282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
...
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
...
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
...
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
...
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
...
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
|
elseif path.ct == 1 then
lib.render.docpage(co, rstring.null())
else
co:complain(404, 'no such documentation', 'invalid documentation URL')
end
end
terra http.tweet_page(co: &lib.srv.convo, path: hpath, meth: method.t)
var pid, ok = lib.math.shorthand.parse(path(1).ptr, path(1).ct)
if not ok then
co:complain(400, 'bad post ID', 'that post ID is not valid')
return
end
var post = co.srv:post_fetch(pid)
var rt: lib.store.notice
................................................................................
end
defer post:free() -- NOP on null
if path.ct == 3 then
var lnk: lib.str.acc lnk:compose('/post/', path(1))
var lnkp = lnk:finalize() defer lnkp:free()
if post:ref() and path(2):cmp(lib.str.lit 'snitch') then
if meth_get(meth) then
var ui = data.view.report {
badtweet = lib.render.tweet(co, post.ptr, nil);
clnk = lnkp;
}
co:stdpage([lib.srv.convo.page] {
title = 'post :: report';
................................................................................
end
return
elseif post:ref() and post(0).author ~= co.who.id then
co:complain(403, 'forbidden', 'you cannot alter other people\'s posts')
return
elseif post:ref() and path(2):cmp(lib.str.lit 'edit') then
if not co:assertpow('edit') then return end
if meth_get(meth) then
lib.render.compose(co, post.ptr, nil)
return
elseif meth == method.post then
var newbody = co:postv('post')._0
var newacl = co:postv('acl')._0
var newsubj = co:postv('subject')._0
if newbody ~= nil then post(0).body = newbody end
if newacl ~= nil then post(0).acl = newacl end
if newsubj ~= nil then post(0).subject = newsubj end
post(0):save(true)
co:reroute(lnkp.ptr)
end
return
elseif path(2):cmp(lib.str.lit 'del') then
if meth_get(meth) then
var conf: data.view.confirm
if post:ref() then
conf = data.view.confirm {
title = 'delete post';
query = 'are you sure you want to delete this post?';
cancel = lnkp
}
else
conf = data.view.confirm {
title = 'cancel retweet';
query = 'are you sure you want to undo this retweet?';
cancel = '/';
}
end
var body = conf:poolstr(&co.srv.pool) --defer body:free()
co:stdpage([lib.srv.convo.page] {
title = 'post :: delete';
class = 'query';
body = body; cache = false;
})
return
elseif meth == method.post then
var act = co:ppostv('act')
if act:cmp('confirm') then
if post:ref() then
post().source:post_destroy(post().id)
elseif rt.kind ~= 0 then
co.srv:post_act_cancel(pid)
end
................................................................................
co:reroute('/') -- TODO maybe return to parent or conversation if possible
return
else goto badop end
end
else goto badurl end
end
if post:ref() and meth == method.post then
if co.aid == 0 then goto noauth end
var act = co:ppostv('act')
if act:cmp( 'like') and not co.srv:post_liked_uid(co.who.id,pid) then
co.srv:post_like(co.who.id, pid, false)
post.ptr.likes = post.ptr.likes + 1
elseif act:cmp( 'dislike') and co.srv:post_liked_uid(co.who.id,pid) then
co.srv:post_like(co.who.id, pid, true)
post.ptr.likes = post.ptr.likes - 1
elseif act:cmp( 'rt') then
co.srv:post_retweet(co.who.id, pid, false)
post.ptr.rts = post.ptr.rts + 1
elseif act:cmp( 'post') then
var replytext = co:ppostv('post')
var acl = co:ppostv('acl')
var subj = co:ppostv('subject')
if not acl then acl = 'all' end
if not replytext then goto badop end
var reply = lib.store.post {
author = co.who.id, parent = pid;
subject = subj.ptr, acl = acl.ptr, body = replytext.ptr;
}
reply:publish(co.srv)
else goto badop end
end
if not post then goto badurl end
lib.render.tweet_page(co, path, post.ptr)
do return end
::noauth:: do co:fail(401) return end
::badurl:: do co:fail(404) return end
::badop :: do co:fail(405) return end
end
local terra
credsec_for_uid(co: &lib.srv.convo, uid: uint64)
var act = co:ppostv('act')
if not act then return true end
lib.dbg('handling credential action')
................................................................................
var fr = co.srv.pool:frame()
var hmac = lib.crypt.hmacp(&co.srv.pool, lib.crypt.alg.sha256, co.srv.cfg.secret:blob(), nonce)
if not lib.math.truncate64(hmac.ptr, hmac.ct) == noncevld then
co:complain(403,'nice try','what exactly are you trying to accomplish here, buddy')
return false
end
var pkres = lib.crypt.loadpub(rsapub.ptr,rsapub.ct+1) -- needs NUL
if not pkres.ok then
co:complain(400,'invalid key','the key you have supplied is not a valid PEM or DER file')
return false
end
var pk = pkres.val
defer pk:free()
................................................................................
else co:reroute_cookie('/','auth=; Path=/')
end
else -- hierarchical routes
var path = lib.http.hier(&co.srv.pool, uri) --defer path:free()
if path.ct > 1 and path(0):cmp('user') then
http.actor_profile_uid(co, path)
elseif path.ct > 1 and path(0):cmp('post') then
http.tweet_page(co, path, meth)
elseif path(0):cmp('tl') then
http.timeline(co, path)
elseif path(0):cmp('.well-known') then
if path(1):cmp('webfinger') then
if not co:matchmime(lib.http.mime.json) then goto nacc end
lib.api.webfinger(co)
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>
|
>
>
>
>
|
|
|
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
...
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
...
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
...
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
...
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
...
