X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=600632266c4d244428e8cdb04fea60bf82882841;hb=27ff700c938e48bd88ca63575d65575150d9e842;hp=d7e057b6f5f19d9a65ded5276225a3543db56fbb;hpb=dd239d26439d97188aa6cad06573a6584dc250a6;p=matches%2FMCTX3420.git

diff --git a/server/fastcgi.c b/server/fastcgi.c
index d7e057b..6006322 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -11,6 +11,7 @@
 #include <stdarg.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <ctype.h>
 
 #include "common.h"
 #include "sensor.h"
@@ -33,15 +34,11 @@
  * @param context The context to work in
  * @param params User specified paramters: [actuators, sensors]
  */ 
-static void IdentifyHandler(FCGIContext *context, char *params) {
+static void IdentifyHandler(FCGIContext *context, char *params)
+{
 	bool ident_sensors = false, ident_actuators = false;
-	char control_key[CONTROL_KEY_BUFSIZ];
-	bool has_control;
 	int i;
 
-	snprintf(control_key, CONTROL_KEY_BUFSIZ, "%s", getenv("COOKIE_STRING"));
-	has_control = FCGI_HasControl(context, control_key);
-	
 	FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
 					 {"actuators", &ident_actuators, FCGI_BOOL_T}};
 	if (!FCGI_ParseRequest(context, params, values, 2))
@@ -50,11 +47,12 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
 	FCGI_BeginJSON(context, STATUS_OK);
 	FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
 	FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
-	struct timespec t;
-	t.tv_sec = 0; t.tv_nsec = 0;
+	struct timespec t = {0};
 	clock_getres(CLOCK_MONOTONIC, &t);
 	FCGI_JSONDouble("clock_getres", TIMEVAL_TO_DOUBLE(t));
 	FCGI_JSONLong("api_version", API_VERSION);
+	
+	bool has_control = FCGI_HasControl(context);
 	FCGI_JSONBool("logged_in", has_control);
 	FCGI_JSONPair("user_name", has_control ? context->user_name : "");
 	
@@ -67,7 +65,9 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
 			if (i > 0) {
 				FCGI_JSONValue(",\n\t\t");
 			}
-			FCGI_JSONValue("\"%d\" : \"%s\"", i, Sensor_GetName(i)); 
+			DataPoint d = Sensor_LastData(i);
+			FCGI_JSONValue("\"%d\" : {\"name\" : \"%s\", \"value\" : [%f,%f] }", 
+				i, Sensor_GetName(i), d.time_stamp, d.value); 
 		}
 		FCGI_JSONValue("\n\t}");
 	}
@@ -78,7 +78,9 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
 			if (i > 0) {
 				FCGI_JSONValue(",\n\t\t");
 			}
-			FCGI_JSONValue("\"%d\" : \"%s\"", i, Actuator_GetName(i)); 
+
+			DataPoint d = Actuator_LastData(i);
+			FCGI_JSONValue("\"%d\" : {\"name\" : \"%s\", \"value\" : [%f, %f] }", i, Actuator_GetName(i), d.time_stamp, d.value); 
 		}
 		FCGI_JSONValue("\n\t}");
 	}
@@ -162,14 +164,14 @@ bool FCGI_LockControl(FCGIContext *context, const char * user_name, UserType use
  * the key) has control or not. If validated, the context control_timestamp is
  * updated.
  * @param context The context to work in
- * @param key The control key to be validated.
  * @return TRUE if authorized, FALSE if not.
  */
-bool FCGI_HasControl(FCGIContext *context, const char *key) {
+bool FCGI_HasControl(FCGIContext *context)
+{
 	time_t now = time(NULL);
 	int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT &&
-			key != NULL && context->control_key[0] != '\0' &&
-			!strcmp(context->control_key, key);
+			context->control_key[0] != '\0' &&
+			!strcmp(context->control_key, context->received_key);
 	if (result) {
 		context->control_timestamp = now; //Update the control_timestamp
 	}
@@ -181,12 +183,50 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) {
  * Revokes the current control key, if present.
  * @param context The context to work in
  */
-void FCGI_ReleaseControl(FCGIContext *context) {
+void FCGI_ReleaseControl(FCGIContext *context)
+{
 	*(context->control_key) = 0;
 	// Note: context->user_name should *not* be cleared
 	return;
 }
 
+/**
+ * Gets the control cookie
+ * @param buffer A storage buffer of exactly CONTROL_KEY_BUFSIZ length to
+                 store the control key
+ */
+void FCGI_GetControlCookie(char buffer[CONTROL_KEY_BUFSIZ])
+{
+	const char *cookies = getenv("COOKIE_STRING");
+	const char *start = strstr(cookies, "mctxkey=");
+
+	*buffer = 0; //Clear the buffer
+	if (start != NULL) {
+		int i;
+		start += 8; //length of mctxkey=
+		for (i = 0; i < CONTROL_KEY_BUFSIZ; i++) {
+			if (*start == 0 || *start == ';') {
+				break;
+			}
+			buffer[i] = *start++;
+		}
+		buffer[i] = 0;
+	}
+}
+
+/**
+ * Sends the control key to the user as a cookie.
+ * @param context the context to work in
+ * @param set Whether to set or unset the control cookie
+ */
+void FCGI_SendControlCookie(FCGIContext *context, bool set) {
+	if (set) {
+		printf("Set-Cookie: mctxkey=%s\r\n", context->control_key);
+	} else {
+		printf("Set-Cookie: mctxkey=\r\n");
+	}
+}
+
 /**
  * Extracts a key/value pair from a request string.
  * Note that the input is modified by this function.
@@ -345,14 +385,10 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code)
  * Generic accept response in JSON format.
  * @param context The context to work in
  * @param description A short description.
- * @param cookie Optional. If given, the cookie field is set to that value.
  */
-void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie)
+void FCGI_AcceptJSON(FCGIContext *context, const char *description)
 {
 	printf("Content-type: application/json; charset=utf-8\r\n");
-	if (cookie) {
-		printf("Set-Cookie: %s\r\n", cookie);
-	}
 	printf("\r\n{\r\n");
 	printf("\t\"module\" : \"%s\"", context->current_module);
 	FCGI_JSONLong("status", STATUS_OK);
@@ -472,7 +508,7 @@ void FCGI_WriteBinary(void * data, size_t size, size_t num_elem)
 /**
  * Escapes a string so it can be used safely.
  * Currently escapes to ensure the validity for use as a JSON string
- * Does not support unicode specifiers in the form of \uXXXX.
+ * Does not support unicode specifiers in the form of \\uXXXX.
  * @param buf The string to be escaped
  * @return The escaped string (return value == buf)
  */
@@ -500,6 +536,42 @@ char *FCGI_EscapeText(char *buf)
 	return buf;
 }
 
