4 // Copyright (c) 1996-2021 by the citadel.org team
6 // This program is open source software. It runs great on the
7 // Linux operating system (and probably elsewhere). You can use,
8 // copy, and run it under the terms of the GNU General Public
11 // This program is distributed in the hope that it will be useful,
12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 // GNU General Public License for more details.
19 // Return a "zero-terminated" array of message numbers in the current room.
20 // Caller owns the memory and must free it. Returns NULL if any problems.
21 long *get_msglist(struct ctdlsession *c, char *which_msgs) {
27 ctdl_printf(c, "MSGS %s", which_msgs);
28 ctdl_readline(c, buf, sizeof(buf));
31 if (num_msgs >= num_alloc) {
34 msglist = malloc(num_alloc * sizeof(long));
37 msglist = realloc(msglist, num_alloc * sizeof(long));
40 ctdl_readline(c, buf, sizeof(buf));
41 msglist[num_msgs++] = atol(buf);
42 } while (strcmp(buf, "000")); // this makes the last element a "0" terminator
48 // Supplied with a list of potential matches from an If-Match: or If-None-Match: header, and
49 // a message number (which we always use as the entity tag in Citadel), return nonzero if the
50 // message number matches any of the supplied tags in the string.
51 int match_etags(char *taglist, long msgnum) {
52 int num_tags = num_tokens(taglist, ',');
56 if (msgnum <= 0) { // no msgnum? no match.
60 for (i = 0; i < num_tags; ++i) {
61 extract_token(tag, taglist, i, ',', sizeof tag);
63 char *lq = (strchr(tag, '"'));
64 char *rq = (strrchr(tag, '"'));
65 if (lq < rq) { // has two double quotes
70 if (!strcmp(tag, "*")) { // wildcard match
73 long tagmsgnum = atol(tag);
74 if ((tagmsgnum > 0) && (tagmsgnum == msgnum)) { // match
79 return (0); // no match
83 // Client is requesting a message list
84 void json_msglist(struct http_transaction *h, struct ctdlsession *c, char *which) {
86 long *msglist = get_msglist(c, which);
87 JsonValue *j = NewJsonArray(HKEY("msgs"));
89 if (msglist != NULL) {
90 for (i = 0; msglist[i] > 0; ++i) {
91 JsonArrayAppend(j, NewJsonNumber(HKEY("m"), msglist[i]));
96 StrBuf *sj = NewStrBuf();
97 SerializeJson(sj, j, 1); // '1' == free the source array
99 add_response_header(h, strdup("Content-type"), strdup("application/json"));
100 h->response_code = 200;
101 h->response_string = strdup("OK");
102 h->response_body_length = StrLength(sj);
103 h->response_body = SmashStrBuf(&sj);
108 // Client requested an object in a room.
109 void object_in_room(struct http_transaction *h, struct ctdlsession *c) {
112 char unescaped_euid[1024];
114 extract_token(buf, h->uri, 4, '/', sizeof buf);
116 if (!strncasecmp(buf, "msgs.", 5)) { // Client is requesting a list of message numbers
117 unescape_input(&buf[5]);
118 json_msglist(h, c, &buf[5]);
122 if (!strncasecmp(buf, "threads", 5)) { // Client is requesting a threaded view (still kind of fuzzy here)
123 threaded_view(h, c, &buf[5]);
127 if (!strncasecmp(buf, "flat", 5)) { // Client is requesting a flat view (still kind of fuzzy here)
128 flat_view(h, c, &buf[5]);
133 if ((c->room_default_view == VIEW_CALENDAR) // room types where objects are referenced by EUID
134 || (c->room_default_view == VIEW_TASKS)
135 || (c->room_default_view == VIEW_ADDRESSBOOK)
137 safestrncpy(unescaped_euid, buf, sizeof unescaped_euid);
138 unescape_input(unescaped_euid);
139 msgnum = locate_message_by_uid(c, unescaped_euid);
145 // All methods except PUT require the message to already exist
146 if ((msgnum <= 0) && (strcasecmp(h->method, "PUT"))) {
150 // If we get to this point we have a valid message number in an accessible room.
