]>
Commit | Line | Data |
---|---|---|
fbcdf3ed | 1 | use std::io::prelude::*; |
c8402f1c | 2 | use std::path::{Path, PathBuf}; |
d1df2e73 | 3 | |
c8402f1c | 4 | const DATA_PATH: &str = "/var/lib/voter"; |
fbcdf3ed SW |
5 | const COOKIE_NAME: &[u8] = b"__Secure-id"; |
6 | const COOKIE_LENGTH: usize = 32; | |
c8402f1c SW |
7 | |
8 | fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> { | |
9 | let invalid_path = || cgi::text_response(404, "Invalid path"); | |
10 | if path == "/" { | |
11 | return Err(cgi::text_response(404, "(This is the voting place. You should have been given a more specific URL for the specific thing you've been invited to vote on.)")); | |
12 | } | |
13 | if path.contains("..") || !path.starts_with("/") { | |
14 | return Err(invalid_path()); | |
15 | } | |
16 | let dir = Path::new(&format!("{DATA_PATH}{path}")).to_path_buf(); | |
17 | if !dir | |
18 | .canonicalize() | |
19 | .map_err(|_| invalid_path())? | |
20 | .starts_with(DATA_PATH) | |
21 | { | |
22 | return Err(invalid_path()); | |
23 | } | |
24 | if !dir.is_dir() { | |
25 | return Err(invalid_path()); | |
26 | } | |
27 | Ok(dir) | |
28 | } | |
29 | ||
fbcdf3ed SW |
30 | fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> { |
31 | // Expect exactly one cookie, exactly as we generate it. | |
32 | let cookie = request | |
33 | .headers() | |
34 | .get(cgi::http::header::COOKIE) | |
35 | .map(|c| c.as_bytes()) | |
36 | .and_then(|c| c.strip_prefix(COOKIE_NAME)) | |
37 | .and_then(|c| c.strip_prefix(b"=")) | |
38 | .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?; | |
39 | if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') { | |
40 | Err(cgi::text_response(400, "Invalid cookie")) | |
41 | } else { | |
42 | Ok(cookie) | |
43 | } | |
44 | } | |
45 | ||
c8402f1c SW |
46 | fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> { |
47 | Err(cgi::text_response(503, "Not Implemented")) | |
48 | } | |
49 | ||
fbcdf3ed SW |
50 | fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> { |
51 | let datum = [voter, b" ", vote, b"\n"].concat(); | |
52 | let vpath = dir.join("votes"); | |
53 | let vfile = std::fs::File::options() | |
54 | .append(true) | |
55 | .create(true) | |
56 | .open(vpath)?; | |
57 | let mut vlock = fd_lock::RwLock::new(vfile); | |
58 | vlock.write()?.write(&datum)?; | |
59 | Ok(()) | |
60 | } | |
61 | ||
c8402f1c | 62 | fn record_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> { |
fbcdf3ed SW |
63 | let body = request.body(); |
64 | // Valid votes look like "0 foo" or "1 bar" | |
65 | if body.len() < 3 | |
66 | || (body[0] != b'0' && body[0] != b'1') | |
67 | || body[1] != b' ' | |
68 | || body.contains(&b'\n') | |
69 | { | |
70 | return Err(cgi::text_response(415, "Invalid vote")); | |
71 | } | |
72 | write_vote(dir, &get_voter(&request)?, body) | |
73 | .map_err(|_| cgi::text_response(503, "Couldn't record vote"))?; | |
74 | Ok(cgi::text_response(200, "Vote recorded")) | |
75 | } | |
76 | ||
77 | fn strip_body(mut response: cgi::Response) -> cgi::Response { | |
78 | response.body_mut().clear(); | |
79 | response | |
c8402f1c SW |
80 | } |
81 | ||
82 | fn respond(request: cgi::Request) -> Result<cgi::Response, cgi::Response> { | |
83 | let dir = validate_path(request.uri().path())?; | |
84 | match request.method() { | |
fbcdf3ed | 85 | &cgi::http::Method::HEAD => prompt_for_vote(dir, request).map(strip_body), |
c8402f1c | 86 | &cgi::http::Method::GET => prompt_for_vote(dir, request), |
fbcdf3ed | 87 | &cgi::http::Method::PUT => record_vote(dir, request), |
c8402f1c SW |
88 | _ => Err(cgi::text_response(405, "Huh?")), |
89 | } | |
90 | } | |
91 | ||
92 | fn respond_or_report_error(request: cgi::Request) -> cgi::Response { | |
93 | match respond(request) { | |
94 | Ok(result) => result, | |
95 | Err(error) => error, | |
96 | } | |
d1df2e73 SW |
97 | } |
98 | ||
c8402f1c | 99 | cgi::cgi_main! { respond_or_report_error } |