From 756d4bcc451233245a952d4b5b0e9fd348323131 Mon Sep 17 00:00:00 2001
From: Chip Black <bytex64@bytex64.net>
Date: Tue, 21 Dec 2010 23:43:41 -0600
Subject: [PATCH] Fix authentication, finish /put API.

---
 auth.c       |  17 ++++--
 auth.h       |   1 +
 http_blerg.c | 149 +++++++++++++++++++++++++++++++++------------------
 3 files changed, 112 insertions(+), 55 deletions(-)

diff --git a/auth.c b/auth.c
index 6ce78b2..0a3a8f5 100644
--- a/auth.c
+++ b/auth.c
@@ -21,10 +21,10 @@ int auth_set_password(const char *username, const char *password) {
 	return 1;
 }
 
-int auth_check_password(const char *username, const char *password) {
+int auth_get_password(const char *username, char *password) {
 	char filename[512];
-	char epw[33];
-	int fd, len;
+	int fd;
+	int len = 0;
 
 	sprintf(filename, "%s/%s/password", DATA_PATH, username);
 	fd = open(filename, O_RDONLY);
@@ -33,6 +33,17 @@ int auth_check_password(const char *username, const char *password) {
 	len = read(fd, password, 32);
 	close(fd);
 
+	password[len] = 0;
+
+	return 1;
+}
+
+int auth_check_password(const char *username, const char *password) {
+	char epw[33];
+
+	if (auth_get_password(username, epw) == 0)
+		return 0;
+
 	if (strncmp(password, epw, 32) == 0)
 		return 1;
 	else
diff --git a/auth.h b/auth.h
index 4d551f6..da024c9 100644
--- a/auth.h
+++ b/auth.h
@@ -2,6 +2,7 @@
 #define _AUTH_H
 
 int auth_set_password(const char *, const char *);
+int auth_get_password(const char *, char *);
 int auth_check_password(const char *, const char *);
 
 #endif //_AUTH_H
diff --git a/http_blerg.c b/http_blerg.c
index 6a6de82..3cbc207 100644
--- a/http_blerg.c
+++ b/http_blerg.c
@@ -16,17 +16,27 @@ struct create_state {
 	char password[33];
 };
 
+struct put_state {
+	struct MHD_PostProcessor *pp;
+	char *data;
+	int data_size;
+};
+
+struct MHD_Response *response_401;
 struct MHD_Response *response_404;
-struct MHD_Response *response_501;
+struct MHD_Response *response_405;
 struct MHD_Response *response_JSON_Success;
 struct MHD_Response *response_JSON_Failure;
 
 void init_responses() {
+#define CONTENT_401 "<html><head><title>401 Unauthorized</title></head><body><h1>401 Unauthorized</h1>DENIED</body></html>"
+	response_401 = MHD_create_response_from_data(strlen (CONTENT_401), CONTENT_401, MHD_NO, MHD_NO);  
+
 #define CONTENT_404 "<html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1>I couldn't find that.</body></html>"
 	response_404 = MHD_create_response_from_data(strlen(CONTENT_404), CONTENT_404, MHD_NO, MHD_NO);
 
-#define CONTENT_501 "<html><head><title>501 Not Implemented</title></head><body><h1>501 Not Implemented</h1>I'm sorry, Dave. I'm afraid I can't do that.</body></html>"
-	response_501 = MHD_create_response_from_data(strlen(CONTENT_501), CONTENT_501, MHD_NO, MHD_NO);
+#define CONTENT_405 "<html><head><title>405 Method Not Allowed</title></head><body><h1>405 Method Not Allowed</h1>I'm sorry, Dave. I'm afraid I can't do that.</body></html>"
+	response_405 = MHD_create_response_from_data(strlen(CONTENT_405), CONTENT_405, MHD_NO, MHD_NO);
 
