]> git.scottworley.com Git - voter/blob - src/main.rs
projects / voter / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update vote counts to reflect local votes
[voter] / src / main.rs
1 use rand::prelude::*;
2 use std::collections::{HashMap, HashSet};
3 use std::io::prelude::*;
4 use std::path::{Path, PathBuf};
5
6 const DATA_PATH: &str = "/var/lib/voter";
7 const COOKIE_NAME: &[u8] = b"__Secure-id";
8 const COOKIE_LENGTH: usize = 12;
9
10 fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
11 let invalid_path = || cgi::text_response(404, "Invalid path");
12 if path == "/" {
13 return Err(cgi::text_response(404, "(This is the voting place. You should have been given a more specific URL for the specific thing you've been invited to vote on.)"));
14 }
15 if path.contains("..") || !path.starts_with("/") {
16 return Err(invalid_path());
17 }
18 let dir = Path::new(&format!("{DATA_PATH}{path}")).to_path_buf();
19 if !dir
20 .canonicalize()
21 .map_err(|_| invalid_path())?
22 .starts_with(DATA_PATH)
23 {
24 return Err(invalid_path());
25 }
26 if !dir.is_dir() {
27 return Err(invalid_path());
28 }
29 Ok(dir)
30 }
31
32 fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> {
33 // Expect exactly one cookie, exactly as we generate it.
34 let cookie = request
35 .headers()
36 .get(cgi::http::header::COOKIE)
37 .map(|c| c.as_bytes())
38 .and_then(|c| c.strip_prefix(COOKIE_NAME))
39 .and_then(|c| c.strip_prefix(b"="))
40 .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?;
41 if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') {
42 Err(cgi::text_response(400, "Invalid cookie"))
43 } else {
44 Ok(cookie)
45 }
46 }
47
48 fn tally_votes(dir: PathBuf) -> std::io::Result<HashMap<String, HashSet<String>>> {
49 let mut tally: HashMap<String, HashSet<String>> = HashMap::new();
50 let vfile = std::fs::File::open(dir.join("votes"))?;
51 for liner in std::io::BufReader::new(vfile).lines() {
52 let line = liner?;
53 if let Some((voter, datum)) = line.split_once(' ') {
54 if voter.len() == COOKIE_LENGTH {
55 if let Some((vote, candidate)) = datum.split_once(' ') {
56 if vote == "0" {
57 if let Some(entry) = tally.get_mut(candidate) {
58 entry.remove(voter);
59 }
60 } else if vote == "1" {
61 tally
62 .entry(candidate.to_owned())
63 .or_default()
64 .insert(voter.to_owned());
65 }
66 }
67 }
68 }
69 }
70 Ok(tally)
71 }
72
73 fn make_random_id() -> [u8; COOKIE_LENGTH] {
74 let mut id = [0; COOKIE_LENGTH];
75 for i in 0..COOKIE_LENGTH {
76 while !(b'A'..=b'Z').contains(&id[i])
77 && !(b'a'..=b'z').contains(&id[i])
78 && !(b'0'..=b'9').contains(&id[i])
79 {
80 id[i] = random()
81 }
82 }
83 id
84 }
85
86 fn set_cookie(mut response: cgi::Response, path: &str) -> Result<cgi::Response, cgi::Response> {
87 response.headers_mut().append(
88 cgi::http::header::SET_COOKIE,
89 cgi::http::header::HeaderValue::from_bytes(
90 &[
91 COOKIE_NAME,
92 b"=",
93 &make_random_id(),
94 b"; Secure HttpOnly SameSite=Strict Max-Age=30000000 Path=",
95 path.as_bytes(),
96 ]
97 .concat(),
98 )
99 .map_err(|_| cgi::text_response(503, "Couldn't make cookie"))?,
100 );
101 Ok(response)
102 }
103
104 const HTML_HEADER: &str = "<!DOCTYPE html>
105 <html>
106 <head>
107 <meta charset=\"utf-8\">
108 <title>Vote!</title>
109 <style>
110 th { font-size: 70%; text-align: left }
111 input { transform: scale(1.5) }
112 div { animation: 2s infinite linear spin }
113 @keyframes spin {
114 from { transform:rotate(0) }
115 to { transform:rotate(1turn) }
116 }
117 </style>
118 <script>
119 window.onload = function() {
120 for (cb of document.getElementsByTagName('input')) {
121 cb.addEventListener('click', (function(cb) {
122 return function() {
123 cb.style.display = 'none'
124 const spin = document.createElement('div')
125 spin.appendChild(document.createTextNode('⏳'))
126 cb.parentElement.insertBefore(spin, cb)
127
128 const req = new XMLHttpRequest()
129 req.addEventListener('load', function(e) {