151 syslog(LOG_DEBUG, "msgnum is %ld, method is %s", msgnum, h->method);
153 // A sixth component in the URL can be one of two things:
154 // (1) a MIME part specifier, in which case the client wants to download that component within the message
155 // (2) a content-type, in which ase the client wants us to try to render it a certain way
156 if (num_tokens(h->uri, '/') == 6) {
157 extract_token(buf, h->uri, 5, '/', sizeof buf);
158 if (!IsEmptyStr(buf)) {
159 if (!strcasecmp(buf, "json")) {
160 json_render_one_message(h, c, msgnum);
162 download_mime_component(h, c, msgnum, buf);
168 // Ok, we want a full message, but first let's check for the if[-none]-match headers.
169 char *if_match = header_val(h, "If-Match");
170 if ((if_match != NULL) && (!match_etags(if_match, msgnum))) {
175 char *if_none_match = header_val(h, "If-None-Match");
176 if ((if_none_match != NULL) && (match_etags(if_none_match, msgnum))) {
183 if (!strcasecmp(h->method, "DELETE")) {
184 dav_delete_message(h, c, msgnum);
186 else if (!strcasecmp(h->method, "GET")) {
187 dav_get_message(h, c, msgnum);
189 else if (!strcasecmp(h->method, "PUT")) {
190 dav_put_message(h, c, unescaped_euid, msgnum);
193 do_404(h); // Got this far but the method made no sense? Bummer.
199 // Called by the_room_itself() when the HTTP method is REPORT
200 void report_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
201 if (c->room_default_view == VIEW_CALENDAR) {
202 caldav_report(h, c); // CalDAV REPORTs ... fmgwac
206 do_404(h); // future implementations like CardDAV will require code paths here
210 // Called by the_room_itself() when the HTTP method is OPTIONS
211 void options_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
212 h->response_code = 200;
213 h->response_string = strdup("OK");
214 if (c->room_default_view == VIEW_CALENDAR) {
215 add_response_header(h, strdup("DAV"), strdup("1, calendar-access")); // offer CalDAV
217 else if (c->room_default_view == VIEW_ADDRESSBOOK) {
218 add_response_header(h, strdup("DAV"), strdup("1, addressbook")); // offer CardDAV
221 add_response_header(h, strdup("DAV"), strdup("1")); // ordinary WebDAV for all other room types
223 add_response_header(h, strdup("Allow"), strdup("OPTIONS, PROPFIND, GET, PUT, REPORT, DELETE"));
227 // Called by the_room_itself() when the HTTP method is PROPFIND
228 void propfind_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
231 int dav_depth = (header_val(h, "Depth") ? atoi(header_val(h, "Depth")) : INT_MAX);
232 syslog(LOG_DEBUG, "Client PROPFIND requested depth: %d", dav_depth);
233 StrBuf *Buf = NewStrBuf();
235 StrBufAppendPrintf(Buf, "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
236 "<D:multistatus " "xmlns:D=\"DAV:\" " "xmlns:C=\"urn:ietf:params:xml:ns:caldav\"" ">");
238 // Transmit the collection resource
239 StrBufAppendPrintf(Buf, "<D:response>");
240 StrBufAppendPrintf(Buf, "<D:href>");
241 StrBufXMLEscAppend(Buf, NULL, h->site_prefix, strlen(h->site_prefix), 0);
242 StrBufAppendPrintf(Buf, "/ctdl/r/");
243 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
244 StrBufAppendPrintf(Buf, "</D:href>");
246 StrBufAppendPrintf(Buf, "<D:propstat>");
247 StrBufAppendPrintf(Buf, "<D:status>HTTP/1.1 200 OK</D:status>");
248 StrBufAppendPrintf(Buf, "<D:prop>");
249 StrBufAppendPrintf(Buf, "<D:displayname>");
250 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
251 StrBufAppendPrintf(Buf, "</D:displayname>");
253 StrBufAppendPrintf(Buf, "<D:owner />"); // empty owner ought to be legal; see rfc3744 section 5.1
255 StrBufAppendPrintf(Buf, "<D:resourcetype><D:collection />");
