Finish authenticated API endpoints on cgi_blerg

[blerg.git] / cgi / cgi_blerg.c

diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c
index 5319442..5cd59a8 100644 (file)
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -197,6 +197,43 @@ int main(int argc, char *argv[]) {
                        respond_taglist(taglist, recs);
                }
        } else if (strncmp(path, "/put", 4) == 0) {
+               if (strcmp(request_method, "POST") != 0) {
+                       respond_405();
+                       exit(0);
+               }
+
+               if (path[4] == '/') {
+                       respond_404();
+                       exit(0);
+               }
+
+               const char *username = cgi_getentrystr("username");
+               const char *data = cgi_getentrystr("data");
+               if (username == NULL || username[0] == 0 ||
+                   data == NULL || data[0] == 0) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+               const char *given_token = cgi_getcookie("auth");
+               if (!auth_check_token(username, given_token)) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+               struct blerg *b = blerg_open(username);
+               if (b == NULL) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+               ret = blerg_store(b, data, strlen(data));
+               blerg_close(b);
+               if (ret == -1) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+               respond_JSON_Success();
        } else if (strncmp(path, "/info", 5) == 0) {
                if (strcmp(request_method, "GET") != 0) {
                        respond_405();
@@ -263,6 +300,50 @@ int main(int argc, char *argv[]) {
                auth_set_password(username, password);
                
                respond_JSON_Success();
+       } else if (strncmp(path, "/login", 7) == 0) {
+               if (strcmp(request_method, "POST") != 0) {
+                       respond_405();
+                       exit(0);
+               }
+
+               const char *username = cgi_getentrystr("username");
+               const char *password = cgi_getentrystr("password");
+               if (username == NULL || username[0] == 0 ||
+                   password == NULL || password[0] == 0) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+               if (!auth_login(username, password)) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+               char *token = auth_get_token(username);
+               printf("Set-Cookie: auth=%s\r\n", token);
+               free(token);
+
+               respond_JSON_Success();
+       } else if (strncmp(path, "/logout", 8) == 0) {
+               if (strcmp(request_method, "POST") != 0) {
+                       respond_405();
+                       exit(0);
+               }
+
+               const char *username = cgi_getentrystr("username");
+               if (username == NULL || username[0] == 0) {
+                       respond_JSON_Failure();
+                       exit(0);
+               }
+
+
+               const char *given_token = cgi_getcookie("auth");
+               if (auth_check_token(username, given_token)) {
+                       auth_logout(username);
+                       respond_JSON_Success();
+               } else {
+                       respond_JSON_Failure();
+               }
        } else {
                respond_404();
                exit(0);