server: remove useless casts
[rb-79.git] / rb79-server.c
blob7ec28cb36643415e1ebb5b6e01390f99531070f2
1 /*
2 * Copyright (c) 2017, De Rais <derais@cock.li>
4 * Permission to use, copy, modify, and/or distribute this software for
5 * any purpose with or without fee is hereby granted, provided that the
6 * above copyright notice and this permission notice appear in all
7 * copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
18 #include <limits.h>
19 #include <locale.h>
20 #include <stdint.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <time.h>
25 #include <unistd.h>
27 #include <fcgiapp.h>
29 #include "macros.h"
30 #include "rb79.h"
32 #include "config.h"
34 const char *program_name = "rb79-server";
36 /* Print out a page saying the request was malformed (400) */
37 static int report_bad_request(FCGX_Request *r, const char *reason)
39 if (!reason) {
40 reason = "That's not a real request. That's all we know.";
43 FCGX_FPrintF(r->out, BAD_REQUEST_FMT, reason);
45 return 0;
48 /* Print out a page saying they failed the CAPTCHA (403) */
49 static int report_bad_challenge(FCGX_Request *r)
51 FCGX_FPrintF(r->out, BAD_CHALLENGE_FMT);
53 return 0;
56 /* Print out a BANNED page (403) */
57 static int report_ban(FCGX_Request *r, char *ban_until, char *ban_reason)
59 FCGX_FPrintF(r->out, BAN_FMT, UBSAFES(ban_until), UBSAFES(ban_reason));
61 return 0;
64 /* Print out a BAD METHOD page (405) */
65 static int report_bad_method(FCGX_Request *r)
67 FCGX_FPrintF(r->out, BAD_METHOD_FMT);
69 return 0;
72 /* Print out a FILE TOO LARGE page (413) */
73 static int report_too_large(FCGX_Request *r, const char *large_thing)
75 FCGX_FPrintF(r->out, TOO_LARGE_FMT, UBSAFES(large_thing));
77 return 0;
80 /* Print out a page saying they're posting too fast (429) */
81 static int report_cooldown(FCGX_Request *r, char *cooldown_length)
83 FCGX_FPrintF(r->out, COOLDOWN_FMT, UBSAFES(cooldown_length));
85 return 0;
88 /* Print out an INTERNAL ERROR page (500) */
89 static int report_internal_error(FCGX_Request *r)
91 FCGX_FPrintF(r->out, INTERNAL_ERROR_FMT);
93 return 0;
96 /* Print out a POST SUCCESSFUL page (200) */
97 static int report_post_successful(FCGX_Request *r, const char *buf)
99 FCGX_FPrintF(r->out, POST_SUCCESSFUL_FMT, buf);
101 return 0;
104 /* Make sure every board has a page (really only for brand-new boards) */
105 static int board_pages_init(struct configuration *conf)
107 int ret = -1;
108 uintmax_t *thread_ids = 0;
109 size_t thread_ids_num = 0;
110 size_t board_pages_num = 0;
112 for (size_t j = 0; j < conf->boards_num; ++j) {
113 free(thread_ids);
114 thread_ids = 0;
116 if (lock_acquire(j) < 0) {
117 goto done;
120 if (db_cull_and_report_threads(j, &thread_ids, &thread_ids_num,
121 &board_pages_num) < 0) {
122 goto done;
125 if (wt_write_board(j, thread_ids, thread_ids_num,
126 board_pages_num) < 0) {
127 goto done;
130 lock_release(j);
133 ret = 0;
134 done:
135 free(thread_ids);
137 return ret;
140 /* Free what needs to be freed */
141 static void clean_post_cmd(struct post_cmd *p)
143 if (!p) {
144 return;
147 free(p->raw.action);
148 free(p->raw.board);
149 free(p->raw.thread);
150 free(p->raw.post);
151 free(p->raw.name);
152 free(p->raw.email);
153 free(p->raw.tripcode);
