Added -Wno-format-truncation to the CFLAGS to make it shut up about calls to snprintf...

[citadel.git] / webcit-ng / request.c

diff --git a/webcit-ng/request.c b/webcit-ng/request.c
index 22549c3ec26ca63c0786ea194be3298e62a939b8..9f6966b2387db55a0561ae4ed9c9a0ae1389df34 100644 (file)
--- a/webcit-ng/request.c
+++ b/webcit-ng/request.c
@@ -1,11 +1,10 @@
-//
 // This module sits directly above the HTTP layer.  By the time we get here,
 // an HTTP request has been fully received and parsed.  Control is passed up
 // to this layer to actually perform the request.  We then fill in the response
 // and pass control back down to the HTTP layer to output the response back to
 // the client.
 //
-// Copyright (c) 1996-2018 by the citadel.org team
+// Copyright (c) 1996-2021 by the citadel.org team
 //
 // This program is open source software.  It runs great on the
 // Linux operating system (and probably elsewhere).  You can use,
@@ -20,11 +19,8 @@
 #include "webcit.h"
 
 
-/*
- * Not found!  Wowzers.
- */
-void do_404(struct http_transaction *h)
-{
+// Not found!  Wowzers.
+void do_404(struct http_transaction *h) {
        h->response_code = 404;
        h->response_string = strdup("NOT FOUND");
        add_response_header(h, strdup("Content-type"), strdup("text/plain"));
@@ -33,21 +29,15 @@ void do_404(struct http_transaction *h)
 }
 
 
-/*
- * Precondition failed (such as if-match)
- */
-void do_412(struct http_transaction *h)
-{
+// Precondition failed (such as if-match)
+void do_412(struct http_transaction *h) {
        h->response_code = 412;
        h->response_string = strdup("PRECONDITION FAILED");
 }
 
 
-/*
- * We throw an HTTP error "502 bad gateway" when we need to connect to Citadel, but can't.
- */
-void do_502(struct http_transaction *h)
-{
+// We throw an HTTP error "502 bad gateway" when we need to connect to Citadel, but can't.
+void do_502(struct http_transaction *h) {
        h->response_code = 502;
        h->response_string = strdup("bad gateway");
        add_response_header(h, strdup("Content-type"), strdup("text/plain"));
@@ -58,22 +48,16 @@ void do_502(struct http_transaction *h)
 }
 
 
-/*
- * Tell the client to authenticate using HTTP-AUTH (RFC 2617)
- */
-void request_http_authenticate(struct http_transaction *h)
-{
+// Tell the client to authenticate using HTTP-AUTH (RFC 2617)
+void request_http_authenticate(struct http_transaction *h) {
        h->response_code = 401;
        h->response_string = strdup("Unauthorized");
        add_response_header(h, strdup("WWW-Authenticate"), strdup("Basic realm=\"Citadel Server\""));
 }
 
 
-/*
- * Easy and fun utility function to throw a redirect.
- */
-void http_redirect(struct http_transaction *h, char *to_where)
-{
+// Easy and fun utility function to throw a redirect.
+void http_redirect(struct http_transaction *h, char *to_where) {
        syslog(LOG_DEBUG, "Redirecting to: %s", to_where);
        h->response_code = 302;
        h->response_string = strdup("Moved Temporarily");
@@ -84,11 +68,8 @@ void http_redirect(struct http_transaction *h, char *to_where)
 }
 
 
-/*
- * perform_request() is the entry point for *every* HTTP transaction.
- */
-void perform_request(struct http_transaction *h)
-{
+// perform_request() is the entry point for *every* HTTP transaction.
+void perform_request(struct http_transaction *h) {
        struct ctdlsession *c;
 
        // Determine which code path to take based on the beginning of the URI.
@@ -99,6 +80,7 @@ void perform_request(struct http_transaction *h)
                do_404(h);
                return;
        }
+
        // Right about here is where we should try to handle anything that doesn't start
        // with the /ctdl/ prefix.
        // Root (/) ...
@@ -107,6 +89,7 @@ void perform_request(struct http_transaction *h)
                http_redirect(h, "/ctdl/s/index.html");
                return;
        }
+
        // Legacy URI patterns (/readnew?gotoroom=xxx&start_reading_at=yyy) ...
        // Direct room name (/my%20blog) ...
 
@@ -126,6 +109,7 @@ void perform_request(struct http_transaction *h)
                do_404(h);
                return;
        }
+
        // Anything below this line:
        //      1. Is in the format of /ctdl/?/*
        //      2. Requires a connection to a Citadel server.
@@ -135,6 +119,7 @@ void perform_request(struct http_transaction *h)
                do_502(h);
                return;
        }
+
        // WebDAV methods like OPTIONS and PROPFIND *require* a logged-in session,
        // even if the Citadel server allows anonymous access.
        if (IsEmptyStr(c->auth)) {
@@ -148,8 +133,8 @@ void perform_request(struct http_transaction *h)
                        return;
                }
        }
+
        // Break down the URI by path and send the request to the appropriate part of the program.
-       //
        switch (h->uri[6]) {
        case 'a':               // /ctdl/a/ == RESTful path to admin functions
                ctdl_a(h, c);
@@ -171,10 +156,11 @@ void perform_request(struct http_transaction *h)
        if (!IsEmptyStr(c->auth)) {
                char koekje[AUTH_MAX];
                char *exp = http_datestring(time(NULL) + (86400 * 30));
-               snprintf(koekje, AUTH_MAX, "wcauth=%s; path=/ctdl/; Expires=%s", c->auth, exp);
+               snprintf(koekje, AUTH_MAX, "wcauth=%s; path=/ctdl/; Expires=%s", c->auth, exp); // warn
                free(exp);
                add_response_header(h, strdup("Set-Cookie"), strdup(koekje));
        }
+
        // During development we are foiling the browser cache completely.  In production we'll be more selective.
        add_response_header(h, strdup("Cache-Control"), strdup("no-store, must-revalidate"));
        add_response_header(h, strdup("Pragma"), strdup("no-cache"));