From d1a9b13de4ea01f1c299a16e06d207b687e7c576 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Wilfried=20G=C3=B6esgens?= <willi@citadel.org>
Date: Sun, 17 May 2009 21:35:10 +0000
Subject: [PATCH] * shuffle auth arround... * implement robots.txt and
 favicon.ico * some more tiny fixups

---
 webcit/auth.c         |  35 +++++++++++++
 webcit/context_loop.c | 116 +++---------------------------------------
 webcit/downloads.c    |   2 +-
 webcit/rss.c          |   7 +--
 webcit/static.c       | 108 +++++++--------------------------------
 webcit/webcit.h       |  16 ++----
 6 files changed, 70 insertions(+), 214 deletions(-)

diff --git a/webcit/auth.c b/webcit/auth.c
index d182b4023..863488b8c 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -948,11 +948,46 @@ int ConditionalRoomAcessDelete(StrBuf *Target, WCTemplputParams *TP)
 void _display_openid_login(void) {display_openid_login(NULL);}
 void _display_reg(void) {display_reg(0);}
 
+void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
+{
+	const char *Pos = NULL;
+	if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
+		StrBufCutLeft(Line, 6);
+		StrBufDecodeBase64(Line);
+		StrBufExtract_NextToken(hdr->c_username, Line, &Pos, ':');
+		StrBufExtract_NextToken(hdr->c_password, Line, &Pos, ':');
+		hdr->got_auth = AUTH_BASIC;
+	}
+	else 
+		lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
+}
+
+void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
+{
+	hdr->RawCookie = Line;
+	if (hdr->DontNeedAuth)
+		return;
+/*
+	safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
+	c_httpauth_user = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
+	c_httpauth_pass = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
+*/
+	cookie_to_stuff(Line, &hdr->desired_session,
+			hdr->c_username,
+			hdr->c_password,
+			hdr->c_roomname);
+	hdr->got_auth = AUTH_COOKIE;
+}
+
+
 
 void 
 InitModule_AUTH
 (void)
 {
+	RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
+	RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
+
 	WebcitAddUrlHandler(HKEY(""), do_welcome, ANONYMOUS|COOKIEUNNEEDED); /* no url pattern at all? Show login. */
 	WebcitAddUrlHandler(HKEY("do_welcome"), do_welcome, ANONYMOUS|COOKIEUNNEEDED);
 	WebcitAddUrlHandler(HKEY("login"), do_login, ANONYMOUS|COOKIEUNNEEDED);
diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index 1f38768d1..2c7d5183d 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -283,7 +283,11 @@ int ReadHttpSubject(ParsedHttpHdrs *Hdr, StrBuf *Line, StrBuf *Buf)
 		Hdr->Handler = (WebcitHandler*) vHandler;
 		if (Hdr->Handler == NULL)
 			break;
-		/* are we about to ignore some prefix like webcit/ ? */
+		/*
+		 * If the request is prefixed by "/webcit" then chop that off.  This
+		 * allows a front end web server to forward all /webcit requests to us
+		 * while still using the same web server port for other things.
+		 */
 		if ((Hdr->Handler->Flags & URLNAMESPACE) == 0)
 			break;
 	} while (1);
@@ -437,20 +441,11 @@ void context_loop(int *sock)
 /*
 	if (isbogus)
 		StrBufPlain(ReqLine, HKEY("/404"));
+TODO    HKEY("/static/nocookies.html?force_close_session=yes"));
 */
 
 /*	dbg_PrintHash(HTTPHeaders, nix, NULL);  */
 
-	/*
-	 * If the request is prefixed by "/webcit" then chop that off.  This
-	 * allows a front end web server to forward all /webcit requests to us
-	 * while still using the same web server port for other things.
-	 * /
-	if (!isbogus &&
-	    (StrLength(ReqLine) >= 8) && 
-	    (strstr(ChrPtr(ReqLine), "/webcit/")) ) {
-		StrBufCutLeft(ReqLine, 7);
-	}
 
 	/* Begin parsing the request. * /
 #ifdef TECH_PREVIEW
@@ -566,19 +561,7 @@ void context_loop(int *sock)
 	TheSession->Hdr = NULL;
 	pthread_mutex_unlock(&TheSession->SessionMutex);	/* unbind */
 
