3 // Copyright (c) 1996-2022 by the citadel.org team
5 // This program is open source software. Use, duplication, or
6 // disclosure are subject to the GNU General Public License v3.
11 // Return a "zero-terminated" array of message numbers in the current room.
12 // Caller owns the memory and must free it. Returns NULL if any problems.
13 long *get_msglist(struct ctdlsession *c, char *which_msgs) {
19 ctdl_printf(c, "MSGS %s", which_msgs);
20 ctdl_readline(c, buf, sizeof(buf));
23 if (num_msgs >= num_alloc) {
26 msglist = malloc(num_alloc * sizeof(long));
30 msglist = realloc(msglist, num_alloc * sizeof(long));
33 ctdl_readline(c, buf, sizeof(buf));
34 msglist[num_msgs++] = atol(buf);
35 } while (strcmp(buf, "000")); // this makes the last element a "0" terminator
41 // Supplied with a list of potential matches from an If-Match: or If-None-Match: header, and
42 // a message number (which we always use as the entity tag in Citadel), return nonzero if the
43 // message number matches any of the supplied tags in the string.
44 int match_etags(char *taglist, long msgnum) {
45 int num_tags = num_tokens(taglist, ',');
49 if (msgnum <= 0) { // no msgnum? no match.
53 for (i = 0; i < num_tags; ++i) {
54 extract_token(tag, taglist, i, ',', sizeof tag);
56 char *lq = (strchr(tag, '"'));
57 char *rq = (strrchr(tag, '"'));
58 if (lq < rq) { // has two double quotes
63 if (!strcmp(tag, "*")) { // wildcard match
66 long tagmsgnum = atol(tag);
67 if ((tagmsgnum > 0) && (tagmsgnum == msgnum)) { // match
72 return (0); // no match
76 // Client is requesting a mailbox summary of the current room
77 void json_mailbox(struct http_transaction *h, struct ctdlsession *c) {
80 JsonValue *j = NewJsonArray(HKEY("msgs"));
82 ctdl_printf(c, "MSGS ALL|||9"); // "9" as the fourth parameter delivers a mailbox summary
83 ctdl_readline(c, buf, sizeof(buf));
85 while (ctdl_readline(c, buf, sizeof(buf)), (strcmp(buf, "000"))) {
86 syslog(LOG_DEBUG, "msg: %s", buf);
87 JsonValue *jmsg = NewJsonObject(HKEY("message"));
88 JsonObjectAppend(jmsg, NewJsonNumber(HKEY("msgnum"), extract_long(buf, 0)));
89 JsonObjectAppend(jmsg, NewJsonNumber(HKEY("time"), extract_long(buf, 1)));
90 extract_token(field, buf, 2, '|', sizeof field);
91 JsonObjectAppend(jmsg, NewJsonPlainString(HKEY("author"), field, -1));
92 extract_token(field, buf, 4, '|', sizeof field);
93 JsonObjectAppend(jmsg, NewJsonPlainString(HKEY("addr"), field, -1));
94 extract_token(field, buf, 5, '|', sizeof field);
95 JsonObjectAppend(jmsg, NewJsonPlainString(HKEY("subject"), field, -1));
96 JsonObjectAppend(jmsg, NewJsonNumber(HKEY("msgidhash"), extract_long(buf, 6)));
97 extract_token(field, buf, 7, '|', sizeof field);
98 JsonObjectAppend(jmsg, NewJsonPlainString(HKEY("references"), field, -1));
99 JsonArrayAppend(j, jmsg); // add the message to the array
103 StrBuf *sj = NewStrBuf();
104 SerializeJson(sj, j, 1); // '1' == free the source array
106 add_response_header(h, strdup("Content-type"), strdup("application/json"));
107 h->response_code = 200;
108 h->response_string = strdup("OK");
109 h->response_body_length = StrLength(sj);
110 h->response_body = SmashStrBuf(&sj);
115 // Client is requesting a message list
116 void json_msglist(struct http_transaction *h, struct ctdlsession *c, char *which) {
118 long *msglist = get_msglist(c, which);
119 JsonValue *j = NewJsonArray(HKEY("msgs"));
