Compare commits
No commits in common. "479d38036e5013db0c689844c709502858c90db7" and "93df543bb391ee238c55d867b219f045f938a3fd" have entirely different histories.
479d38036e
...
93df543bb3
@ -15,14 +15,8 @@ extern "C"
|
||||
int set_user_password(const char* user_id, const char* password);
|
||||
|
||||
int login(const char* user_id, const char* password, int* result);
|
||||
|
||||
int registe(const char* user_id, const char* password);
|
||||
|
||||
|
||||
int delete_user(const char* user_id);
|
||||
|
||||
int get_user_permission(const char* user_id, int* result);
|
||||
|
||||
int set_user_permission(const char* user_id, int permission);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
#ifndef SERVER_RESPONSE_H
|
||||
#define SERVER_RESPONSE_H
|
||||
|
||||
#include "types.h"
|
||||
|
||||
void res_null_req(mg_connection* conn);
|
||||
void res_must_get(mg_connection* conn);
|
||||
void res_must_post(mg_connection* conn);
|
||||
void res_need_token(mg_connection* conn);
|
||||
void res_auth_fail(mg_connection* conn);
|
||||
void res_check_exist_fail(mg_connection* conn);
|
||||
void res_user_exist(mg_connection* conn);
|
||||
void res_not_exist(mg_connection* conn);
|
||||
void res_check_permission_fail(mg_connection* conn);
|
||||
void res_permission_denied(mg_connection* conn);
|
||||
void res_need_user_id(mg_connection* conn);
|
||||
void res_need_password(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
|
||||
|
||||
void res_delete_account_fail(mg_connection* conn);
|
||||
void res_delete_account(mg_connection* conn);
|
||||
|
||||
void res_login_fail(mg_connection* conn);
|
||||
void res_incorrect(mg_connection* conn);
|
||||
void res_login(mg_connection* conn, const char* token);
|
||||
|
||||
void res_register_fail(mg_connection* conn);
|
||||
void res_register(mg_connection* conn);
|
||||
|
||||
void res_repasswd_fail(mg_connection* conn);
|
||||
void res_repasswd(mg_connection* conn);
|
||||
|
||||
void res_logout_fail(mg_connection* conn);
|
||||
void res_logout(mg_connection* conn);
|
||||
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
|
||||
#endif
|
||||
@ -5,28 +5,12 @@
|
||||
#include <print>
|
||||
|
||||
#include <leveldb/db.h>
|
||||
#include <leveldb/write_batch.h>
|
||||
|
||||
using leveldb_ptr = leveldb::DB*;
|
||||
|
||||
auto user_db = leveldb_ptr{nullptr};
|
||||
auto iter_round = 10000;
|
||||
|
||||
auto filter(const std::string_view id) -> bool
|
||||
{
|
||||
return id.contains(':');
|
||||
}
|
||||
|
||||
auto mangle_user_id(const std::string_view id) -> std::string
|
||||
{
|
||||
return std::format("{}:user_id", id);
|
||||
}
|
||||
|
||||
auto mangle_permission(const std::string_view id) -> std::string
|
||||
{
|
||||
return std::format("{}:permission", id);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
{
|
||||
auto open_user_db() -> int
|
||||
@ -51,10 +35,8 @@ extern "C"
|
||||
|
||||
auto check_user_exists(const char* user_id, int* result) -> int
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto value = std::string{};
|
||||
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_user_id(user_id), &value);
|
||||
auto status = user_db->Get(leveldb::ReadOptions{}, user_id, &value);
|
||||
if (status.ok()) {
|
||||
*result = 1;
|
||||
} else if (status.IsNotFound()) {
|
||||
@ -68,10 +50,7 @@ extern "C"
|
||||
|
||||
auto set_user_password(const char* user_id, const char* password) -> int
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto status =
|
||||
user_db->Put(leveldb::WriteOptions{}, mangle_user_id(user_id), generate_hash(password, iter_round));
|
||||
auto status = user_db->Put(leveldb::WriteOptions{}, user_id, generate_hash(password, iter_round));
|
||||
if (!status.ok()) {
|
||||
std::println(stderr, "Failed to set user password: {}", status.ToString());
|
||||
return 0;
|
||||
@ -81,10 +60,8 @@ extern "C"
|
||||
|
||||
auto login(const char* user_id, const char* password, int* result) -> int
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto value = std::string{};
|
||||
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_user_id(user_id), &value);
|
||||
auto status = user_db->Get(leveldb::ReadOptions{}, user_id, &value);
|
||||
if (!status.ok()) {
|
||||
std::println(stderr, "Failed to login: {}", status.ToString());
|
||||
return 0;
|
||||
@ -93,60 +70,10 @@ extern "C"
|
||||
return 1;
|
||||
}
|
||||
|
||||
