/**
* @file fastcgi.c
* @purpose Runs the FCGI request loop to handle web interface requests.
- *
- * <stdio.h> should not be included, because these functions are handled by
- * fcgi_stdio.h. If included, it must be included after fcgi_stdio.h.
+ *
+ * fcgi_stdio.h must be included before all else so the stdio function
+ * redirection works ok.
*/
-
+
#include <fcgi_stdio.h>
-#include <string.h>
-#include <stdlib.h>
+#include <openssl/sha.h>
+#include "fastcgi.h"
+#include "common.h"
+#include <time.h>
-/*
- But the suggestion was: FunctionName, variable_name (local or member),
- Structure, ENUMVALUE, Extern_FunctionName, g_global
-*/
+#define LOGIN_TIMEOUT 180
-//Replace with whatever holds the 'data'
-typedef struct Data Data;
-enum {RESPONSE_OK = 200, RESPONSE_BADREQUEST = 400,
- RESPONSE_UNAUTHORIZED = 401};
-typedef void (*ModuleHandler) (Data *data, char *params);
+struct FCGIContext {
+ /**The time of last valid logged-in user access*/
+ time_t login_timestamp;
+ char login_key[41];
+ char login_ip[16];
+ /**The name of the current module**/
+ const char *current_module;
+ /**For debugging purposes?**/
+ int response_number;
+};
+
+/**
+ * Handles user logins.
+ * @param context The context to work in
+ * @param params User specified parameters
+ */
+static void LoginHandler(FCGIContext *context, char *params) {
+ const char *key, *value;
+ bool force = 0, end = 0;
+
+ while ((params = FCGI_KeyPair(params, &key, &value))) {
+ if (!strcmp(key, "force"))
+ force = !force;
+ else if (!strcmp(key, "end"))
+ end = !end;
+ }
+
+ if (end) {
+ *(context->login_key) = 0;
+ FCGI_BeginJSON(context, STATUS_OK);
+ FCGI_EndJSON();
+ return;
+ }
+
+ time_t now = time(NULL);
+ if (force || !*(context->login_key) ||
+ (now - context->login_timestamp > LOGIN_TIMEOUT))
+ {
+ SHA_CTX sha1ctx;
+ unsigned char sha1[20];
+ int i = rand();
+
+ SHA1_Init(&sha1ctx);
+ SHA1_Update(&sha1ctx, &now, sizeof(now));
+ SHA1_Update(&sha1ctx, &i, sizeof(i));
+ SHA1_Final(sha1, &sha1ctx);
+
+ context->login_timestamp = now;
+ for (i = 0; i < 20; i++)
+ sprintf(context->login_key + i * 2, "%02x", sha1[i]);
+ snprintf(context->login_ip, 16, "%s", getenv("REMOTE_ADDR"));
+ FCGI_BeginJSON(context, STATUS_OK);
+ FCGI_JSONPair("key", context->login_key);
+ FCGI_EndJSON();
+ } else {
+ char buf[128];
+ strftime(buf, 128, "%H:%M:%S %d-%m-%Y",
+ localtime(&(context->login_timestamp)));
+ FCGI_BeginJSON(context, STATUS_UNAUTHORIZED);
+ FCGI_JSONPair("description", "Already logged in");
+ FCGI_JSONPair("user", context->login_ip);
+ FCGI_JSONPair("time", buf);
+ FCGI_EndJSON();
+ }
+}
+
+/**
+ * Given an FCGIContext, determines if the current user (as specified by
+ * the key) is authorized or not. If validated, the context login_timestamp is
+ * updated.
+ * @param context The context to work in
+ * @param key The login key to be validated.
+ * @return TRUE if authorized, FALSE if not.
+ */
+int FCGI_Authorized(FCGIContext *context, const char *key) {
+ time_t now = time(NULL);
+ int result = (now - context->login_timestamp) <= LOGIN_TIMEOUT &&
+ !strcmp(context->login_key, key);
+ if (result) {
+ context->login_timestamp = now; //Update the login_timestamp
+ }
+ return result;
+}
/**
* Extracts a key/value pair from a request string.
* @return A pointer to the start of the next search location, or NULL if
* the EOL is reached.
*/
-static char *KeyPair(char *in, const char **key, const char **value) {
- char *next, *split;
+char *FCGI_KeyPair(char *in, const char **key, const char **value)
+{
+ char *ptr;
if (!in || !*in) { //Invalid input or string is EOL
return NULL;
}
*key = in;
- //Must be first so value will be empty if it's not specified
- if ((next = strchr(in, '&'))) {
- *next++ = 0;
- } else { //Don't return NULL as current pair needs to be returned
- next = "";
- }
- if ((split = strchr(in, '='))) {
- *split++ = 0;
- *value = split;
- return next;
+ //Find either = or &, whichever comes first
+ if ((ptr = strpbrk(in, "=&"))) {
+ if (*ptr == '&') { //No value specified
+ *value = ptr;
+ *ptr++ = 0;
+ } else {
+ //Stopped at an '=' sign
+ *ptr++ = 0;
+ *value = ptr;
+ if ((ptr = strchr(ptr,'&'))) {
+ *ptr++ = 0;
+ } else {
+ ptr = "";
+ }
+ }
+ } else { //No value specified and no other pair
+ ptr = "";
+ *value = ptr;
}
- //Split was not found, set to default value
- *value = "";
- return next;
+ return ptr;
}
-static void BeginResponse(int response_code, const char *module) {
- switch (response_code) {
- case RESPONSE_OK:
- break;
- case RESPONSE_UNAUTHORIZED:
- printf("Status: 401 Unauthorized\r\n");
- break;
- default:
- printf("Status: 400 Bad Request\r\n");
- }
+/**
+ * Begins a response to the client in JSON format.
