tinycm view index.cgi @ rev 20
Auth file can be used by an other app
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Sun Jan 05 01:25:55 2014 +0100 (2014-01-05) |
| parents | 93e27f9ededd |
| children | 8dacfbea4e2f |
line source
1 #!/bin/sh
2 #
3 # TinyCM - Small, fast and elegent CGI/SHell Content Manager
4 #
5 # Copyright (C) 2012-2014 SliTaz GNU/Linux - BSD License
6 #
7 . /usr/lib/slitaz/httphelper
9 # Let's have a peer site config file with a .cgi extension so content
10 # is secure even if left in a web server directory.
11 . config.cgi
13 tiny="$PWD"
14 po="en fr"
15 content="content"
16 wiki="$content/wiki"
17 index="index"
18 cache="cache"
19 plugins="plugins"
20 tmp="/tmp/tinycm"
21 sessions="$tmp/sessions"
22 script="$SCRIPT_NAME"
24 # Content negotiation for Gettext
25 IFS=","
26 for lang in $HTTP_ACCEPT_LANGUAGE
27 do
28 lang=${lang%;*} lang=${lang# } lang=${lang%-*}
29 if echo "$po" | fgrep -q "$lang"; then
30 break
31 fi
32 case "$lang" in
33 en) lang="C" ;;
34 fr) lang="fr_FR" ;;
35 pt) lang="pt_BR" ;;
36 ru) lang="ru_RU" ;;
37 esac
38 done
39 unset IFS
40 export LANG=$lang LC_ALL=$lang
42 #
43 # Functions
44 #
46 # Used by edit to display language name and the language box. This is
47 # for CM content not gettext support.
48 get_lang() {
49 lang=$(echo $d | cut -d "/" -f 1)
50 doc=${d#$lang/}
51 echo '<div id="lang">'
52 for l in $LANGUAGES
53 do
54 case $lang in
55 en) i18n="English" ;;
56 fr) i18n="Français" ;;
57 pt) i18n="Português" ;;
58 ru) i18n="Русский" ;;
59 *) i18n="*" ;;
60 esac
61 echo "<a href='?d=$l/$doc'>$l</a>"
62 done
63 echo '</div>'
64 }
66 # HTML 5 header.
67 html_header() {
68 if [ -f "$tiny/lib/header.html" ]; then
69 cat $tiny/lib/header.html | sed -e s!'%TITLE%'!"$TITLE - $d"!g
70 else
71 cat << EOT
72 <!DOCTYPE html>
73 <html xmlns="http://www.w3.org/1999/xhtml">
74 <head>
75 <title>$TITLE</title>
76 <meta charset="utf-8" />
77 <style type="text/css">body { margin: 40px 120px; }</style>
78 </head>
79 <body>
80 <!-- Content -->
81 <div id="content">
82 EOT
83 fi
84 }
86 # HTML 5 footer.
87 html_footer() {
88 if [ -f "$tiny/lib/footer.html" ]; then
89 cat $tiny/lib/footer.html
90 else
91 cat << EOT
93 <!-- End content -->
94 </div>
96 <div id="footer">♥</div>
98 </body>
99 </html>
100 EOT
101 fi
102 }
104 # Default index if missing
105 default_index() {
106 mkdir -p "$wiki"
107 cat > $wiki/$index.txt << EOT
108 ==== Welcome ====
110 This is the default index page of your CM, you can start to edit and adding
111 some content to your TinyCM.
113 EOT
114 }
116 # Log documents activity.
117 log() {
118 grep ^[A-Z] | \
119 sed s"#^[A-Z]\([^']*\)#$(date '+%Y-%m-%d %H:%M') : \0#" \
120 >> $cache/$d/activity.log
121 }
123 # Check if user is auth
124 check_auth() {
125 auth="$(COOKIE auth)"
126 user="$(echo $auth | cut -d ":" -f 1)"
127 md5cookie="$(echo $auth | cut -d ":" -f 2)"
128 [ -f "$sessions/$user" ] && md5session="$(cat $sessions/$user)"
129 if [ "$md5cookie" == "$md5session" ] && [ "$auth" ]; then
130 . $PEOPLE/$user/account.conf
131 return 0
132 else
133 return 1
134 fi
135 }
137 # Authentified or not
138 user_box() {
139 if check_auth; then
140 cat << EOT
142 <div id="user">
143 <a href="$script?user=$user">$(get_gravatar $MAIL 20)</a>
144 <a href="$script?logout">Logout</a>
145 </div>
147 EOT
148 else
149 cat << EOT
151 <div id="user">
152 <a href="$script?login"><img src="images/avatar.png" alt="[ User ]" /></a>
153 <a href="$script?login">Login</a>
154 </div>
156 EOT
157 fi
158 cat << EOT
159 <!--
160 <div id="search">
161 <form method="get" action="$script">
162 <input type="text" name="search" placeholder="$(gettext "Search")" />
163 </form>
164 </div>
165 -->
166 EOT
167 }
169 # Link for online signup if enabled.
