http/server: added post support; http/login: set-cookie path=/

2024-11-09 12:01:00 +00:00 · 2010-02-28 23:38:35 +01:00 · 2010-02-28 23:38:35 +01:00 · 5f15785e9e
commit 5f15785e9e
parent e4ce000b32
3 changed files with 38 additions and 8 deletions
--- a/world/net/http/library.i
+++ b/world/net/http/library.i
@ -215,3 +215,11 @@ varargs string make_query_string(mapping params, int sort) {
    }
    return q;
 }
+
+checkToken(mapping query) {
+    string nick;
+    object user;
+    if (nick = query["user"]) user = find_person(nick);
+    if (user && user->validToken(query["token"])) return user;
+    return 0;
+}
--- a/world/net/http/login.c
+++ b/world/net/http/login.c
@ -15,7 +15,7 @@ htget(prot, query, headers, qs) {
 		t = "_error_invalid_authentication_token";
 	} else {
 		PT(("replacing cookie %O\n", headers["cookie"]))
-		htok3(prot, 0, "Set-Cookie: psyced=\""+ qs +"\";\n");
+		htok3(prot, 0, "Set-Cookie: psyced=\""+ qs +"\"; path=/;\n");
 #if 1
 		// login was supposed to something more than just /surf
 		// but until this is the case, why lose time?
--- a/world/net/http/server.c
+++ b/world/net/http/server.c
@ -9,8 +9,9 @@

 #include "header.i"

-volatile string url, file, qs, version;
+volatile string url, file, qs, version, method, body = "";
 volatile mapping headers;
+volatile int length;

 // we're using #'closures to point to the functions we're giving the
 // next_input_to(). as i don't want to restructure the whole file, i need
@ -19,6 +20,7 @@ volatile mapping headers;
 // quite stupid indeed, as they don't got any modifiers or whatever :)
 parse_url(input);
 parse_header(input);
+parse_body(input);
 devNull();

 qScheme() { return "html"; }
@ -67,14 +69,17 @@ parse_wait(null) { // waiting to send my error message here

 parse_url(input) {
    P3(("=== SmallHTTP got: %O\n", input))
-    unless (sscanf(input, "GET%t%s%tHTTP/%s", url, version)) {
-	if (sscanf(input, "CONNECT%t%~s")) {
+    unless (sscanf(input, "%s%t%s%tHTTP/%s", method, url, version)) quit();
+    switch (method) {
+	case "CONNECT":
 	    next_input_to(#'parse_wait);
 	    return;
-	} else {
+	case "GET":
+	case "POST":
+	    break;
+	default:
 	    quit();
 	    return;
-	}
    }

    version = "HTTP/" + version;
@ -95,11 +100,25 @@ parse_header(input) {

 	next_input_to(#'parse_header);
    } else {
-	process();
-	next_input_to(#'devNull);
+	if (method == "POST" && (length = to_int(headers["content-length"])) &&
+	    headers["content-type"] == "application/x-www-form-urlencoded") {
+	    input_to(#'parse_body, INPUT_IGNORE_BANG | INPUT_CHARMODE | INPUT_NO_TELNET);
+	} else {
+	    process();
+	    next_input_to(#'devNull);
+	}
    }
 }

+parse_body(input) {
+    //P4(("parse_body(%O)\n", input))
+    body += input;
+    if (strlen(body) == length)
+	process();
+    else
+	input_to(#'parse_body, INPUT_IGNORE_BANG | INPUT_CHARMODE | INPUT_NO_TELNET);
+}
+
 process() {
    string t, ext;
    mapping query = ([]);
@ -139,6 +158,9 @@ process() {
    } else {
 	file = url;
    }
+    if (method == "POST" && headers["content-type"] == "application/x-www-form-urlencoded") {
+	query = url_parse_query(query, body);
+    }
    P4(("parsed query: %O\n", query))
    switch (file) {
 case "/favicon.ico":