+ * @param context The context to work in.
+ * @param status_code The status code to be returned.
+ */
+void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code)
+{
printf("Content-type: application/json; charset=utf-8\r\n\r\n");
printf("{\r\n");
- printf("\t\"module\" : \"%s\"", module);
+ printf("\t\"module\" : \"%s\"", context->current_module);
+ FCGI_JSONLong("status", status_code);
}
-static void BuildResponse(const char *key, const char *value) {
+/**
+ * Adds a key/value pair to a JSON response. The response must have already
+ * been initiated by FCGI_BeginJSON. Note that characters are not escaped.
+ * @param key The key of the JSON entry
+ * ¶m value The value associated with the key.
+ */
+void FCGI_JSONPair(const char *key, const char *value)
+{
printf(",\r\n\t\"%s\" : \"%s\"", key, value);
}
-static void EndResponse() {
+/**
+ * Similar to FCGI_JSONPair except for signed integer values.
+ * @param key The key of the JSON entry
+ * @param value The value associated with the key
+ */
+void FCGI_JSONLong(const char *key, long value)
+{
+ printf(",\r\n\t\"%s\" : %ld", key, value);
+}
+
+/**
+ * Similar to FCGI_JsonPair except for floating point values.
+ * @param key The key of the JSON entry
+ * @param value The value associated with the key
+ */
+void FCGI_JSONDouble(const char *key, double value)
+{
+ printf(",\r\n\t\"%s\" : %f", key, value);
+}
+
+/**
+ * Begins a JSON entry by writing the key. To be used in conjunction
+ * with FCGI_JsonValue.
+ * @param key The key of the JSON entry
+ */
+void FCGI_JSONKey(const char *key)
+{
+ printf(",\r\n\t\"%s\" : ", key);
+}
+
+/**
+ * Should be used to write out the value of a JSON key. This has
+ * the same format as the printf functions. Care should be taken to format
+ * the output in valid JSON.
+ */
+void FCGI_JSONValue(const char *format, ...)
+{
+ va_list list;
+ va_start(list, format);
+ vprintf(format, list);
+ va_end(list);
+}
+
+/**
+ * Ends a JSON response that was initiated by FCGI_BeginJSON.
+ */
+void FCGI_EndJSON()
+{
printf("\r\n}\r\n");
}
-static void SensorsHandler(Data *data, char *params) {
- const char *key, *value;
- BeginResponse(RESPONSE_OK, "sensors");
-
- while ((params = KeyPair(params, &key, &value))) {
- BuildResponse(key, value);
- }
- EndResponse();
+/**
+ * To be used when the input parameters are invalid.
+ * Sends a response with HTTP status 400 Bad request, along with
+ * JSON data for debugging.
+ * @param context The context to work in
+ * @param params The parameters that the module handler received.
+ */
+void FCGI_RejectJSON(FCGIContext *context, const char *params)
+{
+ printf("Status: 400 Bad Request\r\n");
+ FCGI_BeginJSON(context, STATUS_ERROR);
+ FCGI_JSONPair("description", "Invalid request");
+ FCGI_JSONLong("responsenumber", context->response_number);
+ FCGI_JSONPair("params", params);
+ FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
+ FCGI_JSONPair("user", getenv("REMOTE_USER"));
+ FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
+ FCGI_EndJSON();
}
-void FCGI_RequestLoop (Data *data)
+/**
+ * Main FCGI request loop that receives/responds to client requests.
+ * @param data Reserved.
+ */
+void FCGI_RequestLoop (void *data)
{
- int count = 0;
- while (FCGI_Accept() >= 0) {
+ FCGIContext context = {0};
+
+ while (FCGI_Accept() >= 0) {
ModuleHandler module_handler = NULL;
char module[BUFSIZ], params[BUFSIZ];
//Remove trailing slashes (if present) from module query
size_t lastchar = strlen(module) - 1;
if (lastchar > 0 && module[lastchar] == '/')
- module[lastchar] = '\0';
+ module[lastchar] = 0;
if (!strcmp("sensors", module)) {
- module_handler = SensorsHandler;
- } else if (!strcmp("admin", module)) {
- //module_handler = AdminHandlerReplace with pointer to admin handler
+ module_handler = Handler_Sensors;
+ } else if (!strcmp("login", module)) {
+ module_handler = LoginHandler;
+ } else if (!strcmp("actuators", module)) {
+
}
+ context.current_module = module;
if (module_handler) {
- module_handler(data, params);
+ module_handler(&context, params);
} else {
- char buf[BUFSIZ];
-
- BeginResponse(400, module);
- BuildResponse("description", "400 Invalid response");
- snprintf(buf, BUFSIZ, "%d", count);
- BuildResponse("request-number", buf);
- BuildResponse("params", params);
- BuildResponse("host", getenv("SERVER_HOSTNAME"));
- EndResponse();
+ strncat(module, " [unknown]", BUFSIZ);
+ FCGI_RejectJSON(&context, params);
}
-
- count++;
- //Debgging:
- //printf("Module: %s, Params: %s<br>\n", module, params);
- //printf("Request number %d, host <i>%s</i>\n",
- // count++, getenv("SERVER_HOSTNAME"));
+
+ context.response_number++;
}
}
-
-int main(int argc, char *argv[]) {
- FCGI_RequestLoop(NULL);
-}