1 const std = @import("std");
2 const lmdb = @import("lmdb");
7 prng: std.Random.DefaultPrng = std.Random.DefaultPrng.init(0),
9 pub fn gen_id(self: *Prng, dbi: anytype) Id {
10 var id = self.prng.next();
13 id = self.prng.next();
25 pub fn redirect(req: *std.http.Server.Request, location: []const u8) !void {
26 try req.respond("", .{ .status = .see_other, .extra_headers = &.{.{ .name = "Location", .value = location }} });
29 pub fn get_body(req: *std.http.Server.Request) []const u8 {
30 return req.server.read_buffer[req.head_end .. req.head_end + (req.head.content_length orelse 0)];
33 pub fn get_value(req: *std.http.Server.Request, name: []const u8) ?[]const u8 {
34 const body = get_body(req);
35 if (std.mem.indexOf(u8, body, name)) |name_index| {
36 if (std.mem.indexOfScalarPos(u8, body, name_index, '=')) |eql_index| {
37 if (std.mem.indexOfScalarPos(u8, body, name_index, '&')) |amp_index| {
38 return body[eql_index + 1 .. amp_index];
41 return body[eql_index + 1 .. body.len];
47 pub fn get_cookie(req: *std.http.Server.Request, name: []const u8) ?CookieValue {
48 var header_it = req.iterateHeaders();
49 while (header_it.next()) |header| {
50 if (std.mem.eql(u8, header.name, "Cookie")) {
51 if (std.mem.indexOf(u8, header.value, name)) |name_index| {
52 if (std.mem.indexOfScalarPos(u8, header.value, name_index, '=')) |eql_index| {
53 if (std.mem.indexOfPos(u8, header.value, name_index, "; ")) |semi_index| {
54 return CookieValue.fromSlice(header.value[eql_index + 1 .. semi_index]) catch null;
57 return CookieValue.fromSlice(header.value[eql_index + 1 .. header.value.len]) catch null;
72 password_hash: PasswordHash,
76 const Username = std.BoundedArray(u8, 16);
77 const PasswordHash = std.BoundedArray(u8, 128);
78 const SessionToken = u64;
79 const CookieValue = std.BoundedArray(u8, 128);
81 pub fn hash_password(password: []const u8) !PasswordHash {
82 var hash_buffer = try PasswordHash.init(128);
84 // TODO: choose buffer size
85 // TODO: dont allocate on stack, maybe zero memory?
86 var buffer: [1024 * 10]u8 = undefined;
87 var alloc = std.heap.FixedBufferAllocator.init(&buffer);
89 // TODO: choose limits
90 const result = try std.crypto.pwhash.argon2.strHash(password, .{
91 .allocator = alloc.allocator(),
92 .params = std.crypto.pwhash.argon2.Params.fromLimits(1000, 1024),
93 }, hash_buffer.slice());
95 try hash_buffer.resize(result.len);
100 pub fn verify_password(password: []const u8, hash: PasswordHash) bool {
101 var buffer: [1024 * 10]u8 = undefined;
102 var alloc = std.heap.FixedBufferAllocator.init(&buffer);
104 if (std.crypto.pwhash.argon2.strVerify(hash.constSlice(), password, .{
105 .allocator = alloc.allocator(),
109 std.debug.print("verify error: {}\n", .{err});
114 pub fn register_user(env: *lmdb.Env, username: []const u8, password: []const u8) !void {
115 const username_array = try Username.fromSlice(username);
117 var user_id: Id = undefined;
119 if (env.txn()) |*txn| {
121 if (txn.dbi("users", Id, User)) |users| {
122 user_id = prng.gen_id(users);
123 users.put(user_id, User{
124 .username = username_array,
125 .password_hash = try hash_password(password),
130 if (env.txn()) |txn| {
132 if (txn.dbi("user_ids", @TypeOf(username_array.buffer), Id)) |user_ids| {
133 user_ids.put(username_array.buffer, user_id);
140 pub fn login_user(env: *lmdb.Env, username: []const u8, password: []const u8) ?SessionToken {
141 const username_array = Username.fromSlice(username) catch return null;
143 var user_id_maybe: ?Id = null;
144 var user_maybe: ?User = null;
146 if (env.txn()) |txn| {
148 if (txn.dbi("user_ids", @TypeOf(username_array.buffer), Id)) |user_ids| {
149 user_id_maybe = user_ids.get(username_array.buffer);
150 std.debug.print("id: {?}\n", .{user_id_maybe});
154 if (user_id_maybe) |user_id| {
155 if (env.txn()) |txn| {
157 if (txn.dbi("users", Id, User)) |users| {
158 user_maybe = users.get(user_id_maybe.?);
162 if (user_maybe) |user| {
163 if (verify_password(password, user.password_hash)) {
164 if (env.txn()) |txn| {
166 if (txn.dbi("sessions", Id, Id)) |sessions| {
167 const session_token = prng.gen_id(sessions);
168 sessions.put(session_token, user_id);
169 return session_token;
179 fn logout_user(env: *lmdb.Env, session_token: SessionToken) void {
180 if (env.txn()) |txn| {
182 if (txn.dbi("sessions", Id, Id)) |sessions| {
183 sessions.del(session_token);
188 fn get_session_user(env: *lmdb.Env, session_token: SessionToken) ?User {
189 var user_id_maybe: ?Id = null;
