authdb.cpp

/*******************************************************************************
 * Copyright (c) 2025, Jan Koester jan.koester@gmx.net
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 * Neither the name of the <organization> nor the
 *      names of its contributors may be used to endorse or promote products
 *      derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *******************************************************************************/

#include <algorithm>
#include <iostream>
#include <cstring>
#include <sstream>
#include <map>

#include <uuid/uuid.h>
#include <cmdplus/cmdplus.h>
#include <confplus/conf.h>

#include <httppp/httpd.h>
#include <htmlpp/html.h>

#include "backend.h"
#include "authdb.h"
#include "user.h"
#include "types.h"

namespace authdb {

    bool initalized=true;

    class AuthDB : public libhttppp::HttpEvent{
    public:
        AuthDB(authdb::AuthBackend &backend,netplus::socket *ssock) : HttpEvent(ssock), _Backend(backend){
            _Indexpage.loadFile(_IndexElement,"../data/index.html");
        };

        void listUsers(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            _Backend.lock();

            size_t rd=sizeof(authdb::AuthHeader),end=_Backend.end();

            _Backend.setPos(rd);


            libhtmlpp::HtmlString userlist,out;

            libhtmlpp::HtmlElement root=_IndexElement;

            libhtmlpp::HtmlElement *content=root.getElementbyID("content");

            User user;
            class UserData udat;

            userlist <<"<div><p>UserList:</p><table class=\"userlist\">";

            while(rd<end){
                authdb::AuthData *cur=new AuthData;

                _Backend.ReadAuthData(cur,rd);

                cur->data = new char[cur->datasize];
                _Backend.read((unsigned char*)cur->data,cur->datasize);

                rd=_Backend.getPos();

                uuid_t uid;
                uuid_parse(cur->uuid,uid);
                if(strcmp(cur->fieldname,"username")==0){
                    try {
                        size_t upos=sizeof(authdb::AuthHeader);
                        user.info(_Backend,uid,udat,upos);
                        userlist << "<tr><td class=\"list_username\">";
                        std::copy(cur->data,cur->data+cur->datasize,std::back_inserter(userlist));
                        userlist << "</td></tr>"
                        << "<tr><td><img class=\"list_picture\" style=\"height:100px;\" src=\"/admin/getavatar/" << cur->uuid << ".jpg\" alt=\"avatar\">"
                        << "</td><td><ul><li>"
                        << "uid: " << cur->uuid
                        << "</li>"
                        << "<li><span>Username:</span><span>" << udat.getUsername() << "</span></li>"
                        << "<li><span>Firstname:</span><span>" << udat.getFirstname() << "</span></li>"
                        << "<li><span>Lastname:</span><span>" << udat.getLastename() << "</span></li>"
                        << "<li><span>Email:</span><span>" << udat.getMail() << "</span></li>"
                        << "</ul></td><td><ul class=\"usertoolbar\" >"
                        << "<li><a class=\"button\" href=\"/admin/edituser/" << cur->uuid << "\">EditUser</a></li>"
                        << "<li><a class=\"button\" href=\"/admin/removeuser/" << cur->uuid << "\">RemoveUser</a></li>"
                        << "</ul></td></tr>";
                    }catch(AuthBackendError &e){
                        std::cerr << e.what() << std::endl;
                    }
                }
                delete[] cur->data;
                delete cur;
            }

            _Backend.unlock();

            userlist << "</table></div><div><ul class=\"usertoolbar\" ><li><a class=\"button\" href=\"/admin/createuser\">CreateUser</a></li></ul></div>";


            content->insertChild(userlist.parse());

            libhtmlpp::print(&root,out,true);

            libhttppp::HttpResponse rep;
            rep.setContentType("text/html");
            rep.send(curreq,out.c_str(),out.size());
        }

        void createUser(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            libhttppp::HttpResponse rep;

            libhttppp::HttpForm curform;
            curform.parse(curreq);
            if (curform.getBoundary()) {
                uuid_t uid;
                uuid_generate(uid);
                class UserData udat(uid);

                for (libhttppp::HttpForm::MultipartForm::Data* curformdat = curform.MultipartFormData.getFormData();
                    curformdat; curformdat = curformdat->nextData()) {
                    for(libhttppp::HttpForm::MultipartForm::Data::ContentDisposition *curdispo=curformdat->getDisposition();
                        curdispo; curdispo=curdispo->nextContentDisposition()
                    ){
                        if(curformdat->Value.empty() || !curdispo->getValue())
                            continue;