130 cb.parentElement.removeChild(cb.previousElementSibling)
131 if (req.status == 200) {
132 cb.style.display = ''
133 const delta = cb.checked ? 1 : -1
134 const count_td = cb.parentElement.previousElementSibling
135 count_td.textContent = parseInt(count_td.textContent) + delta
136 } else {
137 cb.parentElement.insertBefore(document.createTextNode('❗'), cb)
138 }
139 })
140 req.open('PUT', window.location.href)
141 req.send((cb.checked ? 1 : 0) + ' ' + cb.parentElement.nextElementSibling.innerHTML)
142 }
143 })(cb))
144 cb.disabled = false
145 }
146 }
147 </script>
148 </head>
149 <body>
150 <table>
151 <tr>
152 <th>Count</th>
153 <th>Vote</th>
154 <th>Candidate</th>
155 </tr>";
156 const HTML_FOOTER: &str = "
157 </table>
158 </body>
159 </html>";
160
161 fn supports(tally: &HashMap<String, HashSet<String>>, me: &str, candidate: &str) -> bool {
162 tally
163 .get(candidate)
164 .map(|supporters| supporters.contains(me))
165 .unwrap_or(false)
166 }
167
168 fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
169 let voter = get_voter(&request);
170 let me = if let Ok(id) = voter {
171 std::str::from_utf8(id).ok()
172 } else {
173 None
174 };
175 let tally =
176 tally_votes(dir.clone()).map_err(|_| cgi::text_response(503, "Couldn't tally votes"))?;
177 let cfile = std::fs::File::open(dir.join("candidates"))
178 .map_err(|_| cgi::text_response(503, "No candidates"))?;
179 let mut response = cgi::html_response(
180 200,
181 std::iter::once(Ok(HTML_HEADER.to_owned()))
182 .chain(std::io::BufReader::new(cfile).lines().map(|rc| {
183 rc.map(|c| {
184 let count = tally
185 .get(&c)
186 .map(|supporters| supporters.len())
187 .unwrap_or(0);
188 let checked = if me.map(|me| supports(&tally, me, &c)).unwrap_or(false) {
189 "checked"
190 } else {
191 ""
192 };
193 format!(
194 "<tr>
195 <td>{count}</td>
196 <td><input type=\"checkbox\" autocomplete=\"off\" {checked} disabled></td>
197 <td>{c}</td>
198 </tr>"
199 )
200 })
201 }))
202 .chain(std::iter::once(Ok(HTML_FOOTER.to_owned())))
203 .collect::<std::io::Result<String>>()
204 .map_err(|_| cgi::text_response(503, "Missing candidates"))?,
205 );
206 if voter.is_err() {
207 response = set_cookie(response, request.uri().path())?
208 }
209 Ok(response)
210 }
211
212 fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {
213 let datum = [voter, b" ", vote, b"\n"].concat();
214 let vpath = dir.join("votes");
215 let vfile = std::fs::File::options()
216 .append(true)
217 .create(true)
218 .open(vpath)?;
219 let mut vlock = fd_lock::RwLock::new(vfile);
220 vlock.write()?.write(&datum)?;
221 Ok(())
222 }
223
224 fn record_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
225 let body = request.body();
226 // Valid votes look like "0 foo" or "1 bar"
227 if body.len() < 3
228 || (body[0] != b'0' && body[0] != b'1')
229 || body[1] != b' '
230 || body.contains(&b'\n')
231 {
232 return Err(cgi::text_response(415, "Invalid vote"));
233 }
234 write_vote(dir, &get_voter(&request)?, body)
235 .map_err(|_| cgi::text_response(503, "Couldn't record vote"))?;
236 Ok(cgi::text_response(200, "Vote recorded"))
237 }
238
239 fn strip_body(mut response: cgi::Response) -> cgi::Response {
240 response.body_mut().clear();
241 response
242 }
243
244 fn respond(request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
245 let dir = validate_path(request.uri().path())?;
246 match request.method() {
247 &cgi::http::Method::HEAD => prompt_for_vote(dir, request).map(strip_body),
248 &cgi::http::Method::GET => prompt_for_vote(dir, request),
249 &cgi::http::Method::PUT => record_vote(dir, request),
250 _ => Err(cgi::text_response(405, "Huh?")),
251 }
252 }
253
254 fn respond_or_report_error(request: cgi::Request) -> cgi::Response {
255 match respond(request) {
256 Ok(result) => result,
257 Err(error) => error,
258 }
259 }
260
261 cgi::cgi_main! { respond_or_report_error }
A simple CGI voting thing