X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=d3e4b2869ff7fe5846df37160f7d5a3f5e4ce055;hb=66df642416e00b7f5a84e14c001ce03dfd1930ea;hp=b7a3e6b1409c1022b8bbf05fe84c46152bcd5983;hpb=270dc6627ca3a8417d50195da96a8acc859d9e7b;p=matches%2FMCTX3420.git

diff --git a/server/fastcgi.c b/server/fastcgi.c
index b7a3e6b..d3e4b28 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -16,21 +16,13 @@
 #include "control.h"
 #include "options.h"
 #include "image.h"
+#include "pin_test.h"
+#include "login.h"
 
 /**The time period (in seconds) before the control key expires */
 #define CONTROL_TIMEOUT 180
 
-/**Contextual information related to FCGI requests*/
-struct FCGIContext {
-	/**The time of last valid user access possessing the control key*/
-	time_t control_timestamp;
-	char control_key[41];
-	char control_ip[16];
-	/**The name of the current module**/
-	const char *current_module;
-	/**For debugging purposes?**/
-	int response_number;
-};
+
 
 /**
  * Identifies build information and the current API version to the user.
@@ -41,7 +33,7 @@ struct FCGIContext {
  */ 
 static void IdentifyHandler(FCGIContext *context, char *params) {
 	bool ident_sensors = false, ident_actuators = false;
-
+	bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING"));
 	int i;
 
 	FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
@@ -53,6 +45,8 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
 	FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
 	FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
 	FCGI_JSONLong("api_version", API_VERSION);
+	FCGI_JSONBool("logged_in", has_control);
+	FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : "");
 
 	//Sensor and actuator information
 	if (ident_sensors) {
@@ -85,15 +79,16 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
  * the system at any one time. The key can be forcibly generated, revoking
  * any previous control keys. To be used in conjunction with HTTP 
  * basic authentication.
- * This function will generate a JSON response that indicates success/failure.
  * @param context The context to work in
  * @param force Whether to force key generation or not.
- */ 
-void FCGI_LockControl(FCGIContext *context, bool force) {
+ * @return true on success, false otherwise (eg someone else already in control)
+ */
+bool FCGI_LockControl(FCGIContext *context, bool force) {
 	time_t now = time(NULL);
 	bool expired = now - context->control_timestamp > CONTROL_TIMEOUT;
-	
-	if (force || !*(context->control_key) || expired) {
+
+	if (force || !*(context->control_key) || expired) 
+	{
 		SHA_CTX sha1ctx;
 		unsigned char sha1[20];
 		int i = rand();
@@ -107,19 +102,9 @@ void FCGI_LockControl(FCGIContext *context, bool force) {
 		for (i = 0; i < 20; i++)
 			sprintf(context->control_key + i * 2, "%02x", sha1[i]);
 		snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR"));
-		FCGI_BeginJSON(context, STATUS_OK);
-		FCGI_JSONPair("key", context->control_key);
-		FCGI_EndJSON();		
-	} else {
-		char buf[128];
-		strftime(buf, 128, "%H:%M:%S %d-%m-%Y",
-			localtime(&(context->control_timestamp))); 
-		FCGI_BeginJSON(context, STATUS_UNAUTHORIZED);
-		FCGI_JSONPair("description", "Another user already has control");
-		FCGI_JSONPair("current_user", context->control_ip); 
-		FCGI_JSONPair("when", buf);
-		FCGI_EndJSON();
+		return true;
 	}
+	return false;
 }
 
 /**
@@ -133,7 +118,8 @@ void FCGI_LockControl(FCGIContext *context, bool force) {
 bool FCGI_HasControl(FCGIContext *context, const char *key) {
 	time_t now = time(NULL);
 	int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT &&
-				 key != NULL && !strcmp(context->control_key, key);
+			key != NULL && context->control_key[0] != '\0' &&
+			!strcmp(context->control_key, key);
 	if (result) {
 		context->control_timestamp = now; //Update the control_timestamp
 	}
@@ -147,8 +133,6 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) {
  */
 void FCGI_ReleaseControl(FCGIContext *context) {
 	*(context->control_key) = 0;
-	FCGI_BeginJSON(context, STATUS_OK);
-	FCGI_EndJSON();
 	return;
 }
 
