webcit-ng/server/admin_functions.c

   1 // Admin functions
   2 //
   3 // Copyright (c) 1996-2023 by the citadel.org team
   4 //
   5 // This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
   6
   7 #include "webcit.h"
   8
   9
  10 // /ctdl/a/login is called when a user is trying to log in
  11 void try_login(struct http_transaction *h, struct ctdlsession *c) {
  12         char buf[1024];
  13         char auth[AUTH_MAX];
  14         char username[256];
  15         char password[256];
  16         int login_success = 0;
  17
  18         extract_token(username, h->request_body, 0, '|', sizeof username);
  19         extract_token(password, h->request_body, 1, '|', sizeof password);
  20
  21         snprintf(buf, sizeof buf, "%s:%s", username, password);
  22         CtdlEncodeBase64(auth, buf, strlen(buf), BASE64_NO_LINEBREAKS);
  23
  24         syslog(LOG_DEBUG, "try_login(username='%s',password=(%d bytes))", username, (int) strlen(password));
  25
  26         ctdl_printf(c, "LOUT");                                                 // log out, in case we were logged in
  27         ctdl_readline(c, buf, sizeof(buf));                                     // ignore the result
  28         memset(c->auth, 0, AUTH_MAX);                                           // if this connection had auth, it doesn't now.
  29         memset(c->whoami, 0, 64);                                               // if this connection had auth, it doesn't now.
  30         login_success = login_to_citadel(c, auth, buf);                         // Now try logging in to Citadel
  31
  32         JsonValue *j = NewJsonObject(HKEY("login"));                            // Compose a JSON object with the results
  33         if (buf[0] == '2') {
  34                 JsonObjectAppend(j, NewJsonBool(HKEY("result"), 1));
  35                 JsonObjectAppend(j, NewJsonPlainString(HKEY("message"), "logged in", -1));
  36                 extract_token(username, &buf[4], 0, '|', sizeof username);      // This will have the proper capitalization etc.
  37                 JsonObjectAppend(j, NewJsonPlainString(HKEY("fullname"), username, -1));
  38                 JsonObjectAppend(j, NewJsonNumber(HKEY("axlevel"), extract_int(&buf[4], 1) ));
  39                 JsonObjectAppend(j, NewJsonNumber(HKEY("timescalled"), extract_long(&buf[4], 2) ));
  40                 JsonObjectAppend(j, NewJsonNumber(HKEY("posted"), extract_long(&buf[4], 3) ));
  41                 JsonObjectAppend(j, NewJsonNumber(HKEY("usernum"), extract_long(&buf[4], 5) ));
  42                 JsonObjectAppend(j, NewJsonNumber(HKEY("previous_login"), extract_long(&buf[4], 6) ));
  43         }
  44         else {
  45                 JsonObjectAppend(j, NewJsonBool(HKEY("result"), 0));
  46                 JsonObjectAppend(j, NewJsonPlainString(HKEY("message"), &buf[4], -1));
  47         }
  48         StrBuf *sj = NewStrBuf();
  49         SerializeJson(sj, j, 1);                                                // '1' == free the source object
  50
  51         add_response_header(h, strdup("Content-type"), strdup("application/json"));
  52         h->response_code = 200;
  53         h->response_string = strdup("OK");
  54         h->response_body_length = StrLength(sj);
  55         h->response_body = SmashStrBuf(&sj);
  56 }
  57
  58
  59 // /ctdl/a/logout is called when a user is trying to log out.   Don't use this as an ajax.
  60 void logout(struct http_transaction *h, struct ctdlsession *c) {
  61         char buf[1024];
  62         char auth[AUTH_MAX];
  63         char username[256];
  64         char password[256];
  65         int login_success = 0;
  66
  67         ctdl_printf(c, "LOUT"); // log out
  68         ctdl_readline(c, buf, sizeof(buf));     // ignore the result
  69         strcpy(c->auth, "x");
  70         memset(c->whoami, 0, 64);               // if this connection had auth, it doesn't now.
  71
  72         http_redirect(h, "/ctdl/s/index.html"); // go back where we started :)
  73 }
  74
  75
  76 // /ctdl/a/whoami returns the name of the currently logged in user, or an empty string if not logged in
  77 void whoami(struct http_transaction *h, struct ctdlsession *c) {
  78         h->response_code = 200;
  79         h->response_string = strdup("OK");
  80         add_response_header(h, strdup("Content-type"), strdup("text/plain"));
  81         h->response_body = strdup(c->whoami);
  82         h->response_body_length = strlen(h->response_body);
  83 }
  84
  85
  86 // /ctdl/a/biff returns the number of new messages that have arrived in the inbox
  87 // since the beginning of the session or since the last call to biff
  88 void biff(struct http_transaction *h, struct ctdlsession *c) {
  89         char biffbuff[1024];
  90
  91         ctdl_printf(c, "BIFF");                         // send the command
  92         ctdl_readline(c, biffbuff, sizeof(biffbuff));   // read the result
  93         h->response_code = 200;
  94         h->response_string = strdup("OK");
  95         add_response_header(h, strdup("Content-type"), strdup("text/plain"));
  96         h->response_body = strdup(&biffbuff[4]);
  97         h->response_body_length = strlen(h->response_body);
  98 }
  99
 100
 101 // Dispatcher for paths starting with /ctdl/a/
 102 void ctdl_a(struct http_transaction *h, struct ctdlsession *c) {
 103         if (!strcasecmp(h->url, "/ctdl/a/login")) {     // log in
 104                 try_login(h, c);
 105                 return;
 106         }
 107
 108         if (!strcasecmp(h->url, "/ctdl/a/logout")) {    // log out
 109                 logout(h, c);
 110                 return;
 111         }
 112
 113         if (!strcasecmp(h->url, "/ctdl/a/whoami")) {    // return display name of user
 114                 whoami(h, c);
 115                 return;
 116         }
 117
 118         if (!strcasecmp(h->url, "/ctdl/a/biff")) {      // check for new messages in the inbox
 119                 biff(h, c);
 120                 return;
 121         }
 122
 123         do_404(h);                                      // unknown
 124 }