                        std::vector<char> tmp;
                        if(strcmp(curdispo->getValue(),"avatar")!=0){
                            std::copy(curformdat->Value.begin(),curformdat->Value.end(),std::back_inserter(tmp));
                            tmp.push_back('\0');
                        }

                        if(strcmp(curdispo->getValue(),"username")==0){
                            udat.setUserName(tmp.data());
                        }else if(strcmp(curdispo->getValue(),"firstname")==0){
                            udat.setFirstName(tmp.data());
                        }else if(strcmp(curdispo->getValue(),"lastname")==0){
                            udat.setLastName(tmp.data());
                        }else if(strcmp(curdispo->getValue(),"mail")==0){
                            udat.setMail(tmp.data());
                        }else if(strcmp(curdispo->getValue(),"avatar")==0 && !curformdat->Value.empty()){
                            udat.setAvatar(curformdat->Value);
                        }
                    }
                }

                _Backend.lock();
                User user;
                user.create(_Backend,&udat);
                _Backend.unlock();

                std::cout << "user created!" << std::endl;
            }


            libhtmlpp::HtmlPage page;

            libhtmlpp::HtmlString form,out;

            form  << "<form method=\"post\" enctype=\"multipart/form-data\">"
                  << "<table>"
                  << "<tr><td><label for=\"username\">username:</label></td>"
                  << "<td><input type=\"text\" name=\"username\"></td></tr>"
                  << "<tr><td><label for=\"firstname\">firstname:</label></td>"
                  << "<td><input type=\"text\" name=\"firstname\"></td></tr>"
                  << "<tr><td><label for=\"lastname\">lastname:</label></td>"
                  << "<td><input type=\"text\" name=\"lastname\"></td></tr>"
                  << "<tr><td><label for=\"mail\">mail:</label></td>"
                  << "<td><input type=\"text\" name=\"mail\"></td></tr>"
                  << "<tr><td><label for=\"avatar\">ProfilBild:</label></td>"
                  << "<td><input type=\"file\" name=\"avatar\"></td></tr>"
                  << "<tr><td></td><td><input type=\"submit\"></td></tr>"
                  << "</table>"
                  << "</form";

            libhtmlpp::HtmlElement root=_IndexElement;
            libhtmlpp::HtmlElement *content=root.getElementbyID("content");

            content->insertChild(form.parse());

            libhtmlpp::print(&root,out,true);

            rep.setContentType("text/html");
            rep.setContentLength(out.size());
            rep.send(curreq,out.c_str(),out.size());

        }

        void removeuser(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            char uid[255];
            sscanf(curreq->getRequestURL(),"/admin/removeuser/%s",uid);

            User user;

            uuid_t uuid;

            uuid_parse(uid,uuid);

            _Backend.lock();
            user.remove(_Backend,uuid);
            _Backend.unlock();

            libhttppp::HttpResponse rep;
            rep.setState(HTTP307);
            rep.setVersion(HTTPVERSION(1.1));
            rep.setHeaderData("Location")->push_back("/admin/listusers");
            rep.setContentType("text/html");
            rep.send(curreq,nullptr,0);
        }

        void getAvatar(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            libhttppp::HttpResponse rep;
            char uid[255],ext[16];
            sscanf(curreq->getRequestURL(),"/admin/getavatar/%[^.].%s",uid,ext);

            _Backend.lock();

            authdb::AuthData *cur;

            size_t rd=sizeof(authdb::AuthHeader),end=_Backend.end();

            while(rd<end){
                cur=new AuthData;
                cur->data=nullptr;
                _Backend.ReadAuthData(cur,rd);
                rd=_Backend.getPos()+cur->datasize;

                if(cur && strcmp(cur->uuid,uid)==0 && strcmp(cur->fieldname,"avatar")==0){
                    cur->data = new char[cur->datasize];
                    _Backend.read((unsigned char*)cur->data,cur->datasize);
                    char ctype[255];
                    snprintf(ctype,255,"image/%s",ext);
                    rep.setContentType(ctype);
                    rep.send(curreq,cur->data,cur->datasize);
                    end=0;
                    delete[] cur->data;
                }
                delete cur;
            }

            if(end!=0){
                rep.setState(HTTP404);
                rep.send(curreq,nullptr,0);
            }

