ParserMarkdown: Inherit from interface, not ParserLegacy

.gitmodules

@@ -7,3 +7,6 @@
 [submodule "submodules/qssb.h"]
 	path = submodules/qssb.h
 	url = https://gitea.quitesimple.org/crtxcr/qssb.h.git
+[submodule "submodules/qsmaddy"]
+	path = submodules/qsmaddy
+	url = https://gitea.quitesimple.org/crtxcr/qsmaddy

Makefile

@@ -2,8 +2,8 @@
 
 CXXFLAGS=-std=c++17 -O0 -g -no-pie -pipe -MMD -Wall -Wextra
 RELEASE_CXXFLAGS=-std=c++17 -O3 -pipe -MMD -Wall -Wextra
-LDFLAGS=-lsqlite3 -lpthread -lcrypto -lstdc++fs
-INCLUDEFLAGS=-I submodules/sqlitemoderncpp/hdr -I submodules/cpp-httplib -I submodules/qssb.h
+LDFLAGS=-lsqlite3 -lpthread -lcrypto -lstdc++fs -lseccomp
+INCLUDEFLAGS=-I submodules/sqlitemoderncpp/hdr -I submodules/cpp-httplib -I submodules/qssb.h -I submodules/qsmaddy/include/
 
 CXX=g++
 
@@ -55,8 +55,6 @@ gtest: $(GTESTS_TESTDIR)/*.cpp $(GTEST_OBJECTS)
 %.o:%.cpp
 	$(CXX) ${CXXFLAGS} ${LDFLAGS} ${INCLUDEFLAGS} -c -o $@ $<
 
-version.o:version.cpp
-	$(CXX) ${CXXFLAGS} ${LDFLAGS} ${INCLUDEFLAGS} -DGITCOMMIT=\"$(shell git rev-parse --short HEAD)\" -c -o $@ $<
 clean:
 	rm -f $(OBJECTS) $(DEPENDS)
 

authenticator.cpp

@@ -42,8 +42,7 @@ std::vector<char> Authenticator::pbkdf5(std::string password, const std::vector<
 	unsigned char hash[32];
 	const EVP_MD *sha256 = EVP_sha256();
 	const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data());
-	int ret =
-		PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
+	int ret = PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
 	if(ret != 1)
 	{
 		Logger::error() << "Authenticator: pbkdf5: Failed to create hash";

authenticator.h

@@ -3,7 +3,6 @@
 #include <variant>
 #include "database/userdao.h"
 