+/**
+ * Unescapes a URL encoded string in-place. The string
+ * must be NULL terminated.
+ * (e.g this%2d+string --> this- string)
+ * @param buf The buffer to decode. Will be modified in-place.
+ * @return The same buffer.
+ */
+char *FCGI_URLDecode(char *buf)
+{
+	char *head = buf, *tail = buf;
+	char val, hex[3] = {0};
+
+	while (*tail) {
+		if (*tail == '%') { //%hh hex to char
+			tail++;
+			if (isxdigit(*tail) && isxdigit(*(tail+1))) {
+				hex[0] = *tail++;
+				hex[1] = *tail++;
+				val = (char)strtol(hex, NULL, 16);
+				//Control codes --> Space character
+				*head++ = (val < 0x20) ? 0x20 : val;
+			} else { //Not valid format; keep original
+				head++;
+			}
+		} else if (*tail == '+') { //Plus to space
+			tail++;
+			*head++ = ' ';
+		} else { //Anything else
+			*head++ = *tail++;
+		}
+	}
+	*head = 0; //NULL-terminate at new end point
+
+	return buf;
+}
+
 /**
  * Main FCGI request loop that receives/responds to client requests.
  * @param data Reserved.
@@ -514,32 +586,19 @@ void * FCGI_RequestLoop (void *data)
 	while (FCGI_Accept() >= 0) {
 		
 		ModuleHandler module_handler = NULL;
-		char module[BUFSIZ], params[BUFSIZ], control_key[CONTROL_KEY_BUFSIZ];
+		char module[BUFSIZ], params[BUFSIZ];
 		
 		//strncpy doesn't zero-truncate properly
 		snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
-		snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
-
 		
-		//char cookies[BUFSIZ];
-		//snprintf(cookies, BUFSIZ, "%s", getenv("COOKIE_STRING"));
-		//Log(LOGDEBUG, "ALL cookies %s", cookies); //mmmm
-
-		//Hack to get the nameless cookie only
-		// (works as long as browsers send the nameless cookie first...)
-		snprintf(control_key, CONTROL_KEY_BUFSIZ, "%s", getenv("COOKIE_STRING"));
-		// Ignore any other cookies if the nameless cookie is empty
-		for (int i = 0; i < CONTROL_KEY_BUFSIZ; ++i)
-		{
-			if (control_key[i] == ';')
-			{
-				control_key[i] = '\0';
-				break;
-			}
-		}
+		//Get the GET query string
+		snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
+		//URL decode the parameters
+		FCGI_URLDecode(params);
 
+		FCGI_GetControlCookie(context.received_key);
 		Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params);
-		Log(LOGDEBUG, "Control key: %s", control_key);
+		Log(LOGDEBUG, "Control key: %s", context.received_key);
 
 		
 		//Remove trailing slashes (if present) from module query
@@ -572,26 +631,38 @@ void * FCGI_RequestLoop (void *data)
 		context.current_module = module;
 		context.response_number++;
 		
-		if (module_handler) 
-		{
-			if (g_options.auth_method != AUTH_NONE && module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler)
-			//if (false) // Testing
-			{
-				if (!FCGI_HasControl(&context, control_key))
+		if (module_handler) {
+			if (module_handler == IdentifyHandler) {
+				FCGI_EscapeText(params);
+			} else if (module_handler != Login_Handler) {
+				if (!FCGI_HasControl(&context))
 				{
-					FCGI_RejectJSON(&context, "Please login. Invalid control key.");
-					continue;	
+					if (g_options.auth_method == AUTH_NONE) {	//:(
+						Log(LOGWARN, "Locking control (no auth!)");
+						FCGI_LockControl(&context, NOAUTH_USERNAME, USER_ADMIN);
+						FCGI_SendControlCookie(&context, true);
+					}
+					else {
+						FCGI_RejectJSON(&context, "Please login. Invalid control key.");
+						continue;
+					}
 				}
-
+				
 				//Escape all special characters.
 				//Don't escape for login (password may have special chars?)
 				FCGI_EscapeText(params);
+			} else { //Only for Login handler.
+				//If GET data is empty, use POST instead.
+				if (*params == '\0') {
+					Log(LOGDEBUG, "Using POST!");
+					fgets(params, BUFSIZ, stdin); 
+					FCGI_URLDecode(params);
+				}
 			}
 
 			module_handler(&context, params);
 		} 
-		else 
-		{
+		else {
 			FCGI_RejectJSON(&context, "Unhandled module");
 		}
 	}