-
 	http_destroy_modules(&Hdr);
-/* TODO
-
-	FreeStrBuf(&c_username);
-	FreeStrBuf(&c_password);
-	FreeStrBuf(&c_roomname);
-	FreeStrBuf(&c_httpauth_user);
-	FreeStrBuf(&c_httpauth_pass);
-*/
-	/* Free the request buffer */
-	///FreeStrBuf(&ReqLine);
-	
 }
 
 void tmplput_nonce(StrBuf *Target, WCTemplputParams *TP)
@@ -598,66 +581,6 @@ void tmplput_current_room(StrBuf *Target, WCTemplputParams *TP)
 	StrBufAppendTemplate(Target, TP, WC->wc_roomname, 0); 
 }
 
-
-void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
-{
-	hdr->RawCookie = Line;
-	if (hdr->DontNeedAuth)
-		return;
-/*
-	c_username = NewStrBuf();
-	c_password = NewStrBuf();
-	c_roomname = NewStrBuf();
-	safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
-	c_httpauth_user = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
-	c_httpauth_pass = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
-*/
-	cookie_to_stuff(Line, &hdr->desired_session,
-			hdr->c_username,
-			hdr->c_password,
-			hdr->c_roomname);
-	hdr->got_cookie = 1;
-}
-
-
-	/*
-	 * Browser-based sessions use cookies for session authentication
-	 * /
-	if (!isbogus &&
-	    GetHash(HTTPHeaders, HKEY("COOKIE"), &vLine) && 
-	    (vLine != NULL)) {
-		cookie_to_stuff(vLine, &desired_session,
-				NULL, NULL, NULL);
-		got_cookie = 1;
-	}
-	*/
-	/*
-	 * GroupDAV-based sessions use HTTP authentication
-	 */
-/*
-	if (!isbogus &&
-	    GetHash(HTTPHeaders, HKEY("AUTHORIZATION"), &vLine) && 
-	    (vLine != NULL)) {
-		Line = (StrBuf*)vLine;
-		if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
-			StrBufCutLeft(Line, 6);
-			CtdlDecodeBase64(httpauth_string, ChrPtr(Line), StrLength(Line));
-			extract_token(httpauth_user, httpauth_string, 0, ':', sizeof httpauth_user);
-			extract_token(httpauth_pass, httpauth_string, 1, ':', sizeof httpauth_pass);
-		}
-		else 
-			lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
-	}
-
-*/
-void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
-{
-	const char *Pos = NULL;
-	StrBufDecodeBase64(Line);
-	StrBufExtract_NextToken(hdr->c_username, Line, &Pos, ':');
-	StrBufExtract_NextToken(hdr->c_password, Line, &Pos, ':');
-}
-
 void Header_HandleContentLength(StrBuf *Line, ParsedHttpHdrs *hdr)
 {
 	hdr->ContentLength = StrToi(Line);
@@ -723,31 +646,6 @@ void Header_HandleAcceptEncoding(StrBuf *Line, ParsedHttpHdrs *hdr)
 		hdr->gzip_ok = 1;
 	}
 }
-
-/*
-{
-	c_username = NewStrBuf();
-	c_password = NewStrBuf();
-	c_roomname = NewStrBuf();
-	safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
-	c_httpauth_user = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
-	c_httpauth_pass = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
-}
-*/
-	/* *
-	 * These are the URL's which may be executed without a
-	 * session cookie already set.  If it's not one of these,
-	 * force the session to close because cookies are
-	 * probably disabled on the client browser.
-	 * /
-	else if ( (StrLength(ReqLine) > 1 )
-		&& (strncasecmp(ChrPtr(ReqLine), "/404", 4))
-	        && (Hdr.got_cookie == 0)) {
-		StrBufPlain(ReqLine, 
-			    HKEY("/static/nocookies.html"
-				 "?force_close_session=yes"));
-	}
-*/
 const char *ReqStrs[eNONE] = {
 	"GET",
 	"POST",
@@ -826,8 +724,6 @@ void
 InitModule_CONTEXT
 (void)
 {
-	RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
-	RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
 	RegisterHeaderHandler(HKEY("CONTENT-LENGTH"), Header_HandleContentLength);
 	RegisterHeaderHandler(HKEY("CONTENT-TYPE"), Header_HandleContentType);
 	RegisterHeaderHandler(HKEY("USER-AGENT"), Header_HandleUserAgent);
diff --git a/webcit/downloads.c b/webcit/downloads.c
index c8970ef3a..19e3ce5b5 100644
--- a/webcit/downloads.c
+++ b/webcit/downloads.c
@@ -387,7 +387,7 @@ void output_image(void)
 	 * when there's no such image on the server.
 	 */
 	StrBufPrintf (Buf, "%s%s", static_dirs[0], "/blank.gif");
-	//// TDODO output_static(ChrPtr(Buf));
+	output_static(ChrPtr(Buf));
 	FreeStrBuf(&Buf);
 }
 