-#define AUTH_DEFAULT_SALT_SIZE 32
 enum AuthenticationError
 {
 	UserNotFound,

cli.cpp

@@ -1,251 +0,0 @@
-#include <map>
-#include <functional>
-#include <iomanip>
-
-#include "cli.h"
-#include "utils.h"
-#include "random.h"
-#include "authenticator.h"
-#include "config.h"
-#include "logger.h"
-#include "version.h"
-
-CLIHandler::CLIHandler(Config &config, Database &db)
-{
-	this->db = &db;
-	this->conf = &config;
-}
-
-std::pair<bool, std::string> CLIHandler::user_add(const std::vector<std::string> &args)
-{
-	std::string username = args.at(0);
-	std::string password = args.at(1);
-
-	auto userDao = db->createUserDao();
-
-	Permissions perms = this->conf->handlersConfig.anon_permissions;
-	int p = perms.getPermissions();
-	p |= PERM_CAN_CREATE | PERM_CAN_SEARCH | PERM_CAN_EDIT;
-	Permissions newPermissions = Permissions{p};
-
-	Random r;
-	User user;
-	user.enabled = true;
-	user.login = username;
-	user.salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
-	user.permissions = newPermissions;
-
-	Authenticator auth{*userDao};
-	std::vector<char> hashResult = auth.hash(password, user.salt);
-	if(hashResult.empty())
-	{
-		return {false, "Error during hashing - Got empty hash"};
-	}
-	user.password = hashResult;
-
-	try
-	{
-		userDao->save(user);
-	}
-	catch(std::runtime_error &e)
-	{
-		return {false, "Exception: " + std::string(e.what())};
-	}
-	return {true, ""};
-}
-
-std::pair<bool, std::string> CLIHandler::user_change_pw(const std::vector<std::string> &args)
-{
-	std::string username = args.at(0);
-	std::string password = args.at(1);
-
-	auto userDao = db->createUserDao();
-
-	auto user = userDao->find(username);
-	if(user)
-	{
-		Random r;
-		Authenticator auth{*userDao};
-		user->salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
-		user->password = auth.hash(password, user->salt);
-		if(user->password.empty())
-		{
-			return {false, "Error during hashing - Got empty hash"};
-		}
-
-		userDao->save(*user);
-	}
-	else
-	{
-		return {false, "User not found"};
-	}
-}
-
-std::pair<bool, std::string> CLIHandler::user_rename(const std::vector<std::string> &args)
-{
-
-	return {true, ""};
-}
-
-std::pair<bool, std::string> CLIHandler::user_set_perms(const std::vector<std::string> &args)
-{
-	auto userDao = this->db->createUserDao();
-	std::string username = args.at(0);
-	std::string permission_string = args.at(1);
-
-	Permissions perms{permission_string};
-
-	auto user = userDao->find(username);
-	if(user)
-	{
-		user->permissions = perms;
-		userDao->save(*user);
-		user_show({username});
-		return {true, ""};
-	}
-
-	return {false, "User not found"};
-}
-
-std::pair<bool, std::string> CLIHandler::user_list(const std::vector<std::string> &args)
-{
-	auto userDao = this->db->createUserDao();
-	QueryOption o;
-	auto result = userDao->list(o);
-	std::stringstream stream;
-	for(User &u : result)
-	{
-		stream << u.login << "\t" << std::string(u.enabled ? "enabled" : "disabled") << "\t" << u.permissions.toString()
-			   << std::endl;
-	}
-	return {true, stream.str()};
-}
-
-std::pair<bool, std::string> CLIHandler::user_show(const std::vector<std::string> &args)
-{
-	std::string username = args.at(0);
-	auto userDao = this->db->createUserDao();
-	auto user = userDao->find(username);
-	std::stringstream stream;
-	if(user)
-	{
-		stream << "Username: " << user->login << std::endl;
-