154 free(p->raw.subject);
155 free(p->raw.comment);
156 free(p->raw.file_name);
157 free(p->raw.file_contents);
158 free(p->raw.challenge_id);
159 free(p->raw.challenge_response);
160 free(p->prepared.name);
161 free(p->prepared.email);
162 free(p->prepared.tripcode);
163 free(p->prepared.subject);
164 free(p->prepared.comment);
165 free(p->prepared.ext);
166 free(p->prepared.file_name);
167 free(p->prepared.system_full_path);
168 free(p->prepared.system_thumb_path);
169 free(p->prepared.file_info);
170 free(p->scannable_comment);
171 free(p->position_map);
172 *p = (struct post_cmd) { 0 };
175 /* The bulk of work for processing a post */
176 static void handle_op_or_reply(struct configuration *conf, FCGX_Request *r,
177 struct post_cmd *pc, const char *ip, size_t
178 parent_thread)
180 char *buf = 0;
181 char *abs_file_path = 0;
182 size_t len = 0;
183 int our_fault = 0;
184 uintmax_t real_thread = 0;
185 int cooldown = 0;
186 int thread_dne = 0;
187 int thread_full = 0;
188 int thread_closed = 0;
189 const struct filetype *f;
190 size_t board_pages_num = 0;
191 uintmax_t *thread_ids = 0;
192 size_t thread_ids_num = 0;
193 uint_fast8_t need_to_unlock = 0;
195 if (!parent_thread &&
196 (!pc->raw.file_contents ||
197 !pc->raw.file_contents_len)) {
198 LOG("New thread, yet no file (400)");
199 report_bad_request(r, "New threads must have a file");
200 goto done;
203 /* pc comes in with a bunch of these lens set not-as-desired */
204 if (pc->raw.file_name_len > conf->max_text_len) {
205 LOG("File name length (%zu) larger than max (%zu) (413)",
206 pc->raw.file_name_len, conf->max_text_len);
207 report_too_large(r, "Filename");
208 goto done;
211 if (pc->raw.subject_len > conf->max_text_len) {
212 LOG("Subject length (%zu) larger than max (%zu) (413)",
213 pc->raw.subject_len, conf->max_text_len);
214 report_too_large(r, "Subject text");
215 goto done;
218 if (pc->raw.email_len > conf->max_text_len) {
219 LOG("Email length (%zu) larger than max (%zu) (413)",
220 pc->raw.email_len, conf->max_text_len);
221 report_too_large(r, "Email address");
222 goto done;
225 if (pc->raw.comment_len > conf->max_text_len) {
226 LOG("Comment length (%zu) larger than max (%zu) (413)",
227 pc->raw.comment_len, conf->max_text_len);
228 report_too_large(r, "Comment text");
229 goto done;
232 if (pc->raw.file_contents_len > conf->max_file_size) {
233 LOG("File size (%zu) larger than max (%zu) (413)",
234 pc->raw.file_contents_len, conf->max_file_size);
235 report_too_large(r, "File size");
236 goto done;
239 if (sf_check_mime_type(pc->raw.file_contents, pc->raw.file_contents_len,
240 &f) < 0) {
241 LOG("Bad MIME check (400)");
242 report_bad_request(r, "Unsupported file type");
243 goto done;
246 /* Calculate tripcodes before HTML-escaping everything */
247 if (tripcodes_calculate(pc) < 0) {
248 LOG("Error in tripcodes_calculate (500)");
249 report_internal_error(r);
250 goto done;
253 /* HTML-escape, wordfilter, linkify */
254 if (st_sanitize_text(pc, &our_fault) < 0) {
255 if (our_fault) {
256 LOG("Error in st_sanitize_text (500)");
257 report_internal_error(r);
258 goto done;
261 LOG("Bad text (400)");
262 report_bad_request(r, "Disallowed text");
263 goto done;
266 cooldown = pc->prepared.comment_len ?
