]> git.scottworley.com Git - voter/blob - src/main.rs
700cce03f3f7f4b74ac6654ea9e22a5709335631
[voter] / src / main.rs
1 use std::io::prelude::*;
2 use std::path::{Path, PathBuf};
3
4 const DATA_PATH: &str = "/var/lib/voter";
5 const COOKIE_NAME: &[u8] = b"__Secure-id";
6 const COOKIE_LENGTH: usize = 32;
7
8 fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
9 let invalid_path = || cgi::text_response(404, "Invalid path");
10 if path == "/" {
11 return Err(cgi::text_response(404, "(This is the voting place. You should have been given a more specific URL for the specific thing you've been invited to vote on.)"));
12 }
13 if path.contains("..") || !path.starts_with("/") {
14 return Err(invalid_path());
15 }
16 let dir = Path::new(&format!("{DATA_PATH}{path}")).to_path_buf();
17 if !dir
18 .canonicalize()
19 .map_err(|_| invalid_path())?
20 .starts_with(DATA_PATH)
21 {
22 return Err(invalid_path());
23 }
24 if !dir.is_dir() {
25 return Err(invalid_path());
26 }
27 Ok(dir)
28 }
29
30 fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> {
31 // Expect exactly one cookie, exactly as we generate it.
32 let cookie = request
33 .headers()
34 .get(cgi::http::header::COOKIE)
35 .map(|c| c.as_bytes())
36 .and_then(|c| c.strip_prefix(COOKIE_NAME))
37 .and_then(|c| c.strip_prefix(b"="))
38 .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?;
39 if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') {
40 Err(cgi::text_response(400, "Invalid cookie"))
41 } else {
42 Ok(cookie)
43 }
44 }
45
46 fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
47 Err(cgi::text_response(503, "Not Implemented"))
48 }
49
50 fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {
51 let datum = [voter, b" ", vote, b"\n"].concat();
52 let vpath = dir.join("votes");
53 let vfile = std::fs::File::options()
54 .append(true)
55 .create(true)
56 .open(vpath)?;
57 let mut vlock = fd_lock::RwLock::new(vfile);
58 vlock.write()?.write(&datum)?;
59 Ok(())
60 }
61
62 fn record_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
63 let body = request.body();
64 // Valid votes look like "0 foo" or "1 bar"
65 if body.len() < 3
66 || (body[0] != b'0' && body[0] != b'1')
67 || body[1] != b' '
68 || body.contains(&b'\n')
69 {
70 return Err(cgi::text_response(415, "Invalid vote"));
71 }
72 write_vote(dir, &get_voter(&request)?, body)
73 .map_err(|_| cgi::text_response(503, "Couldn't record vote"))?;
74 Ok(cgi::text_response(200, "Vote recorded"))
75 }
76
77 fn strip_body(mut response: cgi::Response) -> cgi::Response {
78 response.body_mut().clear();
79 response
80 }
81
82 fn respond(request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
83 let dir = validate_path(request.uri().path())?;
84 match request.method() {
85 &cgi::http::Method::HEAD => prompt_for_vote(dir, request).map(strip_body),
86 &cgi::http::Method::GET => prompt_for_vote(dir, request),
87 &cgi::http::Method::PUT => record_vote(dir, request),
88 _ => Err(cgi::text_response(405, "Huh?")),
89 }
90 }
91
92 fn respond_or_report_error(request: cgi::Request) -> cgi::Response {
93 match respond(request) {
94 Ok(result) => result,
95 Err(error) => error,
96 }
97 }
98
99 cgi::cgi_main! { respond_or_report_error }