121 if (msglist != NULL) {
122 for (i = 0; msglist[i] > 0; ++i) {
123 JsonArrayAppend(j, NewJsonNumber(HKEY("m"), msglist[i]));
128 StrBuf *sj = NewStrBuf();
129 SerializeJson(sj, j, 1); // '1' == free the source array
131 add_response_header(h, strdup("Content-type"), strdup("application/json"));
132 h->response_code = 200;
133 h->response_string = strdup("OK");
134 h->response_body_length = StrLength(sj);
135 h->response_body = SmashStrBuf(&sj);
140 // Client is requesting the room info banner
141 void read_room_info_banner(struct http_transaction *h, struct ctdlsession *c) {
144 ctdl_printf(c, "RINF");
145 ctdl_readline(c, buf, sizeof(buf));
147 StrBuf *info = NewStrBuf();
148 while (ctdl_readline(c, buf, sizeof(buf)), (strcmp(buf, "000"))){
149 StrBufAppendPrintf(info, "%s\n", buf);
151 add_response_header(h, strdup("Content-type"), strdup("text/plain"));
152 h->response_code = 200;
153 h->response_string = strdup("OK");
154 h->response_body_length = StrLength(info);
155 h->response_body = SmashStrBuf(&info);
164 // Client is setting the "Last Read Pointer" (marking all messages as "seen" up to this message)
165 void set_last_read_pointer(struct http_transaction *h, struct ctdlsession *c) {
167 ctdl_printf(c, "SLRP %d", atoi(get_url_param(h, "last")));
168 ctdl_readline(c, cbuf, sizeof(cbuf));
169 if (cbuf[0] == '2') {
178 // Client requested an object in a room.
179 void object_in_room(struct http_transaction *h, struct ctdlsession *c) {
182 char unescaped_euid[1024];
184 extract_token(buf, h->url, 4, '/', sizeof buf);
186 if (!strcasecmp(buf, "mailbox")) { // Client is requesting a mailbox summary
191 if (!strncasecmp(buf, "msgs.", 5)) { // Client is requesting a list of message numbers
192 unescape_input(&buf[5]);
193 json_msglist(h, c, &buf[5]);
197 if (!strcasecmp(buf, "info.txt")) { // Client is requesting the room info banner
198 read_room_info_banner(h, c);
202 if (!strcasecmp(buf, "slrp")) { // Set the Last Read Pointer
203 set_last_read_pointer(h, c);
207 // If we get to this point, the client is requesting a specific object *in* the room.
209 if ((c->room_default_view == VIEW_CALENDAR) // room types where objects are referenced by EUID
210 || (c->room_default_view == VIEW_TASKS)
211 || (c->room_default_view == VIEW_ADDRESSBOOK)
213 safestrncpy(unescaped_euid, buf, sizeof unescaped_euid);
214 unescape_input(unescaped_euid);
215 msgnum = locate_message_by_uid(c, unescaped_euid);
217 else { // otherwise the object is being referenced by message number
221 // All methods except PUT require the message to already exist
222 if ((msgnum <= 0) && (strcasecmp(h->method, "PUT"))) {
226 // If we get to this point we have a valid message number in an accessible room.
227 syslog(LOG_DEBUG, "msgnum is %ld, method is %s", msgnum, h->method);
229 // A sixth component in the URL can be one of two things:
230 // (1) a MIME part specifier, in which case the client wants to download that component within the message
231 // (2) a content-type, in which ase the client wants us to try to render it a certain way
232 if (num_tokens(h->url, '/') == 6) {
233 extract_token(buf, h->url, 5, '/', sizeof buf);
234 if (!IsEmptyStr(buf)) {
235 if (!strcasecmp(buf, "json")) {
236 json_render_one_message(h, c, msgnum);
239 download_mime_component(h, c, msgnum, buf);
245 // Ok, we want a full message, but first let's check for the if[-none]-match headers.