267 conf->boards[pc->board_idx].text_cooldown :
268 conf->boards[pc->board_idx].blank_cooldown;
271 * From now on, everything must be under lock, since we
272 * could be touching the filesystem. Strictly, we don't
273 * need to worry about locking for db-only operations, so
274 * this could be delayed a bit.
276 if (lock_acquire(pc->board_idx) < 0) {
277 LOG("Error in lock_acquire (500)");
278 report_internal_error(r);
279 goto done;
282 need_to_unlock = 1;
284 if (db_insert_post(ip, parent_thread, cooldown, pc, &thread_dne,
285 &thread_closed, &thread_full, &pc->prepared.id) <
286 0) {
287 LOG("Error in insert_post (500)");
288 report_internal_error(r);
289 goto done;
292 LOG("Post %zu on board /%s/", pc->prepared.id,
293 conf->boards[pc->board_idx].name);
295 if (thread_dne) {
296 LOG("Thread %zu does not exist (400)", (size_t) 0);
297 report_bad_request(r, "Thread does not exist");
298 goto done;
301 if (thread_full) {
302 LOG("Thread %zu is full (400)", (size_t) 0);
303 report_bad_request(r, "Thread is full");
304 goto done;
307 if (thread_closed) {
308 LOG("Thread %zu is closed (400)", (size_t) 0);
309 report_bad_request(r, "Thread is closed");
310 goto done;
313 /* Make thumbnails and insert them */
314 if (f) {
315 if (sf_install_files(pc->board_idx, pc->raw.file_contents,
316 pc->raw.file_contents_len,
317 &pc->prepared.now, f, &abs_file_path,
318 &pc->prepared.system_full_path,
319 &pc->prepared.system_full_path_len,
320 &pc->prepared.system_thumb_path,
321 &pc->prepared.system_thumb_path_len,
322 &our_fault) < 0) {
323 if (our_fault) {
324 LOG("Error in sf_install_files (500)");
325 report_internal_error(r);
326 goto done;
329 LOG("Couldn't install files (400)");
330 report_bad_request(r, "Bad file upload");
331 goto done;
334 /* ... and now that they're inserted, describe them ... */
335 if (sf_describe_file(f->mime_type, abs_file_path,
336 &pc->prepared.file_info,
337 &pc->prepared.file_info_len) < 0) {
338 LOG("Error in sf_describe_file (500)");
339 report_internal_error(r);
340 goto done;
343 /* ... and alert the db about that description. */
344 if (db_update_file_info(pc->board_idx, pc->prepared.id,
345 pc->prepared.file_info,
346 pc->prepared.file_info_len,
347 pc->prepared.system_full_path,
348 pc->prepared.system_full_path_len,
349 pc->prepared.system_thumb_path,
350 pc->prepared.system_thumb_path_len) <
351 0) {
352 LOG("Error in db_update_post_description (500)");
353 report_internal_error(r);
354 goto done;
359 * We're about ready to write out the threads, boards, etc.
360 * Therefore, we must now check for thread culling, and
361 * also calculate how many board pages we need.
363 if (db_cull_and_report_threads(pc->board_idx, &thread_ids,
364 &thread_ids_num, &board_pages_num) < 0) {
365 LOG("Error in db_cull_and_report_threads (500)");
366 report_internal_error(r);
367 goto done;
370 real_thread = parent_thread ? parent_thread : pc->prepared.id;
372 if (wt_write_thread(pc->board_idx, real_thread) < 0) {
373 LOG("Error in wt_write_thread (500)");
374 report_internal_error(r);
375 goto done;
378 if (wt_write_board(pc->board_idx, thread_ids, thread_ids_num,
379 board_pages_num) < 0) {
380 LOG("Error in wt_write_board (500)");
381 report_internal_error(r);
382 goto done;
385 len = snprintf(0, 0, "/%s/res/%s", pc->raw.board, pc->raw.thread);
387 if (!(buf = malloc(len + 1))) {
388 PERROR_MESSAGE("malloc");
389 report_internal_error(r);
390 goto done;
393 if (pc->raw.email &&
394 !strcmp(pc->raw.email, "noko")) {
395 sprintf(buf, "/%s/res/%s", pc->raw.board, pc->raw.thread);
396 } else {
397 sprintf(buf, "/%s", pc->raw.board);
400 report_post_successful(r, buf);
401 done:
403 if (need_to_unlock) {
404 lock_release(pc->board_idx);
407 free(buf);
408 free(abs_file_path);
409 free(thread_ids);
412 /* Rebuild every thread and every board */
413 static void handle_rebuild (struct configuration *conf, FCGX_Request *r)
415 uint_fast8_t had_errors = util_rebuild(conf);
417 FCGX_FPrintF(r->out, "Status: 200\r\nContent-type: text/plain\r\n\r\n"
418 "Rebuild complete%s\n", had_errors ?
