search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
server: tie regex filters to db_insert_ban
[rb-79.git] / rb79-server.c
blob599eaa856dacc383a76078d2e0c5f6a01e8a9846
1 /*
2 * Copyright (c) 2017-2020, De Rais <derais@cock.li>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for
5 * any purpose with or without fee is hereby granted, provided that the
6 * above copyright notice and this permission notice appear in all
7 * copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18 #include <limits.h>
19 #include <locale.h>
20 #include <stdint.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <strings.h>
25 #include <time.h>
26 #include <unistd.h>
27
28 #include <fcgiapp.h>
29
30 #include "macros.h"
31 #include "rb79.h"
32
33 #include "config.h"
34
35 const char *program_name = "rb79-server";
36
37 /* Print out a page saying the request was malformed (400) */
38 static int
39 report_bad_request(FCGX_Request *r, const char *reason)
40 {
41 if (!reason) {
42 reason = "That's not a real request. That's all we know.";
43 }
44
45 FCGX_FPrintF(r->out, BAD_REQUEST_FMT, reason);
46
47 return 0;
48 }
49
50 /* Print out a page saying they failed the CAPTCHA (403) */
51 static int
52 report_bad_challenge(FCGX_Request *r)
53 {
54 FCGX_FPrintF(r->out, BAD_CHALLENGE_FMT);
55
56 return 0;
57 }
58
59 /* Print out a BANNED page (403) */
60 static int
61 report_ban(FCGX_Request *r, char *ban_until, char *ban_reason)
62 {
63 FCGX_FPrintF(r->out, BAN_FMT, UBSAFES(ban_until), UBSAFES(ban_reason));
64
65 return 0;
66 }
67
68 /* Print out a BAD METHOD page (405) */
69 static int
70 report_bad_method(FCGX_Request *r)
71 {
72 FCGX_FPrintF(r->out, BAD_METHOD_FMT);
73
74 return 0;
75 }
76
77 /* Print out a FILE TOO LARGE page (413) */
78 static int
79 report_too_large(FCGX_Request *r, const char *large_thing)
80 {
81 FCGX_FPrintF(r->out, TOO_LARGE_FMT, UBSAFES(large_thing));
82
83 return 0;
84 }
85
86 /* Print out a page saying they're posting too fast (429) */
87 static int
88 report_cooldown(FCGX_Request *r, char *cooldown_length)
89 {
90 FCGX_FPrintF(r->out, COOLDOWN_FMT, UBSAFES(cooldown_length));
91
92 return 0;
93 }
94
95 /* Print out an INTERNAL ERROR page (500) */
96 static int
97 report_internal_error(FCGX_Request *r)
98 {
99 FCGX_FPrintF(r->out, INTERNAL_ERROR_FMT);
100
101 return 0;
102 }
103
104 /* Print out a POST SUCCESSFUL page (200) */
105 static int
106 report_post_successful(FCGX_Request *r, const char *buf)
107 {
108 FCGX_FPrintF(r->out, POST_SUCCESSFUL_FMT, buf);
109
110 return 0;
111 }
112
113 /* Normal POST SUCCESSFUL page, with a redirect back to the given board */
114 static int
115 report_post_successful_with_redir(FCGX_Request *r, const char *board_name)
116 {
117 char *buf = 0;
118 size_t len = snprintf(0, 0, "/%s", board_name);
119 int ret = -1;
120
121 if (len + 1 < len) {
122 ERROR_MESSAGE("overflow");
123 report_internal_error(r);
124 goto done;
125 }
126
127 if (!(buf = malloc(len + 1))) {
128 PERROR_MESSAGE("malloc");
129 report_internal_error(r);
130 goto done;
131 }
132
133 sprintf(buf, "/%s", board_name);
134 ret = report_post_successful(r, buf);
135 done:
136 free(buf);
137
138 return ret;
