4b5cd61950725b446645ab7276dd60cb3765d8e8 galt Mon Feb 10 12:30:20 2014 -0800 initial work on creating a random session key for greater securiy of cart data diff --git src/hg/lib/cartDb.c src/hg/lib/cartDb.c index fdecba5..135c9e6 100644 --- src/hg/lib/cartDb.c +++ src/hg/lib/cartDb.c @@ -1,153 +1,225 @@ /* cartDb.c was originally generated by the autoSql program, which also * generated cartDb.h and cartDb.sql. This module links the database and * the RAM representation of objects. */ #include "common.h" #include "linefile.h" #include "dystring.h" #include "jksql.h" +#include "hgConfig.h" #include "cartDb.h" +boolean cartDbHasSessionKey(struct sqlConnection *conn, char *table) +/* Check to see if the table has the sessionKey field */ +{ +static boolean userDbInitialized = FALSE; +static boolean sessionDbInitialized = FALSE; +static boolean userDbHasSessionKey = FALSE; +static boolean sessionDbHasSessionKey = FALSE; +if (sameString(table, "userDb")) + { + if (!userDbInitialized) + { + userDbInitialized = TRUE; + if (sqlFieldIndex(conn, table, "sessionKey") >= 0) + { + userDbHasSessionKey = TRUE; + } + } + return userDbHasSessionKey; + } +else if (sameString(table, "sessionDb")) + { + if (!sessionDbInitialized) + { + sessionDbInitialized = TRUE; + if (sqlFieldIndex(conn, table, "sessionKey") >= 0) + { + sessionDbHasSessionKey = TRUE; + } + } + return sessionDbHasSessionKey; + } +else + errAbort("Unknown table %s", table); +return FALSE; +} + +boolean cartDbUseSessionKey() +/* Check settings and and state to determine if sessionKey is in use */ +{ +static boolean initialized = FALSE; +static boolean useSessionKey = FALSE; +if (!initialized) + { + initialized = TRUE; + char *sessionKey = cfgOption2("browser", "sessionKey"); + if (!sessionKey) + sessionKey = "off"; // DEFAULT + if (sameString(sessionKey, "on")) + useSessionKey = TRUE; + else if (sameString(sessionKey, "off")) + useSessionKey = FALSE; + else if (sameString(sessionKey, "autodetect")) + { + errAbort("brower.sessionKey=autodetect has not implemented yet."); // TODO + } + } +return useSessionKey; +} void cartDbStaticLoad(char **row, struct cartDb *ret) /* Load a row from cartDb table into ret. The contents of ret will * be replaced at the next call to this function. */ { ret->id = sqlUnsigned(row[0]); ret->contents = row[1]; ret->reserved = sqlSigned(row[2]); ret->firstUse = row[3]; ret->lastUse = row[4]; ret->useCount = sqlSigned(row[5]); +if (cartDbUseSessionKey()) + ret->sessionKey = row[6]; } struct cartDb *cartDbLoad(char **row) /* Load a cartDb from row fetched with select * from cartDb * from database. Dispose of this with cartDbFree(). */ { struct cartDb *ret; AllocVar(ret); ret->id = sqlUnsigned(row[0]); ret->contents = cloneString(row[1]); ret->reserved = sqlSigned(row[2]); ret->firstUse = cloneString(row[3]); ret->lastUse = cloneString(row[4]); ret->useCount = sqlSigned(row[5]); +if (cartDbUseSessionKey()) + ret->sessionKey = cloneString(row[6]); return ret; } struct cartDb *cartDbLoadAll(char *fileName) /* Load all cartDb from a tab-separated file. * Dispose of this with cartDbFreeList(). */ { struct cartDb *list = NULL, *el; struct lineFile *lf = lineFileOpen(fileName, TRUE); char *row[6]; while (lineFileRow(lf, row)) { el = cartDbLoad(row); slAddHead(&list, el); } lineFileClose(&lf); slReverse(&list); return list; } struct cartDb *cartDbLoadWhere(struct sqlConnection *conn, char *table, char *where) /* Load all cartDb from table that satisfy where clause. The * where clause may be NULL in which case whole table is loaded * Dispose of this with cartDbFreeList(). */ { struct cartDb *list = NULL, *el; struct dyString *query = dyStringNew(256); struct sqlResult *sr; char **row; sqlDyStringPrintf(query, "select * from %s", table); if (where != NULL) dyStringPrintf(query, " where %s", where); // the where clause must be checked by caller for sqli sr = sqlGetResult(conn, query->string); while ((row = sqlNextRow(sr)) != NULL) { el = cartDbLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); dyStringFree(&query); return list; } struct cartDb *cartDbCommaIn(char **pS, struct cartDb *ret) /* Create a cartDb out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new cartDb */ { char *s = *pS; if (ret == NULL) AllocVar(ret); ret->id = sqlUnsignedComma(&s); ret->contents = sqlStringComma(&s); ret->reserved = sqlSignedComma(&s); ret->firstUse = sqlStringComma(&s); ret->lastUse = sqlStringComma(&s); ret->useCount = sqlSignedComma(&s); +if (cartDbUseSessionKey()) + ret->sessionKey = sqlStringComma(&s); *pS = s; return ret; } void cartDbFree(struct cartDb **pEl) /* Free a single dynamically allocated cartDb such as created * with cartDbLoad(). */ { struct cartDb *el; if ((el = *pEl) == NULL) return; freeMem(el->contents); freeMem(el->firstUse); freeMem(el->lastUse); +if (cartDbUseSessionKey()) + freeMem(el->sessionKey); freez(pEl); } void cartDbFreeList(struct cartDb **pList) /* Free a list of dynamically allocated cartDb's */ { struct cartDb *el, *next; for (el = *pList; el != NULL; el = next) { next = el->next; cartDbFree(&el); } *pList = NULL; } void cartDbOutput(struct cartDb *el, FILE *f, char sep, char lastSep) /* Print out cartDb. Separate fields with sep. Follow last field with lastSep. */ { if (sep == ',') fputc('"',f); fprintf(f, "%u", el->id); if (sep == ',') fputc('"',f); fputc(sep,f); if (sep == ',') fputc('"',f); fprintf(f, "%s", el->contents); if (sep == ',') fputc('"',f); fputc(sep,f); fprintf(f, "%d", el->reserved); fputc(sep,f); if (sep == ',') fputc('"',f); fprintf(f, "%s", el->firstUse); if (sep == ',') fputc('"',f); fputc(sep,f); if (sep == ',') fputc('"',f); fprintf(f, "%s", el->lastUse); if (sep == ',') fputc('"',f); fputc(sep,f); fprintf(f, "%d", el->useCount); +if (cartDbUseSessionKey()) + { + fputc(sep,f); + fprintf(f, "%s", el->sessionKey); + } fputc(lastSep,f); }