419 " with errors" : "");
421 return;
424 /* Figure out what they want us to do */
425 static void handle(struct configuration *conf, FCGX_Request *r)
427 char *p = 0;
428 char *content_type = 0;
429 char *content_len_str = 0;
430 size_t content_len = 0;
431 char *buf_main = 0;
432 size_t buf_main_len = 0;
433 const char *content_type_prefix = "Content-Type: ";
434 struct post_cmd post_cmd = { 0 };
435 const char *ip_raw = FCGX_GetParam("REMOTE_ADDR", r->envp);
436 char *ip = 0;
437 char *ban_reason = 0;
438 char *ban_until = 0;
439 char *cooldown_length = 0;
440 uint_fast8_t found_idx = 0;
442 /* In case someone is trying for a time GET, prioritize that */
443 time(&post_cmd.prepared.now);
444 LOG("-----------------------------------------");
445 LOG("Handling post at %zu from %s", (size_t) post_cmd.prepared.now,
446 UBSAFES(ip_raw));
448 if (!ip_raw) {
449 LOG("Couldn't get REMOTE_ADDR (500)");
450 report_internal_error(r);
451 goto done;
454 if (util_normalize_ip(ip_raw, &ip) < 0) {
455 LOG("Couldn't normalize ip (500)");
456 report_internal_error(r);
457 goto done;
460 /* You can only POST to /action */
461 if (!(p = FCGX_GetParam("REQUEST_METHOD", r->envp))) {
462 LOG("Couldn't get request method (500)");
463 report_internal_error(r);
464 goto done;
467 if (strcmp(p, "POST")) {
468 LOG("request method was not POST (405)");
469 report_bad_method(r);
470 goto done;
473 /* We have to somehow feed this into multipart */
474 if (!(content_type = FCGX_GetParam("CONTENT_TYPE", r->envp))) {
475 LOG("Can't get CONTENT_TYPE (500)");
476 report_internal_error(r);
477 goto done;
480 if (!(content_len_str = FCGX_GetParam("CONTENT_LENGTH", r->envp))) {
481 LOG("Can't get CONTENT_LENGTH (500)");
482 report_internal_error(r);
483 goto done;
486 content_len = (size_t) strtoll(content_len_str, 0, 0);
488 if (content_len > max_form_data_size) {
489 LOG("Buffer would have exceeded %zuB (413)",
490 max_form_data_size);
491 report_too_large(r, "Total POST");
492 goto done;
495 buf_main_len = strlen(content_type_prefix) + strlen(content_type) +
496 strlen("\r\n\r\n") + content_len;
498 if (!(buf_main = malloc(buf_main_len + 1))) {
499 PERROR_MESSAGE("malloc");
500 goto done;
503 size_t offset = sprintf(buf_main, "%s%s\r\n\r\n", content_type_prefix,
504 content_type);
506 /* Try and swallow this thing into a buffer */
507 FCGX_GetStr(buf_main + offset, content_len, r->in);
509 /* Okay, we've got it in the buffer */
510 if (multipart_decompose(buf_main, buf_main_len, &post_cmd) < 0) {
511 LOG("Decoding message failed, returning (400)");
512 report_bad_request(r, "Invalid multipart/form-data");
513 goto done;
516 /* Now we can check what they actually wanted us to DO */
517 if (!post_cmd.raw.action) {
518 LOG("No action specified (400)");
519 report_bad_request(r, "You have to give action=something");
520 goto done;
521 } else if (!(strcmp(post_cmd.raw.action, "reply"))) {
522 post_cmd.action_id = REPLY;
523 } else if (!(strcmp(post_cmd.raw.action, "newthread"))) {
524 post_cmd.action_id = NEWTHREAD;
525 } else if (!(strcmp(post_cmd.raw.action, "rebuild"))) {
526 post_cmd.action_id = REBUILD;
529 if (post_cmd.raw.thread) {
530 post_cmd.thread_id = strtoll(post_cmd.raw.thread, 0, 0);
533 if (post_cmd.action_id == NONE) {
534 LOG("Invalid action \"%s\" (400)", post_cmd.raw.action);
535 report_bad_request(r, "That's not a valid action");
536 goto done;
540 * XXX: the idea is to only accept REBUILD commmands from
541 * the local machine. Is this necessary and sufficient in
542 * the world of ipv6?