246 char *if_match = header_val(h, "If-Match");
247 if ((if_match != NULL) && (!match_etags(if_match, msgnum))) {
252 char *if_none_match = header_val(h, "If-None-Match");
253 if ((if_none_match != NULL) && (match_etags(if_none_match, msgnum))) {
260 if (!strcasecmp(h->method, "DELETE")) {
261 dav_delete_message(h, c, msgnum);
263 else if (!strcasecmp(h->method, "GET")) {
264 dav_get_message(h, c, msgnum);
266 else if (!strcasecmp(h->method, "PUT")) {
267 dav_put_message(h, c, unescaped_euid, msgnum);
270 do_404(h); // Got this far but the method made no sense? Bummer.
276 // Called by the_room_itself() when the HTTP method is REPORT
277 void report_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
278 if (c->room_default_view == VIEW_CALENDAR) {
279 caldav_report(h, c); // CalDAV REPORTs ... fmgwac
283 do_404(h); // future implementations like CardDAV will require code paths here
287 // Called by the_room_itself() when the HTTP method is OPTIONS
288 void options_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
289 h->response_code = 200;
290 h->response_string = strdup("OK");
291 if (c->room_default_view == VIEW_CALENDAR) {
292 add_response_header(h, strdup("DAV"), strdup("1, calendar-access")); // offer CalDAV
294 else if (c->room_default_view == VIEW_ADDRESSBOOK) {
295 add_response_header(h, strdup("DAV"), strdup("1, addressbook")); // offer CardDAV
298 add_response_header(h, strdup("DAV"), strdup("1")); // ordinary WebDAV for all other room types
300 add_response_header(h, strdup("Allow"), strdup("OPTIONS, PROPFIND, GET, PUT, REPORT, DELETE"));
304 // Called by the_room_itself() when the HTTP method is PROPFIND
305 void propfind_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
308 int dav_depth = (header_val(h, "Depth") ? atoi(header_val(h, "Depth")) : INT_MAX);
309 syslog(LOG_DEBUG, "Client PROPFIND requested depth: %d", dav_depth);
310 StrBuf *Buf = NewStrBuf();
312 StrBufAppendPrintf(Buf, "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
313 "<D:multistatus " "xmlns:D=\"DAV:\" " "xmlns:C=\"urn:ietf:params:xml:ns:caldav\"" ">");
315 // Transmit the collection resource
316 StrBufAppendPrintf(Buf, "<D:response>");
317 StrBufAppendPrintf(Buf, "<D:href>");
318 StrBufXMLEscAppend(Buf, NULL, h->site_prefix, strlen(h->site_prefix), 0);
319 StrBufAppendPrintf(Buf, "/ctdl/r/");
320 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
321 StrBufAppendPrintf(Buf, "</D:href>");
323 StrBufAppendPrintf(Buf, "<D:propstat>");
324 StrBufAppendPrintf(Buf, "<D:status>HTTP/1.1 200 OK</D:status>");
325 StrBufAppendPrintf(Buf, "<D:prop>");
326 StrBufAppendPrintf(Buf, "<D:displayname>");
327 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
328 StrBufAppendPrintf(Buf, "</D:displayname>");
330 StrBufAppendPrintf(Buf, "<D:owner />"); // empty owner ought to be legal; see rfc3744 section 5.1
332 StrBufAppendPrintf(Buf, "<D:resourcetype><D:collection />");
333 switch (c->room_default_view) {
335 StrBufAppendPrintf(Buf, "<C:calendar />"); // RFC4791 section 4.2
338 StrBufAppendPrintf(Buf, "</D:resourcetype>");
340 int enumerate_by_euid = 0; // nonzero if messages will be retrieved by euid instead of msgnum
341 switch (c->room_default_view) {
342 case VIEW_CALENDAR: // RFC4791 section 5.2
343 StrBufAppendPrintf(Buf, "<C:supported-calendar-component-set><C:comp name=\"VEVENT\"/></C:supported-calendar-component-set>");
344 StrBufAppendPrintf(Buf, "<C:supported-calendar-data>");
345 StrBufAppendPrintf(Buf, "<C:calendar-data content-type=\"text/calendar\" version=\"2.0\"/>");
346 StrBufAppendPrintf(Buf, "</C:supported-calendar-data>");
347 enumerate_by_euid = 1;
349 case VIEW_TASKS: // RFC4791 section 5.2
350 StrBufAppendPrintf(Buf, "<C:supported-calendar-component-set><C:comp name=\"VTODO\"/></C:supported-calendar-component-set>");
351 StrBufAppendPrintf(Buf, "<C:supported-calendar-data>");
352 StrBufAppendPrintf(Buf, "<C:calendar-data content-type=\"text/calendar\" version=\"2.0\"/>");
353 StrBufAppendPrintf(Buf, "</C:supported-calendar-data>");
354 enumerate_by_euid = 1;
356 case VIEW_ADDRESSBOOK: // FIXME put some sort of CardDAV crapola here when we implement it
357 enumerate_by_euid = 1;
359 case VIEW_WIKI: // FIXME invent "WikiDAV" ?
