2 use std::io::prelude::*;
3 use std::path::{Path, PathBuf};
5 const DATA_PATH: &str = "/var/lib/voter";
6 const COOKIE_NAME: &[u8] = b"__Secure-id";
7 const COOKIE_LENGTH: usize = 32;
9 fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
10 let invalid_path = || cgi::text_response(404, "Invalid path");
12 return Err(cgi::text_response(404, "(This is the voting place. You should have been given a more specific URL for the specific thing you've been invited to vote on.)"));
14 if path.contains("..") || !path.starts_with("/") {
15 return Err(invalid_path());
17 let dir = Path::new(&format!("{DATA_PATH}{path}")).to_path_buf();
20 .map_err(|_| invalid_path())?
21 .starts_with(DATA_PATH)
23 return Err(invalid_path());
26 return Err(invalid_path());
31 fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> {
32 // Expect exactly one cookie, exactly as we generate it.
35 .get(cgi::http::header::COOKIE)
36 .map(|c| c.as_bytes())
37 .and_then(|c| c.strip_prefix(COOKIE_NAME))
38 .and_then(|c| c.strip_prefix(b"="))
39 .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?;
40 if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') {
41 Err(cgi::text_response(400, "Invalid cookie"))
47 fn make_random_id() -> [u8; COOKIE_LENGTH] {
48 std::iter::from_fn(random)
50 (b'A'..=b'Z').contains(c) || (b'a'..=b'z').contains(c) || (b'0'..=b'9').contains(c)
58 fn set_cookie(mut response: cgi::Response, path: &str) -> Result<cgi::Response, cgi::Response> {
59 response.headers_mut().append(
60 cgi::http::header::SET_COOKIE,
61 cgi::http::header::HeaderValue::from_bytes(
66 b"; Secure HttpOnly SameSite=Strict Max-Age=30000000 Path=",
71 .map_err(|_| cgi::text_response(503, "Couldn't make cookie"))?,
76 fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
77 let voter = get_voter(&request);
78 let mut response = cgi::html_response(200, "<html><body>You should vote</body></html>");
80 response = set_cookie(response, request.uri().path())?
85 fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {
86 let datum = [voter, b" ", vote, b"\n"].concat();
87 let vpath = dir.join("votes");
88 let vfile = std::fs::File::options()
92 let mut vlock = fd_lock::RwLock::new(vfile);
93 vlock.write()?.write(&datum)?;
97 fn record_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
98 let body = request.body();
99 // Valid votes look like "0 foo" or "1 bar"
101 || (body[0] != b'0' && body[0] != b'1')
103 || body.contains(&b'\n')
105 return Err(cgi::text_response(415, "Invalid vote"));
107 write_vote(dir, &get_voter(&request)?, body)
108 .map_err(|_| cgi::text_response(503, "Couldn't record vote"))?;
109 Ok(cgi::text_response(200, "Vote recorded"))
112 fn strip_body(mut response: cgi::Response) -> cgi::Response {
113 response.body_mut().clear();
117 fn respond(request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
118 let dir = validate_path(request.uri().path())?;
119 match request.method() {
120 &cgi::http::Method::HEAD => prompt_for_vote(dir, request).map(strip_body),
121 &cgi::http::Method::GET => prompt_for_vote(dir, request),
122 &cgi::http::Method::PUT => record_vote(dir, request),
123 _ => Err(cgi::text_response(405, "Huh?")),
127 fn respond_or_report_error(request: cgi::Request) -> cgi::Response {
128 match respond(request) {
129 Ok(result) => result,
134 cgi::cgi_main! { respond_or_report_error }