first commit of portal user

src/sqlite3.c

@@ -0,0 +1,241 @@
+#include <kore/kore.h>
+#include <kore/http.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sqlite3.h>
+#include "assets.h"
+#include <pwd.h>
+#if defined(__linux__)
+
+#include <kore/seccomp.h>
+#include <crypt.h>
+
+KORE_SECCOMP_FILTER("sqlite3",
+	KORE_SYSCALL_ALLOW(newfstatat),
+	KORE_SYSCALL_ALLOW(pread64),
+	KORE_SYSCALL_ALLOW(pwrite64),
+	KORE_SYSCALL_ALLOW(fdatasync),
+	KORE_SYSCALL_ALLOW_ARG(write, 0, STDOUT_FILENO)
+); 
+#endif
+
+
+int portal_user_load(struct http_request *);
+int v_password_func(struct http_request *, char *);
+int create_user(struct http_request *);
+
+int create_user(struct http_request *req)
+{
+    struct kore_buf *b;
+    u_int8_t *d;
+    size_t len;
+    char *salt, *cryptpwd;
+    char *err_msg = 0;
+    char *user,*pwd,name[10];
+    sqlite3_stmt *res;
+    sqlite3 *db;
+
+    if (req->method == HTTP_METHOD_GET)
+        http_populate_get(req);
+    else if (req->method == HTTP_METHOD_POST)
+        http_populate_post(req);
+
+    b = kore_buf_alloc(asset_len_signup_html);
+    kore_buf_append(b, asset_signup_html, asset_len_signup_html);
+
+
+    if (req->method == HTTP_METHOD_GET) {
+	kore_buf_replace_string(b, "$msg$", "Toto", 4);
+
+        http_response_header(req, "content-type", "text/html");
+        d = kore_buf_release(b, &len);
+        http_response(req, 200, d, len);
+        kore_free(d);
+
+        return (KORE_RESULT_OK);
+    }
+
+    if (req->method == HTTP_METHOD_POST) 
+    {
+
+
+    	int rc = sqlite3_open("test.db", &db);
+
+    	if (rc != SQLITE_OK) {
+
+        	fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
+        	sqlite3_close(db);
+
+        	return 1;
+    	}
+	//salt = crypt_gensalt("$2b$", 15, NULL, 0); //-> linux
+	salt = bcrypt_gensalt(15); //-> openbsd
+
+    	if (salt == NULL) {
+        	perror("crypt_gensalt");
+        	exit(EXIT_FAILURE);
+   	 }
+
+	
+	(void)snprintf(name, sizeof(name), "login");
+	http_argument_get_string(req, name, &user);
+
+	(void)snprintf(name, sizeof(name), "password");
+	http_argument_get_string(req, name, &pwd);
+	
+	cryptpwd = crypt(pwd, salt);
+    	if (cryptpwd == NULL) {
+        	perror("crypt_gensalt");
+        	exit(EXIT_FAILURE);
+    	}
+	printf("Encrypted: %s\n", cryptpwd);
+    	char *sql ="INSERT INTO users VALUES(?,?);";
+
+	rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
+    
+    	if (rc == SQLITE_OK) {
+        	sqlite3_bind_text(res, 1, user, -1, NULL);
+		sqlite3_bind_text(res, 2, cryptpwd, -1, NULL);
+
+    	}else {
+        	fprintf(stderr, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
+    	}
+    
+    	sqlite3_step(res);
+    	if (rc != SQLITE_OK ) {
+        	fprintf(stderr, "SQL error: %s\n", err_msg);
+		sqlite3_finalize(res);
+        	sqlite3_free(err_msg);
+        	sqlite3_close(db);
+        	return 1;
+    	}
+
+    	sqlite3_close(db);
+    	http_response_header(req, "content-type", "text/html");
+    	d = kore_buf_release(b, &len);
+    	http_response(req, 200, d, len);
+    	kore_free(d);
+
+    	return (KORE_RESULT_OK);
+    }
+    return (KORE_RESULT_ERROR);
+}
+
+int portal_user_load(struct http_request *req)
+{
+    struct kore_buf *b;
+    u_int8_t *d;
+    size_t len;
+    char *login,*pwd, name[10];
+    char *err_msg = 0;
+    char salt[29], *cryptpwd;
+    int rc;
+    sqlite3_stmt *res;
+    sqlite3 *db;
+
+    if (req->method == HTTP_METHOD_GET)
+        http_populate_get(req);
+    else if (req->method == HTTP_METHOD_POST)
+        http_populate_post(req);
+
+    b = kore_buf_alloc(asset_len_index_html);
+    kore_buf_append(b, asset_index_html, asset_len_index_html);
+
+    if (req->method == HTTP_METHOD_GET) {
+        kore_buf_replace_string(b, "$login$", NULL, 0);
+        kore_buf_replace_string(b, "$password$", NULL, 0);
+	kore_buf_replace_string(b, "$msg$", "Toto", 4);
+
+        http_response_header(req, "content-type", "text/html");
+        d = kore_buf_release(b, &len);
+        http_response(req, 200, d, len);
+        kore_free(d);
+
+        return (KORE_RESULT_OK);
+    }
+
+    if (req->method == HTTP_METHOD_POST) 
+    {
+     	rc = sqlite3_open("test.db", &db);
+   	
+	if (rc != SQLITE_OK) 
+	{
+        	fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
+        	sqlite3_close(db);
+        
+        	return 1;
+	}
+
+	char *sql = "SELECT email_address, password FROM users WHERE email_address = ?";
+
+	rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
+
+    	if (rc == SQLITE_OK) 
+	{
+		(void)snprintf(name, sizeof(name), "login");
+		http_argument_get_string(req, name, &login);
+	        sqlite3_bind_text(res, 1, login , -1, NULL);
+    	} 
+	else 
+	{
+        	fprintf(stderr, "Failed to execute statement: %s\n", sqlite3_errmsg(db));
+    	}
+
+	sqlite3_step(res);
+    	if (rc != SQLITE_OK ) {
+        	fprintf(stderr, "SQL error: %s\n", err_msg);
+		sqlite3_finalize(res);
+        	sqlite3_free(err_msg);
+        	sqlite3_close(db);
+        	return 1;
+    	}
+    
+	(void)snprintf(name, sizeof(name), "password");
+	http_argument_get_string(req, name, &pwd);
+	
+
+	strncpy (salt,(const char *)sqlite3_column_text(res, 1),29);
+
+
+	cryptpwd = crypt(pwd, salt);
+    	if (cryptpwd == NULL) {
+        	perror("crypt_gensalt");
+        	exit(EXIT_FAILURE);
+    	}
+
+
+	if ( strcmp( (const char *)sqlite3_column_text(res, 1), cryptpwd) )
+	{
+		printf("mauvais mot de passe\n");
+		kore_buf_replace_string(b, "$msg$", "Erreur connection", 17);
+	}else 
+	{
+		kore_buf_replace_string(b, "$msg$", "Connection ok", 13);
+
+	}
+    	sqlite3_finalize(res);
+    	sqlite3_close(db);
+
+
+    	http_response_header(req, "content-type", "text/html");
+    	d = kore_buf_release(b, &len);
+    	http_response(req, 200, d, len);
+    	kore_free(d);
+	return (KORE_RESULT_OK);
+    }
+
+    return (KORE_RESULT_ERROR);
+
+}
+
+int v_password_func(struct http_request *req, char *data)
+{
+    kore_log(LOG_NOTICE, "v_password_func called %s", data);
+
+   if ( strlen(data) < 128 )
+        return (KORE_RESULT_OK);
+
+ return (KORE_RESULT_ERROR);
+  
+}