X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/blobdiff_plain/481631f6b541a0f00c7c3ba789c13ac934bdefbc..d1cd666473e5d9097b34bad3388c8c0595612089:/hotline/transaction_handlers.go?ds=sidebyside

diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index cce303f..4a86831 100644
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -210,6 +210,11 @@ var TransactionHandlers = map[uint16]TransactionType{
 		Name:    "tranNewUser",
 		Handler: HandleNewUser,
 	},
+	tranUpdateUser: {
+		Access:  accessAlwaysAllow,
+		Name:    "tranUpdateUser",
+		Handler: HandleUpdateUser,
+	},
 	tranOldPostNews: {
 		Access:  accessNewsPostArt,
 		DenyMsg: "You are not allowed to post news.",
@@ -407,7 +412,7 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 	fileName := t.GetField(fieldFileName).Data
 	filePath := t.GetField(fieldFilePath).Data
 
-	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, 0)
 	if err != nil {
 		return res, err
 	}
@@ -615,12 +620,11 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 		account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
 	}
 
-	file := cc.Server.ConfigDir + "Users/" + login + ".yaml"
 	out, err := yaml.Marshal(&account)
 	if err != nil {
 		return res, err
 	}
-	if err := ioutil.WriteFile(file, out, 0666); err != nil {
+	if err := os.WriteFile(cc.Server.ConfigDir+"Users/"+login+".yaml", out, 0666); err != nil {
 		return res, err
 	}
 
@@ -683,7 +687,6 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err
 	}
 
 	var userFields []Field
-	// TODO: make order deterministic
 	for _, acc := range cc.Server.Accounts {
 		userField := acc.MarshalBinary()
 		userFields = append(userFields, NewField(fieldData, userField))
@@ -693,6 +696,94 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err
 	return res, err
 }
 
+// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
+// An update can be a mix of these actions:
+// * Create user
+// * Delete user
+// * Modify user (including renaming the account login)
+//
+// The Transaction sent by the client includes one data field per user that was modified.  This data field in turn
+// contains another data field encoded in its payload with a varying number of sub fields depending on which action is
+// performed.  This seems to be the only place in the Hotline protocol where a data field contains another data field.
+func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+	for _, field := range t.Fields {
+		subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
+		if err != nil {
+			return res, err
+		}
+
+		if len(subFields) == 1 {
+			login := DecodeUserString(getField(fieldData, &subFields).Data)
+			cc.Server.Logger.Infow("DeleteUser", "login", login)
+
+			if !authorize(cc.Account.Access, accessDeleteUser) {
+				res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+				return res, err
+			}
+
+			if err := cc.Server.DeleteUser(login); err != nil {
+				return res, err
+			}
+			continue
+		}
+
+		login := DecodeUserString(getField(fieldUserLogin, &subFields).Data)
+
+		// check if the login exists; if so, we know we are updating an existing user
+		if acc, ok := cc.Server.Accounts[login]; ok {
+			cc.Server.Logger.Infow("UpdateUser", "login", login)
+
+			// account exists, so this is an update action
+			if !authorize(cc.Account.Access, accessModifyUser) {
+				res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+				return res, err
+			}
+
+			if getField(fieldUserPassword, &subFields) != nil {
+				newPass := getField(fieldUserPassword, &subFields).Data
+				acc.Password = hashAndSalt(newPass)
+			} else {
+				acc.Password = hashAndSalt([]byte(""))
+			}
+
+			if getField(fieldUserAccess, &subFields) != nil {
+				acc.Access = &getField(fieldUserAccess, &subFields).Data
+			}
+
+			err = cc.Server.UpdateUser(
+				DecodeUserString(getField(fieldData, &subFields).Data),
+				DecodeUserString(getField(fieldUserLogin, &subFields).Data),
+				string(getField(fieldUserName, &subFields).Data),
+				acc.Password,
+				*acc.Access,
+			)
+			if err != nil {
+				return res, err
+			}
+		} else {
+			cc.Server.Logger.Infow("CreateUser", "login", login)
+
+			if !authorize(cc.Account.Access, accessCreateUser) {
+				res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+				return res, err
+			}
+
+			err := cc.Server.NewUser(
+				login,
+				string(getField(fieldUserName, &subFields).Data),
+				string(getField(fieldUserPassword, &subFields).Data),
+				getField(fieldUserAccess, &subFields).Data,
+			)
+			if err != nil {
+				return []Transaction{}, err
+			}
+		}
+	}
+
+	res = append(res, cc.NewReply(t))
+	return res, err
+}
+
 // HandleNewUser creates a new user account
 func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	if !authorize(cc.Account.Access, accessCreateUser) {
@@ -1222,13 +1313,24 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
 	fileName := t.GetField(fieldFileName).Data
 	filePath := t.GetField(fieldFilePath).Data
 