 #define JSON_SUCCESS "{status: \"success\"}"
 	response_JSON_Success = MHD_create_response_from_data(strlen(JSON_SUCCESS), JSON_SUCCESS, MHD_NO, MHD_NO);
@@ -35,12 +45,18 @@ void init_responses() {
 	response_JSON_Failure = MHD_create_response_from_data(strlen(JSON_FAILURE), JSON_FAILURE, MHD_NO, MHD_NO);
 }
 
+#define REALM "Blerg"
+#define OPAQUE "d29fb6db8f21a6e99903651a9f87470e"
+int respond_401(struct MHD_Connection *connection, int signal_stale) {
+	return MHD_queue_auth_fail_response(connection, REALM, OPAQUE, response_401, signal_stale);    
+}
+
 int respond_404(struct MHD_Connection *connection) {
 	return MHD_queue_response(connection, MHD_HTTP_NOT_FOUND, response_404);
 }
 
-int respond_501(struct MHD_Connection *connection) {
-	return MHD_queue_response(connection, MHD_HTTP_NOT_IMPLEMENTED, response_501);
+int respond_405(struct MHD_Connection *connection) {
+	return MHD_queue_response(connection, MHD_HTTP_METHOD_NOT_ALLOWED, response_405);
 }
 
 int respond_JSON_Success(struct MHD_Connection *connection) {
@@ -79,15 +95,30 @@ int parse_url_info(const char *url, char *author, uint64_t *record) {
 int POST_create_iterator(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *content_type, const char *transfer_encoding, const char *data, uint64_t off, size_t size) {
 	struct create_state *cs = cls;
 
-	if (strncmp(key, "username", 8) == 0) {
+	if (strncmp(key, "username", 9) == 0) {
 		if (size > 32) size = 32;
 		memcpy(cs->username, data, size);
 		cs->username[size] = 0;
-	} else if (strncmp(key, "password", 8) == 0) {
+	} else if (strncmp(key, "password", 9) == 0) {
 		if (size > 32) size = 32;
 		memcpy(cs->password, data, size);
 		cs->password[size] = 0;
 	}
+
+	return MHD_YES;
+}
+
+int POST_put_iterator(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *content_type, const char *transfer_encoding, const char *data, uint64_t off, size_t size) {
+	struct put_state *ps = cls;
+
+	if (strncmp(key, "data", 5) == 0) {
+		ps->data_size = size;
+		ps->data = malloc(size);
+		memcpy(ps->data, data, size);
+		return MHD_NO;
+	}
+
+	return MHD_YES;
 }
 
 static int
@@ -144,57 +175,69 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c
 			}
 		}
 	} else if (strncmp(url, "/put", 4) == 0) {
+		struct put_state *ps = (struct put_state *) *ptr;
 		char *username;
-		const char *password = "testpass";
-		const char *realm = "Blerg Post";
-
-#define OPAQUE "d29fb6db8f21a6e99903651a9f87470e"
-#define DENIED "DENIED, MOTHERFUCKER"
-#define PAGE "DERP DERP AUTHENTICATED DERP"
+		char password[33];
 
 		if (*ptr == NULL) {
+			if (strcmp(method, MHD_HTTP_METHOD_POST) != 0)
+				return respond_405(connection);
+
+			if (url[4] == '/')
+				return respond_404(connection);
+
 			*ptr = (void *) 1;
 
 			username = MHD_digest_auth_get_username(connection);
-			if (username == NULL) {
-				response = MHD_create_response_from_data(strlen (DENIED), DENIED, MHD_NO, MHD_NO);  
-				ret = MHD_queue_auth_fail_response(connection, realm, OPAQUE, response, MHD_NO);    
-				MHD_destroy_response(response);  
-				return ret;
-			}
+			if (username == NULL)
+				return respond_401(connection, MHD_NO);
+			auth_get_password(username, password);
 
-			printf("username: %s\n", username);
-
-			ret = MHD_digest_auth_check(connection, realm, username, password, 300);
+			ret = MHD_digest_auth_check(connection, REALM, username, password, 300);
 			free(username);
 
