X-Git-Url: http://git.bytex64.net/?a=blobdiff_plain;f=cgi%2Fcgi_blerg.c;h=8f502a261057b87394e16d650f85381834053b66;hb=476c970903c4f3d29a8da3fa7c6f6f237745a8b7;hp=ee0672b4b360a6db648913b335f58bdcae0ea427;hpb=57bd5973e1bace9c7cf8889294c710b65462dee9;p=blerg.git

diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c
index ee0672b..8f502a2 100644
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -17,14 +17,15 @@
 
 yajl_gen_config yajl_c = { 0, 0 };
 
-int check_auth(const char *username) {
-	if (username == NULL || username[0] == 0) {
+int check_auth(struct auth_cookie *ac) {
+	const char *given_cookie = cgi_getcookie("auth");
+
+	if (parse_auth_cookie(given_cookie, ac) != 1) {
 		respond_403();
 		return 0;
 	}
 
-	const char *given_token = cgi_getcookie("auth");
-	if (!auth_check_token(username, given_token)) {
+	if (!auth_check_token(ac->name, ac->token)) {
 		respond_403();
 		return 0;
 	}
@@ -109,6 +110,7 @@ int main(int argc, char *argv[]) {
 	char *request_method;
 	int ret, len;
 	struct url_info info;
+	struct auth_cookie ac;
 	char *data;
 
 	if (!blerg_init())
@@ -213,8 +215,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		if (path[4] == '/') {
@@ -228,7 +229,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		struct blerg *b = blerg_open(username);
+		struct blerg *b = blerg_open(ac.name);
 		if (b == NULL) {
 			respond_JSON_Failure();
 			exit(0);
@@ -326,7 +327,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		printf("Set-Cookie: auth=%s\r\n", token);
+		printf("Set-Cookie: auth=%s/%s\r\n", username, token);
 		free(token);
 
 		respond_JSON_Success();
@@ -336,53 +337,44 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
-		const char *given_token = cgi_getcookie("auth");
-		auth_logout(username, given_token);
+		auth_logout(ac.name, ac.token);
+		printf("Set-Cookie: auth=X; Expires=Thu, 01 Jan 1970 00:00:00 GMT\r\n");
 		respond_JSON_Success();
-	} else if (strncmp(path, "/subscribe", 10) == 0 || strncmp(path, "/unsubscribe", 12) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+	} else if (strncmp(path, "/subscribe", 10) == 0) {
+		if (!check_auth(&ac))
 			exit(0);
 
-		if (path[1] == 'u') {
-			if (path[12] != '/') {
-				respond_404();
-				exit(0);
-			}
-
-			ret = parse_url_info(path + 13, &info);
-			if ((ret & URL_INFO_NAME) == 0) {
-				respond_404();
-				exit(0);
-			}
+		if (path[10] != '/') {
+			respond_404();
+			exit(0);
+		}
 
-			subscription_remove(username, info.name);
-		} else {
-			if (path[10] != '/') {
-				respond_404();
-				exit(0);
-			}
+		ret = parse_url_info(path + 11, &info);
+		if ((ret & URL_INFO_NAME) == 0) {
+			respond_404();
+			exit(0);
+		}
 
-			ret = parse_url_info(path + 11, &info);
-			if ((ret & URL_INFO_NAME) == 0) {
-				respond_404();
-				exit(0);
-			}
+		const char *subscribed = cgi_getentrystr("subscribed");
 
-			subscription_add(username, info.name);
+		if (strncmp(subscribed, "true", 4) == 0) {
+			subscription_add(ac.name, info.name);
+		} else if (strncmp(subscribed, "false", 5) == 0) {
+			subscription_remove(ac.name, info.name);
+		} else {
+			respond_JSON_Failure();
+			exit(0);
 		}
 		respond_JSON_Success();
 	} else if (strncmp(path, "/feed", 6) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		int recs = 50;
-		struct blergref *feedlist = subscription_list(username, 0, &recs, -1);
+		struct blergref *feedlist = subscription_list(ac.name, 0, &recs, -1);
 
 		if (recs == 0) {
 			respond_simple_data("[]", 2);
@@ -390,22 +382,14 @@ int main(int argc, char *argv[]) {
 			respond_blergref_list(feedlist, recs);
 		}
 	} else if (strncmp(path, "/status", 7) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
-			exit(0);
-
-		if (strncmp(request_method, "POST", 4) != 0) {
-			respond_405();
+		if (!check_auth(&ac))
 			exit(0);
-		}
-
-		yajl_gen g;
 
