+      if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks))
+        ntracks = 0;
+      e = xmalloc(ntracks * sizeof (struct dcgi_entry));
+      for(n = 0; n < ntracks; ++n) {
+        e[n].track = tracks[n];
+        e[n].sort = trackname_transform("track", tracks[n], "sort");
+        e[n].display = trackname_transform("track", tracks[n], "display");
+      }
+      qsort(e, ntracks, sizeof (struct dcgi_entry), dcgi_compare_entry);
+      for(n = 0; n < ntracks; ++n)
+        disorder_play(dcgi_client, e[n].track);
+    }
+  }
+  redirect(0);
+}
+
+static int clamp(int n, int min, int max) {
+  if(n < min)
+    return min;
+  if(n > max)
+    return max;
+  return n;
+}
+
+static void act_volume(void) {
+  const char *l, *r, *d;
+  int nd;
+
+  if(dcgi_client) {
+    if((d = cgi_get("delta"))) {
+      dcgi_lookup(DCGI_VOLUME);
+      nd = clamp(atoi(d), -255, 255);
+      disorder_set_volume(dcgi_client,
+                          clamp(dcgi_volume_left + nd, 0, 255),
+                          clamp(dcgi_volume_right + nd, 0, 255));
+    } else if((l = cgi_get("left")) && (r = cgi_get("right")))
+      disorder_set_volume(dcgi_client, atoi(l), atoi(r));
+  }
+  redirect(0);
+}
+
+/** @brief Expand the login template with @b @@error set to @p error
+ * @param error Error keyword
+ */
+static void login_error(const char *error) {
+  dcgi_error_string = error;
+  dcgi_expand("login", 1);
+}
+
+/** @brief Log in
+ * @param username Login name
+ * @param password Password
+ * @return 0 on success, non-0 on error
+ *
+ * On error, calls login_error() to expand the login template.
+ */
+static int login_as(const char *username, const char *password) {
+  disorder_client *c;
+
+  if(dcgi_cookie && dcgi_client)
+    disorder_revoke(dcgi_client);
+  /* We'll need a new connection as we are going to stop being guest */
+  c = disorder_new(0);
+  if(disorder_connect_user(c, username, password)) {
+    login_error("loginfailed");
+    return -1;
+  }
+  /* Generate a cookie so we can log in again later */
+  if(disorder_make_cookie(c, &dcgi_cookie)) {
+    login_error("cookiefailed");
+    return -1;
+  }
+  /* Use the new connection henceforth */
+  dcgi_client = c;
+  dcgi_lookup_reset();
+  return 0;                             /* OK */
+}
+
+static void act_login(void) {
+  const char *username, *password;
+
+  /* We try all this even if not connected since the subsequent connection may
+   * succeed. */
+  
+  username = cgi_get("username");
+  password = cgi_get("password");
+  if(!username
+     || !password
+     || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
+    /* We're just visiting the login page, not performing an action at all. */
+    dcgi_expand("login", 1);
+    return;
+  }
+  if(!login_as(username, password)) {
+    /* Report the succesful login */
+    dcgi_status_string = "loginok";
+    dcgi_expand("login", 1);
+  }
+}
+
+static void act_logout(void) {
+  if(dcgi_client) {
+    /* Ask the server to revoke the cookie */
+    if(!disorder_revoke(dcgi_client))
+      dcgi_status_string = "logoutok";
+    else
+      dcgi_error_string = "revokefailed";
+  } else {
+    /* We can't guarantee a logout if we can't connect to the server to revoke
+     * the cookie, so we report an error.  We'll still ask the browser to
+     * forget the cookie though. */
+    dcgi_error_string = "connect";
+  }
+  /* Attempt to reconnect without the cookie */
+  dcgi_cookie = 0;
+  dcgi_login();
+  /* Back to login page, hopefuly forcing the browser to forget the cookie. */
+  dcgi_expand("login", 1);
+}
+
+static void act_register(void) {
+  const char *username, *password, *password2, *email;
+  char *confirm, *content_type;