            _Backend.unlock();
        };

        void editUser(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            _Backend.lock();
            size_t rd=sizeof(authdb::AuthHeader),end=_Backend.end();
            char cuid[255];

            sscanf(curreq->getRequestURL(),"/admin/edituser/%s",cuid);

            AuthDataRecord editrec,*curec=&editrec;

            bool data = false;

            libhttppp::HttpForm curform;

            curform.parse(curreq);

            for (libhttppp::HttpForm::MultipartForm::Data* curformdat = curform.MultipartFormData.getFormData();
                    curformdat; curformdat = curformdat->nextData()) {
                    for(libhttppp::HttpForm::MultipartForm::Data::ContentDisposition *curdispo=curformdat->getDisposition();
                        curdispo; curdispo=curdispo->nextContentDisposition()
                    ){
                        if(curformdat->Value.empty() || !curdispo->getValue())
                            continue;

                        data = true;

                        strcpy(curec->Data->uuid,cuid);

                        curec->Data->type=UserData;
                        curec->Data->storage=TextStorage;

                        for(libhttppp::HttpForm::MultipartForm::Data::ContentDisposition *curdispo=curformdat->getDisposition();
                            curdispo; curdispo=curdispo->nextContentDisposition()
                        ){

                            std::string key;

                            if(curdispo->getKey())
                                key=curdispo->getKey();

                            std::transform(key.begin(), key.end(), key.begin(),
                                            [](unsigned char c){ return std::tolower(c); });

                            if(key=="name"){
                                strcpy(curec->Data->fieldname,curdispo->getValue());
                            }else if(key=="content-type" && strncmp(curdispo->getValue(),"text/",5) != 0){
                                curec->Data->storage=BinaryStorage;
                            }
                        }

                        curec->Data->datasize=curformdat->Value.size();
                        curec->Data->data=new char[curec->Data->datasize];
                        memcpy(curec->Data->data,curformdat->Value.data(),curformdat->Value.size());
                    }
                    if(curformdat->nextData()){
                            curec->_next=new AuthDataRecord;
                            curec=curec->_next;
                    }
            }

            uuid_t uid;
            uuid_parse(cuid,uid);

            if(data){
                editRecord(_Backend,&editrec,uid,UserData);
                _Backend.unlock();
                libhttppp::HttpResponse rep;
                rep.setState(HTTP307);
                rep.setVersion(HTTPVERSION(1.1));
                rep.setHeaderData("Location")->push_back("/admin/listusers");
                rep.setContentType("text/html");
                rep.send(curreq,nullptr,0);
                return;
            }
            libhtmlpp::HtmlPage page;

            libhtmlpp::HtmlString form,out;

            form  << "<form method=\"post\" enctype=\"multipart/form-data\">"
                  << "<table>";

            while(rd<end){
                authdb::AuthData *cur=new AuthData;

                _Backend.ReadAuthData(cur,rd);

                cur->data = new char[cur->datasize];
                _Backend.read((unsigned char*)cur->data,cur->datasize);

                rd=_Backend.getPos();

                if(strcmp(cur->uuid,cuid)==0 /*&& cur->type==UserData*/ && cur->storage==TextStorage){
                    try {
                        form  << "<tr><td><label for=\"username\">" << cur->fieldname << "</label></td>"
                              << "<td><input type=\"text\" name=\"" << cur->fieldname << "\" value=\""
                              << cur->data <<"\"></td></tr>";
                    }catch(AuthBackendError &e){
                        std::cerr << e.what() << std::endl;
                    }
                }

                delete[] cur->data;
                delete cur;
            }
            _Backend.unlock();

            form  << "<tr><td><label for=\"avatar\">ProfilBild:</label></td>"
                  << "<td><input type=\"file\" name=\"avatar\"></td></tr>"
                  << "<tr><td></td><td><input type=\"submit\"></td></tr>"
                  << "</table>"
                  << "</form";

            libhtmlpp::HtmlElement root=_IndexElement;
            libhtmlpp::HtmlElement *content=root.getElementbyID("content");

            content->insertChild(form.parse());

            libhtmlpp::print(&root,out,true);

            libhttppp::HttpResponse rep;
            rep.setContentType("text/html");
            rep.setContentLength(out.size());
            rep.send(curreq,out.c_str(),out.size());
        }

