KeqingMoe/math
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: KeqingMoe:479d38036e5013db0c689844c709502858c90db7
Branches Tags
KeqingMoe:main
..
compare: KeqingMoe:93df543bb391ee238c55d867b219f045f938a3fd
Branches Tags
KeqingMoe:main

No commits in common. "479d38036e5013db0c689844c709502858c90db7" and "93df543bb391ee238c55d867b219f045f938a3fd" have entirely different histories.
479d38036e ... 93df543bb3

9 changed files with 152 additions and 663 deletions
Show Stats Expand all files Collapse all files

8
include/db/auth.h
View File

@ -15,14 +15,8 @@ extern "C"
int set_user_password(const char* user_id, const char* password); int set_user_password(const char* user_id, const char* password);
int login(const char* user_id, const char* password, int* result); int login(const char* user_id, const char* password, int* result);
int registe(const char* user_id, const char* password);
int delete_user(const char* user_id); int delete_user(const char* user_id);
int get_user_permission(const char* user_id, int* result);
int set_user_permission(const char* user_id, int permission);
#ifdef __cplusplus #ifdef __cplusplus
} }

45
include/server/response.h
View File

@ -1,45 +0,0 @@
#ifndef SERVER_RESPONSE_H
#define SERVER_RESPONSE_H
#include "types.h"
void res_null_req(mg_connection* conn);
void res_must_get(mg_connection* conn);
void res_must_post(mg_connection* conn);
void res_need_token(mg_connection* conn);
void res_auth_fail(mg_connection* conn);
void res_check_exist_fail(mg_connection* conn);
void res_user_exist(mg_connection* conn);
void res_not_exist(mg_connection* conn);
void res_check_permission_fail(mg_connection* conn);
void res_permission_denied(mg_connection* conn);
void res_need_user_id(mg_connection* conn);
void res_need_password(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_delete_account_fail(mg_connection* conn);
void res_delete_account(mg_connection* conn);
void res_login_fail(mg_connection* conn);
void res_incorrect(mg_connection* conn);
void res_login(mg_connection* conn, const char* token);
void res_register_fail(mg_connection* conn);
void res_register(mg_connection* conn);
void res_repasswd_fail(mg_connection* conn);
void res_repasswd(mg_connection* conn);
void res_logout_fail(mg_connection* conn);
void res_logout(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
#endif

