]> git.scottworley.com Git - voter/blobdiff - src/main.rs
projects / voter / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Record votes
[voter] / src / main.rs
diff --git a/src/main.rs b/src/main.rs
index 15a1655de920522e2526191dc6cd47fd9dbf5c3e..700cce03f3f7f4b74ac6654ea9e22a5709335631 100644 (file)
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,9 @@
+use std::io::prelude::*;
 use std::path::{Path, PathBuf};
 
 const DATA_PATH: &str = "/var/lib/voter";
+const COOKIE_NAME: &[u8] = b"__Secure-id";
+const COOKIE_LENGTH: usize = 32;
 
 fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
     let invalid_path = || cgi::text_response(404, "Invalid path");
@@ -24,19 +27,64 @@ fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
     Ok(dir)
 }
 
+fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> {
+    // Expect exactly one cookie, exactly as we generate it.
+    let cookie = request
+        .headers()
+        .get(cgi::http::header::COOKIE)
+        .map(|c| c.as_bytes())
+        .and_then(|c| c.strip_prefix(COOKIE_NAME))
+        .and_then(|c| c.strip_prefix(b"="))
+        .ok_or_else(|| cgi::text_response(400, "Invalid cookie"))?;
+    if cookie.len() != COOKIE_LENGTH || cookie.contains(&b' ') || cookie.contains(&b';') {
+        Err(cgi::text_response(400, "Invalid cookie"))
+    } else {
+        Ok(cookie)
+    }
+}
+
 fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
     Err(cgi::text_response(503, "Not Implemented"))
 }
 
+fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {
+    let datum = [voter, b" ", vote, b"\n"].concat();
+    let vpath = dir.join("votes");
+    let vfile = std::fs::File::options()
+        .append(true)
+        .create(true)
+        .open(vpath)?;
+    let mut vlock = fd_lock::RwLock::new(vfile);
+    vlock.write()?.write(&datum)?;
+    Ok(())
+}
+
 fn record_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
-    Err(cgi::text_response(503, "Not Implemented"))
+    let body = request.body();
+    // Valid votes look like "0 foo" or "1 bar"
+    if body.len() < 3
+        || (body[0] != b'0' && body[0] != b'1')
+        || body[1] != b' '
+        || body.contains(&b'\n')
+    {
+        return Err(cgi::text_response(415, "Invalid vote"));
+    }
+    write_vote(dir, &get_voter(&request)?, body)
+        .map_err(|_| cgi::text_response(503, "Couldn't record vote"))?;
+    Ok(cgi::text_response(200, "Vote recorded"))
+}
+
+fn strip_body(mut response: cgi::Response) -> cgi::Response {
+    response.body_mut().clear();
+    response
 }
 
 fn respond(request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
     let dir = validate_path(request.uri().path())?;
     match request.method() {
+        &cgi::http::Method::HEAD => prompt_for_vote(dir, request).map(strip_body),
         &cgi::http::Method::GET => prompt_for_vote(dir, request),
-        &cgi::http::Method::POST => record_vote(dir, request),
+        &cgi::http::Method::PUT => record_vote(dir, request),
         _ => Err(cgi::text_response(405, "Huh?")),
     }
 }
A simple CGI voting thing