+	resumeData := t.GetField(fieldFileResumeData).Data
+
+	var dataOffset int64
+	var frd FileResumeData
+	if resumeData != nil {
+		if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
+			return res, err
+		}
+		dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
+	}
+
 	var fp FilePath
 	err = fp.UnmarshalBinary(filePath)
 	if err != nil {
 		return res, err
 	}
 
-	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
+	ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, dataOffset)
 	if err != nil {
 		return res, err
 	}
@@ -1243,13 +1345,32 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
 		Type:            FileDownload,
 	}
 
+	if resumeData != nil {
+		var frd FileResumeData
+		frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data)
+		ft.fileResumeData = &frd
+	}
+
+	xferSize := ffo.TransferSize()
+
+	// Optional field for when a HL v1.5+ client requests file preview
+	// Used only for TEXT, JPEG, GIFF, BMP or PICT files
+	// The value will always be 2
+	if t.GetField(fieldFileTransferOptions).Data != nil {
+		ft.options = t.GetField(fieldFileTransferOptions).Data
+		xferSize = ffo.FlatFileDataForkHeader.DataSize[:]
+	}
+
+	cc.Server.mux.Lock()
+	defer cc.Server.mux.Unlock()
 	cc.Server.FileTransfers[data] = ft
+
 	cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft)
 
 	res = append(res, cc.NewReply(t,
 		NewField(fieldRefNum, transactionRef),
 		NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
-		NewField(fieldTransferSize, ffo.TransferSize()),
+		NewField(fieldTransferSize, xferSize),
 		NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
 	))
 
@@ -1362,8 +1483,12 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 }
 
 // HandleUploadFile
-// Special cases:
-// * If the target directory contains "uploads" (case insensitive)
+// Fields used in the request:
+// 201	File name
+// 202	File path
+// 204	File transfer options	"Optional
+// Used only to resume download, currently has value 2"
+// 108	File transfer size	"Optional used if download is not resumed"
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 	if !authorize(cc.Account.Access, accessUploadFile) {
 		res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
@@ -1373,6 +1498,11 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 	fileName := t.GetField(fieldFileName).Data
 	filePath := t.GetField(fieldFilePath).Data
 
+	transferOptions := t.GetField(fieldFileTransferOptions).Data
+
+	// TODO: is this field useful for anything?
+	// transferSize := t.GetField(fieldTransferSize).Data
+
 	var fp FilePath
 	if filePath != nil {
 		if err = fp.UnmarshalBinary(filePath); err != nil {
@@ -1398,7 +1528,33 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 		Type:            FileUpload,
 	}
 
-	res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
+	replyT := cc.NewReply(t, NewField(fieldRefNum, transactionRef))
+
+	// client has requested to resume a partially transfered file
+	if transferOptions != nil {
+		fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+		if err != nil {
+			return res, err
+		}
+
+		fileInfo, err := FS.Stat(fullFilePath + incompleteFileSuffix)
+		if err != nil {
+			return res, err
+		}
+
+		offset := make([]byte, 4)
+		binary.BigEndian.PutUint32(offset, uint32(fileInfo.Size()))
+
+		fileResumeData := NewFileResumeData([]ForkInfoList{
+			*NewForkInfoList(offset),
+		})
+
+		b, _ := fileResumeData.BinaryMarshal()
+
+		replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b))
+	}
+
+	res = append(res, replyT)
 	return res, err
 }