85
src/db/auth.cpp
View File

@ -5,28 +5,12 @@
#include <print> #include <print>
#include <leveldb/db.h> #include <leveldb/db.h>
#include <leveldb/write_batch.h>
using leveldb_ptr = leveldb::DB*; using leveldb_ptr = leveldb::DB*;
auto user_db = leveldb_ptr{nullptr}; auto user_db = leveldb_ptr{nullptr};
auto iter_round = 10000; auto iter_round = 10000;
auto filter(const std::string_view id) -> bool
{
return id.contains(':');
}
auto mangle_user_id(const std::string_view id) -> std::string
{
return std::format("{}:user_id", id);
}
auto mangle_permission(const std::string_view id) -> std::string
{
return std::format("{}:permission", id);
}
extern "C" extern "C"
{ {
auto open_user_db() -> int auto open_user_db() -> int
@ -51,10 +35,8 @@ extern "C"
auto check_user_exists(const char* user_id, int* result) -> int auto check_user_exists(const char* user_id, int* result) -> int
{ {
if (filter(user_id)) return 0;
auto value = std::string{}; auto value = std::string{};
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_user_id(user_id), &value); auto status = user_db->Get(leveldb::ReadOptions{}, user_id, &value);
if (status.ok()) { if (status.ok()) {
*result = 1; *result = 1;
} else if (status.IsNotFound()) { } else if (status.IsNotFound()) {
@ -68,10 +50,7 @@ extern "C"
auto set_user_password(const char* user_id, const char* password) -> int auto set_user_password(const char* user_id, const char* password) -> int
{ {
if (filter(user_id)) return 0; auto status = user_db->Put(leveldb::WriteOptions{}, user_id, generate_hash(password, iter_round));
auto status =
user_db->Put(leveldb::WriteOptions{}, mangle_user_id(user_id), generate_hash(password, iter_round));
if (!status.ok()) { if (!status.ok()) {
std::println(stderr, "Failed to set user password: {}", status.ToString()); std::println(stderr, "Failed to set user password: {}", status.ToString());
return 0; return 0;
@ -81,10 +60,8 @@ extern "C"
auto login(const char* user_id, const char* password, int* result) -> int auto login(const char* user_id, const char* password, int* result) -> int
{ {
if (filter(user_id)) return 0;
auto value = std::string{}; auto value = std::string{};
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_user_id(user_id), &value); auto status = user_db->Get(leveldb::ReadOptions{}, user_id, &value);
if (!status.ok()) { if (!status.ok()) {
std::println(stderr, "Failed to login: {}", status.ToString()); std::println(stderr, "Failed to login: {}", status.ToString());
return 0; return 0;
@ -93,60 +70,10 @@ extern "C"
return 1; return 1;
} }
int registe(const char* user_id, const char* password)
{
if (filter(user_id)) return 0;
auto batch = leveldb::WriteBatch{};
batch.Put(mangle_user_id(user_id), generate_hash(password, iter_round));
batch.Put(mangle_permission(user_id), "1");
auto status = user_db->Write(leveldb::WriteOptions{}, &batch);
if (!status.ok()) {
std::println(stderr, "Failed to register: {}", status.ToString());
return 0;
}
return 1;
}
auto delete_user(const char* user_id) -> int auto delete_user(const char* user_id) -> int
{ {
if (filter(user_id)) return 0; auto write_options = leveldb::WriteOptions{};
auto status = user_db->Delete(write_options, user_id);
auto batch = leveldb::WriteBatch{}; return status.ok();
batch.Delete(mangle_user_id(user_id));
batch.Delete(mangle_permission(user_id));
auto status = user_db->Write(leveldb::WriteOptions{}, &batch);
if (!status.ok()) {
std::println(stderr, "Failed to delete: {}", status.ToString());
return 0;
}
return 1;
}
int get_user_permission(const char* user_id, int* result)
{
if (filter(user_id)) return 0;
auto value = std::string{};
auto status = user_db->Get(leveldb::ReadOptions{}, mangle_permission(user_id), &value);
if (status.ok()) {
*result = std::stoi(value);
} else {
std::println(stderr, "Failed to get user permission: {}", status.ToString());
return 0;
}
return 1;
}
int set_user_permission(const char* user_id, int permission)
{
if (filter(user_id)) return 0;
auto status = user_db->Put(leveldb::WriteOptions{}, mangle_permission(user_id), std::to_string(permission));
if (!status.ok()) {
std::println(stderr, "Failed to set user permission: {}", status.ToString());
return 0;
}
return 1;
} }
} }

98
src/server/auth/delete.c
View File

@ -1,5 +1,4 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/response.h"
#include "server/util.h" #include "server/util.h"
#include "db/auth.h" #include "db/auth.h"
@ -17,13 +16,11 @@
typedef struct typedef struct
{ {
char* token; char* token;
char* user_id;
} delete_form_t; } delete_form_t;
static void delete_form_dtor(delete_form_t* form) static void delete_form_dtor(delete_form_t* form)
{ {
if (form->token) free(form->token); if (form->token) free(form->token);
if (form->user_id) free(form->user_id);
} }
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data) static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
@ -36,30 +33,35 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
delete_form_t* form = (delete_form_t*)user_data; delete_form_t* form = (delete_form_t*)user_data;
if (strcmp(key, "token") == 0) { if (strcmp(key, "token") == 0) {
form->token = kqm_strndup(value, valuelen); form->token = kqm_strndup(value, valuelen);
} else if (strcmp(key, "user_id") == 0) {
form->user_id = kqm_strndup(value, valuelen);
}
if (form->token && form->user_id) {
return MG_FORM_FIELD_HANDLE_ABORT; return MG_FORM_FIELD_HANDLE_ABORT;
} }
return MG_FORM_FIELD_HANDLE_GET; return MG_FORM_FIELD_HANDLE_GET;
} }
int user_delete_handler(mg_connection* conn, void* cbdata)
int delete_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
res_null_req(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn); mg_printf(conn,
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
delete_form_t form = {NULL, NULL}; delete_form_t form = {NULL};
mg_form_data_handler delete_callback = { mg_form_data_handler delete_callback = {
.field_found = field_found, .field_found = field_found,
@ -71,48 +73,60 @@ int user_delete_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &delete_callback); mg_handle_form_request(conn, &delete_callback);
if (!form.token) { if (!form.token) {
res_need_token(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need token\"}");
delete_form_dtor(&form); delete_form_dtor(&form);
return 1; return 1;
} }
if (!verify_token(form.token, secret)) {
res_auth_fail(conn); int result = verify_token(form.token, secret);
if (!result) {
mg_printf(conn,
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"auth failed\"}");
delete_form_dtor(&form); delete_form_dtor(&form);
return 1; return 1;
} }
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
if (form.user_id && strcmp(user_id, form.user_id)) { int flag = check_user_exists(user_id, &result);
int perm1; if (!flag) {
int flag = get_user_permission(user_id, &perm1); mg_printf(conn,
if (!flag) { "HTTP/1.1 500 Internal Server Error\r\n"
res_check_permission_fail(conn); "Content-Type: application/json\r\n"
} "Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
delete_form_dtor(&form);
return 1;
} else if (!result) {
mg_printf(conn,
"HTTP/1.1 404 Not Found\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user does not exist\"}");
delete_form_dtor(&form);
return 1;
}
int perm2; flag = delete_user(user_id);
flag = get_user_permission(form.user_id, &perm2); if (!flag) {
if (!flag) { mg_printf(conn,
res_check_permission_fail(conn); "HTTP/1.1 500 Internal Server Error\r\n"
} "Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
if (perm1 < perm2) { "{\"error\":\"failed to delete account\"}");
int flag = delete_user(form.user_id);
if (!flag) {
res_delete_account_fail(conn);
} else {
res_delete_account(conn);
}
} else {
res_permission_denied(conn);
}
} else { } else {
int flag = delete_user(user_id); mg_printf(conn,
if (!flag) { "HTTP/1.1 200 OK\r\n"
res_delete_account_fail(conn); "Content-Type: application/json\r\n"
} else { "Access-Control-Allow-Origin: *\r\n\r\n"
res_delete_account(conn); "{\"success\":\"delete account success\"}");
}
} }
free(user_id); free(user_id);
delete_form_dtor(&form); delete_form_dtor(&form);