-		if (path[7] == 0) {  /* No username */
+		if (strncmp(request_method, "POST", 4) == 0) {
 			const char *clear = cgi_getentrystr("clear");
 
 			if (clear != NULL) {
-				struct blerg *b = blerg_open(username);
+				struct blerg *b = blerg_open(ac.name);
 				if (strncmp(clear, "feed", 4) == 0) {
 					blerg_set_subscription_mark(b);
 				} else if (strncmp(clear, "mentioned", 9) == 0) {
@@ -413,17 +397,21 @@ int main(int argc, char *argv[]) {
 				}
 				blerg_close(b);
 				respond_JSON_Success();
-			} else {
+			}
+		} else if (strncmp(request_method, "GET", 3) == 0) {
+			yajl_gen g;
+
+			if (path[7] == 0) {  /* No username */
 				g = yajl_gen_alloc(&yajl_c, NULL);
 				yajl_gen_map_open(g);
 
-				struct blerg *b = blerg_open(username);
+				struct blerg *b = blerg_open(ac.name);
 				uint64_t subscription_mark = blerg_get_subscription_mark(b);
 				int mentioned = blerg_get_status(b, BLERGSTATUS_MENTIONED);
 				blerg_close(b);
 
 				yajl_gen_string(g, (unsigned char *)"feed_new", 8);
-				yajl_gen_integer(g, subscription_count_items(username) - subscription_mark);
+				yajl_gen_integer(g, subscription_count_items(ac.name) - subscription_mark);
 
 				yajl_gen_string(g, (unsigned char *)"mentioned", 9);
 				yajl_gen_bool(g, mentioned);
@@ -431,26 +419,28 @@ int main(int argc, char *argv[]) {
 				yajl_gen_map_close(g);
 				respond_yajl(g);
 				yajl_gen_free(g);
-			}
-		} else {  /* with username */
-			g = yajl_gen_alloc(&yajl_c, NULL);
-			yajl_gen_map_open(g);
-
-			yajl_gen_string(g, (unsigned char *)"subscribed", 10);
-			ret = parse_url_info(path + 8, &info);
-			if ((ret & URL_INFO_NAME) == 1) {
-				yajl_gen_bool(g, is_subscribed(username, info.name));
-			} else {
-				yajl_gen_bool(g, 0);
-			}
+			} else {  /* with username */
+				g = yajl_gen_alloc(&yajl_c, NULL);
+				yajl_gen_map_open(g);
 
-			yajl_gen_map_close(g);
-			respond_yajl(g);
-			yajl_gen_free(g);
+				yajl_gen_string(g, (unsigned char *)"subscribed", 10);
+				ret = parse_url_info(path + 8, &info);
+				if ((ret & URL_INFO_NAME) == 1) {
+					yajl_gen_bool(g, is_subscribed(ac.name, info.name));
+				} else {
+					yajl_gen_bool(g, 0);
+				}
+
+				yajl_gen_map_close(g);
+				respond_yajl(g);
+				yajl_gen_free(g);
+			}
+		} else {
+			respond_405();
+			exit(0);
 		}
 	} else if (strncmp(path, "/passwd", 7) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		const char *password = cgi_getentrystr("password");
@@ -458,8 +448,8 @@ int main(int argc, char *argv[]) {
 		if (password == NULL || new_password == NULL) {
 			respond_JSON_Failure();
 		} else {
-			if (auth_check_password(username, password)) {
-				auth_set_password(username, new_password);
+			if (auth_check_password(ac.name, password)) {
+				auth_set_password(ac.name, new_password);
 				respond_JSON_Success();
 			} else {
 				respond_JSON_Failure();