170 online_signup() {
171 if [ "$ONLINE_SIGNUP" == "yes" ]; then
172 echo -n "<p><a href='$script?signup'>"
173 gettext "Create a new account"
174 echo '</a></p>'
175 fi
176 }
178 # Login page
179 login_page() {
180 cat << EOT
181 <h2>$(gettext "Login")</h2>
183 <div id="account-info">
184 $(gettext "No account yet or trouble with you account? Please send
185 a request to $ADMIN_MAIL with your real name, user name, mail and password.")
186 $(online_signup)
187 </div>
189 <div id="login">
190 <form method="post" action="$script">
191 <input type="text" name="auth" placeholder="$(gettext "User name")" />
192 <input type="password" name="pass" placeholder="$(gettext "Password")" />
193 <div>
194 <input type="submit" value="Login" /> $error
195 </div>
196 </form>
197 </div>
199 <div style="clear: both;"></div>
200 EOT
201 }
203 # Signup page
204 signup_page() {
205 cat << EOT
207 <div id="signup">
208 <form method="post" name="signup" action="$script" onsubmit="return checkSignup();">
209 <input type="hidden" name="signup" value="new" />
210 <input type="text" name="name" placeholder="$(gettext "Real name")" />
211 <input type="text" name="user" placeholder="$(gettext "User name")" />
212 <input type="text" name="mail" placeholder="$(gettext "Email")" />
213 <input type="password" name="pass" placeholder="$(gettext "Password")" />
214 <div>
215 <input type="submit" value="$(gettext "Create new account")" />
216 </div>
217 </form>
218 </div>
220 EOT
221 }
223 # Create a new user in AUTH_FILE and PEOPLE
224 new_user_config() {
225 if [ ! -f "$AUTH_FILE" ];then
226 touch $(DESTDIR)$(LOGIN)/auth/people
227 chmod 0600 $(DESTDIR)$(LOGIN)/auth/people
228 fi
229 key=$(echo -n "$user:$mail:$pass" | md5sum | awk '{print $1}')
230 echo "$user:$pass" >> $AUTH_FILE
231 mkdir -p $PEOPLE/$user/
232 cat > $PEOPLE/$user/account.conf << EOT
233 # SliTaz user configuration
234 #
236 NAME="$name"
237 USER="$user"
238 MAIL="$mail"
239 KEY="$key"
241 EOT
242 chmod 0600 $PEOPLE/$user/account.conf
243 }
245 # Display user public profile.
246 public_people() {
247 cat << EOT
248 <pre>
249 Real name : $NAME
250 </pre>
251 EOT
252 }
254 # Display authentified user profile. TODO: change password
255 auth_people() {
256 cat << EOT
257 <pre>
258 Real name : $NAME
259 Email : $MAIL
260 Secure key : $KEY
261 </pre>
262 EOT
263 }
265 # The CM style parser. Just a title, simple text formating and internal
266 # links, as well as images and use HTML for other stuff. Keep it fast!
