#include #include #include #include #include #include "../lib/md4c/src/entity.h" #include "../lib/md4c/src/entity.c" #include "../lib/md4c/src/md4c.h" #include "../lib/md4c/src/md4c.c" #include "../lib/md4c/src/md4c-html.h" #include "../lib/md4c/src/md4c-html.c" #include "assets.h" // FIXME: Why does compilation fail if this is a .c file? #include "queries.h" KORE_SECCOMP_FILTER("clog", KORE_SYSCALL_ALLOW(bind), KORE_SYSCALL_ALLOW(getdents64), KORE_SYSCALL_ALLOW(newfstatat), KORE_SYSCALL_ALLOW(sendmmsg), KORE_SYSCALL_ALLOW(uname) ) enum request_type { JSON, HTML }; struct post_request { struct http_request *req; const char *resource; enum request_type type; int resp_status; struct kore_buf *resp_buf; }; static const char *accept_json = "application/json"; static const char *database = "db"; static const char * const error_msg[] = { [HTTP_STATUS_NOT_FOUND] = "Resource not found.", [HTTP_STATUS_INTERNAL_ERROR] = "There was an error processing the request.", }; void post_request_init(struct post_request *post_req); void post_request_cleanup(struct post_request *post_req); int validate_uuid(const char *input); int redirect(struct http_request *req); int post(struct http_request *req); int posts(struct http_request *req); int render_posts(struct http_request *req, const char *resource); int render_posts_query(struct post_request *post_req); int toys(struct http_request *req); int get_toys(struct http_request *req); int post_toys(struct http_request *req); static void process_md_output(const MD_CHAR *, MD_SIZE size, void *); static int render_md(const char *, struct kore_buf *); void post_request_init(struct post_request *post_req) { post_req->req = NULL; post_req->resource = NULL; post_req->type = JSON; post_req->resp_status = HTTP_STATUS_OK; post_req->resp_buf = kore_buf_alloc(0); } void post_request_cleanup(struct post_request *post_req) { if (post_req->resp_buf != NULL) kore_buf_free(post_req->resp_buf); post_req->resp_buf = NULL; } int validate_uuid(const char *input) { int i = 0; const char *p = NULL; if (strlen(input) != 36) return KORE_RESULT_ERROR; for (i = 0, p = input; i <= 36; i++) { if ((i == 8) || (i == 13) || (i == 18) || (i == 23)) { if (p[i] != '-') return KORE_RESULT_ERROR; continue; } if (i == 36) { if (p[i] != '\0') return KORE_RESULT_ERROR; continue; } if (!isxdigit(p[i])) return KORE_RESULT_ERROR; } return KORE_RESULT_OK; } int redirect(struct http_request *req) { http_response_header(req, "Location", "/"); http_response(req, HTTP_STATUS_MOVED_PERMANENTLY, NULL, 0); return KORE_RESULT_OK; } int post(struct http_request *req) { const char *resource = NULL; resource = req->path + strlen("/posts/"); kore_log(LOG_DEBUG, "Resource /posts/%s", resource); return render_posts(req, resource); } int posts(struct http_request *req) { return render_posts(req, NULL); } int render_posts(struct http_request *req, const char *resource) { int err = 0; const char *accept = NULL; struct post_request post_req; post_request_init(&post_req); post_req.req = req; post_req.resource = resource; err = http_request_header(req, "accept", &accept); if (err == KORE_RESULT_OK) { kore_log(LOG_DEBUG, "Accept: %s", accept); if (strncmp(accept, accept_json, sizeof(*accept_json)) == 0) post_req.type = JSON; else post_req.type = HTML; } if (post_req.type == JSON) { http_response_header(post_req.req, "content-type", "application/json; charset=utf-8"); (void) render_posts_query(&post_req); if (post_req.resp_status != HTTP_STATUS_OK) { kore_buf_appendf( post_req.resp_buf, (const char *) asset_error_json, error_msg[post_req.resp_status] ); } } else { http_response_header(post_req.req, "content-type", "text/html; charset=utf-8"); kore_buf_append(post_req.resp_buf, asset_index_begin_html, asset_len_index_begin_html); (void) render_posts_query(&post_req); if (post_req.resp_status != HTTP_STATUS_OK) { kore_buf_appendf( post_req.resp_buf, (const char *) asset_error_html, error_msg[post_req.resp_status] ); } kore_buf_append(post_req.resp_buf, asset_index_end_html, asset_len_index_end_html); } http_response( post_req.req, post_req.resp_status, post_req.resp_buf->data, post_req.resp_buf->offset ); post_request_cleanup(&post_req); return KORE_RESULT_OK; } int render_posts_query(struct post_request *post_req) { int err = 0; int row = 0, rows = 0; const char *id = NULL; const char *title = NULL; const char *created_at = NULL; const char *body = NULL; const char *json = NULL; struct kore_pgsql sql; kore_pgsql_init(&sql); // TODO use kore validation here. if (post_req->resource) { // Check for valid resource ID/UUID err = validate_uuid(post_req->resource); if (err == KORE_RESULT_ERROR) { post_req->resp_status = HTTP_STATUS_NOT_FOUND; kore_log(LOG_ERR, "Invalid post UUID %s.", post_req->resource); goto out; } } // Initialize our kore_pgsql data structure with the database name // we want to connect to (note that we registered this earlier with // kore_pgsql_register()). We also say we will perform a synchronous // query (KORE_PGSQL_SYNC). err = kore_pgsql_setup(&sql, database, KORE_PGSQL_SYNC); if (err == KORE_RESULT_ERROR) { post_req->resp_status = HTTP_STATUS_INTERNAL_ERROR; kore_pgsql_logerror(&sql); goto out; } // Query for posts, check for error. if (post_req->resource != NULL) { // Query a post. err = kore_pgsql_query_params( &sql, post_req->type == HTML ? query_html_post : query_json_post, 0, // return string data 1, // param count KORE_PGSQL_PARAM_TEXT(post_req->resource) ); } else { // Query all posts. err = kore_pgsql_query( &sql, post_req->type == HTML ? query_html_posts : query_json_posts ); } if (err == KORE_RESULT_ERROR) { post_req->resp_status = HTTP_STATUS_INTERNAL_ERROR; kore_pgsql_logerror(&sql); goto out; } if (post_req->type == JSON) { // XXX Always tuples from the above Postgres queries, need to check the length for results. if (kore_pgsql_getlength(&sql, 0, 0) == 0) { post_req->resp_status = HTTP_STATUS_NOT_FOUND; goto out; } json = kore_pgsql_getvalue(&sql, 0, 0); kore_buf_append( post_req->resp_buf, json, strlen(json) ); } else { // post_req->type == HTML rows = kore_pgsql_ntuples(&sql); // TODO: Add test for this; When database is empty, don't return 404 for base request. if (post_req->resource && rows == 0) { post_req->resp_status = HTTP_STATUS_NOT_FOUND; goto out; } // Iterate over posts and render them. for (row = 0; row < rows; row++) { id = kore_pgsql_getvalue(&sql, row, 0); title = kore_pgsql_getvalue(&sql, row, 1); created_at = kore_pgsql_getvalue(&sql, row, 2); body = kore_pgsql_getvalue(&sql, row, 3); kore_log(LOG_DEBUG, "id: '%s'; title '%s'", id, title); // Allocate a buffer to render the markdown as HTML into. struct kore_buf *html_buf = kore_buf_alloc(0); // Render MD. err = render_md(body, html_buf); if (err == KORE_RESULT_ERROR) { kore_log(LOG_ERR, "Error rendering markdown