/* Copyright 2017, Michele Santullo
* This file is part of "tawashi".
*
* "tawashi" is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* "tawashi" is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with "tawashi". If not, see .
*/
#include "submit_paste_response.hpp"
#include "incredis/incredis.hpp"
#include "cgi_post.hpp"
#include "cgi_env.hpp"
#include "num_to_token.hpp"
#include "settings_bag.hpp"
#include "duckhandy/compatibility.h"
#include "duckhandy/lexical_cast.hpp"
#include "duckhandy/int_to_string_ary.hpp"
#include "tawashi_exception.hpp"
#include
#include
#include
#include
#include
extern "C" void tiger (const char* parStr, uint64_t parLength, uint64_t parHash[3], char parPadding);
namespace tawashi {
namespace {
const char g_post_key[] = "pastie";
const char g_language_key[] = "lang";
const char g_duration_key[] = "ttl";
class MissingPostVarError : public TawashiException {
public:
explicit MissingPostVarError(const boost::string_ref& parKey) :
TawashiException(
ErrorReasons::MissingPostVariable,
"Error retrieving POST variable \"" + std::string(parKey.begin(), parKey.end()) + "\""
)
{}
};
template
inline boost::string_ref make_string_ref (const char (&parStr)[N]) a_always_inline;
template
boost::string_ref make_string_ref (const char (&parStr)[N]) {
static_assert(N > 0, "wat?");
return boost::string_ref(parStr, N - 1);
}
boost::string_ref get_value_from_post (const cgi::PostMapType& parPost, boost::string_ref parKey) {
std::string key(parKey.data(), parKey.size());
auto post_data_it = parPost.find(key);
if (parPost.end() == post_data_it)
throw MissingPostVarError(parKey);
return post_data_it->second;
}
std::string hashed_ip (const std::string& parIP) {
using dhandy::tags::hex;
uint64_t hash[3];
tiger(parIP.data(), parIP.size(), hash, 0x80);
auto h1 = dhandy::int_to_string_ary(hash[0]);
auto h2 = dhandy::int_to_string_ary(hash[1]);
auto h3 = dhandy::int_to_string_ary(hash[2]);
std::string retval(2 * sizeof(uint64_t) * 3, '0');
assert(h1.size() <= 2 * sizeof(uint64_t));
std::copy(h1.begin(), h1.end(), retval.begin() + 2 * sizeof(uint64_t) * 0 + 2 * sizeof(uint64_t) - h1.size());
assert(h2.size() <= 2 * sizeof(uint64_t));
std::copy(h2.begin(), h2.end(), retval.begin() + 2 * sizeof(uint64_t) * 1 + 2 * sizeof(uint64_t) - h2.size());
assert(h3.size() <= 2 * sizeof(uint64_t));
std::copy(h3.begin(), h3.end(), retval.begin() + 2 * sizeof(uint64_t) * 2 + 2 * sizeof(uint64_t) - h3.size());
SPDLOG_DEBUG(spdlog::get("statuslog"), "IP \"{}\" hashed -> \"{}\"", parIP, retval);
assert(retval.size() == 16 * 3);
return retval;
}
} //unnamed namespace
SubmitPasteResponse::SubmitPasteResponse (
const Kakoune::SafePtr& parSettings,
std::ostream* parStreamOut,
const Kakoune::SafePtr& parCgiEnv
) :
Response(parSettings, parStreamOut, parCgiEnv, true)
{
this->change_type(Response::ContentType, "text/plain");
}
void SubmitPasteResponse::on_process() {
auto post = cgi::read_post(std::cin, cgi_env());
boost::string_ref pastie;
boost::string_ref lang;
boost::string_ref duration;
auto statuslog = spdlog::get("statuslog");
assert(statuslog);
try {
pastie = get_value_from_post(post, make_string_ref(g_post_key));
}
catch (const TawashiException& e) {
statuslog->error(e.what());
error_redirect(500, e.reason());
return;
}
try {
lang = get_value_from_post(post, make_string_ref(g_language_key));
duration = get_value_from_post(post, make_string_ref(g_duration_key));
}
catch (const MissingPostVarError& e) {
statuslog->info(e.what());
}
const SettingsBag& settings = this->settings();
const auto max_sz = settings.as("max_pastie_size");
if (pastie.size() < settings.as("min_pastie_size"))
return;
if (max_sz and pastie.size() > max_sz) {
if (settings.as("truncate_long_pasties")) {
pastie = pastie.substr(0, max_sz);
}
else {
error_redirect(431, ErrorReasons::PostLengthNotInRange);
return;
}
}
//TODO: replace boost's lexical_cast with mine when I have some checks
//over invalid inputs
const uint32_t duration_int = std::max(std::min((duration.empty() ? 86400U : boost::lexical_cast(duration)), 2628000U), 1U);
boost::optional token = submit_to_redis(pastie, duration_int, lang);
if (token) {
std::ostringstream oss;
oss << base_uri() << '/' << *token;
if (not lang.empty())
oss << '?' << lang;
this->change_type(Response::Location, oss.str());
}
else {
error_redirect(500, ErrorReasons::PastieNotSaved);
return;
}
}
boost::optional SubmitPasteResponse::submit_to_redis (const boost::string_ref& parText, uint32_t parExpiry, const boost::string_ref& parLang) {
auto& redis = this->redis();
if (not redis.is_connected()) {
error_redirect(503, ErrorReasons::RedisDisconnected);
return boost::optional();
}
std::string ip_hash = hashed_ip(cgi_env().remote_addr());
if (redis.get(ip_hash)) {
//please wait and submit again
error_redirect(429, ErrorReasons::UserFlooding);
return boost::optional();
}
const auto next_id = redis.incr("paste_counter");
const std::string token = num_to_token(next_id);
assert(not token.empty());
if (redis.hmset(token,
"pastie", parText,
"max_ttl", dhandy::lexical_cast(parExpiry),
"lang", parLang)
) {
redis.set(ip_hash, "");
redis.expire(ip_hash, settings().as("resubmit_wait"));
if (redis.expire(token, parExpiry))
return boost::make_optional(token);
}
error_redirect(500, ErrorReasons::PastieNotSaved);
return boost::optional();
}
void SubmitPasteResponse::error_redirect (int parCode, ErrorReasons parReason) {
std::ostringstream oss;
oss << base_uri() << "/error.cgi?code=" << parCode << "&reason=" << parReason._to_integral();
this->change_type(Response::Location, oss.str());
}
} //namespace tawashi