use Gruntmaster::Data;
use Plack::App::Gruntmaster::HTML;
+use Email::Sender::Simple qw/sendmail/;
+use Email::Simple;
+
use warnings NONFATAL => 'all';
no warnings 'illegalproto';
-no if $] >= 5.017011, warnings => 'experimental::smartmatch';
##################################################
pas => 'text/x-pascal',
pl => 'text/x-perl',
py => 'text/x-python',
+ l => 'text/plain',
};
use constant FORMAT_EXTENSION => {
PASCAL => 'pas',
PERL => 'pl',
PYTHON => 'py',
+ SBCL => 'l',
};
-use constant NOT_FOUND => [404, ['Content-Type' => 'text/plain'], ['Not found']];
+use constant NOT_FOUND => [404, ['X-Forever' => 1, 'Content-Type' => 'text/plain'], ['Not found']];
use constant FORBIDDEN => [401, ['Content-Type' => 'text/plain', 'WWW-Authenticate' => 'Basic realm="Gruntmaster 6000"'], ['Forbidden']];
sub development() { ($ENV{PLACK_ENV} // 'development') eq 'development' }
$title = 'No title';
}
$params->{time} = time;
+ $params->{args} = {%_};
bless {template => $template, title => $title, params => $params, maxage => ($maxage // 1)}, __PACKAGE__.'::Response'
}
[200, \@headers, [development ? $js : JavaScript::Minifier::XS::minify $js]]
},
+ sub (/robots.txt) { NOT_FOUND },
+ sub (/favicon.ico) { NOT_FOUND },
+
sub (/src/:job) {
return NOT_FOUND if !job;
- forbid job->private || job->problem->private || job->contest && job->contest->is_running;
- my @headers = ('X-Forever' => 1, 'Cache-Control' => 'public, max-age=604800', 'Content-Type' => CONTENT_TYPES->{job->format});
+ my $isowner = remote_user && remote_user->id eq job->rawowner;
+ my $private = job->private || job->problem->private || job->contest && job->contest->is_running;
+ forbid !$isowner && $private;
+ my $privacy = $private ? 'private' : 'public';
+ my @headers = ('X-Forever' => 1, 'Cache-Control' => "$privacy, max-age=604800", 'Content-Type' => CONTENT_TYPES->{job->format});
+ push @headers, (Vary => 'Authorization') if $private;
[200, \@headers, [job->source]]
},
my ($r) = @_;
return $r if ref $r ne 'Plack::App::Gruntmaster::Response';
my @hdrs = ('X-Forever' => 1, 'Cache-Control' => "$privacy, max-age=$r->{maxage}");
+ push @hdrs, Vary => 'Authorization' if $privacy eq 'private';
return [200, ['Content-Type' => 'application/json', @hdrs], [encode_json $r->{params}]] if $format eq 'json';
my $ret = render $r->{template}, 'en', title => $r->{title}, %{$r->{params}};
[200, ['Content-Type' => 'text/html', @hdrs], [encode 'UTF-8', $ret]]
sub (/st/:contest) {
response st => 'Standings', {
st => [ contest->standings ],
- problems => [map { $_->problem } contest->contest_problems],
+ problems => [
+ map { [$_->id, $_->name] }
+ sort { $a->value <=> $b->value }
+ map { $_->problem } contest->contest_problems],
}, 10
},
+ sub (/ed/:contest) {
+ forbid contest->is_running;
+ my $pblist = db->problem_list(contest => $_{contest}, solution => 1);
+ response ed => 'Editorial of ' . contest->name, {%$pblist, editorial => contest->editorial};
+ },
+
sub (/login) {
forbid !remote_user;
sub (/ct/ + ?:owner~) { response ct => 'Contests', db->contest_list(%_) },
sub (/log/ + ?:contest~&:owner~&:page~&:problem~&:private~) {
forbid $_{private};
- response log => 'Job list', {%{db->job_list(%_)}, maybe contest => $_{contest}}
+ response log => 'Job list', {%{db->job_list(%_)}, maybe contest => $_{contest},}
},
sub (/pb/ + ?:owner~&:contest~&:private~) {
forbid $_{private};
},
sub (/) { redispatch_to '/index' },
+ sub (/favicon.ico) { redirect '/static/favicon.ico' },
sub (/:article) { [200, ['Content-Type' => 'text/html', 'Cache-Control' => 'public, max-age=60', 'X-Forever' => 1], [render_article $_{article}, 'en']] }
},
sub (POST) {
- sub (/action/register + %:username=&:password=&:confirm_password=&:name=&:email=&:phone=&:town=&:university=&:level=) {
+ sub (/action/register + %:username=&:password=&:confirm_password=&:name=&:email=&:phone=&:town=&:university=&:country=&:level=) {
return reply 'Parameter too long' if grep { length > 200 } values %_;
return reply 'Bad username. Allowed characters are letters, digits and underscores, and the username must be between 2 and 20 characters long.' unless $_{username} =~ USER_REGEX;
return reply 'Username already in use' if db->user($_{username});
return reply 'The two passwords do not match' unless $_{password} eq $_{confirm_password};
- db->users->create({id => $_{username}, name => $_{name}, email => $_{email}, phone => $_{phone}, town => $_{town}, university => $_{university}, level => $_{level}});
+ db->users->create({id => $_{username}, name => $_{name}, email => $_{email}, phone => $_{phone}, town => $_{town}, university => $_{university}, country => $_{country}, level => $_{level}});
db->user($_{username})->set_passphrase($_{password});
purge '/us/';
my $source = $prog ? read_file $prog->path : $_{source_code};
unlink $prog->path if $prog;
+ my $private = (problem->private && !$_{contest}) ? 1 : 0;
+ $private = 1 if contest && contest->is_pending;
my $newjob = db->jobs->create({
maybe contest => $_{contest},
- maybe private => problem->private && !$_{contest},
+ private => $private,
date => time,
extension => FORMAT_EXTENSION->{$_{prog_format}},
format => $_{prog_format},
purge '/log/';
[303, [Location => '/log/' . $newjob->id], []]
- }
+ },
+
+ sub (/action/request-reset + %:username=) {
+ return reply 'Password resets are disabled' unless $ENV{GRUNTMASTER_RESET_FROM};
+ my $user = db->user($_{username});
+ return reply 'No such user' unless $user;
+ my $token = join ':', $user->make_reset_hmac;
+ my $body = <<EOF;
+Someone has requested a password reset for your account.
+
+To reset your password, please submit the reset password form on the
+website using the following information:
+
+Username: $_{username}
+Password: <your new password>
+Reset token: $token
+
+The token is valid for 24 hours.
+EOF
+ my $email = Email::Simple->create(
+ header => [
+ From => $ENV{GRUNTMASTER_RESET_FROM},
+ To => $user->email,
+ Subject => 'Password reset token',
+ ],
+ body => $body,
+ );
+
+ my $ok = 0;
+ eval {
+ sendmail $email;
+ $ok = 1;
+ };
+ return reply 'Email sent' if $ok;
+ reply "Failure sending email: $@";
+ },
+
+ sub (/action/reset + %:username=&:password=&:token=) {
+ my $user = db->user($_{username});
+ return reply 'No such user' unless $user;
+ my ($token, $exp) = split ':', $_{token};
+ return reply 'Reset token is expired' if time >= $exp;
+ return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
+ $user->set_passphrase($_{password});
+ reply 'Password reset successfully';
+ },
}
}