139 }
140
141 /* Normal POST SUCCESSFUL page, with redirect back to the given thread */
142 static int
143 report_post_successful_no_redir(FCGX_Request *r, const char *board_name, const
144 char *thread)
145 {
146 char *buf = 0;
147 size_t len = snprintf(0, 0, "/%s/res/%s", board_name, thread);
148 int ret = -1;
149
150 if (len + 1 < len) {
151 ERROR_MESSAGE("overflow");
152 report_internal_error(r);
153 goto done;
154 }
155
156 if (!(buf = malloc(len + 1))) {
157 PERROR_MESSAGE("malloc");
158 report_internal_error(r);
159 goto done;
160 }
161
162 sprintf(buf, "/%s/res/%s", board_name, thread);
163 ret = report_post_successful(r, buf);
164 done:
165 free(buf);
166
167 return ret;
168 }
169
170 /* Make sure every board has a page (really only for brand-new boards) */
171 static int
172 board_pages_init(struct configuration *conf)
173 {
174 int ret = -1;
175 uintmax_t *thread_ids = 0;
176 size_t thread_ids_num = 0;
177 size_t board_pages_num = 0;
178
179 for (size_t j = 0; j < conf->boards_num; ++j) {
180 free(thread_ids);
181 thread_ids = 0;
182
183 if (lock_acquire(j) < 0) {
184 goto done;
185 }
186
187 if (db_cull_and_report_threads(j, &thread_ids, &thread_ids_num,
188 &board_pages_num) < 0) {
189 goto done;
190 }
191
192 if (wt_write_board(j, thread_ids, thread_ids_num,
193 board_pages_num) < 0) {
194 goto done;
195 }
196
197 lock_release(j);
198 }
199
200 ret = 0;
201 done:
202 free(thread_ids);
203
204 return ret;
205 }
206
207 /* Free what needs to be freed */
208 static void
209 clean_post_cmd(struct post_cmd *p)
210 {
211 if (!p) {
212 return;
213 }
214
215 free(p->raw.action);
216 free(p->raw.board);
217 free(p->raw.thread);
218 free(p->raw.post);
219 free(p->raw.name);
220 free(p->raw.email);
221 free(p->raw.tripcode);
222 free(p->raw.subject);
223 free(p->raw.comment);
224 free(p->raw.file_name);
225 free(p->raw.file_contents);
226 free(p->raw.challenge_id);
227 free(p->raw.challenge_response);
228 free(p->prepared.name);
229 free(p->prepared.email);
230 free(p->prepared.tripcode);
231 free(p->prepared.subject);
232 free(p->prepared.comment);
233 free(p->prepared.ext);
234 free(p->prepared.file_name);
235 free(p->prepared.system_full_path);
236 free(p->prepared.system_thumb_path);
237 free(p->prepared.file_info);
238 free(p->scannable_comment);
239 free(p->scannable_name);
240 free(p->scannable_email);
241 free(p->scannable_subject);
242 free(p->comment_position_map);
243 free(p->name_position_map);
244 free(p->email_position_map);
245 free(p->subject_position_map);
246 *p = (struct post_cmd) { 0 };
247 }
248
249 /* The bulk of work for processing a post */
250 static void
251 handle_op_or_reply(struct configuration *conf, FCGX_Request *r, struct
252 post_cmd *pc, const char *ip, size_t parent_thread)
253 {
254 char *buf = 0;
255 char *abs_file_path = 0;
256 int our_fault = 0;
257 uintmax_t real_thread = 0;
258 int cooldown = 0;
259 int thread_dne = 0;
260 int thread_full = 0;
261 int thread_closed = 0;
262 const struct filetype *f;
263 size_t board_pages_num = 0;
264 uintmax_t *thread_ids = 0;
265 size_t thread_ids_num = 0;
266 uint_fast8_t need_to_unlock = 0;
267
268 if (!parent_thread &&