-		stream << "Enabled: " << std::string(user->enabled ? "yes" : "no") << std::endl;
-		stream << "Permissions (general): " << user->permissions.toString() << std::endl;
-		return {true, stream.str()};
-	}
-	return {false, "User not found"};
-}
-
-std::pair<bool, std::string> CLIHandler::page_list(const std::vector<std::string> &args)
-{
-	auto pageDao = this->db->createPageDao();
-	QueryOption o;
-	auto result = pageDao->getPageList(o);
-	std::stringstream stream;
-	for(std::string pagename : result)
-	{
-		Page p = pageDao->find(pagename).value();
-		stream << p.name << " " << p.pageid << " " << std::string(p.listed ? "listed" : "unlisted") << std::endl;
-	}
-	return {true, stream.str()};
-}
-
-std::pair<bool, std::string> CLIHandler::pageperms_set_permissions(const std::vector<std::string> &args)
-{
-	std::string page = args.at(0);
-	std::string username = args.at(1);
-	std::string perms = args.at(2);
-
-	auto permissionsDao = this->db->createPermissionsDao();
-	permissionsDao->save(page, username, Permissions{perms});
-	return {true, ""};
-}
-
-std::pair<bool, std::string> CLIHandler::attach(const std::vector<std::string> &args)
-{
-	/* TODO: consider authentication */
-	pid_t pid = getpid();
-	return {true, "Hi, I am pid: " + std::to_string(pid)};
-}
-
-std::pair<bool, std::string> CLIHandler::cli_help(const std::vector<std::string> &args)
-{
-	std::string command;
-	if(args.size() > 0)
-		command = args[0];
-	std::stringstream stream;
-	for(struct cmd &cmd : cmds)
-	{
-		if(command != "" && cmd.name != command)
-		{
-			continue;
-		}
-
-		stream << cmd.name << " - " << cmd.helptext << std::endl;
-		for(struct cmd &subCmd : cmd.subCommands)
-		{
-			stream << "\t" << subCmd.name << " " << subCmd.helptext << std::endl;
-		}
-		stream << std::endl;
-	}
-	return {true, stream.str()};
-}
-
-std::pair<bool, std::string> CLIHandler::processCommand(const std::vector<CLIHandler::cmd> &commands, std::string cmd,
-														const std::vector<std::string> &args)
-{
-	auto c = std::find_if(commands.begin(), commands.end(),
-						  [&cmd](const struct CLIHandler::cmd &a) { return a.name == cmd; });
-	if(c == commands.end())
-	{
-		std::cout << "No such command: " << cmd << std::endl;
-		return cli_help({});
-	}
-
-	if(!c->subCommands.empty() && args.size() >= c->required_args)
-	{
-		std::string newcmd = args[0];
-		std::vector<std::string> newargs = args;
-		newargs.erase(newargs.begin());
-		return processCommand(c->subCommands, newcmd, newargs);
-	}
-	if(args.size() < c->required_args)
-	{
-		return {false, "not enough parameters passed"};
-	}
-
-	try
-	{
-		return c->func(this, args);
-	}
-	catch(std::runtime_error &e)
-	{
-		return {false, "Exception: " + std::string(e.what())};
-	}
-	return {false, ""};
-}
-
-std::pair<bool, std::string> CLIHandler::processCommand(std::string cmd, const std::vector<std::string> &args)
-{
-	return processCommand(this->cmds, cmd, args);
-}
-
-std::pair<std::string, std::vector<std::string>> CLIHandler::splitCommand(std::string input)
-{
-	input = utils::trim(input);
-	std::vector<std::string> splitted = utils::split(input, "\\s+");
-	if(splitted.empty())
-	{
-		return {" ", splitted};
-	}
-	std::string cmd = splitted[0];
-	splitted.erase(splitted.begin());
-	return {cmd, splitted};
-}
-
-std::pair<bool, std::string> CLIHandler::version(const std::vector<std::string> &args)
-{
-	return {true, get_version_string()};
-}