for entry %s.", id); kore_buf_free(html_buf); continue; } // Append rendered MD post. kore_buf_appendf( post_req->resp_buf, (const char *) asset_post_html, title, created_at, kore_buf_stringify(html_buf, NULL) ); kore_buf_free(html_buf); } } out: ; kore_pgsql_cleanup(&sql); return KORE_RESULT_OK; } int toys(struct http_request *req) { if (req->method == HTTP_METHOD_GET) get_toys(req); else if (req->method == HTTP_METHOD_POST) post_toys(req); return KORE_RESULT_OK; } int get_toys(struct http_request *req) { http_response(req, HTTP_STATUS_OK, "OK", strlen("OK")); return KORE_RESULT_OK; } int post_toys(struct http_request *req) { int err = 0; int status = HTTP_STATUS_OK; struct kore_json_item *item = NULL; const char *id = NULL; const char *title = NULL; const char *body = NULL; struct kore_json json; struct kore_pgsql sql; // const char *json_str = "{\"id\": \"00000000-0000-0000-0000-000000000000\", " // "\"title\": \"title\", \"body\": \"body\"}"; // kore_json_init(&json, json_str, strlen(json_str)); kore_json_init(&json, req->http_body->data, req->http_body->length); kore_pgsql_init(&sql); if (!kore_json_parse(&json)) { status = HTTP_STATUS_INTERNAL_ERROR; kore_log(LOG_ERR, "error parsing json: %s\n", kore_json_strerror()); goto out; } item = kore_json_find_string(json.root, "id"); if (item != NULL) { id = item->data.string; kore_log(LOG_INFO, "id = '%s'\n", id); } else { status = HTTP_STATUS_INTERNAL_ERROR; kore_log(LOG_ERR, "error parsing id: %s\n", kore_json_strerror()); goto out; } // Check for valid resource ID/UUID err = validate_uuid(id); if (err == KORE_RESULT_ERROR) { status = HTTP_STATUS_NOT_FOUND; kore_log(LOG_ERR, "Invalid post UUID %s.", id); goto out; } item = kore_json_find_string(json.root, "title"); if (item != NULL) { title = item->data.string; kore_log(LOG_INFO, "title = '%s'\n", title); } else { status = HTTP_STATUS_INTERNAL_ERROR; kore_log(LOG_ERR, "error parsing title: %s\n", kore_json_strerror()); goto out; } item = kore_json_find_string(json.root, "body"); if (item != NULL) { body = item->data.string; kore_log(LOG_INFO, "body = '%s'\n", body); } else { status = HTTP_STATUS_INTERNAL_ERROR; kore_log(LOG_ERR, "error parsing body: %s\n", kore_json_strerror()); goto out; } err = kore_pgsql_setup(&sql, database, KORE_PGSQL_SYNC); if (err == KORE_RESULT_ERROR) { status = HTTP_STATUS_INTERNAL_ERROR; kore_pgsql_logerror(&sql); goto out; } // Insert a post. // err = kore_pgsql_query( err = kore_pgsql_query_params( &sql, "INSERT INTO posts (id, title, body) " "VALUES ($1, $2, $3);", 0, 3, KORE_PGSQL_PARAM_TEXT(id), KORE_PGSQL_PARAM_TEXT(title), KORE_PGSQL_PARAM_TEXT(body) ); if (err == KORE_RESULT_ERROR) { status = HTTP_STATUS_INTERNAL_ERROR; kore_pgsql_logerror(&sql); goto out; } out: ; kore_json_cleanup(&json); kore_pgsql_cleanup(&sql); http_response(req, status, NULL, 0); return KORE_RESULT_OK; } static int render_md(const char *in, struct kore_buf *out) { int err = 0; static unsigned parser_flags = 0; static unsigned renderer_flags = MD_HTML_FLAG_DEBUG; err = md_html( in, (MD_SIZE) strlen(in), process_md_output, (void*) out, parser_flags, renderer_flags ); if(err != 0) { kore_log(LOG_ERR, "Parsing Markdown failed."); return KORE_RESULT_ERROR; } return KORE_RESULT_OK; } static void process_md_output(const MD_CHAR *html, MD_SIZE size, void *buf) { kore_buf_append( (struct kore_buf *) buf, (const void *) html, (size_t) size ); }