int registe(const char* user_id, const char* password)
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto batch = leveldb::WriteBatch{};
|
||||
batch.Put(mangle_user_id(user_id), generate_hash(password, iter_round));
|
||||
batch.Put(mangle_permission(user_id), "1");
|
||||
auto status = user_db->Write(leveldb::WriteOptions{}, &batch);
|
||||
if (!status.ok()) {
|
||||
std::println(stderr, "Failed to register: {}", status.ToString());
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
auto delete_user(const char* user_id) -> int
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto batch = leveldb::WriteBatch{};
|
||||
batch.Delete(mangle_user_id(user_id));
|
||||
batch.Delete(mangle_permission(user_id));
|
||||
auto status = user_db->Write(leveldb::WriteOptions{}, &batch);
|
||||
if (!status.ok()) {
|
||||
std::println(stderr, "Failed to delete: {}", status.ToString());
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int get_user_permission(const char* user_id, int* result)
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto value = std::string{};
|
||||
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_permission(user_id), &value);
|
||||
if (status.ok()) {
|
||||
*result = std::stoi(value);
|
||||
} else {
|
||||
std::println(stderr, "Failed to get user permission: {}", status.ToString());
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int set_user_permission(const char* user_id, int permission)
|
||||
{
|
||||
if (filter(user_id)) return 0;
|
||||
|
||||
auto status = user_db->Put(leveldb::WriteOptions{}, mangle_permission(user_id), std::to_string(permission));
|
||||
if (!status.ok()) {
|
||||
std::println(stderr, "Failed to set user permission: {}", status.ToString());
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
auto write_options = leveldb::WriteOptions{};
|
||||
auto status = user_db->Delete(write_options, user_id);
|
||||
return status.ok();
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,4 @@
|
||||
#include "server/auth.h"
|
||||
#include "server/response.h"
|
||||
#include "server/util.h"
|
||||
|
||||
#include "db/auth.h"
|
||||
@ -17,13 +16,11 @@
|
||||
typedef struct
|
||||
{
|
||||
char* token;
|
||||
char* user_id;
|
||||
} delete_form_t;
|
||||
|
||||
static void delete_form_dtor(delete_form_t* form)
|
||||
{
|
||||
if (form->token) free(form->token);
|
||||
if (form->user_id) free(form->user_id);
|
||||
}
|
||||
|
||||
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
|
||||
@ -36,30 +33,35 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
|
||||
delete_form_t* form = (delete_form_t*)user_data;
|
||||
if (strcmp(key, "token") == 0) {
|
||||
form->token = kqm_strndup(value, valuelen);
|
||||
} else if (strcmp(key, "user_id") == 0) {
|
||||
form->user_id = kqm_strndup(value, valuelen);
|
||||
}
|
||||
if (form->token && form->user_id) {
|
||||
return MG_FORM_FIELD_HANDLE_ABORT;
|
||||
}
|
||||
return MG_FORM_FIELD_HANDLE_GET;
|
||||
}
|
||||
|
||||
int user_delete_handler(mg_connection* conn, void* cbdata)
|
||||
|
||||
int delete_handler(mg_connection* conn, void* cbdata)
|
||||
{
|
||||
const mg_request_info* post_body = mg_get_request_info(conn);
|
||||
|
||||
if (post_body == NULL) {
|
||||
res_null_req(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"null request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (strcmp(post_body->request_method, "POST")) {
|
||||
res_must_post(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"must use post request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
delete_form_t form = {NULL, NULL};
|
||||
delete_form_t form = {NULL};
|
||||
|
||||
mg_form_data_handler delete_callback = {
|
||||
.field_found = field_found,
|
||||
@ -71,48 +73,60 @@ int user_delete_handler(mg_connection* conn, void* cbdata)
|
||||
mg_handle_form_request(conn, &delete_callback);
|
||||
|
||||
if (!form.token) {
|
||||
res_need_token(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need token\"}");
|
||||
delete_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
if (!verify_token(form.token, secret)) {
|
||||
res_auth_fail(conn);
|
||||
|
||||
int result = verify_token(form.token, secret);
|
||||
if (!result) {
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 401 Unauthorized\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"auth failed\"}");
|
||||
delete_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