256 switch (c->room_default_view) {
258 StrBufAppendPrintf(Buf, "<C:calendar />"); // RFC4791 section 4.2
261 StrBufAppendPrintf(Buf, "</D:resourcetype>");
263 int enumerate_by_euid = 0; // nonzero if messages will be retrieved by euid instead of msgnum
264 switch (c->room_default_view) {
265 case VIEW_CALENDAR: // RFC4791 section 5.2
266 StrBufAppendPrintf(Buf, "<C:supported-calendar-component-set><C:comp name=\"VEVENT\"/></C:supported-calendar-component-set>");
267 StrBufAppendPrintf(Buf, "<C:supported-calendar-data>");
268 StrBufAppendPrintf(Buf, "<C:calendar-data content-type=\"text/calendar\" version=\"2.0\"/>");
269 StrBufAppendPrintf(Buf, "</C:supported-calendar-data>");
270 enumerate_by_euid = 1;
272 case VIEW_TASKS: // RFC4791 section 5.2
273 StrBufAppendPrintf(Buf, "<C:supported-calendar-component-set><C:comp name=\"VTODO\"/></C:supported-calendar-component-set>");
274 StrBufAppendPrintf(Buf, "<C:supported-calendar-data>");
275 StrBufAppendPrintf(Buf, "<C:calendar-data content-type=\"text/calendar\" version=\"2.0\"/>");
276 StrBufAppendPrintf(Buf, "</C:supported-calendar-data>");
277 enumerate_by_euid = 1;
279 case VIEW_ADDRESSBOOK: // FIXME put some sort of CardDAV crapola here when we implement it
280 enumerate_by_euid = 1;
282 case VIEW_WIKI: // FIXME invent "WikiDAV" ?
283 enumerate_by_euid = 1;
287 // FIXME get the mtime
288 // StrBufAppendPrintf(Buf, "<D:getlastmodified>");
289 // escputs(datestring);
290 // StrBufAppendPrintf(Buf, "</D:getlastmodified>");
292 StrBufAppendPrintf(Buf, "</D:prop>");
293 StrBufAppendPrintf(Buf, "</D:propstat>");
294 StrBufAppendPrintf(Buf, "</D:response>\n");
296 // If a depth greater than zero was specified, transmit the collection listing
299 long *msglist = get_msglist(c, "ALL");
302 for (i = 0; (msglist[i] > 0); ++i) {
304 syslog(LOG_DEBUG, "PROPFIND enumerated %d messages", i);
305 e = NULL; // EUID gets stored here
309 ctdl_printf(c, "MSG0 %ld|3", msglist[i]);
310 ctdl_readline(c, cbuf, sizeof(cbuf));
312 while (ctdl_readline(c, cbuf, sizeof(cbuf)), strcmp(cbuf, "000")) {
313 if ((enumerate_by_euid) && (!strncasecmp(cbuf, "exti=", 5))) {
314 // e = strdup(&cbuf[5]);
315 int elen = (2 * strlen(&cbuf[5]));
317 urlesc(e, elen, &cbuf[5]);
319 if (!strncasecmp(cbuf, "time=", 5)) {
320 timestamp = atol(&cbuf[5]);
325 sprintf(e, "%ld", msglist[i]);
327 StrBufAppendPrintf(Buf, "<D:response>");
329 // Generate the 'href' tag for this message
330 StrBufAppendPrintf(Buf, "<D:href>");
331 StrBufXMLEscAppend(Buf, NULL, h->site_prefix, strlen(h->site_prefix), 0);
332 StrBufAppendPrintf(Buf, "/ctdl/r/");
333 StrBufXMLEscAppend(Buf, NULL, c->room, strlen(c->room), 0);
334 StrBufAppendPrintf(Buf, "/");
335 StrBufXMLEscAppend(Buf, NULL, e, strlen(e), 0);
336 StrBufAppendPrintf(Buf, "</D:href>");
337 StrBufAppendPrintf(Buf, "<D:propstat>");
338 StrBufAppendPrintf(Buf, "<D:status>HTTP/1.1 200 OK</D:status>");
339 StrBufAppendPrintf(Buf, "<D:prop>");
341 switch (c->room_default_view) {
343 StrBufAppendPrintf(Buf,
344 "<D:getcontenttype>text/calendar; component=vevent</D:getcontenttype>");
347 StrBufAppendPrintf(Buf,
348 "<D:getcontenttype>text/calendar; component=vtodo</D:getcontenttype>");
350 case VIEW_ADDRESSBOOK:
351 StrBufAppendPrintf(Buf, "<D:getcontenttype>text/x-vcard</D:getcontenttype>");
356 char *datestring = http_datestring(timestamp);
358 StrBufAppendPrintf(Buf, "<D:getlastmodified>");
359 StrBufXMLEscAppend(Buf, NULL, datestring, strlen(datestring), 0);
360 StrBufAppendPrintf(Buf, "</D:getlastmodified>");
363 if (enumerate_by_euid) // FIXME ajc 2017oct30 should this be inside the timestamp conditional?
