forked from cory/tildefriends
1545 lines
48 KiB
C
1545 lines
48 KiB
C
#include "httpd.js.h"
|
|
|
|
#include "file.js.h"
|
|
#include "http.h"
|
|
#include "log.h"
|
|
#include "mem.h"
|
|
#include "ssb.h"
|
|
#include "ssb.db.h"
|
|
#include "task.h"
|
|
#include "tlscontext.js.h"
|
|
#include "trace.h"
|
|
#include "util.js.h"
|
|
|
|
#include "ow-crypt.h"
|
|
|
|
#include "picohttpparser.h"
|
|
|
|
#include "sodium/crypto_sign.h"
|
|
#include "sodium/utils.h"
|
|
|
|
#include "sqlite3.h"
|
|
|
|
#include <assert.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
|
|
#include <openssl/sha.h>
|
|
|
|
#if !defined(__APPLE__) && !defined(__OpenBSD__) && !defined(_WIN32)
|
|
#include <alloca.h>
|
|
#endif
|
|
|
|
#define tf_countof(a) ((int)(sizeof((a)) / sizeof(*(a))))
|
|
|
|
const int64_t k_refresh_interval = 1ULL * 7 * 24 * 60 * 60 * 1000;
|
|
|
|
static JSValue _authenticate_jwt(JSContext* context, const char* jwt);
|
|
static JSValue _httpd_websocket_upgrade(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv);
|
|
static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name);
|
|
static const char* _make_set_session_cookie_header(tf_http_request_t* request, const char* session_cookie);
|
|
|
|
static JSClassID _httpd_class_id;
|
|
static JSClassID _httpd_request_class_id;
|
|
|
|
typedef struct _http_user_data_t
|
|
{
|
|
char redirect[1024];
|
|
} http_user_data_t;
|
|
|
|
typedef struct _http_handler_data_t
|
|
{
|
|
JSContext* context;
|
|
JSValue callback;
|
|
} http_handler_data_t;
|
|
|
|
static JSValue _httpd_response_write_head(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
JS_SetPropertyStr(context, this_val, "response_status", JS_DupValue(context, argv[0]));
|
|
JS_SetPropertyStr(context, this_val, "response_headers", JS_DupValue(context, argv[1]));
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
static int _object_to_headers(JSContext* context, JSValue object, const char** headers, int headers_length)
|
|
{
|
|
int count = 0;
|
|
JSPropertyEnum* ptab = NULL;
|
|
uint32_t plen = 0;
|
|
JS_GetOwnPropertyNames(context, &ptab, &plen, object, JS_GPN_STRING_MASK);
|
|
for (; count < (int)plen && count < headers_length / 2; ++count)
|
|
{
|
|
JSValue key = JS_AtomToString(context, ptab[count].atom);
|
|
JSPropertyDescriptor desc;
|
|
JSValue key_value = JS_NULL;
|
|
if (JS_GetOwnProperty(context, &desc, object, ptab[count].atom) == 1)
|
|
{
|
|
key_value = desc.value;
|
|
JS_FreeValue(context, desc.setter);
|
|
JS_FreeValue(context, desc.getter);
|
|
}
|
|
headers[count * 2 + 0] = JS_ToCString(context, key);
|
|
headers[count * 2 + 1] = JS_ToCString(context, key_value);
|
|
JS_FreeValue(context, key);
|
|
JS_FreeValue(context, key_value);
|
|
}
|
|
for (uint32_t i = 0; i < plen; ++i)
|
|
{
|
|
JS_FreeAtom(context, ptab[i].atom);
|
|
}
|
|
js_free(context, ptab);
|
|
return count;
|
|
}
|
|
|
|
static JSValue _httpd_response_end(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_request_t* request = JS_GetOpaque(this_val, _httpd_request_class_id);
|
|
size_t length = 0;
|
|
const char* cstring = NULL;
|
|
const void* data = NULL;
|
|
JSValue buffer = JS_UNDEFINED;
|
|
if (JS_IsString(argv[0]))
|
|
{
|
|
cstring = JS_ToCStringLen(context, &length, argv[0]);
|
|
data = cstring;
|
|
}
|
|
else if ((data = tf_util_try_get_array_buffer(context, &length, argv[0])) != 0)
|
|
{
|
|
}
|
|
else
|
|
{
|
|
size_t offset;
|
|
size_t size;
|
|
size_t element_size;
|
|
buffer = tf_util_try_get_typed_array_buffer(context, argv[0], &offset, &size, &element_size);
|
|
if (!JS_IsException(buffer))
|
|
{
|
|
data = tf_util_try_get_array_buffer(context, &length, buffer);
|
|
}
|
|
}
|
|
JSValue response_status = JS_GetPropertyStr(context, this_val, "response_status");
|
|
int status = 0;
|
|
JS_ToInt32(context, &status, response_status);
|
|
JS_FreeValue(context, response_status);
|
|
|
|
const char* headers[64] = { 0 };
|
|
JSValue response_headers = JS_GetPropertyStr(context, this_val, "response_headers");
|
|
int headers_count = _object_to_headers(context, response_headers, headers, tf_countof(headers));
|
|
JS_FreeValue(context, response_headers);
|
|
|
|
tf_http_respond(request, status, headers, headers_count, data, length);
|
|
|
|
for (int i = 0; i < headers_count * 2; i++)
|
|
{
|
|
JS_FreeCString(context, headers[i]);
|
|
}
|
|
JS_FreeValue(context, buffer);
|
|
if (cstring)
|
|
{
|
|
JS_FreeCString(context, cstring);
|
|
}
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
static JSValue _httpd_response_send(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_request_t* request = JS_GetOpaque(this_val, _httpd_request_class_id);
|
|
int opcode = 0x1;
|
|
JS_ToInt32(context, &opcode, argv[1]);
|
|
uint64_t length = 0;
|
|
size_t length_size = 0;
|
|
const char* message = JS_ToCStringLen(context, &length_size, argv[0]);
|
|
length = length_size;
|
|
uint8_t* copy = tf_malloc(length + 16);
|
|
bool fin = true;
|
|
size_t header = 1;
|
|
copy[0] = (fin ? (1 << 7) : 0) | (opcode & 0xf);
|
|
if (length < 126)
|
|
{
|
|
copy[1] = length;
|
|
header += 1;
|
|
}
|
|
else if (length < (1 << 16))
|
|
{
|
|
copy[1] = 126;
|
|
copy[2] = (length >> 8) & 0xff;
|
|
copy[3] = (length >> 0) & 0xff;
|
|
header += 3;
|
|
}
|
|
else
|
|
{
|
|
uint32_t high = (length >> 32) & 0xffffffff;
|
|
uint32_t low = (length >> 0) & 0xffffffff;
|
|
copy[1] = 127;
|
|
copy[2] = (high >> 24) & 0xff;
|
|
copy[3] = (high >> 16) & 0xff;
|
|
copy[4] = (high >> 8) & 0xff;
|
|
copy[5] = (high >> 0) & 0xff;
|
|
copy[6] = (low >> 24) & 0xff;
|
|
copy[7] = (low >> 16) & 0xff;
|
|
copy[8] = (low >> 8) & 0xff;
|
|
copy[9] = (low >> 0) & 0xff;
|
|
header += 9;
|
|
}
|
|
memcpy(copy + header, message, length);
|
|
tf_http_request_send(request, copy, header + length);
|
|
tf_free(copy);
|
|
JS_FreeCString(context, message);
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
static void _httpd_websocket_close_callback(tf_http_request_t* request)
|
|
{
|
|
JSContext* context = request->context;
|
|
JSValue response_object = JS_MKPTR(JS_TAG_OBJECT, request->user_data);
|
|
JSValue on_close = JS_GetPropertyStr(context, response_object, "onClose");
|
|
JSValue response = JS_Call(context, on_close, JS_UNDEFINED, 0, NULL);
|
|
tf_util_report_error(context, response);
|
|
JS_FreeValue(context, response);
|
|
JS_FreeValue(context, on_close);
|
|
JS_SetPropertyStr(context, response_object, "onMessage", JS_UNDEFINED);
|
|
JS_SetPropertyStr(context, response_object, "onClose", JS_UNDEFINED);
|
|
JS_FreeValue(context, response_object);
|
|
}
|
|
|
|
static void _httpd_message_callback(tf_http_request_t* request, int op_code, const void* data, size_t size)