cli.h

@@ -1,84 +0,0 @@
-#ifndef CLI_H
-#define CLI_H
-#include <iostream>
-#include <string>
-#include <vector>
-#include "database/database.h"
-#include "config.h"
-
-class CLIHandler
-{
-	struct cmd
-	{
-		std::string name;
-		std::string helptext;
-		unsigned int required_args;
-		std::vector<cmd> subCommands;
-		std::function<std::pair<bool, std::string>(CLIHandler *, const std::vector<std::string> &)> func;
-	};
-
-  private:
-	Database *db;
-	Config *conf;
-
-  protected:
-	std::pair<bool, std::string> attach(const std::vector<std::string> &args);
-	std::pair<bool, std::string> cli_help(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_add(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_change_pw(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_rename(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_set_perms(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_list(const std::vector<std::string> &args);
-	std::pair<bool, std::string> user_show(const std::vector<std::string> &args);
-	std::pair<bool, std::string> page_list(const std::vector<std::string> &args);
-	std::pair<bool, std::string> pageperms_set_permissions(const std::vector<std::string> &args);
-	std::pair<bool, std::string> version(const std::vector<std::string> &args);
-
-	std::vector<struct cmd> cmds{
-		{{"user",
-		  "user operations on the database",
-		  1,
-		  {{{"add", "[user] [password] - creates a user", 2, {}, &CLIHandler::user_add},
-			{"changepw", "[user] [password] - changes the password of user", 2, {}, &CLIHandler::user_change_pw},
-			{"rename", "[user] [new name] - renames a user", 2, {}, &CLIHandler::user_rename},
-			{"setperms", "[user] [perms] - sets the permissions of the user", 2, {}, &CLIHandler::user_set_perms},
-			{"list", "- lists users", 0, {}, &CLIHandler::user_list},
-			{"show", "[user] - show detailed information about user", 1, {}, &CLIHandler::user_show}}},
-		  &CLIHandler::cli_help},
-		 {"page",
-		  "operation on pages",
-		  1,
-		  {{{"list", "- lists existing pages", 0, {}, &CLIHandler::page_list}}},
-		  &CLIHandler::cli_help},
-		 {"pageperms",
-		  "set permissions on pages",
-		  1,
-		  {{{"set",
-			 "- [page] [username] [permissions] set permisisons on page",
-			 3,
-			 {},
-			 &CLIHandler::pageperms_set_permissions}}},
-		  &CLIHandler::cli_help},
-		 {"exit",
-		  "exit cli",
-		  0,
-		  {},
-		  [](CLIHandler *, const std::vector<std::string> &args) -> std::pair<bool, std::string>
-		  {
-			  exit(EXIT_SUCCESS);
-			  return {true, ""};
-		  }},
-		 {"help", "print this help", 0, {}, &CLIHandler::cli_help},
-		 {"attach", "attach to running instance", 0, {}, &CLIHandler::attach},
-		 {"version", "print verison info", 0, {}, &CLIHandler::version}}};
-
-	std::pair<bool, std::string> processCommand(const std::vector<CLIHandler::cmd> &commands, std::string cmd,
-												const std::vector<std::string> &args);
-
-  public:
-	CLIHandler(Config &config, Database &d);
-	std::pair<bool, std::string> processCommand(std::string cmd, const std::vector<std::string> &args);
-	static std::pair<std::string, std::vector<std::string>> splitCommand(std::string input);
-};
-
-#endif // CLI_H

cliconsole.cpp

@@ -1,137 +0,0 @@
-#include "cliconsole.h"
-
-CLIConsole::CLIConsole(CLIHandler &cliHandler, std::string socketPath)
-{
-	this->handler = &cliHandler;
-	this->socketPath = socketPath;
-}
-
-std::pair<bool, std::string> CLIConsole::send(std::string input)
-{
-	ssize_t ret =
-		sendto(this->sock, input.c_str(), input.size(), 0, (const sockaddr *)&this->server, sizeof(this->server));
-	if((size_t)ret != input.size())
-	{
-		return {false, "sendto failed: " + std::to_string(ret) + " " + std::string(strerror(errno))};
-	}
-	char buffer[1024] = {0};
-	ret = recvfrom(this->sock, buffer, sizeof(buffer) - 1, 0, NULL, NULL);
-	if(ret == -1)
-	{
-		return {false, "recvfrom failed: " + std::string(strerror(errno))};
-	}
-
-	bool success = false;
-	std::string_view view = buffer;
-	if(view[0] == '1')
-	{
-		success = true;
-	}
-	view.remove_prefix(1);
-	std::string msg = std::string{view};
-
-	return {success, msg};
-}
-
-void CLIConsole::attach()
-{
-	if(attached)
-	{
-		std::cout << "Already attached" << std::endl;
-		return;
-	}
-	if(socketPath.size() > sizeof(this->server.sun_path) - 1)
-	{
-		std::cout << "Socket path too long" << std::endl;
-		return;
-	}
-	memset(&this->server, 0, sizeof(this->server));
-	this->server.sun_family = AF_UNIX;
-	memcpy(&this->server.sun_path, socketPath.c_str(), socketPath.size());
-	this->server.sun_path[socketPath.size()] = 0;
-
-	int s = socket(AF_UNIX, SOCK_DGRAM, 0);
-	if(s == -1)
-	{
-		std::cout << "Failed to create socket" << strerror(errno) << std::endl;
-		return;
-	}
-	this->sock = s;
-
-	struct sockaddr_un client;
-	client.sun_family = AF_UNIX;
-	client.sun_path[0] = '\0';
-
-	int ret = bind(this->sock, (struct sockaddr *)&client, sizeof(client));
-	if(ret != 0)
-	{
-		std::cout << "bind() failed: " << strerror(errno) << std::endl;
-		return;
-	}
-	auto result = this->send("attach");
-	if(result.first)
-	{
-		std::cout << "Attached successfully: " << result.second << std::endl;
-		this->attached = true;
-	}
-	else
-	{
-		std::cout << "Attached unsuccessfully: " << result.second << std::endl;
-	}
-}
-
-void CLIConsole::startInteractive()
-{
-	std::cout << "qswiki CLI" << std::endl;
-	std::cout << "not attached - use 'attach' to connect to running instance" << std::endl;
-
-	while(true)
-	{
-		std::string input;
-		std::cout << "> ";
-		std::getline(std::cin, input);
-
-		if(std::cin.bad() || std::cin.eof())
-		{
-			std::cout << "Exiting" << std::endl;
-			return;
-		}
-		if(input.empty())
-		{
-			continue;
-		}
-
-		auto pair = CLIHandler::splitCommand(input);
-		if(pair.first == "exit")
-		{
-			std::cout << "Exiting CLI";
-			exit(EXIT_SUCCESS);
-		}
-		if(pair.first == "attach")
-		{
-			attach();
-			continue;
-		}
-
-		std::pair<bool, std::string> result;
-		if(!attached)
-		{
-			result = handler->processCommand(pair.first, pair.second);
-		}
-		else
-		{
-			result = this->send(input);
-		}
-
-		if(!result.second.empty())
-		{
-			std::cout << result.second << std::endl;
-		}
-		if(!result.first)
-		{
-			std::cout << "Command failed" << std::endl;
-		}
-	}
-
-	std::cout << "\n";
-}

