shithub: werc

Download patch

ref: dddf12c59b1de6288ba3024b4f406a220ba5c5ca
parent: d83c0aee81f43b3088bd72aac696d41b29c1db97
author: uriel <[email protected]>
date: Wed Oct 22 05:18:55 EDT 2008

Improvements to auth code, now the interface and implemenation are much cleaner.

--- a/bin/cgilib.rc
+++ b/bin/cgilib.rc
@@ -1,4 +1,5 @@
-# Useful functions
+##############################################
+# Useful CGI functions
 
 NEW_LINE = '
 '
@@ -50,19 +51,6 @@
     END{ printf "%s", buf }'
 }
 
-fn template { template.awk $* | rc $rcargs }
-
-# .rec parsing
-fn parse_rec {
-    ifs='
-' for(i in `{sed 's/% *//g; /^$/q' < $1}) {
-        v = `{echo -n $i | sed 's/^/rec_/; s/=.*//;'} 
-        $v = `{echo -n $i | sed 's/^[^=]*=//'}
-    }
-    ifs=() { rec_data = `{sed -n '/^[^%]./,$p' < $1} }
-}
-
-
 fn urldecode {
 awk '
 BEGIN {
@@ -124,60 +112,90 @@
     { for(c in $co) echo $c} | sed -n 's/[^=]*=//p' 
 }
 
+
+
+##############################################
+# More werc-specific functions
+
+fn template { template.awk $* | rc $rcargs }
+
+# .rec parsing
+fn parse_rec {
+    ifs='
+' for(i in `{sed 's/% *//g; /^$/q' < $1}) {
+        v = `{echo -n $i | sed 's/^/rec_/; s/=.*//;'} 
+        $v = `{echo -n $i | sed 's/^[^=]*=//'}
+    }
+    ifs=() { rec_data = `{sed -n '/^[^%]./,$p' < $1} }
+}
+
+
 # Auth code
-# Cookie format: WERC_USER: name:timestamp:hash(name.timestamp.password)
 
+# Cookie format: WERC_USER: name:timestamp:hash(name.timestamp.password)
 # login_user can't be used from a template because it sets a cookie 
 fn login_user {
-    get_post_args user_name user_password
-    if(auth_user $user_name $user_password)
-        set_cookie werc_user $"user_name^':0:'^$"user_password
+    # Note: get_user can use an existing cookie, so we might end up setting an existing cookie
+    if(get_user $*)
+        set_cookie werc_user $"logged_user^':0:'^$"logged_password
+}
+
+# Checks if we are logged in, if called with an argument, we check group membership too
+fn check_user {
+    if(! get_user)
+        status='Not logged in'
+    if not if (! ~ $#1 0 && ! grep -s '^'^$logged_user^'$' etc/groups/$1)
+        status=User $logged_user not in group $1
     if not
-        status='Auth: failed login for $user_name $user_password'
+        true
 }
 
+# If not logged in, try to get user login info from POST info or from cookie
+fn get_user {
+    if (~ $#logged_user 0) {
+        if (~ $#* 2) {
+            user_name = $1 
+            user_password $2
+        }
+        if not if(~ $REQUEST_METHOD POST)
+            get_post_args user_name user_password
+
+        if(~ $#user_name 0) { 
+            ifs=':' { cu = `{get_cookie werc_user|tr -d $NEW_LINE} }
+            if(! ~ $#cu 0) {
+                user_name = $cu(1) 
+                user_password  = $cu(3)
+            }
+        }
+        auth_user $user_name $user_password
+    }
+    if not
+        true
+}
+
+# Check if user_name and user_password represent a valid user account
+# If valid, 'log in' by setting logged_user
 fn auth_user {
     user_name = $1
-    user_pass = $2
+    user_password = $2
 
     pfile = 'etc/users/'^$"user_name^'/password'
     if (~ $#user_name 0 || ~ $#user_password 0)
-        status='Auth: missing user name or pass: '^$user_name^' / '^$user_password
+        status='Auth: missing user name or pass: '^$"user_name^' / '^$"user_password
     if not if(! test -f $pfile)
         status='Auth: cant find '^$pfile
-    if not if (! ~ $user_pass `{cat $pfile})
-        status='Auth: Pass '$user_pass' doesnt match '^`{cat $pfile}
-    if not
+    if not if (! ~ $user_password `{cat $pfile})
+        status='Auth: Pass '$user_password' doesnt match '^`{cat $pfile}
+    if not {
+        logged_user = $user_name
+        logged_password = $user_password
         dprint Auth: success
+    }
 }
 
-fn user_in_group {
-    if(~ $#logged_user 0)
-        get_user
 
-    if(~ $#logged_user 0)
-        false
-    if not if (! grep -s '^'^$logged_user^'$' etc/groups/$1)
-        false
-    if not
-        true
-}
 
-fn get_user {
-    if(~ $REQUEST_METHOD POST)
-        get_post_args user_name user_password
-    if(~ $#user_name 0) { 
-        ifs=':' { cu = `{get_cookie werc_user|tr -d $NEW_LINE} }
-        if(! ~ $#cu 0) {
-            user_name = $cu(1) 
-            user_password  = $cu(3)
-        }
-    }
-    if(! ~ $#user_name 0 && auth_user $user_name $user_password) {
-        logged_user = $user_name
-        logged_password = $user_password
-    }
-}
+# Blog stuff
 
 fn make_blog_post {
     bdir = $1
@@ -196,10 +214,8 @@
 
         echo $btext > $bdir^'/'^$"date^'-'^$"n^_$"btitle.md 
     }
-    if not {
-        dprint $1 $2 $3 
-        false
-    }
+    if not
+        status=Missing blog post arguments $1 $2 $3 
 }