360 enumerate_by_euid = 1;
364 // FIXME get the mtime
365 // StrBufAppendPrintf(Buf, "<D:getlastmodified>");
366 // escputs(datestring);
367 // StrBufAppendPrintf(Buf, "</D:getlastmodified>");
369 StrBufAppendPrintf(Buf, "</D:prop>");
370 StrBufAppendPrintf(Buf, "</D:propstat>");
371 StrBufAppendPrintf(Buf, "</D:response>\n");
373 // If a depth greater than zero was specified, transmit the collection listing
376 long *msglist = get_msglist(c, "ALL");
379 for (i = 0; (msglist[i] > 0); ++i) {
381 syslog(LOG_DEBUG, "PROPFIND enumerated %d messages", i);
382 e = NULL; // EUID gets stored here
386 ctdl_printf(c, "MSG0 %ld|3", msglist[i]);
387 ctdl_readline(c, cbuf, sizeof(cbuf));
389 while (ctdl_readline(c, cbuf, sizeof(cbuf)), strcmp(cbuf, "000")) {
390 if ((enumerate_by_euid) && (!strncasecmp(cbuf, "exti=", 5))) {
391 // e = strdup(&cbuf[5]);
392 int elen = (2 * strlen(&cbuf[5]));
394 urlesc(e, elen, &cbuf[5]);
396 if (!strncasecmp(cbuf, "time=", 5)) {
397 timestamp = atol(&cbuf[5]);
402 sprintf(e, "%ld", msglist[i]);
404 StrBufAppendPrintf(Buf, "<D:response>");
406 // Generate the 'href' tag for this message
407 StrBufAppendPrintf(Buf, "<D:href>");
408 StrBufXMLEscAppend(Buf, NULL, h->site_prefix, strlen(h->site_prefix), 0);
409 StrBufAppendPrintf(Buf, "/ctdl/r/");
410 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
411 StrBufAppendPrintf(Buf, "/");
412 StrBufXMLEscAppend(Buf, NULL, e, strlen(e), 0);
413 StrBufAppendPrintf(Buf, "</D:href>");
414 StrBufAppendPrintf(Buf, "<D:propstat>");
415 StrBufAppendPrintf(Buf, "<D:status>HTTP/1.1 200 OK</D:status>");
416 StrBufAppendPrintf(Buf, "<D:prop>");
418 switch (c->room_default_view) {
420 StrBufAppendPrintf(Buf,
421 "<D:getcontenttype>text/calendar; component=vevent</D:getcontenttype>");
424 StrBufAppendPrintf(Buf,
425 "<D:getcontenttype>text/calendar; component=vtodo</D:getcontenttype>");
427 case VIEW_ADDRESSBOOK:
428 StrBufAppendPrintf(Buf, "<D:getcontenttype>text/x-vcard</D:getcontenttype>");
433 char *datestring = http_datestring(timestamp);
435 StrBufAppendPrintf(Buf, "<D:getlastmodified>");
436 StrBufXMLEscAppend(Buf, NULL, datestring, strlen(datestring), 0);
437 StrBufAppendPrintf(Buf, "</D:getlastmodified>");
440 if (enumerate_by_euid) { // FIXME ajc 2017oct30 should this be inside the timestamp conditional?