|
|
{
|
|
JSContext* context = request->context;
|
|
JSValue response_object = JS_MKPTR(JS_TAG_OBJECT, request->user_data);
|
|
JSValue on_message = JS_GetPropertyStr(context, response_object, "onMessage");
|
|
JSValue event = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, event, "opCode", JS_NewInt32(context, op_code));
|
|
JS_SetPropertyStr(context, event, "data", JS_NewStringLen(context, data, size));
|
|
JSValue response = JS_Call(context, on_message, JS_UNDEFINED, 1, &event);
|
|
tf_util_report_error(context, response);
|
|
JS_FreeValue(context, response);
|
|
JS_FreeValue(context, event);
|
|
JS_FreeValue(context, on_message);
|
|
}
|
|
|
|
static void _httpd_callback_internal(tf_http_request_t* request, bool is_websocket)
|
|
{
|
|
http_handler_data_t* data = request->user_data;
|
|
JSContext* context = data->context;
|
|
JSValue request_object = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, request_object, "method", JS_NewString(context, request->method));
|
|
JS_SetPropertyStr(context, request_object, "uri", JS_NewString(context, request->path));
|
|
JSValue headers = JS_NewObject(context);
|
|
for (int i = 0; i < request->headers_count; i++)
|
|
{
|
|
JS_SetPropertyStr(context, headers, request->headers[i].name, JS_NewString(context, request->headers[i].value));
|
|
}
|
|
JS_SetPropertyStr(context, request_object, "headers", headers);
|
|
if (request->query)
|
|
{
|
|
JS_SetPropertyStr(context, request_object, "query", JS_NewString(context, request->query));
|
|
}
|
|
if (request->body)
|
|
{
|
|
JS_SetPropertyStr(context, request_object, "body", tf_util_new_uint8_array(context, request->body, request->content_length));
|
|
}
|
|
|
|
JSValue client = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, client, "tls", request->is_tls ? JS_TRUE : JS_FALSE);
|
|
JS_SetPropertyStr(context, request_object, "client", client);
|
|
|
|
JSValue response_object = JS_NewObjectClass(context, _httpd_request_class_id);
|
|
/* The ref is owned by the JS object and will be released by the finalizer. */
|
|
tf_http_request_ref(request);
|
|
JS_SetOpaque(response_object, request);
|
|
JS_SetPropertyStr(context, response_object, "writeHead", JS_NewCFunction(context, _httpd_response_write_head, "writeHead", 2));
|
|
JS_SetPropertyStr(context, response_object, "end", JS_NewCFunction(context, _httpd_response_end, "end", 1));
|
|
JS_SetPropertyStr(context, response_object, "send", JS_NewCFunction(context, _httpd_response_send, "send", 2));
|
|
JS_SetPropertyStr(context, response_object, "upgrade", JS_NewCFunction(context, _httpd_websocket_upgrade, "upgrade", 2));
|
|
JSValue args[] = {
|
|
request_object,
|
|
response_object,
|
|
};
|
|
JSValue response = JS_Call(context, data->callback, JS_UNDEFINED, 2, args);
|
|
tf_util_report_error(context, response);
|
|
JS_FreeValue(context, request_object);
|
|
JS_FreeValue(context, response);
|
|
JS_FreeValue(context, response_object);
|
|
}
|
|
|
|
static bool _httpd_redirect(tf_http_request_t* request)
|
|
{
|
|
if (request->is_tls)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
http_user_data_t* user_data = tf_http_get_user_data(request->http);
|
|
if (!user_data || !*user_data->redirect)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
char redirect[1024];
|
|
snprintf(redirect, sizeof(redirect), "%s%s", user_data->redirect, request->path);
|
|
tf_http_respond(request, 303, (const char*[]) { "Location", redirect }, 1, NULL, 0);
|
|
return true;
|
|
}
|
|
|
|
static void _httpd_callback(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
_httpd_callback_internal(request, false);
|
|
}
|
|
|
|
static JSValue _httpd_websocket_upgrade(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_request_t* request = JS_GetOpaque(this_val, _httpd_request_class_id);
|
|
tf_http_request_ref(request);
|
|
const char* header_connection = tf_http_request_get_header(request, "connection");
|
|
const char* header_upgrade = tf_http_request_get_header(request, "upgrade");
|
|
const char* header_sec_websocket_key = tf_http_request_get_header(request, "sec-websocket-key");
|
|
if (header_connection && header_upgrade && header_sec_websocket_key && strstr(header_connection, "Upgrade") && strcasecmp(header_upgrade, "websocket") == 0)
|
|
{
|
|
static const char* k_magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
|
|
size_t key_length = strlen(header_sec_websocket_key);
|
|
size_t size = key_length + 36;
|
|
uint8_t* key_magic = alloca(size);
|
|
memcpy(key_magic, header_sec_websocket_key, key_length);
|
|
memcpy(key_magic + key_length, k_magic, 36);
|
|
uint8_t digest[20];
|
|
SHA1(key_magic, size, digest);
|
|
char key[41] = { 0 };
|
|
tf_base64_encode(digest, sizeof(digest), key, sizeof(key));
|
|
|
|
const char* headers[64] = { 0 };
|
|
int headers_count = 0;
|
|
|
|
headers[headers_count * 2 + 0] = "Upgrade";
|
|
headers[headers_count * 2 + 1] = "websocket";
|
|
headers_count++;
|
|
|
|
headers[headers_count * 2 + 0] = "Connection";
|
|
headers[headers_count * 2 + 1] = "Upgrade";
|
|
headers_count++;
|
|
|
|
headers[headers_count * 2 + 0] = "Sec-WebSocket-Accept";
|
|
headers[headers_count * 2 + 1] = key;
|
|
headers_count++;
|
|
|
|
tf_ssb_t* ssb = tf_task_get_ssb(tf_task_get(context));
|
|
const char* session = tf_http_get_cookie(tf_http_request_get_header(request, "cookie"), "session");
|
|
JSValue jwt = _authenticate_jwt(context, session);
|
|
tf_free((void*)session);
|
|
JSValue name = JS_GetPropertyStr(context, jwt, "name");
|
|
const char* name_string = JS_ToCString(context, name);
|
|
const char* session_token = _make_session_jwt(ssb, name_string);
|
|
const char* cookie = _make_set_session_cookie_header(request, session_token);
|
|
tf_free((void*)session_token);
|
|
JS_FreeCString(context, name_string);
|
|
JS_FreeValue(context, name);
|
|
JS_FreeValue(context, jwt);
|
|
headers[headers_count * 2 + 0] = "Set-Cookie";
|
|
headers[headers_count * 2 + 1] = cookie ? cookie : "";
|
|
headers_count++;
|
|
|
|
bool send_version = !tf_http_request_get_header(request, "sec-websocket-version") || strcmp(tf_http_request_get_header(request, "sec-websocket-version"), "13") != 0;
|
|
if (send_version)
|
|
{
|
|
headers[headers_count * 2 + 0] = "Sec-WebSocket-Accept";
|
|
headers[headers_count * 2 + 1] = key;
|
|
headers_count++;
|
|
}
|
|
int js_headers_count = _object_to_headers(context, argv[1], headers + headers_count * 2, tf_countof(headers) - headers_count * 2);
|
|
headers_count += js_headers_count;
|
|
|
|
tf_http_request_websocket_upgrade(request);
|
|
tf_http_respond(request, 101, headers, headers_count, NULL, 0);
|
|
|
|