diff --git a/webcit/rss.c b/webcit/rss.c
index 7f6188916..3279f9215 100644
--- a/webcit/rss.c
+++ b/webcit/rss.c
@@ -42,7 +42,7 @@ void display_rss_control(char *reply_to, char *subject)
  * roomname the room we sould print out as rss 
  * request_method the way the rss is requested????
  */
-void display_rss(const StrBuf *roomname)
+void display_rss(void)
 {
 	message_summary *Msg;
 	wcsession *WCC = WC;
@@ -72,7 +72,8 @@ void display_rss(const StrBuf *roomname)
 	char msgn[256];
 	char content_type[256];
 	char charset[256];
-	
+	const StrBuf *roomname;
+
 	if (!WCC->logged_in) {
 		#ifdef ALLOW_ANON_RSS
 		StrBuf *User;
@@ -96,7 +97,7 @@ void display_rss(const StrBuf *roomname)
 		#endif
 	}
 
-	if (gotoroom(roomname)) {
+	if (gotoroom(WCC->Hdr->ReqLine)) {
 		lprintf(3, "RSS: Can't goto requested room\n");
 		hprintf("HTTP/1.1 404 Not Found\r\n");
 		hprintf("Content-Type: text/html\r\n");
diff --git a/webcit/static.c b/webcit/static.c
index 0d0eea948..7e5580b27 100644
--- a/webcit/static.c
+++ b/webcit/static.c
@@ -19,65 +19,7 @@
 
 
 HashList *StaticFilemappings[4] = {NULL, NULL, NULL, NULL};
-
-
 /*
-  for ( a = 0; a < 9; ++a)
-  {
-  extract_token(index[a], ChrPtr(ReqLine), a + 1, '/', sizes[a]);
-  if (strstr(index[a], "?")) *strstr(index[a], "?") = 0;
-  if (strstr(index[a], "&")) *strstr(index[a], "&") = 0;
-  if (strstr(index[a], " ")) *strstr(index[a], " ") = 0;
-  if ((index[a][0] == '.') && (index[a][1] == '.'))
-  nBackDots++;
-  if (index[a][0] == '\0')
-  nEmpty++;
-  }
-*/
-
-/* TODO: staticdata
-{
-
-
-	/** Figure out the action * /
-	index[0] = action;
-	sizes[0] = sizeof action;
-	for (a=1; a<9; a++)
-	{
-		index[a] = arg[a-1];
-		sizes[a] = sizeof arg[a-1];
-	}
-	nBackDots = 0;
-	nEmpty = 0;
-
-
-	/* Static content can be sent without connecting to Citadel. * /
-	is_static = 0;
-	for (a=0; a<ndirs && ! is_static; ++a) {
-		if (!strcasecmp(action, (char*)static_content_dirs[a])) { /* map web to disk location * /
-			is_static = 1;
-			n_static = a;
-		}
-	}
-	if (is_static) {
-		if (nBackDots < 2)
-		{
-			snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
-				 static_dirs[n_static], 
-				 index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
-			for (a=0; a<8; ++a) {
-				if (buf[strlen(buf)-1] == '/') {
-					buf[strlen(buf)-1] = 0;
-				}
-			}
-			for (a = 0; a < strlen(buf); ++a) {
-				if (isspace(buf[a])) {
-					buf[a] = 0;
-				}
-			}
-			output_static(buf);
-		}
-		else 
 		{
 			lprintf(9, "Suspicious request. Ignoring.");
 			hprintf("HTTP/1.1 404 Security check failed\r\n");
@@ -85,11 +27,7 @@ HashList *StaticFilemappings[4] = {NULL, NULL, NULL, NULL};
 			wprintf("You have sent a malformed or invalid request.\r\n");
 			end_burst();
 		}
-		goto SKIP_ALL_THIS_CRAP;	/* Don't try to connect * /
-	}
-	}*/
-
-
+*/
 /*
  * dump out static pages from disk
  */
@@ -148,28 +86,6 @@ void output_static(const char *what)
 	}
 }
 
