Improvements to auth code, now the interface and implemenation are much cleaner.
This commit is contained in:
uriel
parent
29e035ec53
commit
a42e7ad88b
128
bin/cgilib.rc
128
bin/cgilib.rc
@ -1,4 +1,5 @@
|
|||||||
# Useful functions
|
##############################################
|
||||||
|
# Useful CGI functions
|
||||||
|
|
||||||
NEW_LINE = '
|
NEW_LINE = '
|
||||||
'
|
'
|
||||||
@ -50,19 +51,6 @@ fn awk_buffer {
|
|||||||
END{ printf "%s", buf }'
|
END{ printf "%s", buf }'
|
||||||
}
|
}
|
||||||
|
|
||||||
fn template { template.awk $* | rc $rcargs }
|
|
||||||
|
|
||||||
# .rec parsing
|
|
||||||
fn parse_rec {
|
|
||||||
ifs='
|
|
||||||
' for(i in `{sed 's/% *//g; /^$/q' < $1}) {
|
|
||||||
v = `{echo -n $i | sed 's/^/rec_/; s/=.*//;'}
|
|
||||||
$v = `{echo -n $i | sed 's/^[^=]*=//'}
|
|
||||||
}
|
|
||||||
ifs=() { rec_data = `{sed -n '/^[^%]./,$p' < $1} }
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn urldecode {
|
fn urldecode {
|
||||||
awk '
|
awk '
|
||||||
BEGIN {
|
BEGIN {
|
||||||
@ -124,61 +112,91 @@ fn get_cookie {
|
|||||||
{ for(c in $co) echo $c} | sed -n 's/[^=]*=//p'
|
{ for(c in $co) echo $c} | sed -n 's/[^=]*=//p'
|
||||||
}
|
}
|
||||||
|
|
||||||
# Auth code
|
|
||||||
# Cookie format: WERC_USER: name:timestamp:hash(name.timestamp.password)
|
|
||||||
|
|
||||||
|
|
||||||
|
##############################################
|
||||||
|
# More werc-specific functions
|
||||||
|
|
||||||
|
fn template { template.awk $* | rc $rcargs }
|
||||||
|
|
||||||
|
# .rec parsing
|
||||||
|
fn parse_rec {
|
||||||
|
ifs='
|
||||||
|
' for(i in `{sed 's/% *//g; /^$/q' < $1}) {
|
||||||
|
v = `{echo -n $i | sed 's/^/rec_/; s/=.*//;'}
|
||||||
|
$v = `{echo -n $i | sed 's/^[^=]*=//'}
|
||||||
|
}
|
||||||
|
ifs=() { rec_data = `{sed -n '/^[^%]./,$p' < $1} }
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Auth code
|
||||||
|
|
||||||
|
# Cookie format: WERC_USER: name:timestamp:hash(name.timestamp.password)
|
||||||
# login_user can't be used from a template because it sets a cookie
|
# login_user can't be used from a template because it sets a cookie
|
||||||
fn login_user {
|
fn login_user {
|
||||||
get_post_args user_name user_password
|
# Note: get_user can use an existing cookie, so we might end up setting an existing cookie
|
||||||
if(auth_user $user_name $user_password)
|
if(get_user $*)
|
||||||
set_cookie werc_user $"user_name^':0:'^$"user_password
|
set_cookie werc_user $"logged_user^':0:'^$"logged_password
|
||||||
if not
|
|
||||||
status='Auth: failed login for $user_name $user_password'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn auth_user {
|
# Checks if we are logged in, if called with an argument, we check group membership too
|
||||||
user_name = $1
|
fn check_user {
|
||||||
user_pass = $2
|
if(! get_user)
|
||||||
|
status='Not logged in'
|
||||||
pfile = 'etc/users/'^$"user_name^'/password'
|
if not if (! ~ $#1 0 && ! grep -s '^'^$logged_user^'$' etc/groups/$1)
|
||||||
if (~ $#user_name 0 || ~ $#user_password 0)
|
status=User $logged_user not in group $1
|
||||||
