X-Git-Url: https://git.distorted.org.uk/~mdw/disorder/blobdiff_plain/448d3570a4b73f0056c4bb61c5d80e4778a5e0bd..e7ce7665fd98a41e5b2c76643a58cdbc053ed41a:/server/actions.c diff --git a/server/actions.c b/server/actions.c index 2fa3f8a..4754a8c 100644 --- a/server/actions.c +++ b/server/actions.c @@ -17,15 +17,35 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA */ +/** @file server/actions.c + * @brief DisOrder web actions + * + * Actions are anything that the web interface does beyond passive template + * expansion and inspection of state recieved from the server. This means + * playing tracks, editing prefs etc but also setting extra headers e.g. to + * auto-refresh the playing list. + */ -#include -#include "types.h" - -#include "actions.h" -#include "lookups.h" +#include "disorder-cgi.h" -/** @brief Login cookie */ -char *login_cookie; +/** @brief Redirect to some other action or URL */ +static void redirect(const char *url) { + /* By default use the 'back' argument */ + if(!url) + url = cgi_get("back"); + if(url) { + if(strncmp(url, "http", 4)) + /* If the target is not a full URL assume it's the action */ + url = cgi_makeurl(config->url, "action", url, (char *)0); + } else { + /* If back= is not set just go back to the front page */ + url = config->url; + } + if(printf("Location: %s\n" + "%s\n" + "\n", url, dcgi_cookie_header()) < 0) + fatal(errno, "error writing to stdout"); +} /* 'playing' and 'manage' just add a Refresh: header */ static void act_playing(void) { @@ -33,29 +53,30 @@ static void act_playing(void) { long length; time_t now, fin; char *url; + const char *action; - lookups(DC_PLAYING|DC_QUEUE|DC_ENABLED|DC_RANDOM_ENABLED); - if(playing - && playing->state == playing_started /* i.e. not paused */ - && !disorder_length(client, playing->track, &length) + dcgi_lookup(DCGI_PLAYING|DCGI_QUEUE|DCGI_ENABLED|DCGI_RANDOM_ENABLED); + if(dcgi_playing + && dcgi_playing->state == playing_started /* i.e. not paused */ + && !disorder_length(dcgi_client, dcgi_playing->track, &length) && length - && playing->sofar >= 0) { + && dcgi_playing->sofar >= 0) { /* Try to put the next refresh at the start of the next track. */ time(&now); - fin = now + length - playing->sofar + config->gap; + fin = now + length - dcgi_playing->sofar + config->gap; if(now + refresh > fin) refresh = fin - now; } - if(queue && queue->state == playing_isscratch) { + if(dcgi_queue && dcgi_queue->state == playing_isscratch) { /* next track is a scratch, don't leave more than the inter-track gap */ if(refresh > config->gap) refresh = config->gap; } - if(!playing - && ((queue - && queue->state != playing_random) - || random_enabled) - && enabled) { + if(!dcgi_playing + && ((dcgi_queue + && dcgi_queue->state != playing_random) + || dcgi_random_enabled) + && dcgi_enabled) { /* no track playing but playing is enabled and there is something coming * up, must be in a gap */ if(refresh > config->gap) @@ -65,13 +86,399 @@ static void act_playing(void) { url = cgi_makeurl(config->url, "action", action, (char *)0); else url = config->url; - if(printf("Content-Type: text/html\n" - "Refresh: %ld;url=%s\n" - /* TODO cookie */ - "\n", + if(printf("Refresh: %ld;url=%s\n", refresh, url) < 0) fatal(errno, "error writing to stdout"); - disorder_cgi_expand(action ? action : "playing"); + dcgi_expand("playing", 1); +} + +static void act_disable(void) { + if(dcgi_client) + disorder_disable(dcgi_client); + redirect(0); +} + +static void act_enable(void) { + if(dcgi_client) + disorder_enable(dcgi_client); + redirect(0); +} + +static void act_random_disable(void) { + if(dcgi_client) + disorder_random_disable(dcgi_client); + redirect(0); +} + +static void act_random_enable(void) { + if(dcgi_client) + disorder_random_enable(dcgi_client); + redirect(0); +} + +static void act_pause(void) { + if(dcgi_client) + disorder_pause(dcgi_client); + redirect(0); +} + +static void act_resume(void) { + if(dcgi_client) + disorder_resume(dcgi_client); + redirect(0); +} + +static void act_remove(void) { + const char *id; + struct queue_entry *q; + + if(dcgi_client) { + if(!(id = cgi_get("id"))) + error(0, "missing 'id' argument"); + else if(!