input validation, db schema
This commit is contained in:
parent
f17e930ab4
commit
61de0371b1
|
@ -6,8 +6,11 @@ chown www:www /var/www/run
|
|||
install -o www -g www -m 0400 httpd.conf /etc/
|
||||
echo "permit nopass root as www" >> /etc/doas.conf
|
||||
curl -L https://cpanmin.us | perl - App::cpanminus
|
||||
cpanm -l /var/www/perl5 FCGI Switch Template::Simple File::Slurp
|
||||
cpanm -l /var/www/perl5 FCGI Switch Template::Simple File::Slurp Email::Valid
|
||||
install -o www -g www -m 0500 tormon/* /var/www/tormon/
|
||||
cat db.sql | sqlite3 /var/www/tormon.db
|
||||
chown www:www /var/www/tormon.db
|
||||
chmod 0600 /var/www/tormon.db
|
||||
echo 'echo "Starting tormon" && doas -u www /var/www/tormon/tormon.fcgi &' >> /etc/rc.local
|
||||
sh /etc/rc.local # assuming tormon is the only thing in rc.local
|
||||
rcctl enable httpd
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
create table users (
|
||||
id int primary key not null,
|
||||
email text not null,
|
||||
confirmed int not null,
|
||||
subscriptions text
|
||||
);
|
|
@ -0,0 +1,2 @@
|
|||
<h1>Error</h1>
|
||||
The email address you entered does not appear to be valid. Please go back and try again.
|
|
@ -0,0 +1,2 @@
|
|||
<h1>Error</h1>
|
||||
The fingerprint you entered does not appear to be valid. Please go back and try again.
|
|
@ -0,0 +1,2 @@
|
|||
<h1>Error</h1>
|
||||
You did not answer the security question correctly. Please go back and try again.
|
|
@ -6,6 +6,7 @@ use FCGI;
|
|||
use Switch;
|
||||
use File::Slurp;
|
||||
use Template::Simple;
|
||||
use Email::Valid;
|
||||
use FindBin qw($Bin);
|
||||
|
||||
my $VERSION = "1.0";
|
||||
|
@ -34,17 +35,37 @@ while ($request->Accept() <= 0) {
|
|||
my $code;
|
||||
|
||||
switch ($ENV{"REQUEST_URI"}) {
|
||||
case "/debug" {
|
||||
# TODO - remove this, it's a security vulnerability
|
||||
use Data::Dumper;
|
||||
$content = "<textarea>" . Dumper(\%ENV) . "</textarea>";
|
||||
$code = "\n"; # 200 OK
|
||||
}
|
||||
case "/" {
|
||||
my $tt = read_file("$Bin/index.tt");
|
||||
$content = ${ $tmpl->render($tt, {version => $VERSION}) };
|
||||
$code = "\n"; # 200 OK
|
||||
}
|
||||
case "/subscribe" {
|
||||
read STDIN, my $buf, $ENV{"CONTENT_LENGTH"};
|
||||
my @pairs = split /&/, $buf;
|
||||
my %input;
|
||||
for (@pairs) {
|
||||
$_ =~ s/\+/ /g;
|
||||
$_ =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
||||
my ($a, $b) = split '=', $_;
|
||||
$input{$a} = $b;
|
||||
}
|
||||
|
||||
if (!($input{"spam"} =~ m/London/i)) {
|
||||
$content = read_file("$Bin/e_security.tt");
|
||||
last;
|
||||
}
|
||||
if (!($input{"fp"} =~ m/^[A-F0-9]{40}$/)) {
|
||||
$content = read_file("$Bin/e_fingerprint.tt");
|
||||
last;
|
||||
}
|
||||
if (!Email::Valid->address($input{"email"})) {
|
||||
$content = read_file("$Bin/e_email.tt");
|
||||
last;
|
||||
}
|
||||
|
||||
# Add the email to database
|
||||
}
|
||||
else {
|
||||
my $tt = read_file("$Bin/error.tt");
|
||||
$content = ${ $tmpl->render($tt, {err => 404}) };
|
||||
|
|
Loading…
Reference in New Issue