441 StrBufAppendPrintf(Buf, "<D:getetag>\"%ld\"</D:getetag>", msglist[i]);
444 StrBufAppendPrintf(Buf, "</D:prop></D:propstat></D:response>\n");
452 StrBufAppendPrintf(Buf, "</D:multistatus>\n");
454 add_response_header(h, strdup("Content-type"), strdup("text/xml"));
455 h->response_code = 207;
456 h->response_string = strdup("Multi-Status");
457 h->response_body_length = StrLength(Buf);
458 h->response_body = SmashStrBuf(&Buf);
461 // some good examples here
462 // http://blogs.nologin.es/rickyepoderi/index.php?/archives/14-Introducing-CalDAV-Part-I.html
465 // Called by the_room_itself() when the HTTP method is PROPFIND
466 void get_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
467 JsonValue *j = NewJsonObject(HKEY("gotoroom"));
469 JsonObjectAppend(j, NewJsonPlainString(HKEY("name"), c->room, -1));
470 JsonObjectAppend(j, NewJsonNumber(HKEY("current_view"), c->room_current_view));
471 JsonObjectAppend(j, NewJsonNumber(HKEY("default_view"), c->room_default_view));
472 JsonObjectAppend(j, NewJsonNumber(HKEY("is_room_aide"), c->is_room_aide));
473 JsonObjectAppend(j, NewJsonNumber(HKEY("can_delete_messages"), c->can_delete_messages));
474 JsonObjectAppend(j, NewJsonNumber(HKEY("new_messages"), c->new_messages));
475 JsonObjectAppend(j, NewJsonNumber(HKEY("total_messages"), c->total_messages));
476 JsonObjectAppend(j, NewJsonNumber(HKEY("last_seen"), c->last_seen));
478 StrBuf *sj = NewStrBuf();
479 SerializeJson(sj, j, 1); // '1' == free the source array
481 add_response_header(h, strdup("Content-type"), strdup("application/json"));
482 h->response_code = 200;
483 h->response_string = strdup("OK");
484 h->response_body_length = StrLength(sj);
485 h->response_body = SmashStrBuf(&sj);
490 // Handle REST/DAV requests for the room itself (such as /ctdl/r/roomname
491 // or /ctdl/r/roomname/ but *not* specific objects within the room)
492 void the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
494 // OPTIONS method on the room itself usually is a DAV client assessing what's here.
495 if (!strcasecmp(h->method, "OPTIONS")) {
496 options_the_room_itself(h, c);
500 // PROPFIND method on the room itself could be looking for a directory
501 if (!strcasecmp(h->method, "PROPFIND")) {
502 propfind_the_room_itself(h, c);
506 // REPORT method on the room itself is probably the dreaded CalDAV tower-of-crapola
507 if (!strcasecmp(h->method, "REPORT")) {
508 report_the_room_itself(h, c);
512 // GET method on the room itself is an API call, possibly from our JavaScript front end
513 if (!strcasecmp(h->method, "get")) {
514 get_the_room_itself(h, c);
518 // we probably want a "go to this room" for interactive access
523 // Dispatcher for "/ctdl/r" and "/ctdl/r/" for the room list
524 void room_list(struct http_transaction *h, struct ctdlsession *c) {
528 ctdl_printf(c, "LKRA");
529 ctdl_readline(c, buf, sizeof(buf));
535 JsonValue *j = NewJsonArray(HKEY("lkra"));
536 while (ctdl_readline(c, buf, sizeof(buf)), strcmp(buf, "000")) {
538 // 0 |1 |2 |3 |4 |5 |6 |7 |8
539 // name|QRflags|QRfloor|QRorder|QRflags2|ra|current_view|default_view|mtime
540 JsonValue *jr = NewJsonObject(HKEY("room"));
542 extract_token(roomname, buf, 0, '|', sizeof roomname);
543 JsonObjectAppend(jr, NewJsonPlainString(HKEY("name"), roomname, -1));
545 JsonObjectAppend(jr, NewJsonNumber(HKEY("floor"), extract_int(buf, 2)));
546 JsonObjectAppend(jr, NewJsonNumber(HKEY("rorder"), extract_int(buf, 3)));
548 int ra = extract_int(buf, 5);
549 JsonObjectAppend(jr, NewJsonBool(HKEY("known"), (ra & UA_KNOWN)));