(q = dcgi_findtrack(id))) + error(0, "unknown queue id %s", id); + else switch(q->state) { + case playing_isscratch: + case playing_failed: + case playing_no_player: + case playing_ok: + case playing_quitting: + case playing_scratched: + error(0, "does not make sense to scratch %s", id); + break; + case playing_paused: /* started but paused */ + case playing_started: /* started to play */ + disorder_scratch(dcgi_client, id); + break; + case playing_random: /* unplayed randomly chosen track */ + case playing_unplayed: /* haven't played this track yet */ + disorder_remove(dcgi_client, id); + break; + } + } + redirect(0); +} + +static void act_move(void) { + const char *id, *delta; + struct queue_entry *q; + + if(dcgi_client) { + if(!(id = cgi_get("id"))) + error(0, "missing 'id' argument"); + else if(!(delta = cgi_get("delta"))) + error(0, "missing 'delta' argument"); + else if(!(q = dcgi_findtrack(id))) + error(0, "unknown queue id %s", id); + else switch(q->state) { + case playing_random: /* unplayed randomly chosen track */ + case playing_unplayed: /* haven't played this track yet */ + disorder_move(dcgi_client, id, atol(delta)); + break; + default: + error(0, "does not make sense to scratch %s", id); + break; + } + } + redirect(0); +} + +static void act_play(void) { + const char *track, *dir; + char **tracks; + int ntracks, n; + struct dcgi_entry *e; + + if(dcgi_client) { + if((track = cgi_get("file"))) { + disorder_play(dcgi_client, track); + } else if((dir = cgi_get("dir"))) { + if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks)) + ntracks = 0; + e = xmalloc(ntracks * sizeof (struct dcgi_entry)); + for(n = 0; n < ntracks; ++n) { + e[n].track = tracks[n]; + e[n].sort = trackname_transform("track", tracks[n], "sort"); + e[n].display = trackname_transform("track", tracks[n], "display"); + } + qsort(e, ntracks, sizeof (struct dcgi_entry), dcgi_compare_entry); + for(n = 0; n < ntracks; ++n) + disorder_play(dcgi_client, e[n].track); + } + } + redirect(0); +} + +static int clamp(int n, int min, int max) { + if(n < min) + return min; + if(n > max) + return max; + return n; +} + +static void act_volume(void) { + const char *l, *r, *d; + int nd; + + if(dcgi_client) { + if((d = cgi_get("delta"))) { + dcgi_lookup(DCGI_VOLUME); + nd = clamp(atoi(d), -255, 255); + disorder_set_volume(dcgi_client, + clamp(dcgi_volume_left + nd, 0, 255), + clamp(dcgi_volume_right + nd, 0, 255)); + } else if((l = cgi_get("left")) && (r = cgi_get("right"))) + disorder_set_volume(dcgi_client, atoi(l), atoi(r)); + } + redirect(0); +} + +/** @brief Expand the login template with @b @@error set to @p error + * @param error Error keyword + */ +static void login_error(const char *error) { + dcgi_error_string = error; + dcgi_expand("login", 1); +} + +/** @brief Log in + * @param username Login name + * @param password Password + * @return 0 on success, non-0 on error + * + * On error, calls login_error() to expand the login template. + */ +static int login_as(const char *username, const char *password) { + disorder_client *c; + + if(dcgi_cookie && dcgi_client) + disorder_revoke(dcgi_client); + /* We'll need a new connection as we are going to stop being guest */ + c = disorder_new(0); + if(disorder_connect_user(c, username, password)) { + login_error("loginfailed"); + return -1; + } + /* Generate a cookie so we can log in again later */ + if(disorder_make_cookie(c, &dcgi_cookie)) { + login_error("cookiefailed"); + return -1; + } + /* Use the new connection henceforth */ + dcgi_client = c; + dcgi_lookup_reset(); + return 0; /* OK */ +} + +static void act_login(void) { + const char *username, *password; + + /* We try all this even if not connected since the subsequent connection may + * succeed. */ + + username = cgi_get("username"); + password = cgi_get("password"); + if(!username + || !password + || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) { + /* We're just visiting the login page, not performing an action at all. */ + dcgi_expand("login", 1); + return; + } + if(!login_as(username, password)) { + /* Report the succesful login */ + dcgi_status_string = "loginok"; + dcgi_expand("login", 1); + } +} + +static void act_logout(void) { + if(dcgi_client) { + /* Ask the server to revoke the cookie */ + if(!disorder_revoke(dcgi_client)) + dcgi_status_string = "logoutok"; + else + dcgi_error_string = "revokefailed"; + } else { + /* We can't guarantee a logout if we can't connect to the server to revoke + * the cookie, so we report an error. We'll still ask the browser to + * forget the cookie though. */ + dcgi_error_string = "connect"; + } + /* Attempt to reconnect without the cookie */ + dcgi_cookie = 0; + dcgi_login(); + /* Back to login page, hopefuly forcing the browser to forget the cookie. */ + dcgi_expand("login", 1); +} + +static void act_register(void) { + const char *username, *password, *password2, *email; + char *confirm, *content_type; + const char *text, *encoding, *charset; + + /* If we're not connected then this is a hopeless exercise */ + if(!dcgi_client) { + login_error("connect"); + return; + } + + /* Collect arguments */ + username = cgi_get("username"); + password = cgi_get("password1"); + password2 = cgi_get("password2"); + email = cgi_get("email"); + + /* Verify arguments */ + if(!username || !*username) { + login_error("nousername"); + return; + } + if(!password || !*password) { + login_error("nopassword"); + return; + } + if(!password2 || !*password2 || strcmp(password, password2)) { + login_error("passwordmismatch"); + return; + } + if(!email || !*email) { + login_error("noemail"); + return; + } + /* We could well do better address validation but for now we'll just do the + * minimum */ + if(!strchr(email, '@')) { + login_error("bademail"); + return; + } + if(disorder_register(dcgi_client, username, password, email, &confirm)) { + login_error("cannotregister"); + return; + } + /* Send the user a mail */ + /* TODO templatize this */ + byte_xasprintf((char **)&text, + "Welcome to DisOrder. To active your login, please visit this URL:\n" + "\n" + "%s?c=%s\n", config->url, urlencodestring(confirm)); + if(!(text = mime_encode_text(text, &charset, &encoding))) + fatal(0, "cannot encode email"); + byte_xasprintf(&content_type, "text/plain;charset=%s", + quote822(charset, 0)); + sendmail("", config->mail_sender, email, "Welcome to DisOrder", + encoding, content_type, text); /* TODO error checking */ + /* We'll go back to the login page with a suitable message */ + dcgi_status_string = "registered"; + dcgi_expand("login", 1); +} + +static void act_confirm(void) { + const char *confirmation; + + /* If we're not connected then this is a hopeless exercise */ + if(!dcgi_client) { + login_error("connect"); + return; + } + + if(!(confirmation = cgi_get("c"))) { + login_error("noconfirm"); + return; + } + /* Confirm our registration */ + if(disorder_confirm(dcgi_client, confirmation)) { + login_error("badconfirm"); + return; + } + /* Get a cookie */ + if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) { + login_error("cookiefailed"); + return; + } + /* Junk cached data */ + dcgi_lookup_reset(); + /* Report success */ + dcgi_status_string = "confirmed"; + dcgi_expand("login", 1); +} + +static void act_edituser(void) { + const char *email = cgi_get("email"), *password = cgi_get("changepassword1"); + const char *password2 = cgi_get("changepassword2"); + int newpassword = 0; + + /* If we're not connected then this is a hopeless exercise */ + if(!dcgi_client) { + login_error("connect"); + return; + } + + /* Verify input */ + + /* If either password or password2 is set we insist they match. If they + * don't we report an error. */ + if((password && *password) || (password2 && *password2)) { + if(!password || !password2 || strcmp(password, password2)) { + login_error("passwordmismatch"); + return; + } + } else + password = password2 = 0; + if(email && !strchr(email, '@')) { + login_error("bademail"); + return; + } + + /* Commit changes */ + if(email) { + if(disorder_edituser(dcgi_client, disorder_user(dcgi_client), + "email", email)) { + login_error("badedit"); + return; + } + } + if(password) { + if(disorder_edituser(dcgi_client, disorder_user(dcgi_client), + "password", password)) { + login_error("badedit"); + return; + } + newpassword = 1; + } + + if(newpassword) { + /* If we changed the password, the cookie is now invalid, so we must log + * back in. */ + if(login_as(disorder_user(dcgi_client), password)) + return; + } + /* Report success */ + dcgi_status_string = "edited"; + dcgi_expand("login", 1); +} + +static void act_reminder(void) { + const char *const username = cgi_get("username"); + + /* If we're not connected then this is a hopeless exercise */ + if(!dcgi_client) { + login_error("connect"); + return; + } + + if(!username || !