From 3d475d15c024ccda534c711a305a5a0e6da60870 Mon Sep 17 00:00:00 2001 From: Chip Black Date: Thu, 30 Dec 2010 21:34:32 -0600 Subject: [PATCH] Finish authenticated API endpoints on cgi_blerg --- cgi/cgi_blerg.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++ http/http_blerg.c | 12 +++---- 2 files changed, 85 insertions(+), 8 deletions(-) diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c index 5319442..5cd59a8 100644 --- a/cgi/cgi_blerg.c +++ b/cgi/cgi_blerg.c @@ -197,6 +197,43 @@ int main(int argc, char *argv[]) { respond_taglist(taglist, recs); } } else if (strncmp(path, "/put", 4) == 0) { + if (strcmp(request_method, "POST") != 0) { + respond_405(); + exit(0); + } + + if (path[4] == '/') { + respond_404(); + exit(0); + } + + const char *username = cgi_getentrystr("username"); + const char *data = cgi_getentrystr("data"); + if (username == NULL || username[0] == 0 || + data == NULL || data[0] == 0) { + respond_JSON_Failure(); + exit(0); + } + + const char *given_token = cgi_getcookie("auth"); + if (!auth_check_token(username, given_token)) { + respond_JSON_Failure(); + exit(0); + } + + struct blerg *b = blerg_open(username); + if (b == NULL) { + respond_JSON_Failure(); + exit(0); + } + ret = blerg_store(b, data, strlen(data)); + blerg_close(b); + if (ret == -1) { + respond_JSON_Failure(); + exit(0); + } + + respond_JSON_Success(); } else if (strncmp(path, "/info", 5) == 0) { if (strcmp(request_method, "GET") != 0) { respond_405(); @@ -263,6 +300,50 @@ int main(int argc, char *argv[]) { auth_set_password(username, password); respond_JSON_Success(); + } else if (strncmp(path, "/login", 7) == 0) { + if (strcmp(request_method, "POST") != 0) { + respond_405(); + exit(0); + } + + const char *username = cgi_getentrystr("username"); + const char *password = cgi_getentrystr("password"); + if (username == NULL || username[0] == 0 || + password == NULL || password[0] == 0) { + respond_JSON_Failure(); + exit(0); + } + + if (!auth_login(username, password)) { + respond_JSON_Failure(); + exit(0); + } + + char *token = auth_get_token(username); + printf("Set-Cookie: auth=%s\r\n", token); + free(token); + + respond_JSON_Success(); + } else if (strncmp(path, "/logout", 8) == 0) { + if (strcmp(request_method, "POST") != 0) { + respond_405(); + exit(0); + } + + const char *username = cgi_getentrystr("username"); + if (username == NULL || username[0] == 0) { + respond_JSON_Failure(); + exit(0); + } + + + const char *given_token = cgi_getcookie("auth"); + if (auth_check_token(username, given_token)) { + auth_logout(username); + respond_JSON_Success(); + } else { + respond_JSON_Failure(); + } } else { respond_404(); exit(0); diff --git a/http/http_blerg.c b/http/http_blerg.c index 949e971..6abcc11 100644 --- a/http/http_blerg.c +++ b/http/http_blerg.c @@ -338,9 +338,6 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c return ret; } else if (strncmp(url, "/put", 4) == 0) { struct put_state *ps = (struct put_state *) *ptr; - char *username; - char password[33]; - if (*ptr == NULL) { if (strcmp(method, MHD_HTTP_METHOD_POST) != 0) return respond_405(connection); @@ -375,11 +372,10 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c struct blerg *b = blerg_open(ps->username); if (b == NULL) return respond_JSON_Failure(connection); - if (blerg_store(b, ps->data, ps->data_size) == -1) { - blerg_close(b); - return respond_JSON_Failure(connection); - } + ret = blerg_store(b, ps->data, ps->data_size); blerg_close(b); + if (ret == -1) + return respond_JSON_Failure(connection); MHD_destroy_post_processor(ps->pp); free(ps->data); @@ -530,7 +526,7 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c } const char *given_token = MHD_lookup_connection_value(connection, MHD_COOKIE_KIND, "auth"); - if (given_token != NULL && auth_check_token(as->username, given_token)) { + if (auth_check_token(as->username, given_token)) { auth_logout(as->username); return respond_JSON_Success(connection); } else { -- 2.25.1