status='Auth: missing user name or pass: '^$user_name^' / '^$user_password
|
|
||||||
if not if(! test -f $pfile)
|
|
||||||
status='Auth: cant find '^$pfile
|
|
||||||
if not if (! ~ $user_pass `{cat $pfile})
|
|
||||||
status='Auth: Pass '$user_pass' doesnt match '^`{cat $pfile}
|
|
||||||
if not
|
|
||||||
dprint Auth: success
|
|
||||||
}
|
|
||||||
|
|
||||||
fn user_in_group {
|
|
||||||
if(~ $#logged_user 0)
|
|
||||||
get_user
|
|
||||||
|
|
||||||
if(~ $#logged_user 0)
|
|
||||||
false
|
|
||||||
if not if (! grep -s '^'^$logged_user^'$' etc/groups/$1)
|
|
||||||
false
|
|
||||||
if not
|
if not
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# If not logged in, try to get user login info from POST info or from cookie
|
||||||
fn get_user {
|
fn get_user {
|
||||||
if(~ $REQUEST_METHOD POST)
|
if (~ $#logged_user 0) {
|
||||||
get_post_args user_name user_password
|
if (~ $#* 2) {
|
||||||
if(~ $#user_name 0) {
|
user_name = $1
|
||||||
ifs=':' { cu = `{get_cookie werc_user|tr -d $NEW_LINE} }
|
user_password $2
|
||||||
if(! ~ $#cu 0) {
|
|
||||||
user_name = $cu(1)
|
|
||||||
user_password = $cu(3)
|
|
||||||
}
|
}
|
||||||
|
if not if(~ $REQUEST_METHOD POST)
|
||||||
|
get_post_args user_name user_password
|
||||||
|
|
||||||
|
if(~ $#user_name 0) {
|
||||||
|
ifs=':' { cu = `{get_cookie werc_user|tr -d $NEW_LINE} }
|
||||||
|
if(! ~ $#cu 0) {
|
||||||
|
user_name = $cu(1)
|
||||||
|
user_password = $cu(3)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
auth_user $user_name $user_password
|
||||||
}
|
}
|
||||||
if(! ~ $#user_name 0 && auth_user $user_name $user_password) {
|
if not
|
||||||
|
true
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check if user_name and user_password represent a valid user account
|
||||||
|
# If valid, 'log in' by setting logged_user
|
||||||
|
fn auth_user {
|
||||||
|
user_name = $1
|
||||||
|
user_password = $2
|
||||||
|
|
||||||
|
pfile = 'etc/users/'^$"user_name^'/password'
|
||||||
|
if (~ $#user_name 0 || ~ $#user_password 0)
|
||||||
|
status='Auth: missing user name or pass: '^$"user_name^' / '^$"user_password
|
||||||
|
if not if(! test -f $pfile)
|
||||||
|
status='Auth: cant find '^$pfile
|
||||||
|
if not if (! ~ $user_password `{cat $pfile})
|
||||||
|
status='Auth: Pass '$user_password' doesnt match '^`{cat $pfile}
|
||||||
|
if not {
|
||||||
logged_user = $user_name
|
logged_user = $user_name
|
||||||
logged_password = $user_password
|
logged_password = $user_password
|
||||||
|
dprint Auth: success
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Blog stuff
|
||||||
|
|
||||||
fn make_blog_post {
|
fn make_blog_post {
|
||||||
bdir = $1
|
bdir = $1
|
||||||
btitle = $2
|
btitle = $2
|
||||||
@ -196,10 +214,8 @@ fn make_blog_post {
|
|||||||
|
|
||||||
echo $btext > $bdir^'/'^$"date^'-'^$"n^_$"btitle.md
|
echo $btext > $bdir^'/'^$"date^'-'^$"n^_$"btitle.md
|
||||||
}
|
}
|
||||||
if not {
|
if not
|
||||||
dprint $1 $2 $3
|
status=Missing blog post arguments $1 $2 $3
|
||||||
false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user