*username) { + login_error("nousername"); + return; + } + if(disorder_reminder(dcgi_client, username)) { + login_error("reminderfailed"); + return; + } + /* Report success */ + dcgi_status_string = "reminded"; + dcgi_expand("login", 1); } /** @brief Table of actions */ @@ -92,30 +499,59 @@ static const struct action { { "pause", act_pause }, { "play", act_play }, { "playing", act_playing }, - { "prefs", act_prefs }, - { "random-disable", act_random_disable }, - { "random-enable", act_random_enable }, + { "randomdisable", act_random_disable }, + { "randomenable", act_random_enable }, { "register", act_register }, { "reminder", act_reminder }, { "remove", act_remove }, { "resume", act_resume }, - { "scratch", act_scratch }, { "volume", act_volume }, }; +/** @brief Check that an action name is valid + * @param name Action + * @return 1 if valid, 0 if not + */ +static int dcgi_valid_action(const char *name) { + int c; + + /* First character must be letter or digit (this also requires there to _be_ + * a first character) */ + if(!isalnum((unsigned char)*name)) + return 0; + /* Only letters, digits, '.' and '-' allowed */ + while((c = (unsigned char)*name++)) { + if(!(isalnum(c) + || c == '.' + || c == '_')) + return 0; + } + return 1; +} + /** @brief Expand a template * @param name Base name of template, or NULL to consult CGI args + * @param header True to write header */ -void disorder_cgi_expand(const char *name) { - const char *p; - +void dcgi_expand(const char *name, int header) { + const char *p, *found; + + /* Parse macros first */ + if((found = mx_find("macros.tmpl"))) + mx_expand_file(found, sink_discard(), 0); /* For unknown actions check that they aren't evil */ - for(p = name; *p && isalnum((unsigned char)*p); ++p) - ; - if(*p) - fatal(0, "invalid action name '%s'", action); - byte_xasprintf((char **)&p, "%s.tmpl", action); - if(mx_expand_file(p, sink_stdio(stdout), 0) == -1 + if(!dcgi_valid_action(name)) + fatal(0, "invalid action name '%s'", name); + byte_xasprintf((char **)&p, "%s.tmpl", name); + if(!(found = mx_find(p))) + fatal(errno, "cannot find %s", p); + if(header) { + if(printf("Content-Type: text/html\n" + "%s\n" + "\n", dcgi_cookie_header()) < 0) + fatal(errno, "error writing to stdout"); + } + if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1 || fflush(stdout) < 0) fatal(errno, "error writing to stdout"); } @@ -125,9 +561,8 @@ void disorder_cgi_expand(const char *name) { * * If no recognized action is specified then 'playing' is assumed. */ -void disorder_cgi_action(const char *action) { +void dcgi_action(const char *action) { int n; - char *s; /* Consult CGI args if caller had no view */ if(!action) @@ -141,42 +576,22 @@ void disorder_cgi_action(const char *action) { action = "confirm"; else action = "playing"; + /* Make sure 'action' is always set */ + cgi_set("action", action); } if((n = TABLE_FIND(actions, struct action, name, action)) >= 0) /* Its a known action */ actions[n].handler(); else { /* Just expand the template */ - if(printf("Content-Type: text/html\n" - /* TODO cookie */ - "\n") < 0) - fatal(errno, "error writing to stdout"); - disorder_cgi_expand(action); + dcgi_expand(action, 1/*header*/); } } /** @brief Generate an error page */ -void disorder_cgi_error(const char *msg, ...) { - va_list ap; - - va_start(ap, msg); - byte_xvasprintf(&error_string, msg, ap); - va_end(ap); - disorder_cgi_expand("error"); -} - -/** @brief Log in as the current user or guest if none */ -void disorder_cgi_login(dcgi_state *ds, struct sink *output) { - /* Junk old data */ - disorder_macros_reset(); - /* Reconnect */ - if(disorder_connect_cookie(client, login_cookie)) { - disorder_cgi_error("Cannot connect to server"); - exit(0); - } - /* If there was a cookie but it went bad, we forget it */ - if(login_cookie && !strcmp(disorder_user(>client), "guest")) - login_cookie = 0; +void dcgi_error(const char *key) { + dcgi_error_string = xstrdup(key); + dcgi_expand("error", 1); } /*