+  const char *text, *encoding, *charset;
+
+  /* If we're not connected then this is a hopeless exercise */
+  if(!dcgi_client) {
+    login_error("connect");
+    return;
+  }
+
+  /* Collect arguments */
+  username = cgi_get("username");
+  password = cgi_get("password1");
+  password2 = cgi_get("password2");
+  email = cgi_get("email");
+
+  /* Verify arguments */
+  if(!username || !*username) {
+    login_error("nousername");
+    return;
+  }
+  if(!password || !*password) {
+    login_error("nopassword");
+    return;
+  }
+  if(!password2 || !*password2 || strcmp(password, password2)) {
+    login_error("passwordmismatch");
+    return;
+  }
+  if(!email || !*email) {
+    login_error("noemail");
+    return;
+  }
+  /* We could well do better address validation but for now we'll just do the
+   * minimum */
+  if(!strchr(email, '@')) {
+    login_error("bademail");
+    return;
+  }
+  if(disorder_register(dcgi_client, username, password, email, &confirm)) {
+    login_error("cannotregister");
+    return;
+  }
+  /* Send the user a mail */
+  /* TODO templatize this */
+  byte_xasprintf((char **)&text,
+		 "Welcome to DisOrder.  To active your login, please visit this URL:\n"
+		 "\n"
+		 "%s?c=%s\n", config->url, urlencodestring(confirm));
+  if(!(text = mime_encode_text(text, &charset, &encoding)))
+    fatal(0, "cannot encode email");
+  byte_xasprintf(&content_type, "text/plain;charset=%s",
+		 quote822(charset, 0));
+  sendmail("", config->mail_sender, email, "Welcome to DisOrder",
+	   encoding, content_type, text); /* TODO error checking  */
+  /* We'll go back to the login page with a suitable message */
+  dcgi_status_string = "registered";
+  dcgi_expand("login", 1);
+}
+
+static void act_confirm(void) {
+  const char *confirmation;
+
+  /* If we're not connected then this is a hopeless exercise */
+  if(!dcgi_client) {
+    login_error("connect");
+    return;
+  }
+
+  if(!(confirmation = cgi_get("c"))) {
+    login_error("noconfirm");
+    return;
+  }
+  /* Confirm our registration */
+  if(disorder_confirm(dcgi_client, confirmation)) {
+    login_error("badconfirm");
+    return;
+  }
+  /* Get a cookie */
+  if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) {
+    login_error("cookiefailed");
+    return;
+  }
+  /* Junk cached data */
+  dcgi_lookup_reset();
+  /* Report success */
+  dcgi_status_string = "confirmed";
+  dcgi_expand("login", 1);
+}
+
+static void act_edituser(void) {
+  const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
+  const char *password2 = cgi_get("changepassword2");
+  int newpassword = 0;
+
+  /* If we're not connected then this is a hopeless exercise */
+  if(!dcgi_client) {
+    login_error("connect");
+    return;
+  }
+
+  /* Verify input */
+
+  /* If either password or password2 is set we insist they match.  If they
+   * don't we report an error. */
+  if((password && *password) || (password2 && *password2)) {
+    if(!password || !password2 || strcmp(password, password2)) {
+      login_error("passwordmismatch");
+      return;
+    }
+  } else
+    password = password2 = 0;
+  if(email && !strchr(email, '@')) {
+    login_error("bademail");
+    return;
+  }
+
+  /* Commit changes */
+  if(email) {
+    if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
+			 "email", email)) {
+      login_error("badedit");
+      return;
+    }
+  }
+  if(password) {
+    if(disorder_edituser(dcgi_client, disorder_user(dcgi_client),
+			 "password", password)) {
+      login_error("badedit");
+      return;
+    }
+    newpassword = 1;
+  }
+
+  if(newpassword) {
+    /* If we changed the password, the cookie is now invalid, so we must log