|
||||
char* user_id = get_payload(form.token);
|
||||
|
||||
if (form.user_id && strcmp(user_id, form.user_id)) {
|
||||
int perm1;
|
||||
int flag = get_user_permission(user_id, &perm1);
|
||||
if (!flag) {
|
||||
res_check_permission_fail(conn);
|
||||
}
|
||||
int flag = check_user_exists(user_id, &result);
|
||||
if (!flag) {
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to check user existence\"}");
|
||||
delete_form_dtor(&form);
|
||||
return 1;
|
||||
} else if (!result) {
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 404 Not Found\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"user does not exist\"}");
|
||||
delete_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int perm2;
|
||||
flag = get_user_permission(form.user_id, &perm2);
|
||||
if (!flag) {
|
||||
res_check_permission_fail(conn);
|
||||
}
|
||||
|
||||
if (perm1 < perm2) {
|
||||
int flag = delete_user(form.user_id);
|
||||
if (!flag) {
|
||||
res_delete_account_fail(conn);
|
||||
} else {
|
||||
res_delete_account(conn);
|
||||
}
|
||||
} else {
|
||||
res_permission_denied(conn);
|
||||
}
|
||||
flag = delete_user(user_id);
|
||||
if (!flag) {
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to delete account\"}");
|
||||
} else {
|
||||
int flag = delete_user(user_id);
|
||||
if (!flag) {
|
||||
res_delete_account_fail(conn);
|
||||
} else {
|
||||
res_delete_account(conn);
|
||||
}
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"delete account success\"}");
|
||||
}
|
||||
free(user_id);
|
||||
delete_form_dtor(&form);
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
#include "server/auth.h"
|
||||
#include "server/util.h"
|
||||
#include "server/response.h"
|
||||
|
||||
#include "db/auth.h"
|
||||
|
||||
@ -46,17 +45,25 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
|
||||
}
|
||||
|
||||
|
||||
int user_login_handler(mg_connection* conn, void* cbdata)
|
||||
int login_handler(mg_connection* conn, void* cbdata)
|
||||
{
|
||||
const mg_request_info* post_body = mg_get_request_info(conn);
|
||||
|
||||
if (post_body == NULL) {
|
||||
res_null_req(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"null request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (strcmp(post_body->request_method, "POST")) {
|
||||
res_must_post(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"must use post request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -72,12 +79,20 @@ int user_login_handler(mg_connection* conn, void* cbdata)
|
||||
mg_handle_form_request(conn, &login_callback);
|
||||
|
||||
if (!form.user_id) {
|
||||
res_need_user_id(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need user_id\"}");
|
||||
login_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
if (!form.password) {
|
||||
res_need_password(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need password\"}");
|
||||
login_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
@ -85,23 +100,44 @@ int user_login_handler(mg_connection* conn, void* cbdata)
|
||||
int result;
|
||||
int flag = check_user_exists(form.user_id, &result);
|
||||
if (!flag) {
|
||||
res_check_exist_fail(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to check user existence\"}");
|
||||
login_form_dtor(&form);
|
||||
return 1;
|
||||
} else if (!result) {
|
||||
res_not_exist(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 404 Not Found\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"user does not exist\"}");
|
||||
login_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
|
||||
flag = login(form.user_id, form.password, &result);
|
||||
if (!flag) {
|
||||
res_login_fail(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to login\"}");
|
||||
} else if (!result) {
|
||||
res_incorrect(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 401 Unauthorized\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"incorrect password or user id\"}");
|
||||
} else {
|
||||
char* token = create_token(form.user_id, secret);
|
||||
res_login(conn, token);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"login success\", \"token\":\"%s\"}",
|
||||
token);
|
||||
free(token);
|
||||
}
|
||||
login_form_dtor(&form);
|
||||
|
||||
@ -1,122 +0,0 @@
|
||||
#include "server/auth.h"
|
||||
#include "server/response.h"
|
||||
#include "server/util.h"
|
||||
|
||||
#include "db/auth.h"
|
||||
|
||||
#include "jwt/jwt.h"