269 (!pc->raw.file_contents ||
270 !pc->raw.file_contents_len)) {
271 LOG("New thread, yet no file (400)");
272 report_bad_request(r, "New threads must have a file");
273 goto done;
274 }
275
276 /* pc comes in with a bunch of these lens set not-as-desired */
277 if (pc->raw.file_name_len > conf->max_text_len) {
278 LOG("File name length (%zu) larger than max (%zu) (413)",
279 pc->raw.file_name_len, conf->max_text_len);
280 report_too_large(r, "Filename");
281 goto done;
282 }
283
284 if (pc->raw.subject_len > conf->max_text_len) {
285 LOG("Subject length (%zu) larger than max (%zu) (413)",
286 pc->raw.subject_len, conf->max_text_len);
287 report_too_large(r, "Subject text");
288 goto done;
289 }
290
291 if (pc->raw.email_len > conf->max_text_len) {
292 LOG("Email length (%zu) larger than max (%zu) (413)",
293 pc->raw.email_len, conf->max_text_len);
294 report_too_large(r, "Email address");
295 goto done;
296 }
297
298 if (pc->raw.comment_len > conf->max_text_len) {
299 LOG("Comment length (%zu) larger than max (%zu) (413)",
300 pc->raw.comment_len, conf->max_text_len);
301 report_too_large(r, "Comment text");
302 goto done;
303 }
304
305 if (pc->raw.file_contents_len > conf->max_file_size) {
306 LOG("File size (%zu) larger than max (%zu) (413)",
307 pc->raw.file_contents_len, conf->max_file_size);
308 report_too_large(r, "File size");
309 goto done;
310 }
311
312 if (sf_check_mime_type(pc->raw.file_contents, pc->raw.file_contents_len,
313 &f) < 0) {
314 LOG("Bad MIME check (400)");
315 report_bad_request(r, "Unsupported file type");
316 goto done;
317 }
318
319 /* Calculate tripcodes before HTML-escaping everything */
320 if (tripcodes_calculate(pc) < 0) {
321 LOG("Error in tripcodes_calculate (500)");
322 report_internal_error(r);
323 goto done;
324 }
325
326 /* HTML-escape, wordfilter, linkify */
327 uint_fast8_t is_forbidden = 0;
328 int ban_duration = 0;
329 const char *ban_reason = 0;
330
331 if (st_sanitize_text(pc, &our_fault, &is_forbidden, &ban_duration,
332 &ban_reason) < 0) {
333 if (our_fault) {
334 LOG("Error in st_sanitize_text (500)");
335 report_internal_error(r);
336 goto done;
337 }
338
339 if (is_forbidden) {
340 LOG("Bad text (400)");
341 LOG("Comment was \"%s\"", UBSAFES(pc->raw.comment));
342
343 if (ban_duration) {
344 time_t start = time(0);
345 time_t end = start + ban_duration;
346 int is_secret = !(ban_reason);
347
348 if (db_insert_ban(1, 0, ip, ip, ban_reason,
349 is_secret, start, end) < 0) {
350 LOG("Error in db_insert_ban (500)");
351 report_internal_error(r);
352 goto done;
353 }
354 }
355
356 report_bad_request(r, "Disallowed text");
357 goto done;
358 } else {
359 LOG("Unknown error (400)");
360 LOG("Comment was \"%s\"", UBSAFES(pc->raw.comment));
361 report_bad_request(r, "Disallowed text");
362 goto done;
363 }
364 }
365
366 cooldown = pc->prepared.comment_len ?
367 conf->boards[pc->board_idx].text_cooldown :
368 conf->boards[pc->board_idx].blank_cooldown;
369
370 /*
371 * From now on, everything must be under lock, since we
372 * could be touching the filesystem. Strictly, we don't
373 * need to worry about locking for db-only operations, so
374 * this could be delayed a bit.