for (int i = headers_count - js_headers_count; i < headers_count * 2; i++)
|
|
{
|
|
JS_FreeCString(context, headers[i * 2 + 0]);
|
|
JS_FreeCString(context, headers[i * 2 + 1]);
|
|
}
|
|
|
|
tf_free((void*)cookie);
|
|
|
|
request->on_message = _httpd_message_callback;
|
|
request->on_close = _httpd_websocket_close_callback;
|
|
request->context = context;
|
|
request->user_data = JS_VALUE_GET_PTR(JS_DupValue(context, this_val));
|
|
}
|
|
else
|
|
{
|
|
tf_http_respond(request, 400, NULL, 0, NULL, 0);
|
|
}
|
|
tf_http_request_unref(request);
|
|
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
static void _httpd_cleanup_callback(void* user_data)
|
|
{
|
|
http_handler_data_t* data = user_data;
|
|
JS_FreeValue(data->context, data->callback);
|
|
tf_free(data);
|
|
}
|
|
|
|
static JSValue _httpd_endpoint_all(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_t* http = JS_GetOpaque(this_val, _httpd_class_id);
|
|
const char* pattern = JS_ToCString(context, argv[0]);
|
|
http_handler_data_t* data = tf_malloc(sizeof(http_handler_data_t));
|
|
*data = (http_handler_data_t) { .context = context, .callback = JS_DupValue(context, argv[1]) };
|
|
tf_http_add_handler(http, pattern, _httpd_callback, _httpd_cleanup_callback, data);
|
|
JS_FreeCString(context, pattern);
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
typedef struct _httpd_listener_t
|
|
{
|
|
JSContext* context;
|
|
JSValue tls;
|
|
} httpd_listener_t;
|
|
|
|
static void _httpd_listener_cleanup(void* user_data)
|
|
{
|
|
httpd_listener_t* listener = user_data;
|
|
JS_FreeValue(listener->context, listener->tls);
|
|
tf_free(listener);
|
|
}
|
|
|
|
static JSValue _httpd_endpoint_start(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_t* http = JS_GetOpaque(this_val, _httpd_class_id);
|
|
int port = 0;
|
|
JS_ToInt32(context, &port, argv[0]);
|
|
|
|
httpd_listener_t* listener = tf_malloc(sizeof(httpd_listener_t));
|
|
*listener = (httpd_listener_t) { .context = context, .tls = JS_DupValue(context, argv[1]) };
|
|
tf_tls_context_t* tls = tf_tls_context_get(listener->tls);
|
|
int assigned_port = tf_http_listen(http, port, tls, _httpd_listener_cleanup, listener);
|
|
return JS_NewInt32(context, assigned_port);
|
|
}
|
|
|
|
static void _httpd_free_user_data(void* user_data)
|
|
{
|
|
tf_free(user_data);
|
|
}
|
|
|
|
static JSValue _httpd_set_http_redirect(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv)
|
|
{
|
|
tf_http_t* http = JS_GetOpaque(this_val, _httpd_class_id);
|
|
http_user_data_t* user_data = tf_http_get_user_data(http);
|
|
if (!user_data)
|
|
{
|
|
user_data = tf_malloc(sizeof(http_user_data_t));
|
|
memset(user_data, 0, sizeof(http_user_data_t));
|
|
tf_http_set_user_data(http, user_data, _httpd_free_user_data);
|
|
}
|
|
|
|
const char* redirect = JS_ToCString(context, argv[0]);
|
|
snprintf(user_data->redirect, sizeof(user_data->redirect), "%s", redirect ? redirect : "");
|
|
JS_FreeCString(context, redirect);
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
static void _httpd_finalizer(JSRuntime* runtime, JSValue value)
|
|
{
|
|
tf_http_t* http = JS_GetOpaque(value, _httpd_class_id);
|
|
tf_http_destroy(http);
|
|
}
|
|
|
|
static void _httpd_request_finalizer(JSRuntime* runtime, JSValue value)
|
|
{
|
|
tf_http_request_t* request = JS_GetOpaque(value, _httpd_request_class_id);
|
|
tf_http_request_unref(request);
|
|
}
|
|
|
|
static void _httpd_endpoint_trace(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
tf_task_t* task = request->user_data;
|
|
tf_trace_t* trace = tf_task_get_trace(task);
|
|
char* json = tf_trace_export(trace);
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"application/json; charset=utf-8",
|
|
"Access-Control-Allow-Origin",
|
|
"*",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, json, json ? strlen(json) : 0);
|
|
tf_free(json);
|
|
}
|
|
|
|
static void _httpd_endpoint_mem(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
char* response = NULL;
|
|
size_t length = 0;
|
|
|
|
int count = 0;
|
|
tf_mem_allocation_t* alloc = tf_mem_summarize_allocations(&count);
|
|
for (int i = 0; i < count; i++)
|
|
{
|
|
const char* stack = tf_util_backtrace_to_string(alloc[i].frames, alloc[i].frames_count);
|
|
int line = snprintf(NULL, 0, "%zd bytes in %d allocations\n%s\n\n", alloc[i].size, alloc[i].count, stack);
|
|
response = tf_resize_vec(response, length + line);
|
|
snprintf(response + length, line, "%zd bytes in %d allocations\n%s\n\n", alloc[i].size, alloc[i].count, stack);
|
|
length += line - 1;
|
|
tf_free((void*)stack);
|
|
}
|
|
tf_free(alloc);
|
|
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"text/plain; charset=utf-8",
|
|
"Access-Control-Allow-Origin",
|
|
"*",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, response, length);
|
|
tf_free(response);
|
|
}
|
|
|
|
static void _httpd_endpoint_disconnections(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
tf_task_t* task = request->user_data;
|
|
char* response = tf_task_get_disconnections(task);
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"application/json; charset=utf-8",
|
|
"Access-Control-Allow-Origin",
|
|
"*",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, response, response ? strlen(response) : 0);
|
|
tf_free(response);
|
|
}
|
|
|
|
static void _httpd_endpoint_hitches(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
tf_task_t* task = request->user_data;
|
|
char* response = tf_task_get_hitches(task);
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"application/json; charset=utf-8",
|
|
"Access-Control-Allow-Origin",
|
|
"*",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, response, response ? strlen(response) : 0);
|
|
tf_free(response);
|
|
}
|
|
|
|
static const char* _after(const char* text, const char* prefix)
|
|
{
|
|
if (!text || !prefix)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
size_t prefix_length = strlen(prefix);
|
|
if (strncmp(text, prefix, prefix_length) == 0)
|
|
{
|
|
return text + prefix_length;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
static double _time_spec_to_double(const uv_timespec_t* time_spec)
|
|
{
|
|
return (double)time_spec->tv_sec + (double)(time_spec->tv_nsec) / 1e9;
|
|
}
|
|
|
|
typedef struct _http_file_t
|
|
{
|
|
tf_http_request_t* request;
|
|
char etag[512];
|
|
} http_file_t;
|
|
|
|
static const char* _ext_to_content_type(const char* ext)
|
|
{
|
|
if (ext)
|
|
{
|
|
if (strcmp(ext, ".js") == 0 || strcmp(ext, ".mjs") == 0)
|
|
{
|
|
return "text/javascript; charset=UTF-8";
|
|
}
|
|
if (strcmp(ext, ".css") == 0)
|
|
{
|
|
return "text/css; charset=UTF-8";
|
|
}
|
|
else if (strcmp(ext, ".png") == 0)
|
|
{
|
|