|
||||
|
||||
#include <civetweb.h>
|
||||
|
||||
#include <cjson/cJSON.h>
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
// typedef struct
|
||||
// {
|
||||
// char* token;
|
||||
// char* user_id;
|
||||
// } logout_form_t;
|
||||
|
||||
// static void logout_form_dtor(logout_form_t* form)
|
||||
// {
|
||||
// if (form->token) free(form->token);
|
||||
// if (form->user_id) free(form->user_id);
|
||||
// }
|
||||
|
||||
// static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
|
||||
// {
|
||||
// return MG_FORM_FIELD_HANDLE_GET;
|
||||
// }
|
||||
|
||||
// static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
|
||||
// {
|
||||
// logout_form_t* form = (logout_form_t*)user_data;
|
||||
// if (strcmp(key, "token") == 0) {
|
||||
// form->token = kqm_strndup(value, valuelen);
|
||||
// } else if (strcmp(key, "user_id") == 0) {
|
||||
// form->user_id = kqm_strndup(value, valuelen);
|
||||
// }
|
||||
// if (form->token && form->user_id) {
|
||||
// return MG_FORM_FIELD_HANDLE_ABORT;
|
||||
// }
|
||||
// return MG_FORM_FIELD_HANDLE_GET;
|
||||
// }
|
||||
|
||||
int user_logout_handler(mg_connection* conn, void* cbdata)
|
||||
{
|
||||
const mg_request_info* post_body = mg_get_request_info(conn);
|
||||
|
||||
if (post_body == NULL) {
|
||||
res_null_req(conn);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (strcmp(post_body->request_method, "POST")) {
|
||||
res_must_post(conn);
|
||||
return 1;
|
||||
}
|
||||
|
||||
res_logout(conn);
|
||||
|
||||
// logout_form_t form = {NULL, NULL};
|
||||
|
||||
// mg_form_data_handler logout_callback = {
|
||||
// .field_found = field_found,
|
||||
// .field_get = field_get,
|
||||
// .field_store = NULL,
|
||||
// .user_data = &form,
|
||||
// };
|
||||
|
||||
// mg_handle_form_request(conn, &logout_callback);
|
||||
|
||||
// if (!form.token) {
|
||||
// res_need_token(conn);
|
||||
// logout_form_dtor(&form);
|
||||
// return 1;
|
||||
// }
|
||||
// if (!verify_token(form.token, secret)) {
|
||||
// res_auth_fail(conn);
|
||||
// logout_form_dtor(&form);
|
||||
// return 1;
|
||||
// }
|
||||
|
||||
// char* user_id = get_payload(form.token);
|
||||
|
||||
// if (form.user_id && strcmp(user_id, form.user_id)) {
|
||||
// int perm1;
|
||||
// int flag = get_user_permission(user_id, &perm1);
|
||||
// if (!flag) {
|
||||
// res_check_permission_fail(conn);
|
||||
// }
|
||||
|
||||
// int perm2;
|
||||
// flag = get_user_permission(form.user_id, &perm2);
|
||||
// if (!flag) {
|
||||
// res_check_permission_fail(conn);
|
||||
// }
|
||||
|
||||
// if (perm1 < perm2) {
|
||||
// int flag = logout_user(form.user_id);
|
||||
// if (!flag) {
|
||||
// res_logout_fail(conn);
|
||||
// } else {
|
||||
// res_logout(conn);
|
||||
// }
|
||||
// } else {
|
||||
// res_permission_denied(conn);
|
||||
// }
|
||||
// } else {
|
||||
// int flag = logout_user(user_id);
|
||||
// if (!flag) {
|
||||
// res_logout_account_fail(conn);
|
||||
// } else {
|
||||
// res_logout_account(conn);
|
||||
// }
|
||||
// }
|
||||
// free(user_id);
|
||||
// logout_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
@ -1,5 +1,4 @@
|
||||
#include "server/auth.h"
|
||||
#include "server/response.h"
|
||||
#include "server/util.h"
|
||||
|
||||
#include "db/auth.h"
|
||||
@ -44,17 +43,25 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
|
||||
}
|
||||
|
||||
|
||||
int user_register_handler(mg_connection* conn, void* cbdata)
|
||||
int register_handler(mg_connection* conn, void* cbdata)
|
||||
{
|
||||
const mg_request_info* post_body = mg_get_request_info(conn);
|
||||
|
||||
if (post_body == NULL) {
|
||||
res_null_req(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"null request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (strcmp(post_body->request_method, "POST")) {
|
||||
res_must_post(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n");
|
||||
mg_printf(conn, "{\"error\":\"must use post request\"}");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -70,12 +77,20 @@ int user_register_handler(mg_connection* conn, void* cbdata)
|
||||
mg_handle_form_request(conn, ®ister_callback);
|
||||
|
||||
if (!form.user_id) {
|
||||
res_need_user_id(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need user_id\"}");
|
||||
register_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
if (!form.password) {
|
||||