375 */
376 if (lock_acquire(pc->board_idx) < 0) {
377 LOG("Error in lock_acquire (500)");
378 report_internal_error(r);
379 goto done;
380 }
381
382 need_to_unlock = 1;
383
384 if (db_insert_post(ip, parent_thread, cooldown, pc, &thread_dne,
385 &thread_closed, &thread_full, &pc->prepared.id) <
386 0) {
387 LOG("Error in insert_post (500)");
388 report_internal_error(r);
389 goto done;
390 }
391
392 LOG("Post %ju on board /%s/", pc->prepared.id,
393 conf->boards[pc->board_idx].name);
394
395 if (thread_dne) {
396 LOG("Thread %zu does not exist (400)", (size_t) 0);
397 report_bad_request(r, "Thread does not exist");
398 goto done;
399 }
400
401 if (thread_full) {
402 LOG("Thread %zu is full (400)", (size_t) 0);
403 report_bad_request(r, "Thread is full");
404 goto done;
405 }
406
407 if (thread_closed) {
408 LOG("Thread %zu is closed (400)", (size_t) 0);
409 report_bad_request(r, "Thread is closed");
410 goto done;
411 }
412
413 /* Make thumbnails and insert them */
414 if (f) {
415 if (sf_install_files(pc->board_idx, pc->raw.file_contents,
416 pc->raw.file_contents_len,
417 &pc->prepared.now, f, &abs_file_path,
418 &pc->prepared.system_full_path,
419 &pc->prepared.system_full_path_len,
420 &pc->prepared.system_thumb_path,
421 &pc->prepared.system_thumb_path_len,
422 &our_fault) < 0) {
423 if (our_fault) {
424 LOG("Error in sf_install_files (500)");
425 report_internal_error(r);
426 goto done;
427 }
428
429 LOG("Couldn't install files (400)");
430 report_bad_request(r, "Bad file upload");
431 goto done;
432 }
433
434 /* ... and now that they're inserted, describe them ... */
435 if (sf_describe_file(f->mime_type, abs_file_path,
436 &pc->prepared.file_info,
437 &pc->prepared.file_info_len) < 0) {
438 LOG("Error in sf_describe_file (500)");
439 report_internal_error(r);
440 goto done;
441 }
442
443 /* ... and alert the db about that description. */
444 if (db_update_file_info(pc->board_idx, pc->prepared.id,
445 pc->prepared.file_info,
446 pc->prepared.file_info_len,
447 pc->prepared.system_full_path,
448 pc->prepared.system_full_path_len,
449 pc->prepared.system_thumb_path,
450 pc->prepared.system_thumb_path_len) <
451 0) {
452 LOG("Error in db_update_post_description (500)");
453 report_internal_error(r);
454 goto done;
455 }
456 }
457
458 /*
459 * We're about ready to write out the threads, boards, etc.
460 * Therefore, we must now check for thread culling, and
461 * also calculate how many board pages we need.
462 */
463 if (db_cull_and_report_threads(pc->board_idx, &thread_ids,
464 &thread_ids_num, &board_pages_num) < 0) {
465 LOG("Error in db_cull_and_report_threads (500)");
466 report_internal_error(r);
467 goto done;
468 }
469
470 real_thread = parent_thread ? parent_thread : pc->prepared.id;
471
472 if (wt_write_thread(pc->board_idx, real_thread) < 0) {
473 LOG("Error in wt_write_thread (500)");
474 report_internal_error(r);
475 goto done;
476 }
477
478 if (wt_write_board(pc->board_idx, thread_ids, thread_ids_num,
479 board_pages_num) < 0) {
480 LOG("Error in wt_write_board (500)");
481 report_internal_error(r);
482 goto done;
483 }
484
485 if (pc->raw.email &&
486 !strcmp(pc->raw.email, "noko")) {
487 report_post_successful_no_redir(r, pc->raw.board,
488 pc->raw.thread);
489 } else {
490 report_post_successful_with_redir(r, pc->raw.board);
491 }
492
493 done:
494
495 if (need_to_unlock) {
496 lock_release(pc->board_idx);
497 }
498
499 free(buf);
500 free(abs_file_path);
501 free(thread_ids);
502 }
503
504 /* Rebuild every thread and every board */
505 static void
506 handle_rebuild (struct configuration *conf, FCGX_Request *r)
507 {
508 uint_fast8_t had_errors = util_rebuild(conf);
509
510 FCGX_FPrintF(r->out, "Status: 200\r\nContent-type: text/plain\r\n\r\n"
511 "Rebuild complete%s\n", had_errors ?
