From 10d65d0367d7f29fb78ef42926fc9ed6f8255f6b Mon Sep 17 00:00:00 2001 From: "Adam D. Ruppe" Date: Wed, 3 Apr 2019 10:01:45 -0400 Subject: [PATCH] idk --- argon2.d | 5 +- cgi.d | 193 +++++++++++++++++++++++++++++++++++++++++++++++++---- dom.d | 2 +- jsvar.d | 10 +++ postgres.d | 2 + 5 files changed, 196 insertions(+), 16 deletions(-) diff --git a/argon2.d b/argon2.d index c6cfa1b..be51c43 100644 --- a/argon2.d +++ b/argon2.d @@ -5,6 +5,9 @@ +/ module arsd.argon2; +// it is conceivably useful to hash the password with a secret key before passing to this function, +// but I'm not going to do that automatically here just to keep this thin and simple. + import core.stdc.stdint; pragma(lib, "argon2"); @@ -43,7 +46,7 @@ enum MediumSecurity = SecurityParameters(4, 256_000, 4); /// ditto enum LowSecurity = SecurityParameters(2, 128_000, 4); -/// Check's a user's provided password against the saved password, and returns true if they matched. +/// Check's a user's provided password against the saved password, and returns true if they matched. Neither string can be empty. bool verify(string savedPassword, string providedPassword) { return argon2id_verify((savedPassword[$-1] == 0 ? savedPassword : (savedPassword ~ '\0')).ptr, providedPassword.ptr, providedPassword.length) == ARGON2_OK; } diff --git a/cgi.d b/cgi.d index 23c605b..dcf9992 100644 --- a/cgi.d +++ b/cgi.d @@ -1109,7 +1109,7 @@ class Cgi { /// - void writeToFile(string filenameToSaveTo) { + void writeToFile(string filenameToSaveTo) const { import std.file; if(contentInMemory) std.file.write(filenameToSaveTo, content); @@ -5003,6 +5003,143 @@ private struct SerializationBuffer { will have to have dump and restore too, so i can restart without losing stuff. */ + +/++ + A convenience object for talking to the [BasicDataServer] from a higher level. + See: [getSessionObject] + + You pass it a `Data` struct describing the data you want saved in the session. + Then, this class will generate getter and setter properties that allow access + to that data. + + Note that each load and store will be done as-accessed; it doesn't front-load + mutable data nor does it batch updates out of fear of read-modify-write race + conditions. (In fact, right now it does this for everything, but in the future, + I might batch load `immutable` members of the Data struct.) + + At some point in the future, I might also let it do different backends, like + a client-side cookie store too, but idk. ++/ +class Session(Data) { + private Cgi cgi; + private string sessionId; + + /// You probably don't want to call this directly, see [getSessionObject] instead. + this(Cgi cgi) { + this.cgi = cgi; + if(auto ptr = "sessionId" in cgi.cookies) + sessionId = (*ptr).length ? *ptr : null; + } + + /++ + Starts a new session. Note that a session is also + implicitly started as soon as you write data to it, + so if you need to alter these parameters from their + defaults, be sure to explicitly call this BEFORE doing + any writes to session data. + + Params: + idleLifetime = How long, in seconds, the session + should remain in memory when not being read from + or written to. The default is one day. + + NOT IMPLEMENTED + + useExtendedLifetimeCookie = The session ID is always + stored in a HTTP cookie, and by default, that cookie + is discarded when the user closes their browser. + + But if you set this to true, it will use a non-perishable + cookie for the given idleLifetime. + + NOT IMPLEMENTED + +/ + void start(int idleLifetime = 2600 * 24, bool useExtendedLifetimeCookie = false) { + assert(sessionId is null); + + // FIXME: what if there is a session ID cookie, but no corresponding session on the server? + + import std.random, std.conv; + sessionId = to!string(uniform(1, long.max)); + + BasicDataServer.connection.createSession(sessionId, idleLifetime); + setCookie(); + } + + private void setCookie() { + cgi.setCookie( + "sessionId", sessionId, + 0 /* expiration */, + null /* path */, + null /* domain */, + true /* http only */, + cgi.https /* if the session is started on https, keep it there, otherwise, be flexible */); + } + + /++ + Regenerates the session ID and updates the associated + cookie. + + This is also your chance to change immutable data + (not yet implemented). + +/ + void regenerateId() { + if(sessionId is null) { + start(); + return; + } + import std.random, std.conv; + auto oldSessionId = sessionId; + sessionId = to!string(uniform(1, long.max)); + BasicDataServer.connection.renameSession(oldSessionId, sessionId); + setCookie(); + } + + /++ + Terminates this session, deleting all saved data. + +/ + void terminate() { + BasicDataServer.connection.destroySession(sessionId); + sessionId = null; + setCookie(); + } + + /++ + Plain-old-data members of your `Data` struct are wrapped here via + the opDispatch property getters and setters. + + If the member is a non-string array, it returns a magical array proxy + object which allows for atomic appends and replaces via overloaded operators. + You can slice this to get a range representing a $(B const) view of the array. + This is to protect you against read-modify-write race conditions. + +/ + @property typeof(__traits(getMember, Data, name)) opDispatch(string name)() { + if(sessionId is null) + return typeof(return).init; + + auto v = BasicDataServer.connection.getSessionData(sessionId, name); + if(v.length == 0) + return typeof(return).init; + import std.conv; + return to!(typeof(return))(v); + } + + /// ditto + @property void opDispatch(string name)(typeof(__traits(getMember, Data, name)) value) { + if(sessionId is null) + start(); + import std.conv; + BasicDataServer.connection.setSessionData(sessionId, name, to!string(value)); + } +} + +/++ + Gets a session object associated with the `cgi` request. ++/ +Session!Data getSessionObject(Data)(Cgi cgi) { + return new Session!Data(cgi); +} + /++ +/ @@ -5047,10 +5184,20 @@ final class BasicDataServerImplementation : BasicDataServer, EventIoServer { sessions.remove(oldSessionId); } void setSessionData(string sessionId, string dataKey, string dataValue) { + if(sessionId !in sessions) + createSession(sessionId, 3600); // FIXME? sessions[sessionId].values[dataKey.idup] = dataValue.idup; } string getSessionData(string sessionId, string dataKey) { - return sessions[sessionId].values[dataKey]; + if(auto session = sessionId in sessions) { + if(auto data = dataKey in (*session).values) + return *data; + else + return null; // no such data + + } else { + return null; // no session + } } @@ -5757,10 +5904,17 @@ ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd) { switch to choose if you want to override. */ -struct DispatcherDefinition(alias dispatchHandler) {// if(is(typeof(dispatchHandler("str", Cgi.init) == bool))) { // bool delegate(string urlPrefix, Cgi cgi) dispatchHandler; +struct DispatcherDefinition(alias dispatchHandler) {// if(is(typeof(dispatchHandler("str", Cgi.init, void) == bool))) { // bool delegate(string urlPrefix, Cgi cgi) dispatchHandler; alias handler = dispatchHandler; string urlPrefix; bool rejectFurther; + DispatcherDetails details; +} + +// tbh I am really unhappy with this part +struct DispatcherDetails { + string filename; + string contentType; } private string urlify(string name) { @@ -6428,7 +6582,7 @@ auto serveApi(T)(string urlPrefix) { import arsd.dom; import arsd.jsvar; - static bool handler(string urlPrefix, Cgi cgi) { + static bool handler(string urlPrefix, Cgi cgi, DispatcherDetails details) { auto obj = new T(); obj.initialize(cgi); @@ -6780,7 +6934,7 @@ class CollectionOf(Obj, Helper = void) : RestObject!