544 if (post_cmd.action_id == REBUILD) {
545 /* Note that the IP is normalized so we can sort it */
546 if (strcmp(ip, "127.000.000.001") &&
547 strcmp(ip, "000.000.000.000") &&
548 strcmp(ip, "0000:0000:0000:0000:0000:0000:0000:0001")) {
549 LOG("REBUILD requested from invalid ip %s", ip);
550 report_bad_request(r, "You can(not) rebuild");
551 goto done;
554 goto take_action;
557 /* And we can find where they wanted to do it */
558 found_idx = 0;
560 if (!post_cmd.raw.board) {
561 LOG("No board specified (400)");
562 report_bad_request(r, "You have to give board=something");
563 goto done;
566 if (post_cmd.action_id == REPLY &&
567 !post_cmd.thread_id) {
568 LOG("Reply, yet no thread (400)");
569 report_bad_request(r, "You have to give thread=something");
570 goto done;
573 for (size_t j = 0; j < conf->boards_num; ++j) {
574 if (!strcmp(post_cmd.raw.board, conf->boards[j].name)) {
575 post_cmd.board_idx = j;
576 found_idx = 1;
577 break;
581 if (!found_idx) {
582 LOG("Invalid board \"%s\" (400)", post_cmd.raw.board);
583 report_bad_request(r, "That's not a valid board");
584 goto done;
587 int is_banned = 0;
589 if (db_check_bans(ip, post_cmd.board_idx, post_cmd.prepared.now,
590 &is_banned, &ban_until, &ban_reason) < 0) {
591 LOG("Couldn't determine ban status (500)");
592 report_internal_error(r);
593 goto done;
596 if (is_banned) {
597 /* This should give HTTP 403 */
598 LOG("Ban detected (until=\"%s\", reason=\"%s\") (403)",
599 ban_until, ban_reason);
600 report_ban(r, ban_until, ban_reason);
601 goto done;
604 if (post_cmd.action_id == REPLY ||
605 post_cmd.action_id == NEWTHREAD) {
606 int is_cooled = 0;
608 if (db_check_cooldowns(ip, post_cmd.board_idx,
609 post_cmd.prepared.now, &is_cooled,
610 &cooldown_length) < 0) {
611 LOG("Couldn't determine cooldown status (500)");
612 report_internal_error(r);
613 goto done;
616 if (is_cooled) {
617 /* This should give HTTP 429 */
618 LOG("Cooldown triggered (length=\"%s\") (429)",
619 cooldown_length);
620 report_cooldown(r, cooldown_length);
621 goto done;
624 int correct_challenge = 0;
626 if (!post_cmd.raw.challenge_id) {
627 LOG("No challenge id given (403)");
628 report_bad_challenge(r);
629 goto done;
632 char *e = 0;
633 size_t challenge_idx = (size_t) strtoll(
634 post_cmd.raw.challenge_id, &e, 0);
636 if (e &&
637 *e) {
638 challenge_idx = conf->challenges_num;
641 if (challenge_idx >= conf->challenges_num) {
642 LOG("Bad challenge id \"%s\" given (403)",
643 post_cmd.raw.challenge_id);
644 report_bad_challenge(r);
645 goto done;
648 if (!post_cmd.raw.challenge_response) {
649 LOG("No challenge response given (403)");
650 report_bad_challenge(r);
651 goto done;