512 " with errors" : "");
513
514 return;
515 }
516
517 /* Figure out what they want us to do */
518 static void
519 handle(struct configuration *conf, FCGX_Request *r)
520 {
521 char *p = 0;
522 char *content_type = 0;
523 char *content_len_str = 0;
524 size_t content_len = 0;
525 char *buf_main = 0;
526 size_t buf_main_len = 0;
527 const char *content_type_prefix = "Content-Type: ";
528 struct post_cmd post_cmd = { 0 };
529 const char *ip_raw = FCGX_GetParam("REMOTE_ADDR", r->envp);
530 char *ip = 0;
531 char *ban_reason = 0;
532 char *ban_until = 0;
533 char *cooldown_length = 0;
534 uint_fast8_t found_idx = 0;
535
536 /* In case someone is trying for a time GET, prioritize that */
537 time(&post_cmd.prepared.now);
538 LOG("-----------------------------------------");
539 LOG("Handling post at %zu from %s", (size_t) post_cmd.prepared.now,
540 UBSAFES(ip_raw));
541
542 if (!ip_raw) {
543 LOG("Couldn't get REMOTE_ADDR (500)");
544 report_internal_error(r);
545 goto done;
546 }
547
548 if (util_normalize_ip(ip_raw, &ip) < 0) {
549 LOG("Couldn't normalize ip (500)");
550 report_internal_error(r);
551 goto done;
552 }
553
554 /* You can only POST to /action */
555 if (!(p = FCGX_GetParam("REQUEST_METHOD", r->envp))) {
556 LOG("Couldn't get request method (500)");
557 report_internal_error(r);
558 goto done;
559 }
560
561 if (strcmp(p, "POST")) {
562 LOG("request method was not POST (405)");
563 report_bad_method(r);
564 goto done;
565 }
566
567 /* We have to somehow feed this into multipart */
568 if (!(content_type = FCGX_GetParam("CONTENT_TYPE", r->envp))) {
569 LOG("Can't get CONTENT_TYPE (500)");
570 report_internal_error(r);
571 goto done;
572 }
573
574 if (!(content_len_str = FCGX_GetParam("CONTENT_LENGTH", r->envp))) {
575 LOG("Can't get CONTENT_LENGTH (500)");
576 report_internal_error(r);
577 goto done;
578 }
579
580 content_len = (size_t) strtoll(content_len_str, 0, 0);
581
582 if (content_len > max_form_data_size) {
583 LOG("Buffer would have exceeded %zuB (413)",
584 max_form_data_size);
585 report_too_large(r, "Total POST");
586 goto done;
587 }
588
589 buf_main_len = strlen(content_type_prefix) + strlen(content_type) +
590 strlen("\r\n\r\n") + content_len;
591
592 if (buf_main_len + 1 < buf_main_len) {
593 ERROR_MESSAGE("overflow");
594 goto done;
595 }
596
597 if (!(buf_main = malloc(buf_main_len + 1))) {
598 PERROR_MESSAGE("malloc");
599 goto done;
600 }
601
602 size_t offset = sprintf(buf_main, "%s%s\r\n\r\n", content_type_prefix,
603 content_type);
604
605 /* Try and swallow this thing into a buffer */
606 FCGX_GetStr(buf_main + offset, content_len, r->in);
607
608 /* Okay, we've got it in the buffer */
609 if (multipart_decompose(buf_main, buf_main_len, &post_cmd) < 0) {
610 LOG("Decoding message failed, returning (400)");
611 report_bad_request(r, "Invalid multipart/form-data");
612 goto done;
613 }
614
615 /* Now we can check what they actually wanted us to DO */
616 if (!post_cmd.raw.action) {
617 LOG("No action specified (400)");
618 report_bad_request(r, "You have to give action=something");
619 goto done;
620 } else if (!(strcmp(post_cmd.raw.action, "reply"))) {
621 post_cmd.action_id = REPLY;
622 } else if (!(strcmp(post_cmd.raw.action, "newthread"))) {
623 post_cmd.action_id = NEWTHREAD;
624 } else if (!(strcmp(post_cmd.raw.action, "rebuild"))) {
625 post_cmd.action_id = REBUILD;
626 }
627
628 if (post_cmd.raw.thread) {
629 post_cmd.thread_id = strtoll(post_cmd.raw.thread, 0, 0);
630 }
631
632 if (post_cmd.action_id == NONE) {
633 LOG("Invalid action \"%s\" (400)", post_cmd.raw.action);
634 report_bad_request(r, "That's not a valid action");
635 goto done;
636 }
637
638 /*
639 * XXX: the idea is to only accept REBUILD commmands from
640 * the local machine. Is this necessary and sufficient in
641 * the world of ipv6?