-			if (ret == MHD_INVALID_NONCE || ret == MHD_NO) {
-				response = MHD_create_response_from_data(strlen (DENIED), DENIED, MHD_NO, MHD_NO);  
-				ret = MHD_queue_auth_fail_response(connection, realm, OPAQUE, response,
-								   (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);  	 
-				MHD_destroy_response(response);  
-				return ret;
-			}
+			if (ret == MHD_INVALID_NONCE || ret == MHD_NO)
+				return respond_401(connection, (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
+
+			struct put_state *ps = malloc(sizeof(struct put_state));
+			ps->data = NULL;
+			ps->pp = MHD_create_post_processor(connection, 4096, &POST_put_iterator, ps);
+			*ptr = ps;
+			return MHD_YES;
 		}
 
-		*ptr = NULL;
+		if (*upload_data_size) {
+			MHD_post_process(ps->pp, upload_data, *upload_data_size);
+			*upload_data_size = 0;
+			return MHD_YES;
+		}
 
-		if (url[4] != '/')
-			return respond_404(connection);
-		ret = parse_url_info(url + 5, author, &record);
-		if ((ret & URL_INFO_AUTHOR) == 0)
-			return respond_404(connection);
+		if (ps->data == NULL || ps->data_size == 0)
+			return respond_JSON_Failure(connection);
 
-		response = MHD_create_response_from_data(strlen(PAGE), PAGE, MHD_NO, MHD_NO);
-		ret = MHD_queue_response(connection, MHD_HTTP_OK, response);  
-		MHD_destroy_response(response);
-		return ret;
+		username = MHD_digest_auth_get_username(connection);
+		struct blerg *b = blerg_open(username);
+		if (b == NULL)
+			return respond_JSON_Failure(connection);
+		if (blerg_store(b, ps->data, ps->data_size) == -1) {
+			blerg_close(b);
+			return respond_JSON_Failure(connection);
+		}
+		blerg_close(b);
+
+		MHD_destroy_post_processor(ps->pp);
+		free(username);
+		free(ps->data);
+		free(ps);
+		*ptr = NULL;
+
+		return respond_JSON_Success(connection);
 	} else if (strncmp(url, "/create", 8) == 0) {
 		struct create_state *cs = (struct create_state *) *ptr;
 
 		if (cs == NULL) {
 			if (strcmp(method, MHD_HTTP_METHOD_POST) != 0)
-				return respond_501(connection);
+				return respond_405(connection);
 
 			struct create_state *cs = malloc(sizeof(struct create_state));
 			cs->username[0] = cs->password[0] = 0;
@@ -207,21 +250,23 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c
 			MHD_post_process(cs->pp, upload_data, *upload_data_size);
 			*upload_data_size = 0;
 			return MHD_YES;
-		} else {
-			if (cs->username[0] == 0 || cs->password[0] == 0)
-				return respond_JSON_Failure(connection);
+		}
 
-			if (blerg_exists(cs->username))
-				return respond_JSON_Failure(connection);
+		if (cs->username[0] == 0 || cs->password[0] == 0)
+			return respond_JSON_Failure(connection);
 
-			struct blerg *b = blerg_open(cs->username);
-			blerg_close(b);
-			auth_set_password(cs->username, cs->password);
+		if (blerg_exists(cs->username))
+			return respond_JSON_Failure(connection);
 
-			MHD_destroy_post_processor(cs->pp);
-			free(cs);
-			return respond_JSON_Success(connection);
-		}
+		struct blerg *b = blerg_open(cs->username);
+		blerg_close(b);
+		auth_set_password(cs->username, cs->password);
+
+		MHD_destroy_post_processor(cs->pp);
+		free(cs);
+		*ptr = NULL;
+
+		return respond_JSON_Success(connection);
 	} else {
 		return respond_404(connection);
 	}
-- 
2.25.1