@@ -227,7 +211,16 @@ bool FCGI_ParseRequest(FCGIContext *context, char *params, FCGIValue values[], s
 
 				switch(FCGI_TYPE(val->flags)) {
 					case FCGI_BOOL_T:
-						*((bool*) val->value) = true;
+						if (!*value) //No value: Default true
+							*((bool*) val->value) = true;
+						else {
+							*((bool*) val->value) = !!(strtol(value, &ptr, 10));
+							if (*ptr) {
+								snprintf(buf, BUFSIZ, "Expected bool for '%s' but got '%s'", key, value);
+								FCGI_RejectJSON(context, buf);
+								return false;
+							}
+						}
 						break;
 					case FCGI_INT_T: case FCGI_LONG_T: {
 						long parsed = strtol(value, &ptr, 10);
@@ -294,6 +287,26 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code)
 	FCGI_JSONDouble("start_time", TIMEVAL_TO_DOUBLE(g_options.start_time));
 	FCGI_JSONDouble("current_time", TIMEVAL_TO_DOUBLE(now));
 	FCGI_JSONDouble("running_time", TIMEVAL_DIFF(now, g_options.start_time));
+	FCGI_JSONPair("control_state", Control_GetModeName());
+}
+
+/**
+ * Generic accept response in JSON format.
+ * @param context The context to work in
+ * @param description A short description.
+ * @param cookie Optional. If given, the cookie field is set to that value.
+ */
+void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie)
+{
+	printf("Content-type: application/json; charset=utf-8\r\n");
+	if (cookie) {
+		printf("Set-Cookie: %s\r\n", cookie);
+	}
+	printf("\r\n{\r\n");
+	printf("\t\"module\" : \"%s\"", context->current_module);
+	FCGI_JSONLong("status", STATUS_OK);
+	FCGI_JSONPair("description", description);
+	FCGI_EndJSON();
 }
 
 /**
@@ -371,7 +384,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des
 	FCGI_BeginJSON(context, status);
 	FCGI_JSONPair("description", description);
 	FCGI_JSONLong("responsenumber", context->response_number);
-	//FCGI_JSONPair("params", getenv("QUERY_STRING"));
+	//FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff
 	FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
 	FCGI_JSONPair("user", getenv("REMOTE_USER"));
 	FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
@@ -446,24 +459,27 @@ void * FCGI_RequestLoop (void *data)
 {
 	FCGIContext context = {0};
 	
-	Log(LOGDEBUG, "First request...");
+	Log(LOGDEBUG, "Start loop");
 	while (FCGI_Accept() >= 0) {
-		Log(LOGDEBUG, "Got request #%d", context.response_number);
+		
 		ModuleHandler module_handler = NULL;
 		char module[BUFSIZ], params[BUFSIZ];
+		//Don't need to copy if we're not modifying string contents
+		const char *cookie = getenv("COOKIE_STRING");
 		
 		//strncpy doesn't zero-truncate properly
 		snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
 		snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
+
+		Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params);
+		Log(LOGDEBUG, "Cookie: %s", cookie);
+
 		
 		//Remove trailing slashes (if present) from module query
 		size_t lastchar = strlen(module) - 1;
 		if (lastchar > 0 && module[lastchar] == '/')
 			module[lastchar] = 0;
 
-		//Escape all special characters
-		FCGI_EscapeText(params);
-
 		//Default to the 'identify' module if none specified
 		if (!*module) 
 			strcpy(module, "identify");
@@ -478,17 +494,47 @@ void * FCGI_RequestLoop (void *data)
 			module_handler = Actuator_Handler;
 		} else if (!strcmp("image", module)) {
 			module_handler = Image_Handler;
+		} else if (!strcmp("pin", module)) { 
+			module_handler = Pin_Handler; // *Debug only* pin test module
+		} else if (!strcmp("bind", module)) {
+			module_handler = Login_Handler;
+		} else if (!strcmp("unbind", module)) {
+			module_handler = Logout_Handler;
 		}
 
 		context.current_module = module;
-		if (module_handler) {
+		context.response_number++;
+		
+		if (module_handler) 
+		{
+			if (module_handler != Login_Handler && module_handler != IdentifyHandler)
+			{
+				if (cookie[0] == '\0')
+				{
+					FCGI_RejectJSON(&context, "Please login.");
+					continue;
+				}
+
+				if (!FCGI_HasControl(&context, cookie))
+				{
+					FCGI_RejectJSON(&context, "Invalid control key.");
+					continue;	
+				}
+
+				//Escape all special characters.
+				//Don't escape for login (password may have special chars?)
+				FCGI_EscapeText(params);
+			}
+
 			module_handler(&context, params);
-		} else {
+		} 
+		else 
+		{
 			FCGI_RejectJSON(&context, "Unhandled module");
 		}
-		context.response_number++;
+		
 
-		Log(LOGDEBUG, "Waiting for request #%d", context.response_number);
+		
 	}
 
 	Log(LOGDEBUG, "Thread exiting.");