654 for (size_t j = 0; j < NUM_CHALLENGE_ANSWERS; ++j) {
655 if (!conf->challenges[challenge_idx].answers[j]) {
656 continue;
659 if (!strcasecmp(post_cmd.raw.challenge_response,
660 conf->challenges[challenge_idx].answers[
661 j])) {
662 correct_challenge = 1;
666 if (!correct_challenge) {
667 LOG("Incorrect response \"%s\" to challenge %s (403)",
668 post_cmd.raw.challenge_response,
669 post_cmd.raw.challenge_id);
670 report_bad_challenge(r);
671 goto done;
675 take_action:
677 /* Now we split into specific actions */
678 switch (post_cmd.action_id) {
679 case REPLY:
680 LOG("reply to /%s/%ju", UBSAFES(post_cmd.raw.board), post_cmd.thread_id);
681 handle_op_or_reply(conf, r, &post_cmd, ip, post_cmd.thread_id);
682 break;
683 case NEWTHREAD:
684 LOG("newthread on /%s/", UBSAFES(post_cmd.raw.board));
685 handle_op_or_reply(conf, r, &post_cmd, ip, 0);
686 break;
687 case REBUILD:
688 LOG("rebuild");
689 handle_rebuild(conf, r);
690 break;
691 case NONE:
692 ERROR_MESSAGE("Impossible");
693 report_internal_error(r);
694 break;
697 done:
698 clean_post_cmd(&post_cmd);
699 free(buf_main);
700 free(ban_reason);
701 free(ban_until);
702 free(cooldown_length);
705 /* Do the thing */
706 int main(void)
708 int ret = 1;
709 FCGX_Request r = { 0 };
710 struct configuration conf = { 0 };
712 setlocale(LC_ALL, "");
714 /* tedu@ is probably laughing at me right now. Hi! */
715 srand(time(0));
716 conf = (struct configuration) {
717 /* */
718 .static_www_folder = static_www_folder, /* */
719 .work_path = work_path, /* */
720 .trip_salt = trip_salt, /* */
721 .trip_salt_len = strlen(trip_salt), /* */
722 .boards = boards, /* */
723 .boards_num = NUM_OF(boards), /* */
724 .max_form_data_size = max_form_data_size, /* */
725 .max_file_size = max_file_size, /* */
726 .max_text_len = max_text_len, /* */
727 .filetypes = filetypes, /* */
728 .filetypes_num = NUM_OF(filetypes), /* */
729 .file_description_prog = file_description_prog, /* */
730 .headers = headers, /* */
731 .headers_num = NUM_OF(headers), /* */
732 .challenges = challenges, /* */
733 .challenges_num = NUM_OF(challenges), /* */
734 .wordfilter_inputs = wordfilter_inputs, /* */
735 .wordfilter_inputs_num = NUM_OF(wordfilter_inputs), /* */
738 if (preconditions_check(&conf) < 0) {
739 goto done;
742 if (board_pages_init(&conf) < 0) {
743 goto done;
746 FCGX_Init();
747 FCGX_InitRequest(&r, 0, 0);
749 while (FCGX_Accept_r(&r) == 0) {
750 handle(&conf, &r);
751 FCGX_Finish_r(&r);
754 ret = 0;
755 done:
756 clean_dbs();
757 clean_locks();
758 clean_multipart();
759 clean_sanitize_comment();
760 clean_sanitize_file();
761 clean_tripcodes();
762 clean_write_thread();
764 return ret;