267 # To make TinyCM as easy as possible we have a small HTML editor/helper
268 # written in Javascript
269 wiki_parser() {
270 doc="[0-9a-zA-Z\.\#/~\_%=\?\&,\+\:@;!\(\)\*\$'\-]*"
271 sed \
272 -e s"#====\([^']*\)====#<h2>\1</h2>#"g \
273 -e s"#===\([^']*\)===#<h3>\1</h3>#"g \
274 -e s"#==\([^']*\)==#<h4>\1</h4>#"g \
275 -e s"#\*\*\([^']*\)\*\*#<b>\1</b>#"g \
276 -e s"#''\([^']*\)''#<em>\1</em>#"g \
277 -e s"#__\([^']*\)__#<u>\1</u>#"g \
278 -e s"#\[\([^]]*\)|\($doc\)\]#<a href='$script?d=\2'>\1</a>#"g \
279 -e s"#\[\([^]]*\)!\($doc\)\]#<a href='\2'>\1</a>#"g \
280 -e s"#\[\(http://*[^]]*.png\)\]#<img src='\1' />#"g \
281 -e s"#\[\([^]]*.png\)\]#<img src='content/cloud/\1' />#"g
282 }
284 link_user() {
285 echo "<a href='$(basename $script)?user=$user'>$user</a>"
286 }
288 # Save a document. Do we need more than 1 backup and diff ?
289 save_document() {
290 mkdir -p $cache/$d $(dirname $wiki/$d)
291 # May be a new page.
292 if [ ! -f "$wiki/$d.txt" ]; then
293 new=0
294 touch $wiki/$d.txt
295 fi
296 cp $wiki/$d.txt $cache/$d/last.bak
297 sed "s/$(echo -en '\r') /\n/g" > $wiki/$d.txt << EOT
298 $(GET content)
299 EOT
300 diff $cache/$d/last.bak $wiki/$d.txt > $cache/$d/last.diff
301 # Log
302 if [ "$new" ]; then
303 echo "Page created by: $(link_user)" | log
304 if [ "$HG" == "yes" ]; then
305 cd $content && hg -q add
306 hg commit -q -u "$NAME <$MAIL>" -m "Created new document: $d"
307 cd $tiny
308 fi
309 else
310 # Here we will clean log: cat && tail -n 40
311 echo "Page edited by: $(link_user)" | log
312 if [ "$HG" == "yes" ]; then
313 cd $content && hg commit -q -u "$NAME <$MAIL>" \
314 -m "Edited document: $d"
315 cd $tiny
316 fi
317 fi
318 }
320 # CM tools (edit, diff, etc).
321 wiki_tools() {
322 cat << EOT
323 <div id="tools">
324 <a href="$script?edit=$d">$(gettext "Edit document")</a>
325 <a href="$script?diff=$d">$(gettext "Last diff")</a>
326 <a href="$script?log=$d">$(gettext "Activity")</a>
327 <a href="$script?dashboard">Dashboard</a>
328 $([ "$HG" == "yes" ] && echo "<a href='$script?hg'>Hg Log</a>")
329 </div>
330 EOT
331 }
333 # Get and display Gravatar image: get_gravatar email size
334 # Link to profile: <a href="http://www.gravatar.com/$md5">...</a>
335 get_gravatar() {
336 email=$1
337 size=$2
338 [ "$size" ] || size=48
339 url="http://www.gravatar.com/avatar"
340 md5=$(md5crypt $email)
341 echo "<img src='$url/$md5?d=identicon&s=$size' alt='∗' />"
342 }
344 # List hg logs
345 hg_log() {
346 cd $content
347 cat << EOT
348 <table>
349 <thead>
350 <td>$(gettext "User")</td>
351 <td>$(gettext "Description")</td>
352 <td>$(gettext "Revision")</td>
353 </thead>
354 EOT
355 hg log --template "<tr><td>{author}</td><td>{desc}</td><td>{rev}</td></tr>\n"
356 echo '</table>'
357 }
359 #
360 # POST actions
361 #
363 case " $(POST) " in
364 *\ auth\ *)
365 # Authenticate user. Create a session file in $sessions to be used
366 # by check_auth. We have the user login name and a peer session
367 # md5 string in the COOKIE.