        void AdminController(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            if(strncmp(curreq->getRequestURL(),"/admin/listusers",16)==0){
                listUsers(curreq,tid,args);
            }else if(strncmp(curreq->getRequestURL(),"/admin/createuser",17)==0){
                createUser(curreq,tid,args);
            }else if(strncmp(curreq->getRequestURL(),"/admin/removeuser",17)==0){
                removeuser(curreq,tid,args);
            }else if(strncmp(curreq->getRequestURL(),"/admin/edituser",15)==0){
                editUser(curreq,tid,args);
            }else if(strncmp(curreq->getRequestURL(),"/admin/getavatar/",17)==0){
                getAvatar(curreq,tid,args);
            }else{
                libhtmlpp::HtmlElement root=_IndexElement;
                libhtmlpp::HtmlString out;
                libhtmlpp::print(&root,out,true);

                libhttppp::HttpResponse rep;
                rep.setContentType("text/html");
                rep.setContentLength(out.size());
                rep.send(curreq,out.c_str(),out.size());
            }
        }

        void RequestEvent(libhttppp::HttpRequest *curreq, const int tid, ULONG_PTR args){
            if(strncmp(curreq->getRequestURL(),"/admin",6)==0){
                AdminController(curreq,tid,args);
            }else if(strncmp(curreq->getRequestURL(),"/api",4)==0){

            }else{
                libhttppp::HttpResponse rep;
                rep.setState(HTTP307);
                rep.setVersion(HTTPVERSION(1.1));
                rep.setHeaderData("Location")->push_back("/admin");
                rep.setContentType("text/html");
                rep.send(curreq,nullptr,0);
            }
        };
    private:
        authdb::AuthBackend    &_Backend;
        libhtmlpp::HtmlElement  _IndexElement;
        libhtmlpp::HtmlPage     _Indexpage;
    };

    int searchValue(authdb::AuthBackend &backend,const char*fieldname,const char *value){
        authdb::AuthData *user=new AuthData;
        int rd=sizeof(authdb::AuthHeader),brd=rd;
        while(rd>backend.end()){
            backend.ReadAuthData(user,rd);
            rd=backend.getPos();
            if(strcmp(user->fieldname,fieldname) == 0){
                user->data = new char[user->datasize];
                backend.read((unsigned char*)user->data,user->datasize);
                if(strcmp(user->data,value) == 0){
                    delete[] user->data;
                    goto VALUEFOUND;
                }
                delete[] user->data;
            }
            brd=rd;
        }
VALUEFOUND:
        delete user;
        return brd;
    }

    AuthDataRecord::AuthDataRecord(){
         Data = new AuthData;
         memset((void*)Data,0,sizeof(AuthData));
         Data->start=0xFE;
         Data->end=0xFF;
        _next=nullptr;
    }

    AuthDataRecord::AuthDataRecord(const AuthDataRecord &src){
        Data = new AuthData;
        memcpy(&Data,&src.Data,sizeof(src.Data));
        memcpy(Data->data,src.Data->data,src.Data->datasize);
        _next=nullptr;
    }

    AuthDataRecord::~AuthDataRecord(){
        delete Data;
    }

    AuthDataRecord *AuthDataRecord::next(){
        return _next;
    };


    bool getRecord(authdb::AuthBackend &backend,AuthDataRecord *dest,const uuid_t id,int type){
        bool found=false;
        AuthData *cur=new AuthData;
        int rd=sizeof(authdb::AuthHeader),end=backend.end();

        char plainid[255];

        uuid_unparse(id,plainid);

        AuthDataRecord *curec=dest;

        while(rd<end){
            backend.ReadAuthData(cur,rd);
            rd=backend.getPos()+cur->datasize;
            if(strcmp(cur->uuid,plainid) == 0 && cur->type == type){
                memcpy(curec->Data,cur,sizeof(AuthHeader));
                curec->Data->data=new char[cur->datasize];
                backend.read((unsigned char*)curec->Data->data,cur->datasize);
                if(rd<backend.end()){
                    curec->_next=new AuthDataRecord;
                    curec=curec->_next;
                }
                found=true;
            }
        }

        delete cur;

        return found;
    }

    bool editRecord(AuthBackend &backend,const AuthDataRecord *rec,const uuid_t uid,int type){
        AuthDataRecord old;

        std::vector<AuthData*> changemap; //use fieldname;
        std::vector<AuthData*> newmap;

        getRecord(backend,&old,uid,type);