res_need_password(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need password\"}");
|
||||
register_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
@ -83,20 +98,36 @@ int user_register_handler(mg_connection* conn, void* cbdata)
|
||||
int result;
|
||||
int flag = check_user_exists(form.user_id, &result);
|
||||
if (!flag) {
|
||||
res_check_exist_fail(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to check user existence\"}");
|
||||
register_form_dtor(&form);
|
||||
return 1;
|
||||
} else if (result) {
|
||||
res_user_exist(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 409 Conflict\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"user already exists\"}");
|
||||
register_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
|
||||
flag = registe(form.user_id, form.password);
|
||||
flag = set_user_password(form.user_id, form.password);
|
||||
if (!flag) {
|
||||
res_register_fail(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to register\"}");
|
||||
} else {
|
||||
res_register(conn);
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"registration success\"}");
|
||||
}
|
||||
register_form_dtor(&form);
|
||||
return 1;
|
||||
|
||||
@ -1,143 +0,0 @@
|
||||
#include "server/auth.h"
|
||||
#include "server/response.h"
|
||||
#include "server/util.h"
|
||||
|
||||
|
||||
#include "db/auth.h"
|
||||
|
||||
#include "jwt/jwt.h"
|
||||
|
||||
#include <civetweb.h>
|
||||
|
||||
#include <cjson/cJSON.h>
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
typedef struct
|
||||
{
|
||||
char* token;
|
||||
char* user_id;
|
||||
char* raw_passwd;
|
||||
char* new_passwd;
|
||||
} repasswd_form_t;
|
||||
|
||||
static void repasswd_form_dtor(repasswd_form_t* form)
|
||||
{
|
||||
if (form->token) free(form->token);
|
||||
if (form->user_id) free(form->user_id);
|
||||
}
|
||||
|
||||
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
|
||||
{
|
||||
return MG_FORM_FIELD_HANDLE_GET;
|
||||
}
|
||||
|
||||
static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
|
||||
{
|
||||
repasswd_form_t* form = (repasswd_form_t*)user_data;
|
||||
if (strcmp(key, "token") == 0) {
|
||||
form->token = kqm_strndup(value, valuelen);
|
||||
} else if (strcmp(key, "user_id") == 0) {
|
||||
form->user_id = kqm_strndup(value, valuelen);
|
||||
} else if (strcmp(key, "raw_passwd") == 0) {
|
||||
form->raw_passwd = kqm_strndup(value, valuelen);
|
||||
} else if (strcmp(key, "new_passwd") == 0) {
|
||||
form->new_passwd = kqm_strndup(value, valuelen);
|
||||
}
|
||||
if (form->token && form->user_id && form->raw_passwd && form->new_passwd) {
|
||||
return MG_FORM_FIELD_HANDLE_ABORT;
|
||||
}
|
||||
return MG_FORM_FIELD_HANDLE_GET;
|
||||
}
|
||||
|
||||
int user_repasswd_handler(mg_connection* conn, void* cbdata)
|
||||
{
|
||||
const mg_request_info* post_body = mg_get_request_info(conn);
|
||||
|
||||
if (post_body == NULL) {
|
||||
res_null_req(conn);
|
||||
return 1;
|
||||
}
|
||||
if (strcmp(post_body->request_method, "POST")) {
|
||||
res_must_post(conn);
|
||||
return 1;
|
||||
}
|
||||
|
||||
repasswd_form_t form = {NULL, NULL, NULL, NULL};
|
||||
|
||||
mg_form_data_handler repasswd_callback = {
|
||||
.field_found = field_found,
|
||||
.field_get = field_get,
|
||||
.field_store = NULL,
|
||||
.user_data = &form,
|
||||
};
|
||||
|
||||
mg_handle_form_request(conn, &repasswd_callback);
|
||||
|
||||
if (!form.token) {
|
||||
res_need_token(conn);
|
||||
repasswd_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
if (!form.new_passwd) {
|
||||
res_need_password(conn);
|
||||
repasswd_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
if (!verify_token(form.token, secret)) {
|
||||
res_auth_fail(conn);
|
||||
repasswd_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
|
||||
char* user_id = get_payload(form.token);
|
||||
|
||||
if (form.user_id && strcmp(user_id, form.user_id)) {
|
||||
int perm1;
|
||||
int flag = get_user_permission(user_id, &perm1);
|
||||
if (!flag) {
|
||||
res_check_permission_fail(conn);
|
||||
}
|
||||
|
||||
int perm2;
|
||||
flag = get_user_permission(form.user_id, &perm2);
|
||||
if (!flag) {
|
||||
res_check_permission_fail(conn);
|
||||
}
|
||||
|
||||
if (perm1 < perm2) {
|
||||
int flag = set_user_password(form.user_id, form.new_passwd);
|
||||
if (!flag) {
|
||||
res_repasswd_fail(conn);
|
||||
} else {
|
||||
res_repasswd(conn);
|
||||
}
|
||||
} else {
|
||||
