1
2
3
4
5
6
7
8
9
10
11
...
178
179
180
181
182
183
184
185
186
187
188
189
190
191
...
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
...
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
...
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
...
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
...
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
|
-- vim: ft=terra
local util = lib.util
local secmode = lib.enum { 'public', 'private', 'lockdown', 'isolate' }
local pstring = lib.mem.ptr(int8)
local struct srv
local struct cfgcache {
secret: pstring
pol_sec: secmode.t
pol_reg: bool
pol_autoherald: bool
credmgd: bool
................................................................................
local usrdefs = {
str = {
['acl-follow' ] = {cfgfld = 'usrdef_pol_follow', fallback = 'local'};
['acl-follow-req'] = {cfgfld = 'usrdef_pol_follow_req', fallback = 'all'};
};
}
terra convo:usercfg_str(uid: uint64, setting: pstring): pstring
var set = self.srv:actor_conf_str_get(&self.srv.pool, uid, setting)
if not set then
[(function()
local q = quote return pstring.null() end
for key, dfl in pairs(usrdefs.str) do
................................................................................
if not lockdown then lockhdr = "" end
lib.net.mg_printf(self.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\n%sX-Content-Options: nosniff\r\n\r\n", mime.ct, mime.ptr, data.ct + 2, lockhdr)
lib.net.mg_send(self.con, data.ptr, data.ct)
lib.net.mg_send(self.con, '\r\n', 2)
end
terra convo:json(data: pstring)
self:bytestream_trusted(false, 'application/ld+json', data:blob())
end
terra convo:bytestream(mime: pstring, data: lib.mem.ptr(uint8))
-- TODO this is not a satisfactory solution; it's a bandaid on a gaping
-- chest wound. ultimately we need to compile a whitelist of safe mime
-- types as part of mimelib, but that is no small task. for now, this
-- will keep the patient from immediately bleeding out
................................................................................
p = p + lib.session.cookie_gen(self.srv.cfg.secret, aid, lib.osclock.time(nil), p)
lib.dbg('sending cookie ',{&sesskey[0],15})
p = lib.str.ncpy(p, '; Path=/', 9)
end
self:reroute_cookie(dest, &sesskey[0])
end
terra convo:complain(code: uint16, title: rawstring, msg: rawstring)
if msg == nil then msg = "i'm sorry, dave. i can't let you do that" end
var ti: lib.str.acc ti:compose('error :: ', title)
var bo: lib.str.acc bo:compose('<div class="message"><img class="icon" src="/s/warn.svg"><h1>',title,'</h1><p>',msg,'</p></div>')
var body = [convo.page] {
title = ti:finalize();
body = bo:finalize();
class = 'error';
cache = false;
}
self:statpage(code, body)
body.title:free()
body.body:free()
end
terra convo:confirm(title: pstring, msg: pstring, cancel: pstring)
var conf = data.view.confirm {
title = title;
query = msg;
cancel = cancel;
................................................................................
class = 'query';
body = body; cache = false;
}
self:stdpage(cf)
--cf.title:free()
end
terra convo:stra(sz: intptr) -- convenience function
var s: lib.str.acc
s:pool(&self.srv.pool,sz)
return s
end
convo.methods.qstr = macro(function(self, ...) -- convenience string builder
local exp = {...}
return `lib.str.acc{}:pcompose(&self.srv.pool, [exp]):finalize()
end)
convo.methods.assertpow = macro(function(self, pow)
return quote
var ok = true
if self.aid == 0 or self.who.rights.powers.[pow:asvalue()]() == false then
ok = false
self:complain(403,'insufficient privileges',['you lack the <strong>'..pow:asvalue()..'</strong> power and cannot perform this action'])
end
................................................................................