365 StrBufAppendPrintf(Buf, "<D:getetag>\"%ld\"</D:getetag>", msglist[i]);
368 StrBufAppendPrintf(Buf, "</D:prop></D:propstat></D:response>\n");
376 StrBufAppendPrintf(Buf, "</D:multistatus>\n");
378 add_response_header(h, strdup("Content-type"), strdup("text/xml"));
379 h->response_code = 207;
380 h->response_string = strdup("Multi-Status");
381 h->response_body_length = StrLength(Buf);
382 h->response_body = SmashStrBuf(&Buf);
385 // some good examples here
386 // http://blogs.nologin.es/rickyepoderi/index.php?/archives/14-Introducing-CalDAV-Part-I.html
389 // Called by the_room_itself() when the HTTP method is PROPFIND
390 void get_the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
391 JsonValue *j = NewJsonObject(HKEY("gotoroom"));
393 JsonObjectAppend(j, NewJsonPlainString(HKEY("name"), c->room, -1));
394 JsonObjectAppend(j, NewJsonNumber(HKEY("current_view"), c->room_current_view));
395 JsonObjectAppend(j, NewJsonNumber(HKEY("default_view"), c->room_default_view));
396 JsonObjectAppend(j, NewJsonNumber(HKEY("new_messages"), c->new_messages));
397 JsonObjectAppend(j, NewJsonNumber(HKEY("total_messages"), c->total_messages));
398 JsonObjectAppend(j, NewJsonNumber(HKEY("last_seen"), c->last_seen));
400 StrBuf *sj = NewStrBuf();
401 SerializeJson(sj, j, 1); // '1' == free the source array
403 add_response_header(h, strdup("Content-type"), strdup("application/json"));
404 h->response_code = 200;
405 h->response_string = strdup("OK");
406 h->response_body_length = StrLength(sj);
407 h->response_body = SmashStrBuf(&sj);
412 // Handle REST/DAV requests for the room itself (such as /ctdl/r/roomname
413 // or /ctdl/r/roomname/ but *not* specific objects within the room)
414 void the_room_itself(struct http_transaction *h, struct ctdlsession *c) {
416 // OPTIONS method on the room itself usually is a DAV client assessing what's here.
