From 4de3158c80864aa130ac6f701f4c28a2aa7bbf20 Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Wed, 17 Jul 2019 21:25:15 -0400
Subject: move HTTP POST handling to separate file

---
 Makefile |  4 ++++
 blog.c   | 30 +++++++++++++++++++++-----
 blog.h   | 13 +++++++++++
 post.c   | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 117 insertions(+), 5 deletions(-)
 create mode 100644 blog.h
 create mode 100644 post.c

diff --git a/Makefile b/Makefile
index dc379d9..d80c8f2 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,13 @@
 .POSIX:
 
 CFLAGS=-static
+OBJECTS=blog.o post.o
 
 all: blog
 
+blog: $(OBJECTS)
+	$(CC) $(CFLAGS) -o $@ $(OBJECTS) $(LDFLAGS) $(LIBS)
+
 install: blog
 	strip blog
 	doas cp -f blog /var/www/cgi-bin/blog
diff --git a/blog.c b/blog.c
index d3c8e49..4c7f3db 100644
--- a/blog.c
+++ b/blog.c
@@ -1,14 +1,34 @@
+#define _XOPEN_SOURCE 700
 #include <stdio.h>
 #include <stdlib.h>
-#include <errno.h>
 #include <string.h>
+#include "blog.h"
 
 extern char **environ;
 
+int verify_creds(const char *username, const char *password)
+{
+	printf("verifying '%s'/'%s'\n", username ? username : "", password ? password : "");
+	return 1;
+}
+
 int handle_post(void)
 {
-	printf("Status: 301 Found\r\n");
-	printf("Location: http%s://%s%s\r\n\r\n", getenv("HTTPS") ? "s" : "", getenv("HTTP_HOST"), getenv("DOCUMENT_URI"));
+
+	//printf("Status: 301 Found\r\n");
+	//printf("Location: http%s://%s%s\r\n\r\n", getenv("HTTPS") ? "s" : "", getenv("HTTP_HOST"), getenv("DOCUMENT_URI"));
+
+	printf("Status: 200 OK\r\n");
+	printf("Content-Type: text/plain\r\n\r\n");
+
+	read_post_data();
+	if (!verify_creds(find_post_data("username"), find_post_data("password"))) {
+		// handle invalid login
+	}
+
+	for (char **e = environ; e && *e; e++) {
+		puts(*e);
+	}
 	return 0;
 }
 
@@ -51,11 +71,11 @@ int main(void)
 	puts("<input type=\"submit\">");
 	puts("</form>");
 
-	puts("<pre>");
+	puts("<!--");
 	for (char **e = environ; e && *e; e++) {
 		puts(*e);
 	}
-	puts("</pre>");
+	puts("-->");
 
 	puts("</body>");
 	puts("</html>");
diff --git a/blog.h b/blog.h
new file mode 100644
index 0000000..051f162
--- /dev/null
+++ b/blog.h
@@ -0,0 +1,13 @@
+#ifndef BLOG_H
+#define BLOG_H
+
+void read_post_data(void);
+char *find_post_data(char *key);
+
+int verify_creds(const char *username, const char *password);
+
+int handle_post(void);
+
+int show_entry(const char *path);
+
+#endif
diff --git a/post.c b/post.c
new file mode 100644
index 0000000..b0eed9e
--- /dev/null
+++ b/post.c
@@ -0,0 +1,75 @@
+#define _XOPEN_SOURCE 700
+#include <search.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "blog.h"
+
+#define HSIZE 4 /* username, password, title, body */
+
+void read_post_data(void)
+{
+	char *content_length = getenv("CONTENT_LENGTH");
+	if (!content_length) {
+		return;
+	}
+
+	int cl = atoi(content_length);
+	if (!cl) {
+		return;
+	}
+
+	if (!hcreate(HSIZE)) {
+		return;
+	}
+
+	char *buf = malloc(cl + 1);
+	if (!buf) {
+		return;
+	}
+
+	int pos = 0;
+	int c;
+	while ((c = getchar()) != EOF) {
+		if (c == '&') {
+			char *value = strchr(buf, '=');
+			*value = '\0';
+			value++;
+
+			char *key = strdup(buf);
+			char *data = strdup(value);
+
+			ENTRY e = {
+				.key = key,
+				.data = data
+			};
+			hsearch(e, ENTER);
+			pos = 0;
+		} else if (c == '%') {
+			char hex[3] = { 0, 0, 0 };
+			hex[0] = getchar();
+			hex[1] = getchar();
+			buf[pos] = strtol(hex, NULL, 16);
+			buf[++pos] = '\0';
+		} else {
+			buf[pos] = c;
+			buf[++pos] = '\0';
+		}
+	}
+
+	free(buf);
+}
+
+char *find_post_data(char *key)
+{
+	ENTRY e = {
+		.key = key
+	};
+	ENTRY *p = hsearch(e, FIND);
+	if (p && p->data) {
+		return p->data;
+	}
+
+	return NULL;
+}
-- 
cgit v1.2.1