return "image/png";
|
|
}
|
|
}
|
|
return "application/binary";
|
|
}
|
|
|
|
static void _httpd_endpoint_static_read(tf_task_t* task, const char* path, int result, const void* data, void* user_data)
|
|
{
|
|
http_file_t* file = user_data;
|
|
tf_http_request_t* request = file->request;
|
|
if (result >= 0)
|
|
{
|
|
if (strcmp(path, "core/tfrpc.js") == 0)
|
|
{
|
|
const char* content_type = _ext_to_content_type(strrchr(path, '.'));
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
content_type,
|
|
"etag",
|
|
file->etag,
|
|
"Access-Control-Allow-Origin",
|
|
"null",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, data, result);
|
|
}
|
|
else
|
|
{
|
|
const char* content_type = _ext_to_content_type(strrchr(path, '.'));
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
content_type,
|
|
"etag",
|
|
file->etag,
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, data, result);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
const char* k_payload = tf_http_status_text(404);
|
|
tf_http_respond(request, 404, NULL, 0, k_payload, strlen(k_payload));
|
|
}
|
|
tf_http_request_unref(request);
|
|
tf_free(file);
|
|
}
|
|
|
|
static void _httpd_endpoint_static_stat(tf_task_t* task, const char* path, int result, const uv_stat_t* stat, void* user_data)
|
|
{
|
|
tf_http_request_t* request = user_data;
|
|
const char* match = tf_http_request_get_header(request, "if-none-match");
|
|
if (result != 0)
|
|
{
|
|
const char* k_payload = tf_http_status_text(404);
|
|
tf_http_respond(request, 404, NULL, 0, k_payload, strlen(k_payload));
|
|
tf_http_request_unref(request);
|
|
}
|
|
else
|
|
{
|
|
char etag[512];
|
|
snprintf(etag, sizeof(etag), "\"%f_%zd\"", _time_spec_to_double(&stat->st_mtim), (size_t)stat->st_size);
|
|
if (match && strcmp(match, etag) == 0)
|
|
{
|
|
tf_http_respond(request, 304, NULL, 0, NULL, 0);
|
|
tf_http_request_unref(request);
|
|
}
|
|
else
|
|
{
|
|
http_file_t* file = tf_malloc(sizeof(http_file_t));
|
|
*file = (http_file_t) { .request = request };
|
|
static_assert(sizeof(file->etag) == sizeof(etag), "Size mismatch");
|
|
memcpy(file->etag, etag, sizeof(etag));
|
|
tf_file_read(task, path, _httpd_endpoint_static_read, file);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void _httpd_endpoint_static(tf_http_request_t* request)
|
|
{
|
|
if (strncmp(request->path, "/.well-known/", strlen("/.well-known/")) && _httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
const char* k_static_files[] = {
|
|
"index.html",
|
|
"client.js",
|
|
"favicon.png",
|
|
"jszip.min.js",
|
|
"style.css",
|
|
"tfrpc.js",
|
|
"w3.css",
|
|
};
|
|
|
|
const char* k_map[][2] = {
|
|
{ "/static/", "core/" },
|
|
{ "/lit/", "deps/lit/" },
|
|
{ "/codemirror/", "deps/codemirror/" },
|
|
{ "/prettier/", "deps/prettier/" },
|
|
{ "/speedscope/", "deps/speedscope/" },
|
|
{ "/.well-known/", "data/global/.well-known/" },
|
|
};
|
|
|
|
bool is_core = false;
|
|
const char* after = NULL;
|
|
const char* file_path = NULL;
|
|
for (int i = 0; i < tf_countof(k_map) && !after; i++)
|
|
{
|
|
after = _after(request->path, k_map[i][0]);
|
|
file_path = k_map[i][1];
|
|
is_core = is_core || (after && i == 0);
|
|
}
|
|
|
|
if (!after || strstr(after, ".."))
|
|
{
|
|
const char* k_payload = tf_http_status_text(404);
|
|
tf_http_respond(request, 404, NULL, 0, k_payload, strlen(k_payload));
|
|
return;
|
|
}
|
|
|
|
if (is_core)
|
|
{
|
|
bool found = false;
|
|
for (int i = 0; i < tf_countof(k_static_files); i++)
|
|
{
|
|
if (strcmp(after, k_static_files[i]) == 0)
|
|
{
|
|
found = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!found)
|
|
{
|
|
const char* k_payload = tf_http_status_text(404);
|
|
tf_http_respond(request, 404, NULL, 0, k_payload, strlen(k_payload));
|
|
return;
|
|
}
|
|
}
|
|
|
|
tf_task_t* task = request->user_data;
|
|
size_t size = strlen(file_path) + strlen(after) + 1;
|
|
char* path = alloca(size);
|
|
snprintf(path, size, "%s%s", file_path, after);
|
|
tf_http_request_ref(request);
|
|
tf_file_stat(task, path, _httpd_endpoint_static_stat, request);
|
|
}
|
|
|
|
static void _httpd_endpoint_robots_txt(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
char* response = "User-Agent: *\n"
|
|
"Disallow: /*/*/edit\n"
|
|
"Allow: /\n";
|
|
const char* headers[] = { "Content-Type", "text/plain; charset=utf-8" };
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, response, response ? strlen(response) : 0);
|
|
}
|
|
|
|
static void _httpd_endpoint_debug(tf_http_request_t* request)
|
|
{
|
|
if (_httpd_redirect(request))
|
|
{
|
|
return;
|
|
}
|
|
|
|
tf_task_t* task = request->user_data;
|
|
char* response = tf_task_get_debug(task);
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"application/json; charset=utf-8",
|
|
"Access-Control-Allow-Origin",
|
|
"*",
|
|
};
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, response, response ? strlen(response) : 0);
|
|
tf_free(response);
|
|
}
|
|
|
|
const char** _form_data_decode(const char* data, int length)
|
|
{
|
|
int key_max = 1;
|
|
for (int i = 0; i < length; i++)
|
|
{
|
|
if (data[i] == '&')
|
|
{
|
|
key_max++;
|
|
}
|
|
}
|
|
|
|
int write_length = length + 1;
|
|
char** result = tf_malloc(sizeof(const char*) * (key_max + 1) * 2 + write_length);
|
|
char* result_buffer = ((char*)result) + sizeof(const char*) * (key_max + 1) * 2;
|
|
|
|
char* write_pos = result_buffer;
|
|
int count = 0;
|
|
int i = 0;
|
|
while (i < length)
|
|
{
|
|
result[count++] = write_pos;
|
|
while (i < length)
|
|
{
|
|
if (data[i] == '+')
|
|
{
|
|
*write_pos++ = ' ';
|
|
i++;
|
|
}
|
|
else if (data[i] == '%' && i + 2 < length)
|
|
{
|
|
*write_pos++ = (char)strtoul((const char[]) { data[i + 1], data[i + 2], 0 }, NULL, 16);
|
|
i += 3;
|
|
}
|
|
else if (data[i] == '=')
|
|
{
|
|
if (count % 2 == 0)
|
|
{
|
|
result[count++] = "";
|
|
}
|
|
i++;
|
|
break;
|
|
}
|
|
else if (data[i] == '&')
|
|
{
|
|
if (count % 2 != 0)
|
|
{
|
|
result[count++] = "";
|
|
}
|
|
i++;
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
*write_pos++ = data[i++];
|
|
}
|
|
}
|
|
*write_pos++ = '\0';
|
|
}
|
|
|
|
result[count++] = NULL;
|
|
result[count++] = NULL;
|
|
|
|
return (const char**)result;
|
|
}
|
|
|
|
const char* _form_data_get(const char** form_data, const char* key)
|
|
{
|
|
for (int i = 0; form_data[i]; i += 2)
|
|
{
|
|
if (form_data[i] && strcmp(form_data[i], key) == 0)
|
|
{
|
|
return form_data[i + 1];
|
|
}
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
typedef struct _login_request_t
|
|
{
|
|
tf_http_request_t* request;
|
|
const char* session_cookie;
|
|
JSValue jwt;
|
|
const char* name;
|
|
const char* error;
|
|