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
|
elseif path.ct == 1 then
lib.render.docpage(co, rstring.null())
else
co:complain(404, 'no such documentation', 'invalid documentation URL')
end
end
terra http.tweet_page(co: &lib.srv.convo, path: hpath)
var pid, ok = lib.math.shorthand.parse(path(1).ptr, path(1).ct)
if not ok then
co:complain(400, 'bad post ID', 'that post ID is not valid')
return
end
var post = co.srv:post_fetch(pid)
var rt: lib.store.notice
................................................................................
end
defer post:free() -- NOP on null
if path.ct == 3 then
var lnk: lib.str.acc lnk:compose('/post/', path(1))
var lnkp = lnk:finalize() defer lnkp:free()
if post:ref() and path(2):cmp(lib.str.lit 'snitch') then
if meth_get(co.method) then
var ui = data.view.report {
badtweet = lib.render.tweet(co, post.ptr, nil);
clnk = lnkp;
}
co:stdpage([lib.srv.convo.page] {
title = 'post :: report';
................................................................................
end
return
elseif post:ref() and post(0).author ~= co.who.id then
co:complain(403, 'forbidden', 'you cannot alter other people\'s posts')
return
elseif post:ref() and path(2):cmp(lib.str.lit 'edit') then
if not co:assertpow('edit') then return end
if meth_get(co.method) then
lib.render.compose(co, post.ptr, nil)
return
elseif co.method == method.post then
var newbody = co:postv('post')._0
var newacl = co:postv('acl')._0
var newsubj = co:postv('subject')._0
if newbody ~= nil then post(0).body = newbody end
if newacl ~= nil then post(0).acl = newacl end
if newsubj ~= nil then post(0).subject = newsubj end
post(0):save(true)
co:reroute(lnkp.ptr)
end
return
elseif path(2):cmp(lib.str.lit 'del') then
if meth_get(co.method) then
var conf: data.view.confirm
if post:ref() then
conf = data.view.confirm {
title = 'delete post';
query = 'are you sure you want to delete this post?';
cancel = lnkp
}
else
conf = data.view.confirm {
title = 'cancel retweet';
query = 'are you sure you want to undo this retweet?';
cancel = '/';
}
end
var body = conf:poolstr(&co.srv.pool) --defer body:free()
co:stdpage([lib.srv.convo.page] {
title = 'post :: delete';
class = 'query';
body = body; cache = false;
})
return
elseif co.method == method.post then
var act = co:ppostv('act')
if act:cmp('confirm') then
if post:ref() then
post().source:post_destroy(post().id)
elseif rt.kind ~= 0 then
co.srv:post_act_cancel(pid)
end
................................................................................
co:reroute('/') -- TODO maybe return to parent or conversation if possible
return
else goto badop end
end
else goto badurl end
end
if post:ref() and co.method == method.post then
if co.aid == 0 then goto noauth end
var act = co:ppostv('act')
if act:cmp('like') and not co.srv:post_liked_uid(co.who.id,pid) then
co.srv:post_like(co.who.id, pid, false)
post.ptr.likes = post.ptr.likes + 1
elseif act:cmp('dislike') and co.srv:post_liked_uid(co.who.id,pid) then
co.srv:post_like(co.who.id, pid, true)
post.ptr.likes = post.ptr.likes - 1
elseif act:cmp('rt') then
co.srv:post_retweet(co.who.id, pid, false)
post.ptr.rts = post.ptr.rts + 1
elseif act:cmp('post') then
var replytext = co:ppostv('post')
var acl = co:ppostv('acl')
var subj = co:ppostv('subject')
if not acl then acl = 'all' end
if not replytext then goto badop end
var reply = lib.store.post {
author = co.who.id, parent = pid;
subject = subj.ptr, acl = acl.ptr, body = replytext.ptr;
}
reply:publish(co.srv)
else goto badop end
end
if not post then goto badurl end
if co:matchmime(lib.http.mime.html) then
lib.render.tweet_page(co, path, post.ptr)
elseif co:matchmime(lib.http.mime.json) then
co:json(lib.api.lp.tweet(co, post.ptr, false))
else goto notacc end
do return end
::noauth:: do co:fail(401) return end
::badurl:: do co:fail(404) return end
::badop :: do co:fail(405) return end
::notacc:: do co:fail(406) return end
end
local terra
credsec_for_uid(co: &lib.srv.convo, uid: uint64)
var act = co:ppostv('act')
if not act then return true end
lib.dbg('handling credential action')
................................................................................
var fr = co.srv.pool:frame()
var hmac = lib.crypt.hmacp(&co.srv.pool, lib.crypt.alg.sha256, co.srv.cfg.secret:blob(), nonce)
if not lib.math.truncate64(hmac.ptr, hmac.ct) == noncevld then
co:complain(403,'nice try','what exactly are you trying to accomplish here, buddy')
return false
end
var pkres = lib.crypt.loadpub(binblob{rsapub.ptr,rsapub.ct+1}) -- needs NUL
if not pkres.ok then
co:complain(400,'invalid key','the key you have supplied is not a valid PEM or DER file')
return false
end
var pk = pkres.val
defer pk:free()
................................................................................
else co:reroute_cookie('/','auth=; Path=/')
end
else -- hierarchical routes
var path = lib.http.hier(&co.srv.pool, uri) --defer path:free()
if path.ct > 1 and path(0):cmp('user') then
http.actor_profile_uid(co, path)
elseif path.ct > 1 and path(0):cmp('post') then
http.tweet_page(co, path)
elseif path(0):cmp('tl') then
http.timeline(co, path)
elseif path(0):cmp('.well-known') then
if path(1):cmp('webfinger') then
if not co:matchmime(lib.http.mime.json) then goto nacc end
lib.api.webfinger(co)
end
|