end
terra convo:pgetv(name: rawstring)
var s,l = self:getv(name)
return pstring { ptr = s, ct = l }
end
local route = {} -- these are defined in route.t, as they need access to renderers
terra route.dispatch_http :: {&convo, lib.mem.ptr(int8), lib.http.method.t} -> {}
local mimetypes = {
{'html', 'text/html'};
{'json', 'application/json'};
{'json', 'application/ld+json'};
{'json', 'application/activity+json'};
{'mkdown', 'text/markdown'};
{'text', 'text/plain'};
{'ansi', 'text/x-ansi'};
}
local mimevar = symbol(lib.mem.ref(int8))
local mimeneg = `lib.http.mime.none
for i, t in ipairs(mimetypes) do
local name, mime = t[1], t[2]
mimeneg = quote
................................................................................
end
bsr:free()
upmap:free()
end
end
end
route.dispatch_http(&co, uri, co.method)
::fail::
if co.uploads.run > 0 then
for i=0,co.uploads.sz do
co.uploads(i).filename:free()
co.uploads(i).field:free()
end
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
<
<
<
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
...
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
...
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
...
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
...
483
484
485
486
487
488
489
490
491
492
493
494
495
496
...
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
...
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
|
-- vim: ft=terra
local util = lib.util
local secmode = lib.enum { 'public', 'private', 'lockdown', 'isolate' }
local pstring = lib.mem.ptr(int8)
local mimetypes = {
{'html', 'text/html'};
{'json', 'application/json'};
{'json', 'application/activity+json'};
{'json', 'application/ld+json'};
{'mkdown', 'text/markdown'};
{'text', 'text/plain'};
{'ansi', 'text/x-ansi'};
}
local struct srv
local struct cfgcache {
secret: pstring
pol_sec: secmode.t
pol_reg: bool
pol_autoherald: bool
credmgd: bool
................................................................................
local usrdefs = {
str = {
['acl-follow' ] = {cfgfld = 'usrdef_pol_follow', fallback = 'local'};
['acl-follow-req'] = {cfgfld = 'usrdef_pol_follow_req', fallback = 'all'};
};
}
terra convo:matchmime(mime: lib.http.mime.t): bool
return self.reqtype == [lib.http.mime.none]
or self.reqtype == mime
end
terra convo:usercfg_str(uid: uint64, setting: pstring): pstring
var set = self.srv:actor_conf_str_get(&self.srv.pool, uid, setting)
if not set then
[(function()
local q = quote return pstring.null() end
for key, dfl in pairs(usrdefs.str) do
................................................................................
if not lockdown then lockhdr = "" end
lib.net.mg_printf(self.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\n%sX-Content-Options: nosniff\r\n\r\n", mime.ct, mime.ptr, data.ct + 2, lockhdr)
lib.net.mg_send(self.con, data.ptr, data.ct)
lib.net.mg_send(self.con, '\r\n', 2)
end
terra convo:json(data: pstring)
self:bytestream_trusted(false, 'application/activity+json; charset=utf-8', data:blob())
end
terra convo:bytestream(mime: pstring, data: lib.mem.ptr(uint8))
-- TODO this is not a satisfactory solution; it's a bandaid on a gaping
-- chest wound. ultimately we need to compile a whitelist of safe mime
-- types as part of mimelib, but that is no small task. for now, this
-- will keep the patient from immediately bleeding out
................................................................................
