From: Chris Porter <redacted>
Date: Sat, 8 Nov 2008 10:08:43 +0000 (+0000)
Subject: Use POST instead of GET.
X-Git-Url: https://jfr.im/git/irc/quakenet/qwebirc.git/commitdiff_plain/f59585a767de1a8d4ee9bd00955532f2ae867d04

Use POST instead of GET.
---

diff --git a/js/irc/ircconnection.js b/js/irc/ircconnection.js
index 375fbf8..c59ce00 100644
--- a/js/irc/ircconnection.js
+++ b/js/irc/ircconnection.js
@@ -23,10 +23,24 @@ qwebirc.irc.IRCConnection = new Class({
     if(this.options.errorAlert)
       alert(text);
   },
+  newRequest: function(url, args, onComplete) {
+    var r = new Request.JSON({
+      url: "/e/" + url + "?r=" + this.cacheAvoidance + "&t=" + this.counter++,
+      onComplete: onComplete,
+    });
+    
+    if(Browser.Engine.trident)
+      r.setHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
+
+    return {"send": function() {
+      //r.get();
+      r.send(args);
+    }};
+  },
   send: function(data) {
     if(this.disconnected)
       return false;
-    var r = new Request.JSON({url: "/e/p/" + this.sessionid + "?c=" + encodeURIComponent(data) + "&t=" + this.counter++, onComplete: function(o) {
+    var r = this.newRequest("p", "s=" + this.sessionid + "&c=" + encodeURIComponent(data), false, function(o) {
       if(!o || (o[0] == false)) {
         if(!this.disconnected) {
           this.disconnected = true;
@@ -34,9 +48,8 @@ qwebirc.irc.IRCConnection = new Class({
         }
         return false;
       }
-    }.bind(this)});
-    
-    r.get();
+    }.bind(this));
+    r.send();
     return true;
   },
   __timeout: function() {
@@ -56,7 +69,7 @@ qwebirc.irc.IRCConnection = new Class({
     this.recv();
   },
   recv: function() {
-    var r = new Request.JSON({url: "/e/s/" + this.sessionid + "?t=" + this.counter++, onComplete: function(o) {
+    var r = this.newRequest("s", "s=" + this.sessionid, function(o) {
       if(this.lastactiverequest != r) 
         this.activerequest = null;
         
@@ -98,16 +111,18 @@ qwebirc.irc.IRCConnection = new Class({
       }
       
       this.recv();
-    }.bind(this)});
+    }.bind(this));
 
     if(this.options.timeout)
       this.timeoutid = this.__timeout.delay(this.options.timeout, this);
     
     this.activerequest = r;
-    r.get();
+    r.send();
   },
   connect: function() {
-    var r = new Request.JSON({url: "/e/n?nick=" + encodeURIComponent(this.initialNickname) + "&r=" + Math.random() * 1024 * 1024, onComplete: function(o) {
+    this.cacheAvoidance = qwebirc.util.randHexString(16);
+    
+    var r = this.newRequest("n", "nick=" + encodeURIComponent(this.initialNickname), function(o) {
       if(!o) {
         this.disconnected = true;
         this.__error("Couldn't connect to remote server.");
@@ -121,8 +136,9 @@ qwebirc.irc.IRCConnection = new Class({
       this.sessionid = o[1];
       
       this.recv();    
-    }.bind(this)});
-    r.post();
+    }.bind(this));
+    
+    r.send();
   },
   disconnect: function() {
     this.disconnected = true;
diff --git a/js/jslib.js b/js/jslib.js
index 62cddef..106cad6 100644
--- a/js/jslib.js
+++ b/js/jslib.js
@@ -203,3 +203,16 @@ qwebirc.util.getEnclosedWord = function(text, position) {
 String.prototype.startsWith = function(what) {
   return this.substring(0, what.length) == what;
 }
+
+/* NOT cryptographically secure! */
+qwebirc.util.randHexString = function(numBytes) {
+  var getByte = function() {
+    return (((1+Math.random())*0x100)|0).toString(16).substring(1);
+  };
+  
+  var l = [];
+  for(var i=0;i<numBytes;i++)
+    l.push(getByte());
+  
+  return l.join("");
+}
diff --git a/qwebirc/ajaxengine.py b/qwebirc/ajaxengine.py
index 36c14c1..1dc501d 100644
--- a/qwebirc/ajaxengine.py
+++ b/qwebirc/ajaxengine.py
@@ -12,15 +12,24 @@ def get_session_id():
 class BufferOverflowException(Exception):
   pass
 