        for(const AuthDataRecord *curdat=rec; curdat; curdat=curdat->_next){
            bool newentry=true;
            for(const AuthDataRecord *olddat=&old; olddat; olddat=olddat->_next){
                if(strcmp(olddat->Data->uuid,curdat->Data->uuid)==0
                    && strcmp(olddat->Data->fieldname,curdat->Data->fieldname)==0
                ){
                    size_t end = olddat->Data->datasize;
                    if(end!=curdat->Data->datasize){
                        changemap.push_back(curdat->Data);
                    }else{
                        for(size_t i=0; i<end; ++i){
                            if(olddat->Data->data[i]!=curdat->Data->data[i]){
                                changemap.push_back(curdat->Data);
                                break;
                            }
                        }
                    }
                    newentry=false;
                }
            }

            if(newentry){
                newmap.push_back(curdat->Data);
            }

        }

        for(auto newel : newmap){
            backend.WriteAuthData(newel,backend.end());
            backend.setPos(backend.end());
            backend.write((const unsigned char*)newel->data,newel->datasize);
        }

        char cuid[255];
        const unsigned char zero = 0;

        uuid_unparse(uid,cuid);

        for(auto chel : changemap){
            size_t rd=sizeof(authdb::AuthHeader),end=backend.end();
            while(rd<end){
                authdb::AuthData *rdrec=new AuthData;
                backend.ReadAuthData(rdrec,rd);
                if(strcmp(rdrec->uuid,cuid)==0 && strcmp(rdrec->fieldname,chel->fieldname)==0){
                    backend.WriteAuthData(chel,backend.end());
                    backend.write((const unsigned char*)chel->data,chel->datasize);
                    size_t dsize=rdrec->datasize;
                    memset(rdrec,0,sizeof(AuthData));
                    rdrec->start=0xFE;
                    rdrec->datasize=dsize;
                    rdrec->end=0xFF;
                    backend.WriteAuthData(rdrec,rd);
                    for(size_t i =0; i<rdrec->datasize; ++i){
                        backend.write(&zero,1);
                    }
                    rd=backend.getPos();
                }else{
                    rd=backend.getPos()+rdrec->datasize;
                }
                delete rdrec;
            }
        }

        if(!changemap.empty() || !newmap.empty())
            return true;
        return false;
    }

    void delRecord(AuthBackend &backend,const uuid_t uid){
        size_t end=backend.end(),rd=sizeof(AuthHeader);

        char cuid[255];

        if(!uid)
            throw AuthBackendError("user info uid required!");

        uuid_unparse(uid,cuid);

        while(rd<end){
            authdb::AuthData *cur=new AuthData;
            size_t wr=backend.getPos();
            backend.ReadAuthData(cur,rd);
            rd=backend.getPos()+cur->datasize;
            if(strlen(cur->uuid) >0 &&
                strncmp(cuid,cur->uuid,strlen(cur->uuid)) == 0){
                // std::cout << cur->uuid << std::endl;
                size_t dsize=cur->datasize;
                memset(cur,0,sizeof(AuthData));
                cur->datasize=dsize;
                backend.WriteAuthData(cur,wr);
                const unsigned char zero=0;
                for(size_t i=0; i<dsize; ++i){
                    backend.write(&zero,1);
                }
            }
            delete cur;
        }
    }

};

int main(int argc, char *argv[]){
    cmdplus::CmdController &cmd=cmdplus::CmdController::getInstance();

    cmd.registerCmd("config",'c',true,nullptr,"Config Path");

    cmd.parseCmd(argc,argv);

    if(!cmd.checkRequired()){
        std::cerr << "Config Path required !" << std::endl;
        cmd.printHelp();
        return -1;
    }

    confplus::Config config(cmd.getCmdbyKey("config")->getValue());

    authdb::AuthBackend backend(authdb::AuthBackendType::File,
                                config.getValue(config.getKey("/AUTHDB/ADMINDB/PATH"),0),
                                "admin.local"
                                );
    try {
        if(backend.end()<=sizeof(authdb::AuthHeader)){
            authdb::initalized=false;
        }

        libhttppp::HttpD httpd(
            config.getValue(config.getKey("/AUTHDB/BIND"),0),
            config.getIntValue(config.getKey("/AUTHDB/PORT"),0),
            config.getIntValue(config.getKey("/AUTHDB/MAXCONN"),0),
            nullptr,
            nullptr
        );

        authdb::AuthDB authdb(backend,httpd.getServerSocket());

        authdb.runEventloop();
    }catch(authdb::AuthBackendError &e){
        std::cerr << e.what() << std::endl;
    }
}