From afb3657fa2cbc6bd9e5901d6c5590b09d15c2d89 Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Wed, 22 Nov 2017 21:42:17 +0000 Subject: Added todo file size max 1MB and 64 todo's per user --- cmd/cmd_lua.c | 26 ++++++++++++-------------- cmd/cmd_todo.c | 44 +++++++++++++++++++++++++++++++++++++++----- 2 files changed, 51 insertions(+), 19 deletions(-) (limited to 'cmd') diff --git a/cmd/cmd_lua.c b/cmd/cmd_lua.c index 105cb47..820620f 100644 --- a/cmd/cmd_lua.c +++ b/cmd/cmd_lua.c @@ -127,6 +127,7 @@ int lua_excute(const char *fname, rpc_call_request *req, rpc_call_response **res { int t; int top = lua_gettop(L); + int len = lua_rawlen(L,1); if (top == 1) { @@ -134,23 +135,26 @@ int lua_excute(const char *fname, rpc_call_request *req, rpc_call_response **res if (t == LUA_TTABLE) { int j; - int len = lua_rawlen(L,1); + const char *r_result; const char *r_error; int r_id; size_t sz; + check_table_key_string(L, "result", &r_result, &sz); - //resp->result = alloc_new_str(result); - printf("RESULT:%s\n", r_result); + + //printf("RESULT:%s\n", r_result); check_table_key_integer(L, "id", &r_id); - //resp->id = result_i; - printf("ID:%d\n", r_id); + + //printf("ID:%d\n", r_id); check_table_key_string(L, "error", &r_error, &sz); - //resp->error = alloc_new_str(result); - printf("ERROR:%s\n", r_error); - *resp = rpc_call_resp_new(alloc_new_str(r_result), alloc_new_str(r_error), 1); + //printf("ERROR:%s\n", r_error); + + if (r_result == NULL) r_result = "!"; + if (r_error == NULL) r_error = "!"; + *resp = rpc_call_resp_new(alloc_new_str(r_result), alloc_new_str(r_error), r_id); (*resp)->user = alloc_new_str(" "); (*resp)->server = alloc_new_str(" "); (*resp)->mask = alloc_new_str(" "); @@ -215,13 +219,9 @@ void *cmd_lua(void *data) //---------------------------------------------------------------------------- //main code - - params = sdsnew(req->params); tokens = sdssplitargs(params, &count); - - if (-1 == lua_excute(tokens[1], req, &resp)) { resp = rpc_call_resp_new(out_result,"None",1); @@ -238,10 +238,8 @@ void *cmd_lua(void *data) nb_resp = malloc(sizeof(netbyte_store)); nb_init(nb_resp); - PNL(); rpc_call_resp_marsh(resp, &nb_resp); - PNL(); nb_buf = (char *)nb_create(nb_resp); if (nb_buf) { diff --git a/cmd/cmd_todo.c b/cmd/cmd_todo.c index e90aeb7..8cd712d 100644 --- a/cmd/cmd_todo.c +++ b/cmd/cmd_todo.c @@ -3,14 +3,44 @@ //https://github.com/littlstar/b64.c //https://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwiMu9_F5ZrXAhVLOMAKHZ6NDQYQFghDMAM&url=https%3A%2F%2Fopensource.apple.com%2Fsource%2FQuickTimeStreamingServer%2FQuickTimeStreamingServer-452%2FCommonUtilitiesLib%2Fbase64.c&usg=AOvVaw3tk0M33ne4ru28Bn_R1KI3 +#define TODO_MAX_PER_USER 64 + static int add_todo(sqlite3 *db, char *user, char *todo) { int rc; - char sql_add_table[3*256]; char *b64_user, *b64_todo; + sqlite3_stmt *res=NULL; + b64_user = b64_encode(user, strlen(user)); b64_todo = b64_encode(todo, strlen(todo)); + + //check how many todo stuff is for single user + snprintf(sql_add_table, 1024, "SELECT COUNT(*) FROM todo WHERE user='%s';", b64_user, b64_todo); + printf("%s\n", sql_add_table); + if ((rc = sqlite3_prepare_v2(db, sql_add_table, -1, &res, 0)) != SQLITE_OK) + { + printf("Cannot prepare statment: %s\n", sqlite3_errmsg(db)); + free(b64_user); + free(b64_todo); + return -1; + } + + rc = sqlite3_step(res); + if (rc == SQLITE_ROW) + { + int iret = sqlite3_column_int(res, 0); + PRINT("%d\n",iret); + if (iret >= TODO_MAX_PER_USER) + { + free(b64_user); + free(b64_todo); + return -1; + } + } + sqlite3_finalize(res); + + //insert new value snprintf(sql_add_table, 1024, "INSERT INTO todo(user,todo) VALUES('%s','%s');", b64_user, b64_todo); printf("%s\n", sql_add_table); free(b64_user); @@ -156,14 +186,19 @@ void *cmd_todo(void *data) //---------------------------------------------------------------------------- //main code - PRINT("(%s)-(%s)-(%s)-(%s)-(%s)\n", req->method, req->params, req->user, req->mask, req->server); + //check if database filesize is not bigger then 1MB, consider it for now as abuse woop woop + if (file_size("todo.db")>1024*1024) + { + printf("File should be limited to just 1MB pal\n"); + return ret; + } if ((rc = sqlite3_open("todo.db", &db)) != SQLITE_OK) { printf("Cannot open todo database: %s\n", sqlite3_errmsg(db)); sqlite3_close(db); - return 1; + return ret; } //check if table excists @@ -172,14 +207,13 @@ void *cmd_todo(void *data) { printf("Cannot prepare statment: %s\n", sqlite3_errmsg(db)); sqlite3_close(db); - return 1; + return ret; } rc = sqlite3_step(res); if (rc == SQLITE_ROW) { int iret = sqlite3_column_int(res, 0); - //printf("%d\n", iret); if (iret == 0) { table_todo_exists = 0; -- cgit v1.2.3