368 user="$(POST auth)"
369 pass="$(md5crypt "$(POST pass)")"
370 valid=$(fgrep "${user}:" $AUTH_FILE | cut -d ":" -f 2)
371 if [ "$pass" == "$valid" ] && [ "$pass" != "" ]; then
372 md5session=$(echo -n "$$:$user:$pass:$$" | md5sum | awk '{print $1}')
373 [ -d $sessions ] || mkdir -p $sessions
374 echo "$md5session" > $sessions/$user
375 header "Location: $script" \
376 "Set-Cookie: auth=$user:$md5session; HttpOnly"
377 else
378 header "Location: $script?login&error"
379 fi ;;
380 *\ signup\ *)
381 # POST action for signup
382 name="$(POST name)"
383 user="$(POST user)"
384 mail="$(POST mail)"
385 pass="$(md5crypt "$(POST pass)")"
386 if ! grep "^${user}:" $AUTH_FILE; then
387 new_user_config
388 header "Location: $script?login"
389 else
390 header
391 html_header
392 user_box
393 echo "<h2>gettext "User already exists: $user"</h2>"
394 html_footer
395 fi ;;
396 esac
398 #
399 # Plugins
400 #
401 for p in $(ls -1 $plugins)
402 do
403 [ -f "$plugins/$p/$p.conf" ] && . $plugins/$p/$p.conf
404 [ -x "$plugins/$p/$p.cgi" ] && . $plugins/$p/$p.cgi
405 done
407 #
408 # GET actions
409 #
411 case " $(GET) " in
412 *\ edit\ *)
413 d="$(GET edit)"
414 header
415 html_header
416 user_box
417 get_lang
418 if check_auth; then
419 get_lang
420 cat << EOT
421 <h2>$(gettext "Edit $doc [ $i18n ]")</h2>
423 <div id="edit">
425 <form method="get" action="$script" name="editor">
426 <input type="hidden" name="save" value="$d" />
427 <textarea name="content">$(cat "$wiki/$d.txt")</textarea>
428 <input type="submit" value="$(gettext "Save document")" />
429 $(gettext "Code Helper:")
430 $(cat lib/jseditor.html)
431 </form>
433 </div>
434 EOT
435 else
436 gettext "You must be logged in to edit pages"
437 fi
438 html_footer ;;
440 *\ save\ *)
441 d="$(GET save)"
442 if check_auth; then
443 save_document
444 fi
445 header "Location: $script?d=$d" ;;
447 *\ log\ *)
448 d="$(GET log)"
449 header
450 html_header
451 user_box
452 get_lang
453 echo "<h2>$(gettext "Activity for:") <a href='$script?d=$d'>$d</a></h2>"
454 echo '<pre>'
455 if [ -f "$cache/$d/activity.log" ]; then
456 tac $cache/$d/activity.log
457 else
458 gettext "No log for: $d"; echo
459 fi
460 echo '</pre>'
461 if check_auth; then
462 wiki_tools
463 fi
464 html_footer ;;
466 *\ diff\ *)
467 d="$(GET diff)"
468 date="last"
469 header
470 html_header
471 user_box
472 get_lang
473 echo "<h2>$(gettext "Diff for:") <a href='$script?d=$d'>$d</a></h2>"
474 echo '<pre>'
475 if [ -f "$cache/$d/$date.diff" ]; then
476 cat $cache/$d/$date.diff | sed \
477 -e 's|&|\&|g' -e 's|<|\<|g' -e 's|>|\>|g' \
478 -e s"#^-\([^']*\).#<span style='color: red;'>\0</span>#"g \
479 -e s"#^+\([^']*\).#<span style='color: green;'>\0</span>#"g \
480 -e s"#@@\([^']*\)@@#<span style='color: blue;'>@@\1@@</span>#"g
481 else
482 gettext "No diff for: $d"; echo
483 fi
484 echo '</pre>'
485 if check_auth; then
486 wiki_tools
487 fi
488 html_footer ;;
490 *\ login\ *)
491 # The login page
492 d="Login"
493 [ "$(GET error)" ] && \
494 error="<p class="error">$(gettext "Bad login or pass")</p>"
495 header
496 html_header
497 user_box
498 login_page
499 html_footer ;;
501 *\ signup\ *)
502 # The login page
503 d="$(gettext "Sign Up")"
504 header
505 html_header
506 user_box
507 echo "<h2>$d</h2>"
508 if [ "$ONLINE_SIGNUP" == "yes" ]; then
509 signup_page
510 else
511 gettext "Online registration is disabled"
512 fi
513 html_footer ;;
515 *\ logout\ *)
516 # Set a Cookie in the past to logout.