const char* code_of_conduct;
|
|
bool have_administrator;
|
|
bool session_is_new;
|
|
} login_request_t;
|
|
|
|
static const char* _make_set_session_cookie_header(tf_http_request_t* request, const char* session_cookie)
|
|
{
|
|
const char* k_pattern = "session=%s; path=/; Max-Age=%" PRId64 "; %sSameSite=Strict; HttpOnly";
|
|
int length = session_cookie ? snprintf(NULL, 0, k_pattern, session_cookie, k_refresh_interval, request->is_tls ? "Secure; " : "") : 0;
|
|
char* cookie = length ? tf_malloc(length + 1) : NULL;
|
|
if (cookie)
|
|
{
|
|
snprintf(cookie, length + 1, k_pattern, session_cookie, k_refresh_interval, request->is_tls ? "Secure; " : "");
|
|
}
|
|
return cookie;
|
|
}
|
|
|
|
static void _httpd_endpoint_login_file_read_callback(tf_task_t* task, const char* path, int result, const void* data, void* user_data)
|
|
{
|
|
login_request_t* login = user_data;
|
|
tf_http_request_t* request = login->request;
|
|
if (result >= 0)
|
|
{
|
|
const char* cookie = _make_set_session_cookie_header(request, login->session_cookie);
|
|
const char* headers[] = {
|
|
"Content-Type",
|
|
"text/html; charset=utf-8",
|
|
"Set-Cookie",
|
|
cookie ? cookie : "",
|
|
};
|
|
const char* replace_me = "$AUTH_DATA";
|
|
const char* auth = strstr(data, replace_me);
|
|
if (auth)
|
|
{
|
|
JSContext* context = tf_task_get_context(task);
|
|
JSValue object = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, object, "session_is_new", JS_NewBool(context, login->session_is_new));
|
|
JS_SetPropertyStr(context, object, "name", login->name ? JS_NewString(context, login->name) : JS_UNDEFINED);
|
|
JS_SetPropertyStr(context, object, "error", login->error ? JS_NewString(context, login->error) : JS_UNDEFINED);
|
|
JS_SetPropertyStr(context, object, "code_of_conduct", login->code_of_conduct ? JS_NewString(context, login->code_of_conduct) : JS_UNDEFINED);
|
|
JS_SetPropertyStr(context, object, "have_administrator", JS_NewBool(context, login->have_administrator));
|
|
JSValue object_json = JS_JSONStringify(context, object, JS_NULL, JS_NULL);
|
|
size_t json_length = 0;
|
|
const char* json = JS_ToCStringLen(context, &json_length, object_json);
|
|
|
|
char* copy = tf_malloc(result + json_length);
|
|
int replace_start = (auth - (const char*)data);
|
|
int replace_end = (auth - (const char*)data) + (int)strlen(replace_me);
|
|
memcpy(copy, data, replace_start);
|
|
memcpy(copy + replace_start, json, json_length);
|
|
memcpy(copy + replace_start + json_length, ((const char*)data) + replace_end, result - replace_end);
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, copy, replace_start + json_length + (result - replace_end));
|
|
tf_free(copy);
|
|
|
|
JS_FreeCString(context, json);
|
|
JS_FreeValue(context, object_json);
|
|
JS_FreeValue(context, object);
|
|
}
|
|
else
|
|
{
|
|
tf_http_respond(request, 200, headers, tf_countof(headers) / 2, data, result);
|
|
}
|
|
tf_free((void*)cookie);
|
|
}
|
|
else
|
|
{
|
|
const char* k_payload = tf_http_status_text(404);
|
|
tf_http_respond(request, 404, NULL, 0, k_payload, strlen(k_payload));
|
|
}
|
|
tf_http_request_unref(request);
|
|
tf_free((void*)login->name);
|
|
tf_free((void*)login->code_of_conduct);
|
|
tf_free((void*)login->session_cookie);
|
|
tf_free(login);
|
|
}
|
|
|
|
static bool _string_property_equals(JSContext* context, JSValue object, const char* name, const char* value)
|
|
{
|
|
JSValue object_value = JS_GetPropertyStr(context, object, name);
|
|
const char* object_value_string = JS_ToCString(context, object_value);
|
|
bool equals = object_value_string && strcmp(object_value_string, value) == 0;
|
|
JS_FreeCString(context, object_value_string);
|
|
JS_FreeValue(context, object_value);
|
|
return equals;
|
|
}
|
|
|
|
static void _public_key_visit(const char* identity, void* user_data)
|
|
{
|
|
snprintf(user_data, k_id_base64_len, "%s", identity);
|
|
}
|
|
|
|
static JSValue _authenticate_jwt(JSContext* context, const char* jwt)
|
|
{
|
|
if (!jwt)
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
int dot[2] = { 0 };
|
|
int dot_count = 0;
|
|
for (int i = 0; jwt[i]; i++)
|
|
{
|
|
if (jwt[i] == '.')
|
|
{
|
|
if (dot_count >= tf_countof(dot))
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
dot[dot_count++] = i;
|
|
}
|
|
}
|
|
if (dot_count != 2)
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
uint8_t header[256];
|
|
size_t actual_length = 0;
|
|
if (sodium_base642bin(header, sizeof(header), jwt, dot[0], NULL, &actual_length, NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) != 0)
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
JSValue header_value = JS_ParseJSON(context, (const char*)header, actual_length, NULL);
|
|
bool header_valid = _string_property_equals(context, header_value, "typ", "JWT") && _string_property_equals(context, header_value, "alg", "HS256");
|
|
JS_FreeValue(context, header_value);
|
|
if (!header_valid)
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
tf_task_t* task = tf_task_get(context);
|
|
tf_ssb_t* ssb = tf_task_get_ssb(task);
|
|
char public_key_b64[k_id_base64_len] = { 0 };
|
|
tf_ssb_db_identity_visit(ssb, ":auth", _public_key_visit, public_key_b64);
|
|
|
|
const char* payload = jwt + dot[0] + 1;
|
|
size_t payload_length = dot[1] - dot[0];
|
|
if (!tf_ssb_hmacsha256_verify(public_key_b64, payload, payload_length, jwt + dot[1] + 1))
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
uint8_t payload_bin[256];
|
|
size_t actual_payload_length = 0;
|
|
if (sodium_base642bin(payload_bin, sizeof(payload_bin), payload, payload_length, NULL, &actual_payload_length, NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) != 0)
|
|
{
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
JSValue parsed = JS_ParseJSON(context, (const char*)payload_bin, actual_payload_length, NULL);
|
|
JSValue exp = JS_GetPropertyStr(context, parsed, "exp");
|
|
int64_t exp_value = 0;
|
|
JS_ToInt64(context, &exp_value, exp);
|
|
if (time(NULL) >= exp_value)
|
|
{
|
|
JS_FreeValue(context, parsed);
|
|
return JS_UNDEFINED;
|
|
}
|
|
|
|
return parsed;
|
|
}
|
|
|
|
static bool _session_is_authenticated_as_user(JSContext* context, JSValue session)
|
|
{
|
|
bool result = false;
|
|
JSValue user = JS_GetPropertyStr(context, session, "user");
|
|
const char* user_string = JS_ToCString(context, user);
|
|
result = user_string && strcmp(user_string, "guest") != 0;
|
|
JS_FreeCString(context, user_string);
|
|
JS_FreeValue(context, user);
|
|
return result;
|
|
}
|
|
|
|
static bool _is_name_valid(const char* name)
|
|
{
|
|
if (!name || !((*name >= 'a' && *name <= 'z') || (*name >= 'A' && *name <= 'Z')))
|
|
{
|
|
return false;
|