58
src/server/auth/login.c
View File

@ -1,6 +1,5 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/util.h" #include "server/util.h"
#include "server/response.h"
#include "db/auth.h" #include "db/auth.h"
@ -46,17 +45,25 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
} }
int user_login_handler(mg_connection* conn, void* cbdata) int login_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
res_null_req(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn); mg_printf(conn,
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
@ -72,12 +79,20 @@ int user_login_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &login_callback); mg_handle_form_request(conn, &login_callback);
if (!form.user_id) { if (!form.user_id) {
res_need_user_id(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need user_id\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
if (!form.password) { if (!form.password) {
res_need_password(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need password\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
@ -85,23 +100,44 @@ int user_login_handler(mg_connection* conn, void* cbdata)
int result; int result;
int flag = check_user_exists(form.user_id, &result); int flag = check_user_exists(form.user_id, &result);
if (!flag) { if (!flag) {
res_check_exist_fail(conn); mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} else if (!result) { } else if (!result) {
res_not_exist(conn); mg_printf(conn,
"HTTP/1.1 404 Not Found\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user does not exist\"}");
login_form_dtor(&form); login_form_dtor(&form);
return 1; return 1;
} }
flag = login(form.user_id, form.password, &result); flag = login(form.user_id, form.password, &result);
if (!flag) { if (!flag) {
res_login_fail(conn); mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to login\"}");
} else if (!result) { } else if (!result) {
res_incorrect(conn); mg_printf(conn,
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"incorrect password or user id\"}");
} else { } else {
char* token = create_token(form.user_id, secret); char* token = create_token(form.user_id, secret);
res_login(conn, token); mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"login success\", \"token\":\"%s\"}",
token);
free(token); free(token);
} }
login_form_dtor(&form); login_form_dtor(&form);

