/* * Copyright 2023, Vincent Douillet * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * 3. Neither the name of the copyright holder nor the names of its contributors * may be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include "browse.h" #include "cgi.h" #include "config.h" #include "delete.h" #include "download.h" #include "http.h" #include "upload.h" enum page { PAGE_BROWSE, PAGE_DOWNLOAD, PAGE_UPLOAD, PAGE_DELETE, PAGE__MAX }; static const char *const pages[PAGE__MAX] = { BROWSE_URL, DOWNLOAD_URL, UPLOAD_URL, DELETE_URL, }; int main(void) { char *data_dir; enum kcgi_err parse_err; struct kreq r; struct http_ret ret; if (kutil_openlog(LOG_FILE) == 0) http_exit(NULL, KHTTP_500, "Unable to open %s", LOG_FILE); parse_err = khttp_parse(&r, NULL, 0, pages, PAGE__MAX, PAGE_BROWSE); if (parse_err != KCGI_OK) http_exit(NULL, KHTTP_500, "Unable to parse request: %s", kcgi_strerror(parse_err)); data_dir = config_data_dir(); if (data_dir == NULL) http_exit(NULL, KHTTP_500, "Data dir not configured"); /* A bit of security cannot hurt */ if (-1 == unveil(data_dir, "rwc") || -1 == unveil(TEMPLATE_DIR, "r") || -1 == unveil(NULL, NULL)) http_exit(&r, KHTTP_500, "Unveil failed: %s", strerror(errno)); if (-1 == pledge("stdio rpath wpath cpath", NULL)) http_exit(&r, KHTTP_500, "Pledge failed: %s", strerror(errno)); /* * Make sure basic request parameters are as expected : GET or POST, * valid page and HTML document */ if (r.method != KMETHOD_GET && r.method != KMETHOD_POST) http_exit(&r, KHTTP_405, NULL); if (r.page == PAGE__MAX) http_exit(&r, KHTTP_404, NULL); switch (r.page) { case PAGE_BROWSE: if (r.mime != KMIME_TEXT_HTML) http_exit(&r, KHTTP_406, NULL); /* Not Acceptable */ ret = browse(&r); break; case PAGE_DOWNLOAD: ret = download(&r); break; case PAGE_UPLOAD: ret = upload(&r); break; case PAGE_DELETE: ret = del(&r); break; default: http_exit(&r, KHTTP_404, NULL); } khttp_free(&r); if (ret.code >= KHTTP_400) http_exit(&r, ret.code, ret.message); return EXIT_SUCCESS; }