p = p + lib.session.cookie_gen(self.srv.cfg.secret, aid, lib.osclock.time(nil), p)
lib.dbg('sending cookie ',{&sesskey[0],15})
p = lib.str.ncpy(p, '; Path=/', 9)
end
self:reroute_cookie(dest, &sesskey[0])
end
terra convo:stra(sz: intptr) -- convenience function
var s: lib.str.acc
s:pool(&self.srv.pool,sz)
return s
end
convo.methods.qstr = macro(function(self, ...) -- convenience string builder
local exp = {...}
return `lib.str.acc{}:pcompose(&self.srv.pool, [exp]):finalize()
end)
terra convo:complain(code: uint16, title: rawstring, msg: rawstring)
if msg == nil then msg = "i'm sorry, dave. i can't let you do that" end
if self:matchmime(lib.http.mime.html) then
var body = [convo.page] {
title = self:qstr('error :: ', title);
body = self:qstr('<div class="message"><img class="icon" src="/s/warn.svg"><h1>',title,'</h1><p>',msg,'</p></div>');
class = 'error';
cache = false;
}
self:statpage(code, body)
else
var pg = lib.http.page { respcode = code, body = pstring.null() }
var ctt = lib.http.mime.none
if self:matchmime(lib.http.mime.json) then ctt = lib.http.mime.json
pg.body = ([lib.tpl.mk'{"_parsav_error":@$ekind, "_parsav_error_desc":@$edesc}']
{ekind = title, edesc = msg}):poolstr(&self.srv.pool)
elseif self:matchmime(lib.http.mime.text) then ctt = lib.http.mime.text
pg.body = self:qstr('error: ',title,'\n',msg)
elseif self:matchmime(lib.http.mime.mkdown) then ctt = lib.http.mime.mkdown
pg.body = self:qstr('# error :: ',title,'\n\n',msg)
elseif self:matchmime(lib.http.mime.ansi) then ctt = lib.http.mime.ansi
pg.body = self:qstr('\27[1;31merror :: ',title,'\27[m\n',msg)
end
var cthdr = lib.http.header { 'Content-Type', 'text/plain' }
if ctt == lib.http.mime.none then
pg.headers.ct = 0
else
pg.headers = lib.typeof(pg.headers) { &cthdr, 1 }
switch ctt do
case [ctt.type](lib.http.mime.json) then
cthdr.value = 'application/json'
end
escape
for i,v in ipairs(mimetypes) do local key,mime = v[1],v[2]
if key ~= 'json' then
emit quote case [ctt.type](lib.http.mime.[key]) then cthdr.value = [mime] end end
end
end
end
end
end
pg:send(self.con)
end
end
terra convo:fail(code: uint16)
switch code do
escape
local stderrors = {
{400, 'bad request', "the action you have attempted on this resource is not meaningful"};
{401, 'unauthorized', "this resource is not available at your clearance level"};
{403, 'forbidden', "we can neither confirm nor deny the existence of this resource"};
{404, 'resource not found', "that resource is not extant on or known to this server"};
{405, 'method not allowed', "the method you have attempted on this resource is not meaningful"};
{406, 'not acceptable', "none of the suggested content types are a viable representation of this resource"};
{500, 'internal server error', "parsav did a fucksy wucksy"};
}
for i,v in ipairs(stderrors) do
emit quote case uint16([v[1]]) then
self:complain([v])
end end
end
end
else self:complain(500,'unknown error','an unrecognized error was thrown. this is a bug')
end
end
terra convo:confirm(title: pstring, msg: pstring, cancel: pstring)
var conf = data.view.confirm {
title = title;
query = msg;
cancel = cancel;
................................................................................
class = 'query';
body = body; cache = false;
}
self:stdpage(cf)
--cf.title:free()
end
convo.methods.assertpow = macro(function(self, pow)
return quote
var ok = true
if self.aid == 0 or self.who.rights.powers.[pow:asvalue()]() == false then
ok = false
self:complain(403,'insufficient privileges',['you lack the <strong>'..pow:asvalue()..'</strong> power and cannot perform this action'])
end
................................................................................
end
terra convo:pgetv(name: rawstring)
var s,l = self:getv(name)
return pstring { ptr = s, ct = l }
end
local route = {} -- these are defined in route.t, as they need access to renderers
terra route.dispatch_http :: {&convo, lib.mem.ptr(int8)} -> {}
local mimevar = symbol(lib.mem.ref(int8))
local mimeneg = `lib.http.mime.none
for i, t in ipairs(mimetypes) do
local name, mime = t[1], t[2]
mimeneg = quote
................................................................................
end
bsr:free()
upmap:free()
end
end
end
route.dispatch_http(&co, uri)
::fail::
if co.uploads.run > 0 then
for i=0,co.uploads.sz do
co.uploads(i).filename:free()
co.uploads(i).field:free()
end
|