122
src/server/auth/logout.c
View File

@ -1,122 +0,0 @@
#include "server/auth.h"
#include "server/response.h"
#include "server/util.h"
#include "db/auth.h"
#include "jwt/jwt.h"
#include <civetweb.h>
#include <cjson/cJSON.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
// typedef struct
// {
// char* token;
// char* user_id;
// } logout_form_t;
// static void logout_form_dtor(logout_form_t* form)
// {
// if (form->token) free(form->token);
// if (form->user_id) free(form->user_id);
// }
// static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
// {
// return MG_FORM_FIELD_HANDLE_GET;
// }
// static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
// {
// logout_form_t* form = (logout_form_t*)user_data;
// if (strcmp(key, "token") == 0) {
// form->token = kqm_strndup(value, valuelen);
// } else if (strcmp(key, "user_id") == 0) {
// form->user_id = kqm_strndup(value, valuelen);
// }
// if (form->token && form->user_id) {
// return MG_FORM_FIELD_HANDLE_ABORT;
// }
// return MG_FORM_FIELD_HANDLE_GET;
// }
int user_logout_handler(mg_connection* conn, void* cbdata)
{
const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) {
res_null_req(conn);
return 1;
}
if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn);
return 1;
}
res_logout(conn);
// logout_form_t form = {NULL, NULL};
// mg_form_data_handler logout_callback = {
// .field_found = field_found,
// .field_get = field_get,
// .field_store = NULL,
// .user_data = &form,
// };
// mg_handle_form_request(conn, &logout_callback);
// if (!form.token) {
// res_need_token(conn);
// logout_form_dtor(&form);
// return 1;
// }
// if (!verify_token(form.token, secret)) {
// res_auth_fail(conn);
// logout_form_dtor(&form);
// return 1;
// }
// char* user_id = get_payload(form.token);
// if (form.user_id && strcmp(user_id, form.user_id)) {
// int perm1;
// int flag = get_user_permission(user_id, &perm1);
// if (!flag) {
// res_check_permission_fail(conn);
// }
// int perm2;
// flag = get_user_permission(form.user_id, &perm2);
// if (!flag) {
// res_check_permission_fail(conn);
// }
// if (perm1 < perm2) {
// int flag = logout_user(form.user_id);
// if (!flag) {
// res_logout_fail(conn);
// } else {
// res_logout(conn);
// }
// } else {
// res_permission_denied(conn);
// }
// } else {
// int flag = logout_user(user_id);
// if (!flag) {
// res_logout_account_fail(conn);
// } else {
// res_logout_account(conn);
// }
// }
// free(user_id);
// logout_form_dtor(&form);
return 1;
}

53
src/server/auth/register.c
View File

@ -1,5 +1,4 @@
#include "server/auth.h" #include "server/auth.h"
#include "server/response.h"
#include "server/util.h" #include "server/util.h"
#include "db/auth.h" #include "db/auth.h"
@ -44,17 +43,25 @@ static int field_get(const char* key, const char* value, size_t valuelen, void*
} }
int user_register_handler(mg_connection* conn, void* cbdata) int register_handler(mg_connection* conn, void* cbdata)
{ {
const mg_request_info* post_body = mg_get_request_info(conn); const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) { if (post_body == NULL) {
res_null_req(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"null request\"}");
return 1; return 1;
} }
if (strcmp(post_body->request_method, "POST")) { if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn); mg_printf(conn,
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n");
mg_printf(conn, "{\"error\":\"must use post request\"}");
return 1; return 1;
} }
@ -70,12 +77,20 @@ int user_register_handler(mg_connection* conn, void* cbdata)
mg_handle_form_request(conn, &register_callback); mg_handle_form_request(conn, &register_callback);
if (!form.user_id) { if (!form.user_id) {
res_need_user_id(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need user_id\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
if (!form.password) { if (!form.password) {
res_need_password(conn); mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need password\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
@ -83,20 +98,36 @@ int user_register_handler(mg_connection* conn, void* cbdata)
int result; int result;
int flag = check_user_exists(form.user_id, &result); int flag = check_user_exists(form.user_id, &result);
if (!flag) { if (!flag) {
res_check_exist_fail(conn); mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} else if (result) { } else if (result) {
res_user_exist(conn); mg_printf(conn,
"HTTP/1.1 409 Conflict\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user already exists\"}");
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;
} }
flag = registe(form.user_id, form.password); flag = set_user_password(form.user_id, form.password);
if (!flag) { if (!flag) {
res_register_fail(conn); mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to register\"}");
} else { } else {
res_register(conn); mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"registration success\"}");
} }
register_form_dtor(&form); register_form_dtor(&form);
return 1; return 1;