|
}
|
|
for (const char* p = name; *p; p++)
|
|
{
|
|
bool in_range = (*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') || (*p >= '0' && *p <= '9');
|
|
if (!in_range)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool _read_account(tf_ssb_t* ssb, const char* name, char* out_passwd, size_t passwd_size)
|
|
{
|
|
bool result = false;
|
|
sqlite3* db = tf_ssb_acquire_db_reader(ssb);
|
|
sqlite3_stmt* statement = NULL;
|
|
if (sqlite3_prepare(db, "SELECT value ->> '$.password' FROM properties WHERE id = 'auth' AND key = 'user:' || ?", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_bind_text(statement, 1, name, -1, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_step(statement) == SQLITE_ROW)
|
|
{
|
|
snprintf(out_passwd, passwd_size, "%s", (const char*)sqlite3_column_text(statement, 0));
|
|
result = true;
|
|
}
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
tf_ssb_release_db_reader(ssb, db);
|
|
return result;
|
|
}
|
|
|
|
static bool _set_account_password(JSContext* context, sqlite3* db, const char* name, const char* password)
|
|
{
|
|
bool result = false;
|
|
static const int k_salt_length = 12;
|
|
|
|
char buffer[16];
|
|
tf_task_t* task = tf_task_get(context);
|
|
size_t bytes = uv_random(tf_task_get_loop(task), &(uv_random_t) { 0 }, buffer, sizeof(buffer), 0, NULL) == 0 ? sizeof(buffer) : 0;
|
|
char output[7 + 22 + 1];
|
|
char* salt = crypt_gensalt_rn("$2b$", k_salt_length, buffer, bytes, output, sizeof(output));
|
|
char hash_output[7 + 22 + 31 + 1];
|
|
char* hash = crypt_rn(password, salt, hash_output, sizeof(hash_output));
|
|
|
|
JSValue user_entry = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, user_entry, "password", JS_NewString(context, hash));
|
|
JSValue user_json = JS_JSONStringify(context, user_entry, JS_NULL, JS_NULL);
|
|
size_t user_length = 0;
|
|
const char* user_string = JS_ToCStringLen(context, &user_length, user_json);
|
|
|
|
sqlite3_stmt* statement = NULL;
|
|
if (sqlite3_prepare(db, "INSERT OR REPLACE INTO properties (id, key, value) VALUES ('auth', 'user:' || ?, ?)", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_bind_text(statement, 1, name, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, user_string, user_length, NULL) == SQLITE_OK)
|
|
{
|
|
result = sqlite3_step(statement) == SQLITE_DONE;
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
|
|
JS_FreeCString(context, user_string);
|
|
JS_FreeValue(context, user_json);
|
|
JS_FreeValue(context, user_entry);
|
|
return result;
|
|
}
|
|
|
|
static bool _register_account(tf_ssb_t* ssb, const char* name, const char* password)
|
|
{
|
|
bool result = false;
|
|
JSContext* context = tf_ssb_get_context(ssb);
|
|
JSValue users_array = JS_UNDEFINED;
|
|
|
|
sqlite3* db = tf_ssb_acquire_db_writer(ssb);
|
|
sqlite3_stmt* statement = NULL;
|
|
if (sqlite3_prepare(db, "SELECT value FROM properties WHERE id = 'auth' AND key = 'users'", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_step(statement) == SQLITE_ROW)
|
|
{
|
|
users_array = JS_ParseJSON(context, (const char*)sqlite3_column_text(statement, 0), sqlite3_column_bytes(statement, 0), NULL);
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
if (JS_IsUndefined(users_array))
|
|
{
|
|
users_array = JS_NewArray(context);
|
|
}
|
|
int length = tf_util_get_length(context, users_array);
|
|
JS_SetPropertyUint32(context, users_array, length, JS_NewString(context, name));
|
|
|
|
JSValue json = JS_JSONStringify(context, users_array, JS_NULL, JS_NULL);
|
|
JS_FreeValue(context, users_array);
|
|
size_t value_length = 0;
|
|
const char* value = JS_ToCStringLen(context, &value_length, json);
|
|
if (sqlite3_prepare(db, "INSERT OR REPLACE INTO properties (id, key, value) VALUES ('auth', 'users', ?)", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_bind_text(statement, 1, value, value_length, NULL) == SQLITE_OK)
|
|
{
|
|
result = sqlite3_step(statement) == SQLITE_DONE;
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
JS_FreeCString(context, value);
|
|
JS_FreeValue(context, json);
|
|
|
|
result = result && _set_account_password(context, db, name, password);
|
|
|
|
tf_ssb_release_db_writer(ssb, db);
|
|
return result;
|
|
}
|
|
|
|
static void _visit_auth_identity(const char* identity, void* user_data)
|
|
{
|
|
if (!*(char*)user_data)
|
|
{
|
|
snprintf((char*)user_data, k_id_base64_len, "%s", identity);
|
|
}
|
|
}
|
|
|
|
static bool _get_auth_private_key(tf_ssb_t* ssb, uint8_t* out_private_key)
|
|
{
|
|
char id[k_id_base64_len] = { 0 };
|
|
tf_ssb_db_identity_visit(ssb, ":auth", _visit_auth_identity, id);
|
|
if (*id)
|
|
{
|
|
return tf_ssb_db_identity_get_private_key(ssb, ":auth", id, out_private_key, crypto_sign_SECRETKEYBYTES);
|
|
}
|
|
else
|
|
{
|
|
return tf_ssb_db_identity_create(ssb, ":auth", out_private_key + crypto_sign_PUBLICKEYBYTES, out_private_key);
|
|
}
|
|
}
|
|
|
|
static const char* _make_session_jwt(tf_ssb_t* ssb, const char* name)
|
|
{
|
|
if (!name || !*name)
|
|
{
|
|
return NULL;
|
|
}
|
|
uint8_t private_key[crypto_sign_SECRETKEYBYTES] = { 0 };
|
|
if (!_get_auth_private_key(ssb, private_key))
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
uv_timespec64_t now = { 0 };
|
|
uv_clock_gettime(UV_CLOCK_REALTIME, &now);
|
|
|
|
JSContext* context = tf_ssb_get_context(ssb);
|
|
|
|
const char* header_json = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
|
|
char header_base64[256];
|
|
sodium_bin2base64(header_base64, sizeof(header_base64), (uint8_t*)header_json, strlen(header_json), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
|
|
|
|
JSValue payload = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, payload, "name", JS_NewString(context, name));
|
|
JS_SetPropertyStr(context, payload, "exp", JS_NewInt64(context, now.tv_sec * 1000 + now.tv_nsec / 1000000LL + k_refresh_interval));
|
|
JSValue payload_json = JS_JSONStringify(context, payload, JS_NULL, JS_NULL);
|
|
size_t payload_length = 0;
|
|
const char* payload_string = JS_ToCStringLen(context, &payload_length, payload_json);
|
|
char payload_base64[256];
|
|
sodium_bin2base64(payload_base64, sizeof(payload_base64), (uint8_t*)payload_string, payload_length, sodium_base64_VARIANT_URLSAFE_NO_PADDING);
|
|
|
|
char* result = NULL;
|
|
uint8_t signature[crypto_sign_BYTES];
|
|
unsigned long long signature_length = 0;
|
|
char signature_base64[256] = { 0 };
|
|
|
|
if (crypto_sign_detached(signature, &signature_length, (const uint8_t*)payload_base64, strlen(payload_base64), private_key) == 0)
|
|
{
|
|
sodium_bin2base64(signature_base64, sizeof(signature_base64), signature, sizeof(signature), sodium_base64_VARIANT_URLSAFE_NO_PADDING);