+class AJAXException(Exception):
+  pass
+  
 class IDGenerationException(Exception):
   pass
 
 def jsondump(fn):
   def decorator(*args, **kwargs):
-    x = fn(*args, **kwargs)
-    if isinstance(x, list):
-      return simplejson.dumps(x)
-    return x
+    try:
+      x = fn(*args, **kwargs)
+      if x == server.NOT_DONE_YET:
+        return x
+      x = [True, x]
+    except AJAXException, e:
+      print e
+      x = [False, e[0]]
+      
+    return simplejson.dumps(x)
   return decorator
 
 def cleanupSession(id):
@@ -128,76 +137,83 @@ class AJAXEngine(resource.Resource):
   @jsondump
   def render_POST(self, request):
     path = request.path[len(self.prefix):]
-    if path == "/n":
-      ip = request.transport.getPeer()
-      ip = ip[1]
-
-      nick, ident = request.args.get("nick"), "webchat"
-      if not nick:
-        return [False, "Nickname not supplied"]
-        
-      nick = nick[0]
-
-      for i in xrange(10):
-        id = get_session_id()
-        if not Sessions.get(id):
-          break
-      else:
-        raise IDGenerationException()
-
-      session = IRCSession(id)
+    if path[0] == "/":
+      handler = self.COMMANDS.get(path[1:])
+      if handler is not None:
+        return handler(self, request)
+    raise AJAXException("404")
+
+#  def render_GET(self, request):
+#    return self.render_POST(request)
+  
+  def newConnection(self, request):
+    _, ip, port = request.transport.getPeer()
 
-      client = ircclient.createIRC(session, nick=nick, ident=ident, ip=ip, realname=config.REALNAME)
-      session.client = client
-      
-      Sessions[id] = session
+    nick, ident = request.args.get("nick"), "webchat"
+    if not nick:
+      raise AJAXException("Nickname not supplied")
       
-      return [True, id]    
-    return [False, "404"]
+    nick = nick[0]
 
-  @jsondump
-  def render_GET(self, request):
-    path = request.path[len(self.prefix):]
-    if path.startswith("/s/"):
-      sessionid = path[3:]
-      session = Sessions.get(sessionid)
-      
-      if not session:
-        return [False, "Bad session ID"]
+    for i in xrange(10):
+      id = get_session_id()
+      if not Sessions.get(id):
+        break
+    else:
+      raise IDGenerationException()
 
-      session.subscribe(SingleUseChannel(request))
-      return server.NOT_DONE_YET
-    if path.startswith("/p/"):
-      command = request.args.get("c")
-      if not command:
-        return [False, "No command specified"]
+    session = IRCSession(id)
 
-      command = command[0]
+    client = ircclient.createIRC(session, nick=nick, ident=ident, ip=ip, realname=config.REALNAME)
+    session.client = client
+    
+    Sessions[id] = session
+    
+    return id
+  
+  def getSession(self, request):
+    sessionid = request.args.get("s")
+    if sessionid is None:
+      raise AJAXException("Bad session ID")
       
-      sessionid = path[3:]
-      session = Sessions.get(sessionid)
-      if not session:
-        return [False, "Bad session ID"]
-
-      try:
-        decoded = command.decode("utf-8")
-      except UnicodeDecodeError:
-        decoded = command.decode("iso-8859-1", "ignore")
-
-      if len(decoded) > config.MAXLINELEN:
-        session.disconnect()
-        return [False, "Line too long"]
-
-      try:
-        session.push(decoded)
-      except AttributeError: # occurs when we haven't noticed an error
-        session.disconnect()
-        return [False, "Connection closed by server."]
-      except Exception, e: # catch all
-        session.disconnect()        
-        traceback.print_exc(file=sys.stderr)
-        return [False, "Unknown error."]
+    session = Sessions.get(sessionid[0])
+    if not session:
+      raise AJAXException("Bad session ID")
+    return session
     
-      return [True]
+  def subscribe(self, request):
+    self.getSession(request).subscribe(SingleUseChannel(request))
+    return server.NOT_DONE_YET
 
-    return [False, "404"]
+  def push(self, request):
+    command = request.args.get("c")
+    if command is None:
+      raise AJAXException("No command specified")
+
+    command = command[0]
+    
+    session = self.getSession(request)
+
+    try:
+      decoded = command.decode("utf-8")
+    except UnicodeDecodeError:
+      decoded = command.decode("iso-8859-1", "ignore")
+
+    if len(decoded) > config.MAXLINELEN:
+      session.disconnect()
+      raise AJAXException("Line too long")
+
+    try:
+      session.push(decoded)
+    except AttributeError: # occurs when we haven't noticed an error
+      session.disconnect()
+      raise AJAXException("Connection closed by server.")
+    except Exception, e: # catch all
+      session.disconnect()        
+      traceback.print_exc(file=sys.stderr)
+      raise AJAXException("Unknown error.")
+  
+    return True
+  
+  COMMANDS = dict(p=push, n=newConnection, s=subscribe)
+  
\ No newline at end of file