517 expires="Expires=Wed, 01-Jan-1980 00:00:00 GMT"
518 if check_auth; then
519 rm -f "$sessions/$user"
520 header "Location: $script" "Set-Cookie: auth=none; $expires; HttpOnly"
521 fi ;;
523 *\ user\ *)
524 # User profile
525 d="$(GET user)"
526 header
527 html_header
528 user_box
529 . $PEOPLE/"$(GET user)"/account.conf
530 echo "<h2>$(get_gravatar $MAIL) $(GET user)</h2>"
531 loglines=$(fgrep $user $(find $cache -name *.log) | wc -l)
532 gettext "Activities:"; echo " $loglines"
533 if check_auth && [ "$(GET user)" == "$user" ]; then
534 auth_people
535 else
536 public_people
537 fi
538 html_footer ;;
540 *\ dashboard\ *)
541 # For now simply list plugins and users info. We could have a
542 # dashbord only for ADMINS found in the config file. The dashboard
543 # should also be a plugin.
544 d="Dashboard"
545 header
546 html_header
547 user_box
548 users=$(ls -1 $PEOPLE | wc -l)
549 docs=$(find $wiki -type f | wc -l)
550 wikisize="$(du -sh $wiki | awk '{print $1}')"
551 cachesize="$(du -sh $cache | awk '{print $1}')"
552 [ "$HG" != "yes" ] && hg=$(gettext "disabled")
553 [ "$HG" == "yes" ] && hg=$(gettext "enabled")
554 echo "<h2>$d</h2>"
555 if check_auth; then
556 cat << EOT
557 <pre>
558 Users : $users
559 Wiki : $docs ($wikisize)
560 Cache : $cachesize
561 Mercurial : $hg
562 </pre>
564 <div id="tools">
565 <a href="$scripts?README">README</a>
566 </div>
568 <h3>$(gettext "Plugins")</h3>
569 <pre>
570 EOT
571 for p in $(ls -1 $plugins)
572 do
573 . $plugins/$p/$p.conf
574 echo "<a href='?$p'>$PLUGIN</a> - $SHORT_DESC"
575 done
576 echo '</pre>'
577 else
578 gettext "You must be logged in to view the dashboard."
579 fi
580 html_footer ;;
582 *\ README\ *)
583 d="README"
584 header
585 html_header
586 user_box
587 echo "<h2>README</h2>"
588 echo '<pre>'
589 cat ${tiny}/README
590 echo '</pre>' && html_footer ;;
592 *\ hg\ *)
593 header
594 [ "$HG" != "yes" ] && gettext "Hg is disabled" && exit 0
595 [ ! -x /usr/bin/hg ] && gettext "Hg is not installed" && exit 0
596 d="Hg Log"
597 html_header
598 user_box
599 echo "<h2>$d</h2>"
600 case " $(GET hg) " in
601 *\ init\ *)
602 if check_auth; then
603 [ -d "$content/.hg" ] && exit 0
604 echo '<pre>'
605 gettext "Executing: hg init"; echo
606 cd $content/ && hg init
607 echo '[hooks]' > .hg/hgrc
608 echo 'incoming = hg update' >> .hg/hgrc
609 gettext "Adding current content and committing"; echo
610 [ ! -f "$wiki/index.txt" ] && touch $wiki/$index.txt
611 hg add && hg commit -u "$NAME <$MAIL>" \
612 -m "Initial commit with curent content"
613 echo '</pre>' && cd ..
614 fi ;;
615 esac
616 hg_log
617 html_footer ;;
619 *)
620 # Display requested page
621 d="$(GET d)"
622 [ "$d" ] || d=$index
623 header
624 html_header
625 user_box
626 get_lang
627 # Generate a default index on first run.
628 if [ ! -f "$wiki/$index.txt" ]; then
629 default_index
630 fi
631 if [ ! -f "$wiki/$d.txt" ]; then
632 echo "<h2>$d</h2>"
633 gettext "The document does not exist. You can create it or read the"
634 echo " <a href='?d=en/help'>help</a>"
635 else
636 if fgrep -q NOWIKI $wiki/$d.txt; then
637 cat $wiki/$d.txt | sed '/NOWIKI/'d
638 else
639 cat $wiki/$d.txt | wiki_parser
640 fi
641 fi
642 if check_auth; then
643 wiki_tools
644 if [ "$HG" == "yes" ] && [ ! -d "$content/.hg" ]; then
645 echo '<p class="error box">'
646 gettext "Mercurial is enabled but no repository found"
647 echo ": <a href='?hg=init'>Hg init</a>"
648 echo '</p>'
649 fi
650 fi
651 html_footer ;;
652 esac
654 exit 0