From 948ce5be6ef6bba36edfb544565ca22e316afb0a Mon Sep 17 00:00:00 2001
From: Chip Black <bytex64@bytex64.net>
Date: Thu, 10 Jul 2014 02:28:36 -0500
Subject: [PATCH] Modify backend to use new auth cookie format

Auth cookie is now username/token rather than just token
---
 cgi/cgi_blerg.c | 53 ++++++++++++++++++++++---------------------------
 1 file changed, 24 insertions(+), 29 deletions(-)

diff --git a/cgi/cgi_blerg.c b/cgi/cgi_blerg.c
index ee0672b..95b1809 100644
--- a/cgi/cgi_blerg.c
+++ b/cgi/cgi_blerg.c
@@ -17,14 +17,15 @@
 
 yajl_gen_config yajl_c = { 0, 0 };
 
-int check_auth(const char *username) {
-	if (username == NULL || username[0] == 0) {
+int check_auth(struct auth_cookie *ac) {
+	const char *given_cookie = cgi_getcookie("auth");
+
+	if (parse_auth_cookie(given_cookie, ac) != 1) {
 		respond_403();
 		return 0;
 	}
 
-	const char *given_token = cgi_getcookie("auth");
-	if (!auth_check_token(username, given_token)) {
+	if (!auth_check_token(ac->name, ac->token)) {
 		respond_403();
 		return 0;
 	}
@@ -109,6 +110,7 @@ int main(int argc, char *argv[]) {
 	char *request_method;
 	int ret, len;
 	struct url_info info;
+	struct auth_cookie ac;
 	char *data;
 
 	if (!blerg_init())
@@ -213,8 +215,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		if (path[4] == '/') {
@@ -228,7 +229,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		struct blerg *b = blerg_open(username);
+		struct blerg *b = blerg_open(ac.name);
 		if (b == NULL) {
 			respond_JSON_Failure();
 			exit(0);
@@ -326,7 +327,7 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		printf("Set-Cookie: auth=%s\r\n", token);
+		printf("Set-Cookie: auth=%s/%s\r\n", username, token);
 		free(token);
 
 		respond_JSON_Success();
@@ -336,16 +337,13 @@ int main(int argc, char *argv[]) {
 			exit(0);
 		}
 
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
-		const char *given_token = cgi_getcookie("auth");
-		auth_logout(username, given_token);
+		auth_logout(ac.name, ac.token);
 		respond_JSON_Success();
 	} else if (strncmp(path, "/subscribe", 10) == 0 || strncmp(path, "/unsubscribe", 12) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		if (path[1] == 'u') {
@@ -360,7 +358,7 @@ int main(int argc, char *argv[]) {
 				exit(0);
 			}
 
-			subscription_remove(username, info.name);
+			subscription_remove(ac.name, info.name);
 		} else {
 			if (path[10] != '/') {
 				respond_404();
@@ -373,16 +371,15 @@ int main(int argc, char *argv[]) {
 				exit(0);
 			}
 
-			subscription_add(username, info.name);
+			subscription_add(ac.name, info.name);
 		}
 		respond_JSON_Success();
 	} else if (strncmp(path, "/feed", 6) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		int recs = 50;
-		struct blergref *feedlist = subscription_list(username, 0, &recs, -1);
+		struct blergref *feedlist = subscription_list(ac.name, 0, &recs, -1);
 
 		if (recs == 0) {
 			respond_simple_data("[]", 2);
@@ -390,8 +387,7 @@ int main(int argc, char *argv[]) {
 			respond_blergref_list(feedlist, recs);
 		}
 	} else if (strncmp(path, "/status", 7) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		if (strncmp(request_method, "POST", 4) != 0) {
@@ -405,7 +401,7 @@ int main(int argc, char *argv[]) {
 			const char *clear = cgi_getentrystr("clear");
 
 			if (clear != NULL) {
-				struct blerg *b = blerg_open(username);
+				struct blerg *b = blerg_open(ac.name);
 				if (strncmp(clear, "feed", 4) == 0) {
 					blerg_set_subscription_mark(b);
 				} else if (strncmp(clear, "mentioned", 9) == 0) {
@@ -417,13 +413,13 @@ int main(int argc, char *argv[]) {
 				g = yajl_gen_alloc(&yajl_c, NULL);
 				yajl_gen_map_open(g);
 
-				struct blerg *b = blerg_open(username);
+				struct blerg *b = blerg_open(ac.name);
 				uint64_t subscription_mark = blerg_get_subscription_mark(b);
 				int mentioned = blerg_get_status(b, BLERGSTATUS_MENTIONED);
 				blerg_close(b);
 
 				yajl_gen_string(g, (unsigned char *)"feed_new", 8);
-				yajl_gen_integer(g, subscription_count_items(username) - subscription_mark);
+				yajl_gen_integer(g, subscription_count_items(ac.name) - subscription_mark);
 
 				yajl_gen_string(g, (unsigned char *)"mentioned", 9);
 				yajl_gen_bool(g, mentioned);
@@ -439,7 +435,7 @@ int main(int argc, char *argv[]) {
 			yajl_gen_string(g, (unsigned char *)"subscribed", 10);
 			ret = parse_url_info(path + 8, &info);
 			if ((ret & URL_INFO_NAME) == 1) {
-				yajl_gen_bool(g, is_subscribed(username, info.name));
+				yajl_gen_bool(g, is_subscribed(ac.name, info.name));
 			} else {
 				yajl_gen_bool(g, 0);
 			}
@@ -449,8 +445,7 @@ int main(int argc, char *argv[]) {
 			yajl_gen_free(g);
 		}
 	} else if (strncmp(path, "/passwd", 7) == 0) {
-		const char *username = cgi_getentrystr("username");
-		if (!check_auth(username))
+		if (!check_auth(&ac))
 			exit(0);
 
 		const char *password = cgi_getentrystr("password");
@@ -458,8 +453,8 @@ int main(int argc, char *argv[]) {
 		if (password == NULL || new_password == NULL) {
 			respond_JSON_Failure();
 		} else {
-			if (auth_check_password(username, password)) {
-				auth_set_password(username, new_password);
+			if (auth_check_password(ac.name, password)) {
+				auth_set_password(ac.name, new_password);
 				respond_JSON_Success();
 			} else {
 				respond_JSON_Failure();
-- 
2.25.1