417 if (!strcasecmp(h->method, "OPTIONS")) {
418 options_the_room_itself(h, c);
422 // PROPFIND method on the room itself could be looking for a directory
423 if (!strcasecmp(h->method, "PROPFIND")) {
424 propfind_the_room_itself(h, c);
428 // REPORT method on the room itself is probably the dreaded CalDAV tower-of-crapola
429 if (!strcasecmp(h->method, "REPORT")) {
430 report_the_room_itself(h, c);
434 // GET method on the room itself is an API call, possibly from our JavaScript front end
435 if (!strcasecmp(h->method, "get")) {
436 get_the_room_itself(h, c);
440 // we probably want a "go to this room" for interactive access
445 // Dispatcher for "/ctdl/r" and "/ctdl/r/" for the room list
446 void room_list(struct http_transaction *h, struct ctdlsession *c) {
450 ctdl_printf(c, "LKRA");
451 ctdl_readline(c, buf, sizeof(buf));
457 JsonValue *j = NewJsonArray(HKEY("lkra"));
458 while (ctdl_readline(c, buf, sizeof(buf)), strcmp(buf, "000")) {
460 // name|QRflags|QRfloor|QRorder|QRflags2|ra|current_view|default_view|mtime
461 JsonValue *jr = NewJsonObject(HKEY("room"));
463 extract_token(roomname, buf, 0, '|', sizeof roomname);
464 JsonObjectAppend(jr, NewJsonPlainString(HKEY("name"), roomname, -1));
466 int ra = extract_int(buf, 5);
467 JsonObjectAppend(jr, NewJsonBool(HKEY("known"), (ra & UA_KNOWN)));
468 JsonObjectAppend(jr, NewJsonBool(HKEY("hasnewmsgs"), (ra & UA_HASNEWMSGS)));
470 int floor = extract_int(buf, 2);
471 JsonObjectAppend(jr, NewJsonNumber(HKEY("floor"), floor));
473 int rorder = extract_int(buf, 3);
474 JsonObjectAppend(jr, NewJsonNumber(HKEY("rorder"), rorder));
476 JsonArrayAppend(j, jr); // add the room to the array
479 StrBuf *sj = NewStrBuf();
480 SerializeJson(sj, j, 1); // '1' == free the source array
482 add_response_header(h, strdup("Content-type"), strdup("application/json"));
483 h->response_code = 200;
484 h->response_string = strdup("OK");
485 h->response_body_length = StrLength(sj);
486 h->response_body = SmashStrBuf(&sj);
490 // Dispatcher for paths starting with /ctdl/r/
491 void ctdl_r(struct http_transaction *h, struct ctdlsession *c) {
492 char requested_roomname[128];
495 // All room-related functions require being "in" the room specified. Are we in that room already?
496 extract_token(requested_roomname, h->uri, 3, '/', sizeof requested_roomname);
497 unescape_input(requested_roomname);
499 if (IsEmptyStr(requested_roomname)) // /ctdl/r/
504 // If not, try to go there.
505 if (strcasecmp(requested_roomname, c->room)) {
506 ctdl_printf(c, "GOTO %s", requested_roomname);
507 ctdl_readline(c, buf, sizeof(buf));
509 // buf[3] will indicate whether any instant messages are waiting
510 extract_token(c->room, &buf[4], 0, '|', sizeof c->room);
511 c->new_messages = extract_int(&buf[4], 1);
512 c->total_messages = extract_int(&buf[4], 2);
513 // 3 (int)info Info flag: set to nonzero if the user needs to read this room's info file
514 // 4 (int)CCC->room.QRflags Various flags associated with this room.
515 // 5 (long)CCC->room.QRhighest The highest message number present in this room
516 c->last_seen = extract_long(&buf[4], 6); // The highest message number the user has read in this room
517 // 7 (int)rmailflag Boolean flag: 1 if this is a Mail> room, 0 otherwise.
518 // 8 (int)raideflag Nonzero if user is either Aide or a Room Aide in this room
519 // 9 (int)newmailcount The number of new Mail messages the user has
520 // 10 (int)CCC->room.QRfloor The floor number this room resides on
521 c->room_current_view = extract_int(&buf[4], 11);
522 c->room_default_view = extract_int(&buf[4], 12);
523 // 13 (int)is_trash Boolean flag: 1 if this is the user's Trash folder, 0 otherwise.
524 // 14 (int)CCC->room.QRflags2 More flags associated with this room
525 // 15 (long)CCC->room.QRmtime Timestamp of the last write activity in this room
531 // At this point our Citadel client session is "in" the specified room.
533 if (num_tokens(h->uri, '/') == 4) // /ctdl/r/roomname
535 the_room_itself(h, c);
539 extract_token(buf, h->uri, 4, '/', sizeof buf);
540 if (num_tokens(h->uri, '/') == 5) {
541 if (IsEmptyStr(buf)) {
542 the_room_itself(h, c); // /ctdl/r/roomname/ ( same as /ctdl/r/roomname )
544 object_in_room(h, c); // /ctdl/r/roomname/object
548 if (num_tokens(h->uri, '/') == 6) {
549 object_in_room(h, c); // /ctdl/r/roomname/object/ or possibly /ctdl/r/roomname/object/component
552 // If we get to this point, the client specified a valid room but requested an action we don't know how to perform.