143
src/server/auth/repasswd.c
View File

@ -1,143 +0,0 @@
#include "server/auth.h"
#include "server/response.h"
#include "server/util.h"
#include "db/auth.h"
#include "jwt/jwt.h"
#include <civetweb.h>
#include <cjson/cJSON.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
typedef struct
{
char* token;
char* user_id;
char* raw_passwd;
char* new_passwd;
} repasswd_form_t;
static void repasswd_form_dtor(repasswd_form_t* form)
{
if (form->token) free(form->token);
if (form->user_id) free(form->user_id);
}
static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
{
return MG_FORM_FIELD_HANDLE_GET;
}
static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
{
repasswd_form_t* form = (repasswd_form_t*)user_data;
if (strcmp(key, "token") == 0) {
form->token = kqm_strndup(value, valuelen);
} else if (strcmp(key, "user_id") == 0) {
form->user_id = kqm_strndup(value, valuelen);
} else if (strcmp(key, "raw_passwd") == 0) {
form->raw_passwd = kqm_strndup(value, valuelen);
} else if (strcmp(key, "new_passwd") == 0) {
form->new_passwd = kqm_strndup(value, valuelen);
}
if (form->token && form->user_id && form->raw_passwd && form->new_passwd) {
return MG_FORM_FIELD_HANDLE_ABORT;
}
return MG_FORM_FIELD_HANDLE_GET;
}
int user_repasswd_handler(mg_connection* conn, void* cbdata)
{
const mg_request_info* post_body = mg_get_request_info(conn);
if (post_body == NULL) {
res_null_req(conn);
return 1;
}
if (strcmp(post_body->request_method, "POST")) {
res_must_post(conn);
return 1;
}
repasswd_form_t form = {NULL, NULL, NULL, NULL};
mg_form_data_handler repasswd_callback = {
.field_found = field_found,
.field_get = field_get,
.field_store = NULL,
.user_data = &form,
};
mg_handle_form_request(conn, &repasswd_callback);
if (!form.token) {
res_need_token(conn);
repasswd_form_dtor(&form);
return 1;
}
if (!form.new_passwd) {
res_need_password(conn);
repasswd_form_dtor(&form);
return 1;
}
if (!verify_token(form.token, secret)) {
res_auth_fail(conn);
repasswd_form_dtor(&form);
return 1;
}
char* user_id = get_payload(form.token);
if (form.user_id && strcmp(user_id, form.user_id)) {
int perm1;
int flag = get_user_permission(user_id, &perm1);
if (!flag) {
res_check_permission_fail(conn);
}
int perm2;
flag = get_user_permission(form.user_id, &perm2);
if (!flag) {
res_check_permission_fail(conn);
}
if (perm1 < perm2) {
int flag = set_user_password(form.user_id, form.new_passwd);
if (!flag) {
res_repasswd_fail(conn);
} else {
res_repasswd(conn);
}
} else {
res_permission_denied(conn);
}
} else if(form.raw_passwd) {
int result;
int flag = login(user_id, form.raw_passwd, &result);
if (!flag) {
res_repasswd_fail(conn);
} else {
if (result) {
flag = set_user_password(user_id, form.new_passwd);
if (!flag) {
res_repasswd_fail(conn);
} else {
res_repasswd(conn);
}
} else {
res_incorrect(conn);
}
}
} else {
res_need_password(conn);
}
free(user_id);
repasswd_form_dtor(&form);
return 1;
}

203
src/server/response.c
View File

@ -1,203 +0,0 @@
#include "server/types.h"
#include <server/response.h>
#include <civetweb.h>
void res_null_req(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"null request\"}");
}
void res_must_get(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"must send get request\"}");
}
void res_must_post(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 405 Method Not Allowed\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"must send post request\"}");
}
void res_need_token(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need token\"}");
}
void res_auth_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"auth failed\"}");
}
void res_check_exist_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user existence\"}");
}
void res_user_exist(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 409 Conflict\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user already exists\"}");
}
void res_not_exist(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 404 Not Found\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"user does not exist\"}");
}
void res_check_permission_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to check user permission\"}");
}
void res_permission_denied(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 403 Forbidden\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"permission denied\"}");
}
void res_need_user_id(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need user_id\"}");
}
void res_need_password(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 400 Bad Request\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"need password\"}");
}
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_(mg_connection* conn);
void res_delete_account_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to delete account\"}");
}
void res_delete_account(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"delete account success\"}");
}
void res_login_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to login\"}");
}
void res_incorrect(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 401 Unauthorized\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"incorrect password or user id\"}");
}
void res_login(mg_connection* conn, const char* token)
{
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"login success\", \"token\":\"%s\"}",
token);
}
void res_register_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to register\"}");
}
void res_register(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"registration success\"}");
}
void res_repasswd_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to repasswd account\"}");
}
void res_repasswd(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"repasswd account success\"}");
}
void res_logout_fail(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 500 Internal Server Error\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"error\":\"failed to logout\"}");
}
void res_logout(mg_connection* conn)
{
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/json\r\n"
"Access-Control-Allow-Origin: *\r\n\r\n"
"{\"success\":\"logout success\"}");
}
void res_(mg_connection* conn);
void res_(mg_connection* conn);