|
|
size_t size = strlen(header_base64) + 1 + strlen(payload_base64) + 1 + strlen(signature_base64) + 1;
|
|
result = tf_malloc(size);
|
|
snprintf(result, size, "%s.%s.%s", header_base64, payload_base64, signature_base64);
|
|
}
|
|
|
|
JS_FreeCString(context, payload_string);
|
|
JS_FreeValue(context, payload_json);
|
|
JS_FreeValue(context, payload);
|
|
|
|
return result;
|
|
}
|
|
|
|
static bool _verify_password(const char* password, const char* hash)
|
|
{
|
|
char buffer[7 + 22 + 31 + 1];
|
|
const char* out_hash = crypt_rn(password, hash, buffer, sizeof(buffer));
|
|
return out_hash && strcmp(hash, out_hash) == 0;
|
|
}
|
|
|
|
static const char* _get_property(tf_ssb_t* ssb, const char* id, const char* key)
|
|
{
|
|
char* result = NULL;
|
|
sqlite3* db = tf_ssb_acquire_db_reader(ssb);
|
|
sqlite3_stmt* statement = NULL;
|
|
if (sqlite3_prepare(db, "SELECT value FROM properties WHERE id = ? AND key = ?", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_bind_text(statement, 1, id, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, key, -1, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_step(statement) == SQLITE_ROW)
|
|
{
|
|
size_t length = sqlite3_column_bytes(statement, 0);
|
|
result = tf_malloc(length + 1);
|
|
memcpy(result, sqlite3_column_text(statement, 0), length);
|
|
result[length] = '\0';
|
|
}
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
tf_ssb_release_db_reader(ssb, db);
|
|
return result;
|
|
}
|
|
|
|
static bool _set_property(tf_ssb_t* ssb, const char* id, const char* key, const char* value)
|
|
{
|
|
bool result = false;
|
|
sqlite3* db = tf_ssb_acquire_db_writer(ssb);
|
|
sqlite3_stmt* statement = NULL;
|
|
if (sqlite3_prepare(db, "INSERT OR REPLACE INTO properties (id, key, value) VALUES (?, ?, ?)", -1, &statement, NULL) == SQLITE_OK)
|
|
{
|
|
if (sqlite3_bind_text(statement, 1, id, -1, NULL) == SQLITE_OK && sqlite3_bind_text(statement, 2, key, -1, NULL) == SQLITE_OK &&
|
|
sqlite3_bind_text(statement, 3, value, -1, NULL) == SQLITE_OK)
|
|
{
|
|
result = sqlite3_step(statement) == SQLITE_DONE;
|
|
}
|
|
sqlite3_finalize(statement);
|
|
}
|
|
tf_ssb_release_db_writer(ssb, db);
|
|
return result;
|
|
}
|
|
|
|
static void _httpd_endpoint_login(tf_http_request_t* request)
|
|
{
|
|
tf_task_t* task = request->user_data;
|
|
JSContext* context = tf_task_get_context(task);
|
|
tf_ssb_t* ssb = tf_task_get_ssb(task);
|
|
const char* session = tf_http_get_cookie(tf_http_request_get_header(request, "cookie"), "session");
|
|
const char** form_data = _form_data_decode(request->query, request->query ? strlen(request->query) : 0);
|
|
const char* account_name_copy = NULL;
|
|
JSValue jwt = _authenticate_jwt(context, session);
|
|
|
|
if (_session_is_authenticated_as_user(context, jwt))
|
|
{
|
|
const char* return_url = _form_data_get(form_data, "return");
|
|
char url[1024];
|
|
if (!return_url)
|
|
{
|
|
snprintf(url, sizeof(url), "%s%s/", request->is_tls ? "https://" : "http://", tf_http_request_get_header(request, "host"));
|
|
return_url = url;
|
|
}
|
|
const char* headers[] = {
|
|
"Location",
|
|
return_url,
|
|
};
|
|
tf_http_respond(request, 303, headers, tf_countof(headers) / 2, NULL, 0);
|
|
goto done;
|
|
}
|
|
|
|
const char* send_session = tf_strdup(session);
|
|
bool session_is_new = false;
|
|
const char* login_error = NULL;
|
|
bool may_become_first_admin = false;
|
|
if (strcmp(request->method, "POST") == 0)
|
|
{
|
|
session_is_new = true;
|
|
const char** post_form_data = _form_data_decode(request->body, request->content_length);
|
|
const char* submit = _form_data_get(post_form_data, "submit");
|
|
if (submit && strcmp(submit, "Login") == 0)
|
|
{
|
|
const char* account_name = _form_data_get(post_form_data, "name");
|
|
account_name_copy = tf_strdup(account_name);
|
|
const char* password = _form_data_get(post_form_data, "password");
|
|
const char* new_password = _form_data_get(post_form_data, "new_password");
|
|
const char* confirm = _form_data_get(post_form_data, "confirm");
|
|
const char* change = _form_data_get(post_form_data, "change");
|
|
const char* form_register = _form_data_get(post_form_data, "register");
|
|
char account_passwd[256] = { 0 };
|
|
bool have_account = _read_account(ssb, _form_data_get(post_form_data, "name"), account_passwd, sizeof(account_passwd));
|
|
|
|
if (form_register && strcmp(form_register, "1") == 0)
|
|
{
|
|
if (!have_account && _is_name_valid(account_name) && password && confirm && strcmp(password, confirm) == 0 && _register_account(ssb, account_name, password))
|
|
{
|
|
tf_free((void*)send_session);
|
|
send_session = _make_session_jwt(ssb, account_name);
|
|
may_become_first_admin = true;
|
|
}
|
|
else
|
|
{
|
|
login_error = "Error registering account.";
|
|
}
|
|
}
|
|
else if (change && strcmp(change, "1") == 0)
|
|
{
|
|
sqlite3* db = tf_ssb_acquire_db_writer(ssb);
|
|
if (have_account && _is_name_valid(account_name) && new_password && confirm && strcmp(new_password, confirm) == 0 && _verify_password(password, account_passwd) &&
|
|
_set_account_password(context, db, account_name, new_password))
|
|
{
|
|
tf_free((void*)send_session);
|
|
send_session = _make_session_jwt(ssb, account_name);
|
|
}
|
|
else
|
|
{
|
|
login_error = "Error changing password.";
|
|
}
|
|
tf_ssb_release_db_writer(ssb, db);
|
|
}
|
|
else
|
|
{
|
|
if (have_account && *account_passwd && _verify_password(password, account_passwd))
|
|
{
|
|
tf_free((void*)send_session);
|
|
send_session = _make_session_jwt(ssb, account_name);
|
|
may_become_first_admin = true;
|
|
}
|
|
else
|
|
{
|
|
login_error = "Invalid username or password.";
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
tf_free((void*)send_session);
|
|
send_session = _make_session_jwt(ssb, "guest");
|
|
}
|
|
tf_free(post_form_data);
|
|
}
|
|
|
|
if (session_is_new && _form_data_get(form_data, "return") && !login_error)
|
|
{
|
|
const char* return_url = _form_data_get(form_data, "return");
|
|
char url[1024];
|
|
if (!return_url)
|
|
{
|
|
snprintf(url, sizeof(url), "%s%s/", request->is_tls ? "https://" : "http://", tf_http_request_get_header(request, "host"));
|
|
return_url = url;
|
|
}
|
|
const char* cookie = _make_set_session_cookie_header(request, send_session);
|
|
const char* headers[] = {
|
|
"Location",
|
|
return_url,
|
|
"Set-Cookie",
|
|
cookie ? cookie : "",
|
|
};
|
|
tf_http_respond(request, 303, headers, tf_countof(headers) / 2, NULL, 0);
|
|
tf_free((void*)cookie);
|
|
tf_free((void*)send_session);
|
|
}
|
|
else
|
|
{
|
|
tf_http_request_ref(request);
|
|
|
|
const char* settings = _get_property(ssb, "core", "settings");
|
|