642 */
643 if (post_cmd.action_id == REBUILD) {
644 /* Note that the IP is normalized so we can sort it */
645 if (strcmp(ip, "127.000.000.001") &&
646 strcmp(ip, "000.000.000.000") &&
647 strcmp(ip, "0000:0000:0000:0000:0000:0000:0000:0001")) {
648 LOG("REBUILD requested from invalid ip %s", ip);
649 report_bad_request(r, "You can(not) rebuild");
650 goto done;
651 }
652
653 goto take_action;
654 }
655
656 /* And we can find where they wanted to do it */
657 found_idx = 0;
658
659 if (!post_cmd.raw.board) {
660 LOG("No board specified (400)");
661 report_bad_request(r, "You have to give board=something");
662 goto done;
663 }
664
665 if (post_cmd.action_id == REPLY &&
666 !post_cmd.thread_id) {
667 LOG("Reply, yet no thread (400)");
668 report_bad_request(r, "You have to give thread=something");
669 goto done;
670 }
671
672 for (size_t j = 0; j < conf->boards_num; ++j) {
673 if (!strcmp(post_cmd.raw.board, conf->boards[j].name)) {
674 post_cmd.board_idx = j;
675 found_idx = 1;
676 break;
677 }
678 }
679
680 if (!found_idx) {
681 LOG("Invalid board \"%s\" (400)", post_cmd.raw.board);
682 report_bad_request(r, "That's not a valid board");
683 goto done;
684 }
685
686 int is_banned = 0;
687 int is_secret = 0;
688
689 if (db_check_bans(ip, post_cmd.board_idx, post_cmd.prepared.now,
690 &is_banned, &ban_until, &is_secret, &ban_reason) <
691 0) {
692 LOG("Couldn't determine ban status (500)");
693 report_internal_error(r);
694 goto done;
695 }
696
697 if (is_banned) {
698 if (is_secret) {
699 LOG("Ban[s] (until=\"%s\", reason=\"%s\") (200)",
700 ban_until, UBSAFES(ban_reason));
701 report_post_successful_with_redir(r,
702 post_cmd.raw.board);
703 goto done;
704 } else {
705 /* This should give HTTP 403 */
706 LOG("Ban (until=\"%s\", reason=\"%s\") (403)",
707 ban_until, UBSAFES(ban_reason));
708 report_ban(r, ban_until, ban_reason);
709 goto done;
710 }
711 }
712
713 if (post_cmd.action_id == REPLY ||
714 post_cmd.action_id == NEWTHREAD) {
715 int is_cooled = 0;
716
717 if (db_check_cooldowns(ip, post_cmd.board_idx,
718 post_cmd.prepared.now, &is_cooled,
719 &cooldown_length) < 0) {
720 LOG("Couldn't determine cooldown status (500)");
721 report_internal_error(r);
722 goto done;
723 }
724
725 if (is_cooled) {
726 /* This should give HTTP 429 */
727 LOG("Cooldown triggered (length=\"%s\") (429)",
728 cooldown_length);
729 report_cooldown(r, cooldown_length);
730 goto done;
731 }
732
733 int correct_challenge = 0;
734
735 if (!post_cmd.raw.challenge_id) {
736 LOG("No challenge id given (403)");
737 report_bad_challenge(r);
738 goto done;
739 }
740
741 char *e = 0;
742 size_t challenge_idx = (size_t) strtoll(
743 post_cmd.raw.challenge_id, &e, 0);
744
745 if (e &&
746 *e) {
747 challenge_idx = conf->challenges_num;
748 }
749
750 if (challenge_idx >= conf->challenges_num) {
751 LOG("Bad challenge id \"%s\" given (403)",
752 post_cmd.raw.challenge_id);
753 report_bad_challenge(r);
754 goto done;
755 }
756
757 if (!post_cmd.raw.challenge_response) {
758 LOG("No challenge response given (403)");
759 report_bad_challenge(r);
760 goto done;
