#!/usr/bin/env splrun

load "cgi";

load "file";
load "system";

load "sql";
load "sql_utils";

load "array";
load "encode_xml";
load "crypt";

#file-as-code config.spl
var patch_status_dump;
#file-as-code common.spl
#file-as-code mail.spl

// This is a simple sompatibility CGI script to emulate the originial
// smadm.cgi 'API'.

write("Content-Type: text/html\n\n");


// authenticate
if (declared cgi.param.u and declared cgi.param.p)
{
	var username = cgi.param.u;
	var password = cgi.param.p;

	var u = sql_tuple(db, <:SQL>
		: SELECT
		:       user_id AS userid,
		:       user_crypt AS crypt,
		:       user_isadmin AS isadmin
		: FROM
		:       user
		: WHERE
		:       user_name = ${mysql::username}
	</SQL>);

	if (declared u.crypt and check_crypt(password, u.crypt)) {
		userid = u.userid;
		isadmin = u.isadmin;
	} else {
noauth_error:
		write("Authentication failed!\n");
		exit;
	}
}


// upload patches
if (cgi.param["a"] ~== "new")
{
	if (not defined userid)
		goto noauth_error;

	var filename = system("mktemp");
	cgi_userfile_save("f", filename);
	var text = file_read(filename, "ascii");
	file_delete(filename);

	var uid = patch_add(text);

	write("Patch $uid added.\n");
	exit;
}


// marking patch as applied
if (cgi.param["a"] ~== "details" and cgi.param["s1"] ~== "1")
{
	if (not isadmin)
		goto noauth_error;

	var uid = cgi.param.i;
	uid =~ s,/,,g;

	sql(db, <:SQL>
		: UPDATE
		:       patch
		: SET
		:       patch_status = 'A'
		: WHERE
		:       patch_uid = ${mysql::uid}
	</SQL>);

	mail(patch: uid, "Applied by @@@");
	goto show_this_patch;
}


// display patch details
if (declared cgi.param.i)
{
show_this_patch:
	var uid = cgi.param.i;
	uid =~ s,/,,g;

	var patch_status_map = [ O: "Open", D: "Discarded", R: "Rejected", A: "Applied" ];

	var p = sql_tuple(db, <:SQL>
		: SELECT
		:	patch.patch_uid AS uid,
		:	patch.patch_status AS status,
		:	patch.patch_text AS text,
		:	user.user_name AS username
		: FROM
		:	patch LEFT JOIN user ON patch.user_id_owner = user.user_id
		: WHERE
		:	patch.patch_uid = ${mysql::uid}
	</SQL>);

	var patch_status = patch_status_map[p.status];

	write(<:>
		: <pre>
		: $patch_status Patch: $p.uid
		: by $p.username
		:
		: ${xml::(p.text =~ s/^(---|Index:|diff).*//Rsm)}
		: </pre>
	</>);

	exit;
}


// redirect
if (declared cgi.param.u and declared cgi.param.p)
	write(<:>
		: <script>
		: location.href = './?mode=login&action=login&login_username=${xml::cgi.param.u}&login_password=${xml::cgi.param.p}';
		: </script>
	</>);
else
	write(<:>
		: <script>
		: location.href = './';
		: </script>
	</>);