+use rand::prelude::*;
use std::io::prelude::*;
use std::path::{Path, PathBuf};
const DATA_PATH: &str = "/var/lib/voter";
const COOKIE_NAME: &[u8] = b"__Secure-id";
-const COOKIE_LENGTH: usize = 32;
+const COOKIE_LENGTH: usize = 12;
fn validate_path(path: &str) -> Result<PathBuf, cgi::Response> {
let invalid_path = || cgi::text_response(404, "Invalid path");
}
}
+fn make_random_id() -> [u8; COOKIE_LENGTH] {
+ let mut id = [0; COOKIE_LENGTH];
+ for i in 0..COOKIE_LENGTH {
+ while !(b'A'..=b'Z').contains(&id[i])
+ && !(b'a'..=b'z').contains(&id[i])
+ && !(b'0'..=b'9').contains(&id[i])
+ {
+ id[i] = random()
+ }
+ }
+ id
+}
+
+fn set_cookie(mut response: cgi::Response, path: &str) -> Result<cgi::Response, cgi::Response> {
+ response.headers_mut().append(
+ cgi::http::header::SET_COOKIE,
+ cgi::http::header::HeaderValue::from_bytes(
+ &[
+ COOKIE_NAME,
+ b"=",
+ &make_random_id(),
+ b"; Secure HttpOnly SameSite=Strict Max-Age=30000000 Path=",
+ path.as_bytes(),
+ ]
+ .concat(),
+ )
+ .map_err(|_| cgi::text_response(503, "Couldn't make cookie"))?,
+ );
+ Ok(response)
+}
+
fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result<cgi::Response, cgi::Response> {
- Err(cgi::text_response(503, "Not Implemented"))
+ let voter = get_voter(&request);
+ let cfile = std::fs::File::open(dir.join("candidates"))
+ .map_err(|_| cgi::text_response(503, "No candidates"))?;
+ let mut response = cgi::html_response(
+ 200,
+ std::iter::once(Ok("<html><body><table>".to_owned()))
+ .chain(
+ std::io::BufReader::new(cfile)
+ .lines()
+ .map(|rc| rc.map(|c| format!("<tr><td>{c}</td></tr>"))),
+ )
+ .chain(std::iter::once(Ok("</table></body></html>".to_owned())))
+ .collect::<std::io::Result<String>>()
+ .map_err(|_| cgi::text_response(503, "Missing candidates"))?,
+ );
+ if voter.is_err() {
+ response = set_cookie(response, request.uri().path())?
+ }
+ Ok(response)
}
fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {
projects / voter / blobdiff