bec8b07ad2d602943c4ae62323e3f411380f7ec8 max Wed Jul 2 05:59:43 2025 -0700 small cart.c changes for readability and cleanup. No redmine. diff --git src/hg/lib/cart.c src/hg/lib/cart.c index 9381e53cb60..b8ac99fbd4b 100644 --- src/hg/lib/cart.c +++ src/hg/lib/cart.c @@ -1527,31 +1527,31 @@ for (struct slName *sl = excStrs; sl != NULL; sl = sl->next) { if (regexMatch(agent, sl->name)) { fprintf(stderr, "CAPTCHAPASS %s\n", agent); return TRUE; } } return FALSE; } static boolean captchaCheckDone = FALSE; void forceUserIdOrCaptcha(struct cart* cart, char *userId, boolean userIdFound, boolean fromCommandLine) -/* print captcha is user did not sent a valid hguid cookie or a valid +/* print captcha if user did not sent a valid hguid cookie or a valid * cloudflare token. Allow certain IPs and user-agents. */ { // no need to do this again. Can happen if cartNew() is called somewhere else in a CGI if (captchaCheckDone) return; captchaCheckDone = TRUE; if (fromCommandLine || isEmpty(cfgOption(CLOUDFLARESITEKEY))) return; // no captcha for our own QA scripts running on a server with our IP address if (botException()) return; @@ -1566,83 +1566,83 @@ // when the captcha is solved, our JS code does a full page-reload, no AJAX. That saves us one round-trip. // After the reload, the new page URL has the captcha token in the URL argument list, so now we need to validate it // and remove it from the cart char *token = cgiOptionalString("token"); if (token && isValidToken(token)) { cartRemove(cart, "token"); return; } printCaptcha(); } void cartRemove(struct cart *cart, char *var); -struct cart *cartNew(char *userId, char *sessionId, - char **exclude, struct hash *oldVars) -/* Load up cart from user & session id's. Exclude is a null-terminated list of - * strings to not include */ +static boolean genericSetupDone = FALSE; + +static void genericCgiSetup() +/* Run steps that all CGIs must do that unrelated to the cart: timeout, logging setup, UDC. + */ { +// do this only once per CGI +if (genericSetupDone) + return; + +genericSetupDone = TRUE; + cgiApoptosisSetup(); if (cfgOptionBooleanDefault("showEarlyErrors", FALSE)) errAbortSetDoContentType(TRUE); if (cfgOptionBooleanDefault("suppressVeryEarlyErrors", FALSE)) htmlSuppressErrors(); setUdcCacheDir(); netSetTimeoutErrorMsg("A connection timeout means that either the server is offline or its firewall, the UCSC firewall or any router between the two blocks the connection."); +} + +struct cart *cartNew(char *userId, char *sessionId, + char **exclude, struct hash *oldVars) +/* Load up cart from user & session id's. Exclude is a null-terminated list of + * strings to not include */ +{ +genericCgiSetup(); struct cart *cart; struct sqlConnection *conn = cartDefaultConnector(); char *ex; boolean userIdFound = FALSE, sessionIdFound = FALSE; AllocVar(cart); cart->hash = newHash(12); cart->exclude = newHash(7); cart->userId = userId; cart->sessionId = sessionId; cart->userInfo = loadDb(conn, userDbTable(), userId, &userIdFound); cart->sessionInfo = loadDb(conn, sessionDbTable(), sessionId, &sessionIdFound); boolean fromCli = cgiWasSpoofed(); // QA runs our CGIs from the command line and we debug from there forceUserIdOrCaptcha(cart, userId, userIdFound, fromCli); // we rely on the cookie being validated, so if we reset a cookie, do this after the captcha if ( cgiOptionalString("ignoreCookie") != NULL ) cart->userInfo = loadDb(conn, userDbTable(), NULL, &userIdFound); -// Leaving this in the code temporarily, until June 2025 release. -if (!fromCli && - ((sessionId && !sessionIdFound) || !sessionId) && - (!userId || !userIdFound) && - cfgOptionBooleanDefault("punishInvalidHgsid", FALSE)) - { - fprintf(stderr, "HGSID_WAIT no sessionId and no cookie: 5 seconds penalty"); - sleep(5); - if (sessionId && !sessionIdFound) - { - fprintf(stderr, "HGSID_WAIT2 sessionId sent but invalid: 10 seconds penalty"); - sleep(10); - } - } - if (sessionIdFound) cartParseOverHash(cart, cart->sessionInfo->contents); else if (userIdFound) cartParseOverHash(cart, cart->userInfo->contents); else { char *defaultCartContents = getDefaultCart(conn); cartParseOverHash(cart, defaultCartContents); } char when[1024]; safef(when, sizeof(when), "open %s %s", userId, sessionId); cartTrace(cart, when, conn); loadCgiOverHash(cart, oldVars);