Add new account center and account recovery frontends

[blerg.git] / cgi / cgi_blerg.c
diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c

index cfe8031..8f502a2 100644 (file)
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -10,26 +10,38 @@
  #include "tags.h"
  #include "auth.h"
  #include "subscription.h"
+#include "json.h"
  #include "canned_responses.h"
  #include "app.h"
  #include "config.h"
  
  yajl_gen_config yajl_c = { 0, 0 };
  
-int check_auth(const char *username) {
-       if (username == NULL || username[0] == 0) {
+int check_auth(struct auth_cookie *ac) {
+       const char *given_cookie = cgi_getcookie("auth");
+
+       if (parse_auth_cookie(given_cookie, ac) != 1) {
                 respond_403();
                 return 0;
         }
  
-       const char *given_token = cgi_getcookie("auth");
-       if (!auth_check_token(username, given_token)) {
+       if (!auth_check_token(ac->name, ac->token)) {
                 respond_403();
                 return 0;
         }
         return 1;
  }
  
+void respond_yajl(yajl_gen g) {
+       const unsigned char *ybuf;
+       unsigned int content_len;
+
+       yajl_gen_get_buf(g, &ybuf, &content_len);
+
+       printf("Content-type: application/json\r\n");
+       printf("Content-length: %d\r\n\r\n", content_len);
+       fwrite(ybuf, content_len, 1, stdout);
+}
  
  void respond_for_range(struct blerg *b, uint64_t from, uint64_t to) {
         const unsigned char *ybuf;
@@ -98,8 +110,12 @@ int main(int argc, char *argv[]) {
         char *request_method;
         int ret, len;
         struct url_info info;
+       struct auth_cookie ac;
         char *data;
  
+       if (!blerg_init())
+               exit(1);
+
         if (cgi_init() != CGIERR_NONE)
                 exit(0);
  
@@ -199,8 +215,7 @@ int main(int argc, char *argv[]) {
                         exit(0);
                 }
  
-               const char *username = cgi_getentrystr("username");
-               if (!check_auth(username))
+               if (!check_auth(&ac))
                         exit(0);
  
                 if (path[4] == '/') {
@@ -214,7 +229,7 @@ int main(int argc, char *argv[]) {
                         exit(0);
                 }
  
-               struct blerg *b = blerg_open(username);
+               struct blerg *b = blerg_open(ac.name);
                 if (b == NULL) {
                         respond_JSON_Failure();
                         exit(0);
@@ -256,17 +271,12 @@ int main(int argc, char *argv[]) {
                 char number[21];
                 yajl_gen g = yajl_gen_alloc(&yajl_c, NULL);
                 yajl_gen_map_open(g);
-               yajl_gen_string(g, "record_count", 12);
+               yajl_gen_string(g, (unsigned char *)"record_count", 12);
                 snprintf(number, 21, "%llu", record_count);
-               yajl_gen_string(g, number, strlen(number));
+               yajl_gen_string(g, (unsigned char *)number, strlen(number));
                 yajl_gen_map_close(g);
  
-               const unsigned char *ybuf;
-               yajl_gen_get_buf(g, &ybuf, &len);
-
-               printf("Content-type: application/json\r\n");
-               printf("Content-length: %d\r\n\r\n", len);
-               fwrite(ybuf, len, 1, stdout);
+               respond_yajl(g);
  
                 yajl_gen_free(g);
         } else if (strncmp(path, "/create", 8) == 0) {
@@ -289,10 +299,14 @@ int main(int argc, char *argv[]) {
                 }
  
                 struct blerg *b = blerg_open(username);
-               blerg_close(b);
-               auth_set_password(username, password);
-               
-               respond_JSON_Success();
+               if (b != NULL) {
+                       blerg_close(b);
+                       auth_set_password(username, password);
+                       
+                       respond_JSON_Success();
+               } else {
+                       respond_JSON_Failure();
+               }
         } else if (strncmp(path, "/login", 7) == 0) {
                 if (strcmp(request_method, "POST") != 0) {
                         respond_405();
@@ -313,7 +327,7 @@ int main(int argc, char *argv[]) {
                         exit(0);
                 }
  
-               printf("Set-Cookie: auth=%s\r\n", token);
+               printf("Set-Cookie: auth=%s/%s\r\n", username, token);
                 free(token);
  
                 respond_JSON_Success();
@@ -323,96 +337,130 @@ int main(int argc, char *argv[]) {
                         exit(0);
                 }
  
-               const char *username = cgi_getentrystr("username");
-               if (!check_auth(username))
+               if (!check_auth(&ac))
                         exit(0);
  
-               const char *given_token = cgi_getcookie("auth");
-               auth_logout(username, given_token);
+               auth_logout(ac.name, ac.token);
+               printf("Set-Cookie: auth=X; Expires=Thu, 01 Jan 1970 00:00:00 GMT\r\n");
                 respond_JSON_Success();
-       } else if (strncmp(path, "/subscribe", 10) == 0 || strncmp(path, "/unsubscribe", 12) == 0) {
-               const char *username = cgi_getentrystr("username");
-               if (!check_auth(username))
+       } else if (strncmp(path, "/subscribe", 10) == 0) {
+               if (!check_auth(&ac))
                         exit(0);
  
-               if (path[1] == 'u') {
-                       if (path[12] != '/') {
-                               respond_404();
-                               exit(0);
-                       }
-
-                       ret = parse_url_info(path + 13, &info);
-                       if ((ret & URL_INFO_NAME) == 0) {
-                               respond_404();
-                               exit(0);
-                       }
+               if (path[10] != '/') {
+                       respond_404();
+                       exit(0);
+               }
  