JSValue settings_value = settings ? JS_ParseJSON(context, settings, strlen(settings), NULL) : JS_UNDEFINED;
|
|
JSValue code_of_conduct_value = JS_GetPropertyStr(context, settings_value, "code_of_conduct");
|
|
const char* code_of_conduct = JS_ToCString(context, code_of_conduct_value);
|
|
|
|
bool have_administrator = false;
|
|
JSValue permissions = JS_GetPropertyStr(context, settings_value, "permissions");
|
|
|
|
JSPropertyEnum* ptab = NULL;
|
|
uint32_t plen = 0;
|
|
JS_GetOwnPropertyNames(context, &ptab, &plen, permissions, JS_GPN_STRING_MASK);
|
|
for (int i = 0; i < (int)plen; i++)
|
|
{
|
|
JSPropertyDescriptor desc = { 0 };
|
|
if (JS_GetOwnProperty(context, &desc, permissions, ptab[i].atom) == 1)
|
|
{
|
|
int permission_length = tf_util_get_length(context, desc.value);
|
|
for (int i = 0; i < permission_length; i++)
|
|
{
|
|
JSValue entry = JS_GetPropertyUint32(context, desc.value, i);
|
|
const char* permission = JS_ToCString(context, entry);
|
|
if (permission && strcmp(permission, "administration") == 0)
|
|
{
|
|
have_administrator = true;
|
|
}
|
|
JS_FreeCString(context, permission);
|
|
JS_FreeValue(context, entry);
|
|
}
|
|
JS_FreeValue(context, desc.setter);
|
|
JS_FreeValue(context, desc.getter);
|
|
JS_FreeValue(context, desc.value);
|
|
}
|
|
}
|
|
for (uint32_t i = 0; i < plen; ++i)
|
|
{
|
|
JS_FreeAtom(context, ptab[i].atom);
|
|
}
|
|
js_free(context, ptab);
|
|
|
|
if (!have_administrator && may_become_first_admin)
|
|
{
|
|
if (JS_IsUndefined(permissions))
|
|
{
|
|
permissions = JS_NewObject(context);
|
|
JS_SetPropertyStr(context, settings_value, "permissions", permissions);
|
|
}
|
|
JSValue user = JS_GetPropertyStr(context, permissions, account_name_copy);
|
|
if (JS_IsUndefined(user))
|
|
{
|
|
user = JS_NewArray(context);
|
|
JS_SetPropertyStr(context, permissions, account_name_copy, user);
|
|
}
|
|
JS_SetPropertyUint32(context, user, tf_util_get_length(context, user), JS_NewString(context, "administration"));
|
|
|
|
JSValue settings_json = JS_JSONStringify(context, settings_value, JS_NULL, JS_NULL);
|
|
const char* settings_string = JS_ToCString(context, settings_json);
|
|
_set_property(ssb, "core", "settings", settings_string);
|
|
JS_FreeCString(context, settings_string);
|
|
JS_FreeValue(context, settings_json);
|
|
}
|
|
JS_FreeValue(context, permissions);
|
|
|
|
login_request_t* login = tf_malloc(sizeof(login_request_t));
|
|
*login = (login_request_t) {
|
|
.request = request,
|
|
.name = account_name_copy,
|
|
.jwt = jwt,
|
|
.error = login_error,
|
|
.session_cookie = send_session,
|
|
.session_is_new = session_is_new,
|
|
.code_of_conduct = tf_strdup(code_of_conduct),
|
|
.have_administrator = have_administrator,
|
|
};
|
|
|
|
JS_FreeCString(context, code_of_conduct);
|
|
JS_FreeValue(context, code_of_conduct_value);
|
|
JS_FreeValue(context, settings_value);
|
|
tf_free((void*)settings);
|
|
tf_file_read(request->user_data, "core/auth.html", _httpd_endpoint_login_file_read_callback, login);
|
|
jwt = JS_UNDEFINED;
|
|
account_name_copy = NULL;
|
|
}
|
|
|
|
done:
|
|
tf_free((void*)session);
|
|
tf_free(form_data);
|
|
tf_free((void*)account_name_copy);
|
|
JS_FreeValue(context, jwt);
|
|
}
|
|
|
|
static void _httpd_endpoint_logout(tf_http_request_t* request)
|
|
{
|
|
const char* k_set_cookie = request->is_tls ? "session=; path=/; Secure; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly"
|
|
: "session=; path=/; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly";
|
|
const char* k_location_format = "/login%s%s";
|
|
int length = snprintf(NULL, 0, k_location_format, request->query ? "?" : "", request->query);
|
|
char* location = alloca(length + 1);
|
|
snprintf(location, length + 1, k_location_format, request->query ? "?" : "", request->query ? request->query : "");
|
|
const char* headers[] = {
|
|
"Set-Cookie",
|
|
k_set_cookie,
|
|
"Location",
|
|
location,
|
|
};
|
|
tf_http_respond(request, 303, headers, tf_countof(headers) / 2, NULL, 0);
|
|
}
|
|
|
|
void tf_httpd_register(JSContext* context)
|
|
{
|
|
JS_NewClassID(&_httpd_class_id);
|
|
JS_NewClassID(&_httpd_request_class_id);
|
|
JSClassDef httpd_def = {
|
|
.class_name = "Httpd",
|
|
.finalizer = &_httpd_finalizer,
|
|
};
|
|
if (JS_NewClass(JS_GetRuntime(context), _httpd_class_id, &httpd_def) != 0)
|
|
{
|
|
fprintf(stderr, "Failed to register Httpd.\n");
|
|
}
|
|
JSClassDef request_def = {
|
|
.class_name = "Request",
|
|
.finalizer = &_httpd_request_finalizer,
|
|
};
|
|
if (JS_NewClass(JS_GetRuntime(context), _httpd_request_class_id, &request_def) != 0)
|
|
{
|
|
fprintf(stderr, "Failed to register Request.\n");
|
|
}
|
|
JSValue global = JS_GetGlobalObject(context);
|
|
JSValue httpd = JS_NewObjectClass(context, _httpd_class_id);
|
|
|
|
tf_task_t* task = tf_task_get(context);
|
|
uv_loop_t* loop = tf_task_get_loop(task);
|
|
tf_http_t* http = tf_http_create(loop);
|
|
tf_http_set_trace(http, tf_task_get_trace(task));
|
|
JS_SetOpaque(httpd, http);
|
|
|
|
tf_http_add_handler(http, "/codemirror/", _httpd_endpoint_static, NULL, task);
|
|
tf_http_add_handler(http, "/lit/", _httpd_endpoint_static, NULL, task);
|
|
tf_http_add_handler(http, "/prettier/", _httpd_endpoint_static, NULL, task);
|
|
tf_http_add_handler(http, "/speedscope/", _httpd_endpoint_static, NULL, task);
|
|
tf_http_add_handler(http, "/static/", _httpd_endpoint_static, NULL, task);
|
|
tf_http_add_handler(http, "/.well-known/", _httpd_endpoint_static, NULL, task);
|
|
|
|
tf_http_add_handler(http, "/robots.txt", _httpd_endpoint_robots_txt, NULL, NULL);
|
|
tf_http_add_handler(http, "/debug", _httpd_endpoint_debug, NULL, task);
|
|
tf_http_add_handler(http, "/disconnections", _httpd_endpoint_disconnections, NULL, task);
|
|
tf_http_add_handler(http, "/hitches", _httpd_endpoint_hitches, NULL, task);
|
|
tf_http_add_handler(http, "/mem", _httpd_endpoint_mem, NULL, task);
|
|
tf_http_add_handler(http, "/trace", _httpd_endpoint_trace, NULL, task);
|
|
|
|
tf_http_add_handler(http, "/login/logout", _httpd_endpoint_logout, NULL, task);
|
|
tf_http_add_handler(http, "/login", _httpd_endpoint_login, NULL, task);
|
|
|
|
JS_SetPropertyStr(context, httpd, "handlers", JS_NewObject(context));
|
|
JS_SetPropertyStr(context, httpd, "all", JS_NewCFunction(context, _httpd_endpoint_all, "all", 2));
|
|
JS_SetPropertyStr(context, httpd, "start", JS_NewCFunction(context, _httpd_endpoint_start, "start", 2));
|
|
JS_SetPropertyStr(context, httpd, "set_http_redirect", JS_NewCFunction(context, _httpd_set_http_redirect, "set_http_redirect", 1));
|
|
JS_SetPropertyStr(context, global, "httpd", httpd);
|
|
JS_FreeValue(context, global);
|
|
}
|