550 JsonObjectAppend(jr, NewJsonBool(HKEY("hasnewmsgs"), (ra & UA_HASNEWMSGS)));
552 JsonObjectAppend(jr, NewJsonNumber(HKEY("current_view"), extract_int(buf, 6)));
553 JsonObjectAppend(jr, NewJsonNumber(HKEY("default_view"), extract_int(buf, 7)));
554 JsonObjectAppend(jr, NewJsonNumber(HKEY("mtime"), extract_int(buf, 8)));
556 JsonArrayAppend(j, jr); // add the room to the array
559 StrBuf *sj = NewStrBuf();
560 SerializeJson(sj, j, 1); // '1' == free the source array
562 add_response_header(h, strdup("Content-type"), strdup("application/json"));
563 h->response_code = 200;
564 h->response_string = strdup("OK");
565 h->response_body_length = StrLength(sj);
566 h->response_body = SmashStrBuf(&sj);
570 // Dispatcher for paths starting with /ctdl/r/
571 void ctdl_r(struct http_transaction *h, struct ctdlsession *c) {
572 char requested_roomname[128];
575 long room_flags2 = 0;
577 // All room-related functions require being "in" the room specified. Are we in that room already?
578 extract_token(requested_roomname, h->url, 3, '/', sizeof requested_roomname);
579 unescape_input(requested_roomname);
581 if (IsEmptyStr(requested_roomname)) { // /ctdl/r/
585 // If not, try to go there.
586 if (strcasecmp(requested_roomname, c->room)) {
587 ctdl_printf(c, "GOTO %s", requested_roomname);
588 ctdl_readline(c, buf, sizeof(buf));
590 // buf[3] will indicate whether any instant messages are waiting
591 extract_token(c->room, &buf[4], 0, '|', sizeof c->room);
592 c->new_messages = extract_int(&buf[4], 1);
593 c->total_messages = extract_int(&buf[4], 2);
594 // 3 (int)info Info flag: set to nonzero if the user needs to read this room's info file
595 room_flags = extract_long(&buf[4], 3); // Various flags associated with this room.
596 // 5 (long)CC->room.QRhighest The highest message number present in this room
597 c->last_seen = extract_long(&buf[4], 6); // The highest message number the user has read in this room
598 // 7 (int)rmailflag Boolean flag: 1 if this is a Mail> room, 0 otherwise.
599 c->is_room_aide = extract_int(&buf[4], 8);
600 // 9 (int)newmailcount The number of new Mail messages the user has
601 // 10 (int)CC->room.QRfloor The floor number this room resides on
602 c->room_current_view = extract_int(&buf[4], 11);
603 c->room_default_view = extract_int(&buf[4], 12);
604 // 13 (int)is_trash Boolean flag: 1 if this is the user's Trash folder, 0 otherwise.
605 room_flags2 = extract_long(&buf[4], 14); // More flags associated with this room.
606 // 15 (long)CC->room.QRmtime Timestamp of the last write activity in this room
608 // If any of these three conditions are met, let the client know it has permission to delete messages.
609 if ((c->is_room_aide) || (room_flags & QR_MAILBOX) || (room_flags2 & QR2_COLLABDEL)) {
610 c->can_delete_messages = 1;
613 c->can_delete_messages = 0;
621 // At this point our Citadel client session is "in" the specified room.
623 if (num_tokens(h->url, '/') == 4) { // /ctdl/r/roomname
624 the_room_itself(h, c);
628 extract_token(buf, h->url, 4, '/', sizeof buf);
629 if (num_tokens(h->url, '/') == 5) {
630 if (IsEmptyStr(buf)) {
631 the_room_itself(h, c); // /ctdl/r/roomname/ ( same as /ctdl/r/roomname )
634 object_in_room(h, c); // /ctdl/r/roomname/object
638 if (num_tokens(h->url, '/') == 6) {
639 object_in_room(h, c); // /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component
642 // If we get to this point, the client specified a valid room but requested an action we don't know how to perform.