191 if (env.txn()) |txn| {
193 if (txn.dbi("sessions", Id, Id)) |sessions| {
194 user_id_maybe = sessions.get(session_token);
198 if (user_id_maybe) |user_id| {
199 if (env.txn()) |txn| {
201 if (txn.dbi("users", Id, User)) |users| {
202 return users.get(user_id);
212 fn list_users(env: *lmdb.Env) void {
213 if (env.txn()) |txn| {
215 if (txn.dbi("users", Id, User)) |users| {
216 var cursor = users.cursor();
218 var key: Id = undefined;
219 var user_maybe = cursor.get(&key, .First);
221 while (user_maybe) |user| {
222 std.debug.print("[{}] {s}\n", .{ key, user.username.constSlice() });
224 user_maybe = cursor.get(&key, .Next);
230 pub fn main() !void {
232 const address = try std.net.Address.resolveIp("::", 8080);
234 var server = try address.listen(.{
235 .reuse_address = true,
237 defer server.deinit();
240 var env = lmdb.Env.open("db", 1024 * 1024 * 10);
245 accept: while (true) {
246 const conn = try server.accept();
248 std.debug.print("new connection: {}\n", .{conn});
250 var read_buffer: [1024]u8 = undefined;
251 var http_server = std.http.Server.init(conn, &read_buffer);
253 while (http_server.state == .ready) {
254 var req = http_server.receiveHead() catch continue;
256 std.debug.print("[{}]: {s}\n", .{ req.head.method, req.head.target });
258 var logged_in: ?struct {
260 session_token: SessionToken,
263 if (get_cookie(&req, "session_token")) |session_token_str| {
264 const session_token = try std.fmt.parseUnsigned(SessionToken, session_token_str.constSlice(), 10);
265 if (get_session_user(&env, session_token)) |user| {
268 .session_token = session_token,
271 // TODO: delete session token
272 // TODO: add changeable headers (set, delete cookies)
276 if (req.head.method == .GET) {
277 if (std.mem.eql(u8, req.head.target, "/register")) {
279 \\<form action="/register" method="post">
280 \\<input type="text" name="username" />
281 \\<input type="password" name="password" />
282 \\<input type="submit" value="Register" />
285 } else if (std.mem.eql(u8, req.head.target, "/login")) {
287 \\<form action="/login" method="post">
288 \\<input type="text" name="username" />
289 \\<input type="password" name="password" />
290 \\<input type="submit" value="Login" />
294 if (logged_in) |login| {
295 var response_buffer = try std.BoundedArray(u8, 1024).init(0);
296 try std.fmt.format(response_buffer.writer(),
297 \\<a href="/user/{s}">Home</a>
298 \\<form action="/logout" method="post"><input type="submit" value="Logout" /></form>
299 \\<form action="/quit" method="post"><input type="submit" value="Quit" /></form>
300 , .{login.user.username.constSlice()});
301 try req.respond(response_buffer.constSlice(), .{});
304 \\<a href="/register">Register</a>
305 \\<a href="/login">Login</a>
306 \\<form action="/quit" method="post"><input type="submit" value="Quit" /></form>
313 if (std.mem.eql(u8, req.head.target, "/register")) {
314 // TODO: handle args not supplied
315 const username = get_value(&req, "username").?;
316 const password = get_value(&req, "password").?;
318 std.debug.print("New user: {s} {s}\n", .{ username, password });
319 try register_user(&env, username, password);
321 try redirect(&req, "/login");
322 } else if (std.mem.eql(u8, req.head.target, "/login")) {
323 // TODO: handle args not supplied
324 const username = get_value(&req, "username").?;
325 const password = get_value(&req, "password").?;
327 std.debug.print("New login: {s} {s}\n", .{ username, password });
328 if (login_user(&env, username, password)) |session_token| {
329 var redirect_buffer = try std.BoundedArray(u8, 128).init(0);
330 try std.fmt.format(redirect_buffer.writer(), "/user/{s}", .{username});
332 var cookie_buffer = try std.BoundedArray(u8, 128).init(0);
333 try std.fmt.format(cookie_buffer.writer(), "session_token={}; Secure; HttpOnly", .{session_token});
335 try req.respond("", .{
336 .status = .see_other,
338 .{ .name = "Location", .value = redirect_buffer.constSlice() },
339 .{ .name = "Set-Cookie", .value = cookie_buffer.constSlice() },
343 try redirect(&req, "/login");
345 } else if (std.mem.eql(u8, req.head.target, "/logout")) {
346 if (logged_in) |login| {
347 logout_user(&env, login.session_token);
348 try req.respond("", .{
349 .status = .see_other,
351 .{ .name = "Location", .value = "/" },
352 .{ .name = "Set-Cookie", .value = "session_token=deleted; Expires=Thu, 01 Jan 1970 00:00:00 GMT" },
356 } else if (std.mem.eql(u8, req.head.target, "/quit")) {
357 try redirect(&req, "/");
projects / chirp / blob