761 }
762
763 for (size_t j = 0; j < NUM_CHALLENGE_ANSWERS; ++j) {
764 if (!conf->challenges[challenge_idx].answers[j]) {
765 continue;
766 }
767
768 if (!strcasecmp(post_cmd.raw.challenge_response,
769 conf->challenges[challenge_idx].answers[
770 j])) {
771 correct_challenge = 1;
772 }
773 }
774
775 if (!correct_challenge) {
776 LOG("Incorrect response \"%s\" to challenge %s (403)",
777 post_cmd.raw.challenge_response,
778 post_cmd.raw.challenge_id);
779 LOG("Comment was \"%s\"", UBSAFES(
780 post_cmd.raw.comment));
781 report_bad_challenge(r);
782 goto done;
783 }
784 }
785
786 take_action:
787
788 /* Now we split into specific actions */
789 switch (post_cmd.action_id) {
790 case REPLY:
791 LOG("reply to /%s/%ju", UBSAFES(post_cmd.raw.board),
792 post_cmd.thread_id);
793 handle_op_or_reply(conf, r, &post_cmd, ip, post_cmd.thread_id);
794 break;
795 case NEWTHREAD:
796 LOG("newthread on /%s/", UBSAFES(post_cmd.raw.board));
797 handle_op_or_reply(conf, r, &post_cmd, ip, 0);
798 break;
799 case REBUILD:
800 LOG("rebuild");
801 handle_rebuild(conf, r);
802 break;
803 case NONE:
804 ERROR_MESSAGE("Impossible");
805 report_internal_error(r);
806 break;
807 }
808
809 done:
810 clean_post_cmd(&post_cmd);
811 free(buf_main);
812 free(ban_reason);
813 free(ban_until);
814 free(cooldown_length);
815 free(ip);
816 }
817
818 /* Do the thing */
819 int
820 main(void)
821 {
822 int ret = 1;
823 FCGX_Request r = { 0 };
824 struct configuration conf = { 0 };
825
826 setlocale(LC_ALL, "");
827
828 /* tedu@ is probably laughing at me right now. Hi! */
829 srand(time(0));
830 conf = (struct configuration) {
831 /* */
832 .static_www_folder = static_www_folder, /* */
833 .work_path = work_path, /* */
834 .temp_dir_template = temp_dir_template, /* */
835 .trip_salt = trip_salt, /* */
836 .trip_salt_len = strlen(trip_salt), /* */
837 .boards = boards, /* */
838 .boards_num = NUM_OF(boards), /* */
839 .max_form_data_size = max_form_data_size, /* */
840 .max_file_size = max_file_size, /* */
841 .max_text_len = max_text_len, /* */
842 .filetypes = filetypes, /* */
843 .filetypes_num = NUM_OF(filetypes), /* */
844 .file_description_prog = file_description_prog, /* */
845 .headers = headers, /* */
846 .headers_num = NUM_OF(headers), /* */
847 .challenges = challenges, /* */
848 .challenges_num = NUM_OF(challenges), /* */
849 .wordfilter_inputs = wordfilter_inputs, /* */
850 .wordfilter_inputs_num = NUM_OF(wordfilter_inputs), /* */
851 .forbidden_inputs = forbidden_inputs, /* */
852 .forbidden_inputs_num = NUM_OF(forbidden_inputs), /* */
853 };
854
855 if (preconditions_check(&conf) < 0) {
856 goto done;
857 }
858
859 if (board_pages_init(&conf) < 0) {
860 goto done;
861 }
862
863 FCGX_Init();
864 FCGX_InitRequest(&r, 0, 0);
865
866 while (FCGX_Accept_r(&r) == 0) {
867 handle(&conf, &r);
868 FCGX_Finish_r(&r);
869 }
870
871 ret = 0;
872 done:
873 clean_dbs();
874 clean_locks();
875 clean_multipart();
876 clean_sanitize_comment();
877 clean_sanitize_file();
878 clean_tripcodes();
879 clean_write_thread();
880
881 return ret;
882 }
RB-79 imageboard