+     * back in. */
+    if(login_as(disorder_user(dcgi_client), password))
+      return;
+  }
+  /* Report success */
+  dcgi_status_string = "edited";
+  dcgi_expand("login", 1);
+}
+
+static void act_reminder(void) {
+  const char *const username = cgi_get("username");
+
+  /* If we're not connected then this is a hopeless exercise */
+  if(!dcgi_client) {
+    login_error("connect");
+    return;
+  }
+
+  if(!username || !*username) {
+    login_error("nousername");
+    return;
+  }
+  if(disorder_reminder(dcgi_client, username)) {
+    login_error("reminderfailed");
+    return;
+  }
+  /* Report success */
+  dcgi_status_string = "reminded";
+  dcgi_expand("login", 1);
+}
+
 /** @brief Table of actions */
 static const struct action {
   /** @brief Action name */
@@ -157,30 +488,70 @@ static const struct action {
   /** @brief Action handler */
   void (*handler)(void);
 } actions[] = {
+  { "confirm", act_confirm },
   { "disable", act_disable },
+  { "edituser", act_edituser },
   { "enable", act_enable },
+  { "login", act_login },
+  { "logout", act_logout },
   { "manage", act_playing },
+  { "move", act_move },
+  { "pause", act_pause },
+  { "play", act_play },
   { "playing", act_playing },
   { "randomdisable", act_random_disable },
   { "randomenable", act_random_enable },
+  { "register", act_register },
+  { "reminder", act_reminder },
   { "remove", act_remove },
+  { "resume", act_resume },
+  { "volume", act_volume },
 };
 
+/** @brief Check that an action name is valid
+ * @param name Action
+ * @return 1 if valid, 0 if not
+ */
+static int dcgi_valid_action(const char *name) {
+  int c;
+
+  /* First character must be letter or digit (this also requires there to _be_
+   * a first character) */
+  if(!isalnum((unsigned char)*name))
+    return 0;
+  /* Only letters, digits, '.' and '-' allowed */
+  while((c = (unsigned char)*name++)) {
+    if(!(isalnum(c)
+         || c == '.'
+         || c == '_'))
+      return 0;
+  }
+  return 1;
+}
+
 /** @brief Expand a template
  * @param name Base name of template, or NULL to consult CGI args
+ * @param header True to write header
  */
-void dcgi_expand(const char *name) {
-  const char *p;
+void dcgi_expand(const char *name, int header) {
+  const char *p, *found;
 
   /* Parse macros first */
-  mx_expand_file("macros.tmpl", sink_discard(), 0);
+  if((found = mx_find("macros.tmpl")))
+    mx_expand_file(found, sink_discard(), 0);
   /* For unknown actions check that they aren't evil */
-  for(p = name; *p && isalnum((unsigned char)*p); ++p)
-    ;
-  if(*p)
+  if(!dcgi_valid_action(name))
     fatal(0, "invalid action name '%s'", name);
   byte_xasprintf((char **)&p, "%s.tmpl", name);
-  if(mx_expand_file(p, sink_stdio("stdout", stdout), 0) == -1
+  if(!(found = mx_find(p)))
+    fatal(errno, "cannot find %s", p);
+  if(header) {
+    if(printf("Content-Type: text/html\n"
+              "%s\n"
+              "\n", dcgi_cookie_header()) < 0)
+      fatal(errno, "error writing to stdout");
+  }
+  if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1
      || fflush(stdout) < 0)
     fatal(errno, "error writing to stdout");
 }
@@ -213,18 +584,14 @@ void dcgi_action(const char *action) {
     actions[n].handler();
   else {
     /* Just expand the template */
-    if(printf("Content-Type: text/html\n"
-              "%s\n"
-              "\n", dcgi_cookie_header()) < 0)
-      fatal(errno, "error writing to stdout");
-    dcgi_expand(action);
+    dcgi_expand(action, 1/*header*/);
   }
 }
 
 /** @brief Generate an error page */
 void dcgi_error(const char *key) {
   dcgi_error_string = xstrdup(key);
-  dcgi_expand("error");
+  dcgi_expand("error", 1);
 }
 
 /*