-	/* TODO: integrate this into the static startup logic
-
-	 * While we're at it, gracefully handle requests for the
-	 * robots.txt and favicon.ico files.
-	 * /
-	if ((StrLength(ReqLine) >= 11) &&
-	    !strncasecmp(ChrPtr(ReqLine), "/robots.txt", 11)) {
-		StrBufPlain(ReqLine, 
-			    HKEY("/static/robots.txt"
-				 "?force_close_session=yes HTTP/1.1"));
-		Hdr.eReqType = eGET;
-	}
-	else if ((StrLength(ReqLine) >= 11) &&
-		 !strncasecmp(ChrPtr(ReqLine), "/favicon.ico", 12)) {
-		StrBufPlain(ReqLine, HKEY("/static/favicon.ico"));
-		Hdr.eReqType = eGET;
-	}
-
-*/
-
-
-
 
 int LoadStaticDir(const char *DirName, HashList *DirList, const char *RelDir)
 {
@@ -262,6 +178,22 @@ int LoadStaticDir(const char *DirName, HashList *DirList, const char *RelDir)
 }
 
 
+void output_flat_static(void)
+{
+	wcsession *WCC = WC;
+	void *vFile;
+	StrBuf *File;
+
+	if (GetHash(StaticFilemappings[0], SKEY(WCC->Hdr->Handler->Name), &vFile) &&
+	    (vFile != NULL))
+	{
+		File = (StrBuf*) vFile;
+		output_static(ChrPtr(vFile));
+	}
+}
+
+
+
 void output_static_safe(HashList *DirList)
 {
 	wcsession *WCC = WC;
@@ -324,11 +256,9 @@ InitModule_STATIC
 	LoadStaticDir(static_dirs[2], StaticFilemappings[2], "");
 	LoadStaticDir(static_dirs[3], StaticFilemappings[3], "");
 
-	WebcitAddUrlHandler(HKEY("robots.txt"), output_static_0, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
-	WebcitAddUrlHandler(HKEY("favicon.ico"), output_static_0, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
+	WebcitAddUrlHandler(HKEY("robots.txt"), output_flat_static, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
+	WebcitAddUrlHandler(HKEY("favicon.ico"), output_flat_static, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
 	WebcitAddUrlHandler(HKEY("static"), output_static_0, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
 	WebcitAddUrlHandler(HKEY("static.local"), output_static_1, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
 	WebcitAddUrlHandler(HKEY("tinymce"), output_static_2, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
-
-
 }
diff --git a/webcit/webcit.h b/webcit/webcit.h
index c9033cdf3..c4bc03e70 100644
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -346,8 +346,6 @@ typedef struct _addrbookent {
 } addrbookent;
 
 
-
-
 #define AJAX (1<<0)
 #define ANONYMOUS (1<<1)
 #define NEED_URL (1<<2)
@@ -368,12 +366,6 @@ typedef struct  _WebcitHandler{
 } WebcitHandler;
 void WebcitAddUrlHandler(const char * UrlString, long UrlSLen, WebcitHandlerFunc F, long Flags);
 
-
-
-
-
-
-
 typedef struct _headereval {
 	ExamineMsgHeaderFunc evaluator;
 	int Type;
@@ -406,7 +398,9 @@ enum {
 };
 const char *ReqStrs[eNONE];
 
-
+#define NO_AUTH 0
+#define AUTH_COOKIE 1
+#define AUTH_BASIC 2
 
 typedef struct _ParsedHttpHdrs {
 	int http_sock;				/**< HTTP server socket */
@@ -417,7 +411,7 @@ typedef struct _ParsedHttpHdrs {
 	const WebcitHandler *Handler;
 	
 	int DontNeedAuth;
-	int got_cookie;
+	int got_auth;
 	long ContentLength;
 	time_t if_modified_since;
 	int gzip_ok;				/**< Nonzero if Accept-encoding: gzip */
@@ -566,6 +560,7 @@ typedef struct _HttpHeader {
 	int HaveEvaluator;
 } OneHttpHeader;
 
+void RegisterHeaderHandler(const char *Name, long Len, Header_Evaluator F);
 
 
 /* values for WC->current_iconbar */
@@ -837,7 +832,6 @@ void http_transmit_thing(const char *content_type, int is_static);
 long unescape_input(char *buf);
 void do_selected_iconbar(void);
 void spawn_another_worker_thread(void);
-void display_rss(const StrBuf *roomname);
 void StrEndTab(StrBuf *Target, int tabnum, int num_tabs);
 void StrBeginTab(StrBuf *Target, int tabnum, int num_tabs);
 void StrTabbedDialog(StrBuf *Target, int num_tabs, StrBuf *tabnames[]);
-- 
2.30.2