(Helper) { +/ auto serveRestObject(T)(string urlPrefix) { assert(urlPrefix[$ - 1] != '/', "Do NOT use a trailing slash on REST objects."); - static bool handler(string urlPrefix, Cgi cgi) { + static bool handler(string urlPrefix, Cgi cgi, DispatcherDetails details) { string url = cgi.pathInfo[urlPrefix.length .. $]; if(url.length && url[$ - 1] == '/') { @@ -7071,15 +7225,26 @@ auto serveStaticFile(string urlPrefix, string filename = null, string contentTyp if(filename is null) filename = urlPrefix[1 .. $]; if(contentType is null) { - + if(filename.endsWith(".png")) + contentType = "image/png"; + if(filename.endsWith(".jpg")) + contentType = "image/jpeg"; + if(filename.endsWith(".html")) + contentType = "text/html"; + if(filename.endsWith(".css")) + contentType = "text/css"; + if(filename.endsWith(".js")) + contentType = "application/javascript"; } - static bool handler(string urlPrefix, Cgi cgi) { - //cgi.setResponseContentType(contentType); - //cgi.write(std.file.read(filename), true); - cgi.write(std.file.read(urlPrefix[1 .. $]), true); + + static bool handler(string urlPrefix, Cgi cgi, DispatcherDetails details) { + if(details.contentType.indexOf("image/") == 0) + cgi.setCache(true); + cgi.setResponseContentType(details.contentType); + cgi.write(std.file.read(details.filename), true); return true; } - return DispatcherDefinition!handler(urlPrefix, true); + return DispatcherDefinition!handler(urlPrefix, true, DispatcherDetails(filename, contentType)); } auto serveRedirect(string urlPrefix, string redirectTo) { @@ -7108,15 +7273,15 @@ auto serveStaticData(string urlPrefix, const(void)[] data, string contentType) { +/ bool dispatcher(definitions...)(Cgi cgi) { // I can prolly make this more efficient later but meh. - foreach(definition; definitions) { + static foreach(definition; definitions) { if(definition.rejectFurther) { if(cgi.pathInfo == definition.urlPrefix) { - auto ret = definition.handler(definition.urlPrefix, cgi); + auto ret = definition.handler(definition.urlPrefix, cgi, definition.details); if(ret) return true; } } else if(cgi.pathInfo.startsWith(definition.urlPrefix)) { - auto ret = definition.handler(definition.urlPrefix, cgi); + auto ret = definition.handler(definition.urlPrefix, cgi, definition.details); if(ret) return true; } diff --git a/dom.d b/dom.d index 1f1cbe0..fbad39c 100644 --- a/dom.d +++ b/dom.d @@ -819,7 +819,7 @@ class Document : FileResource { } if(strict) - enforce(data[pos] == '>');//, format("got %s when expecting >\nContext:\n%s", data[pos], data[pos - 100 .. pos + 100])); + enforce(data[pos] == '>', format("got %s when expecting > (possible missing attribute name)\nContext:\n%s", data[pos], data[pos - 100 .. pos + 100])); else { // if we got here, it's probably because a slash was in an // unquoted attribute - don't trust the selfClosed value diff --git a/jsvar.d b/jsvar.d index 696a490..5f9e591 100644 --- a/jsvar.d +++ b/jsvar.d @@ -654,6 +654,10 @@ struct var { static if(is(typeof(__traits(getMember, t, member)) == function)) { // skipping these because the delegate we get isn't going to work anyway; the object may be dead and certainly won't be updated //this[member] = &__traits(getMember, proxyObject, member); + + //but for simple toString, I'll allow it. or maybe not it doesn't work right. + //static if(member == "toString" && is(typeof(&__traits(getMember, t, member)) == string delegate())) + //this[member] = &__traits(getMember, t, member); } else this[member] = __traits(getMember, t, member); } @@ -1241,6 +1245,12 @@ struct var { return v; } + @property static var emptyObject(var prototype) { + if(prototype._type == Type.Object) + return var.emptyObject(prototype._payload._object); + return var.emptyObject(); + } + @property PrototypeObject prototypeObject() { var v = prototype(); if(v._type == Type.Object) diff --git a/postgres.d b/postgres.d index e69dc6e..2ffb423 100644 --- a/postgres.d +++ b/postgres.d @@ -81,6 +81,8 @@ class PostgreSql : Database { auto res = PQexec(conn, toStringz(sql)); int ress = PQresultStatus(res); + // https://www.postgresql.org/docs/current/libpq-exec.html + // FIXME: PQresultErrorField can get a lot more info in a more structured way if(ress != PGRES_TUPLES_OK && ress != PGRES_COMMAND_OK) throw new DatabaseException(error());