-                       subscription_remove(username, info.name);
-               } else {
-                       if (path[10] != '/') {
-                               respond_404();
-                               exit(0);
-                       }
+               ret = parse_url_info(path + 11, &info);
+               if ((ret & URL_INFO_NAME) == 0) {
+                       respond_404();
+                       exit(0);
+               }
  
-                       ret = parse_url_info(path + 11, &info);
-                       if ((ret & URL_INFO_NAME) == 0) {
-                               respond_404();
-                               exit(0);
-                       }
+               const char *subscribed = cgi_getentrystr("subscribed");
  
-                       subscription_add(username, info.name);
+               if (strncmp(subscribed, "true", 4) == 0) {
+                       subscription_add(ac.name, info.name);
+               } else if (strncmp(subscribed, "false", 5) == 0) {
+                       subscription_remove(ac.name, info.name);
+               } else {
+                       respond_JSON_Failure();
+                       exit(0);
                 }
                 respond_JSON_Success();
         } else if (strncmp(path, "/feed", 6) == 0) {
-               const char *username = cgi_getentrystr("username");
-               if (!check_auth(username))
+               if (!check_auth(&ac))
                         exit(0);
  
                 int recs = 50;
-               struct blergref *feedlist = subscription_list(username, 0, &recs, -1);
+               struct blergref *feedlist = subscription_list(ac.name, 0, &recs, -1);
  
                 if (recs == 0) {
                         respond_simple_data("[]", 2);
                 } else {
                         respond_blergref_list(feedlist, recs);
                 }
-       } else if (strncmp(path, "/feedinfo", 9) == 0) {
-               const char *username = cgi_getentrystr("username");
-               if (!check_auth(username))
+       } else if (strncmp(path, "/status", 7) == 0) {
+               if (!check_auth(&ac))
                         exit(0);
  
-               yajl_gen g = yajl_gen_alloc(&yajl_c, NULL);
-               yajl_gen_map_open(g);
-               if (path[9] == 0) {
-                       struct blerg *b = blerg_open(username);
-                       uint64_t subscription_mark = blerg_get_subscription_mark(b);
-                       blerg_close(b);
+               if (strncmp(request_method, "POST", 4) == 0) {
+                       const char *clear = cgi_getentrystr("clear");
+
+                       if (clear != NULL) {
+                               struct blerg *b = blerg_open(ac.name);
+                               if (strncmp(clear, "feed", 4) == 0) {
+                                       blerg_set_subscription_mark(b);
+                               } else if (strncmp(clear, "mentioned", 9) == 0) {
+                                       blerg_set_status(b, BLERGSTATUS_MENTIONED, 0);
+                               }
+                               blerg_close(b);
+                               respond_JSON_Success();
+                       }
+               } else if (strncmp(request_method, "GET", 3) == 0) {
+                       yajl_gen g;
+
+                       if (path[7] == 0) {  /* No username */
+                               g = yajl_gen_alloc(&yajl_c, NULL);
+                               yajl_gen_map_open(g);
+
+                               struct blerg *b = blerg_open(ac.name);
+                               uint64_t subscription_mark = blerg_get_subscription_mark(b);
+                               int mentioned = blerg_get_status(b, BLERGSTATUS_MENTIONED);
+                               blerg_close(b);
+
+                               yajl_gen_string(g, (unsigned char *)"feed_new", 8);
+                               yajl_gen_integer(g, subscription_count_items(ac.name) - subscription_mark);
+
+                               yajl_gen_string(g, (unsigned char *)"mentioned", 9);
+                               yajl_gen_bool(g, mentioned);
+
+                               yajl_gen_map_close(g);
+                               respond_yajl(g);
+                               yajl_gen_free(g);
+                       } else {  /* with username */
+                               g = yajl_gen_alloc(&yajl_c, NULL);
+                               yajl_gen_map_open(g);
+
+                               yajl_gen_string(g, (unsigned char *)"subscribed", 10);
+                               ret = parse_url_info(path + 8, &info);
+                               if ((ret & URL_INFO_NAME) == 1) {
+                                       yajl_gen_bool(g, is_subscribed(ac.name, info.name));
+                               } else {
+                                       yajl_gen_bool(g, 0);
+                               }
+
+                               yajl_gen_map_close(g);
+                               respond_yajl(g);
+                               yajl_gen_free(g);
+                       }
+               } else {
+                       respond_405();
+                       exit(0);
+               }
+       } else if (strncmp(path, "/passwd", 7) == 0) {
+               if (!check_auth(&ac))
+                       exit(0);
  
-                       yajl_gen_string(g, "new", 3);
-                       yajl_gen_integer(g, subscription_count_items(username) - subscription_mark);
+               const char *password = cgi_getentrystr("password");
+               const char *new_password = cgi_getentrystr("new_password");
+               if (password == NULL || new_password == NULL) {
+                       respond_JSON_Failure();
                 } else {
-                       yajl_gen_string(g, "subscribed", 10);
-                       ret = parse_url_info(path + 10, &info);
-                       if ((ret & URL_INFO_NAME) == 1) {
-                               yajl_gen_bool(g, is_subscribed(username, info.name));
+                       if (auth_check_password(ac.name, password)) {
+                               auth_set_password(ac.name, new_password);
+                               respond_JSON_Success();
                         } else {
-                               yajl_gen_bool(g, 0);
+                               respond_JSON_Failure();
                         }
                 }
-               yajl_gen_map_close(g);
-
-               const unsigned char *ybuf;
-               yajl_gen_get_buf(g, &ybuf, &len);
-
-               printf("Content-type: application/json\r\n");
-               printf("Content-length: %d\r\n\r\n", len);
-               fwrite(ybuf, len, 1, stdout);
-
-               yajl_gen_free(g);
         } else {
                 respond_404();
                 exit(0);
         }
  
         cgi_quit();
+
+       return 0;
  }