res_permission_denied(conn);
|
||||
}
|
||||
} else if(form.raw_passwd) {
|
||||
int result;
|
||||
int flag = login(user_id, form.raw_passwd, &result);
|
||||
if (!flag) {
|
||||
res_repasswd_fail(conn);
|
||||
} else {
|
||||
if (result) {
|
||||
flag = set_user_password(user_id, form.new_passwd);
|
||||
if (!flag) {
|
||||
res_repasswd_fail(conn);
|
||||
} else {
|
||||
res_repasswd(conn);
|
||||
}
|
||||
} else {
|
||||
res_incorrect(conn);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
res_need_password(conn);
|
||||
}
|
||||
free(user_id);
|
||||
repasswd_form_dtor(&form);
|
||||
return 1;
|
||||
}
|
||||
@ -1,203 +0,0 @@
|
||||
#include "server/types.h"
|
||||
#include <server/response.h>
|
||||
|
||||
#include <civetweb.h>
|
||||
|
||||
void res_null_req(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"null request\"}");
|
||||
}
|
||||
void res_must_get(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"must send get request\"}");
|
||||
}
|
||||
void res_must_post(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 405 Method Not Allowed\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"must send post request\"}");
|
||||
}
|
||||
void res_need_token(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need token\"}");
|
||||
}
|
||||
void res_auth_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 401 Unauthorized\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"auth failed\"}");
|
||||
}
|
||||
void res_check_exist_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to check user existence\"}");
|
||||
}
|
||||
void res_user_exist(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 409 Conflict\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"user already exists\"}");
|
||||
}
|
||||
void res_not_exist(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 404 Not Found\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"user does not exist\"}");
|
||||
}
|
||||
void res_check_permission_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to check user permission\"}");
|
||||
}
|
||||
void res_permission_denied(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 403 Forbidden\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"permission denied\"}");
|
||||
}
|
||||
void res_need_user_id(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need user_id\"}");
|
||||
}
|
||||
void res_need_password(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 400 Bad Request\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"need password\"}");
|
||||
}
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
|
||||
|
||||
void res_delete_account_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to delete account\"}");
|
||||
}
|
||||
void res_delete_account(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"delete account success\"}");
|
||||
}
|
||||
|
||||
void res_login_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to login\"}");
|
||||
}
|
||||
void res_incorrect(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 401 Unauthorized\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"incorrect password or user id\"}");
|
||||
}
|
||||
void res_login(mg_connection* conn, const char* token)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"login success\", \"token\":\"%s\"}",
|
||||
token);
|
||||
}
|
||||
|
||||
void res_register_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to register\"}");
|
||||
}
|
||||
void res_register(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"registration success\"}");
|
||||
}
|
||||
|
||||
void res_repasswd_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to repasswd account\"}");
|
||||
}
|
||||
void res_repasswd(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"repasswd account success\"}");
|
||||
}
|
||||
|
||||
void res_logout_fail(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 500 Internal Server Error\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"error\":\"failed to logout\"}");
|
||||
}
|
||||
void res_logout(mg_connection* conn)
|
||||
{
|
||||
mg_printf(conn,
|
||||
"HTTP/1.1 200 OK\r\n"
|
||||
"Content-Type: application/json\r\n"
|
||||
"Access-Control-Allow-Origin: *\r\n\r\n"
|
||||
"{\"success\":\"logout success\"}");
|
||||
}
|
||||
|
||||
void res_(mg_connection* conn);
|
||||
void res_(mg_connection* conn);
|
||||
Loading…
Reference in New Issue
Block a user