cliconsole.h

@@ -1,27 +0,0 @@
-#ifndef CLICONSOLE_H
-#define CLICONSOLE_H
-
-#include <iostream>
-#include <string>
-#include <vector>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include "cli.h"
-
-class CLIConsole
-{
-  private:
-	struct sockaddr_un server;
-	int sock;
-	CLIHandler *handler;
-	std::string socketPath;
-	bool attached = false;
-	std::pair<bool, std::string> send(std::string input);
-	void attach();
-
-  public:
-	CLIConsole(CLIHandler &cliHandler, std::string socketPath);
-	void startInteractive();
-};
-
-#endif // CLICONSOLE_H

cliserver.cpp

@@ -1,77 +0,0 @@
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include "cliserver.h"
-#include "logger.h"
-CLIServer::CLIServer(CLIHandler &handler)
-{
-	this->handler = &handler;
-}
-
-bool CLIServer::detachServer(std::string socketpath)
-{
-	struct sockaddr_un name;
-	const int max_socket_length = sizeof(name.sun_path) - 1;
-	if(socketpath.size() > max_socket_length)
-	{
-		perror("socket path too long");
-		return false;
-	}
-	int s = socket(AF_UNIX, SOCK_DGRAM, 0);
-	if(s == -1)
-	{
-		perror("socket");
-		return false;
-	}
-
-	memset(&name, 0, sizeof(name));
-	name.sun_family = AF_UNIX;
-	memcpy(&name.sun_path, socketpath.c_str(), socketpath.size());
-
-	unlink(socketpath.c_str());
-	int ret = bind(s, (const struct sockaddr *)&name, sizeof(name));
-	if(ret == -1)
-	{
-		perror("bind");
-		exit(EXIT_FAILURE);
-	}
-
-	auto worker = [=]
-	{
-		while(true)
-		{
-			char buffer[1024] = {0};
-			struct sockaddr_un peer;
-			socklen_t peerlen = sizeof(peer);
-
-			int ret = recvfrom(s, buffer, sizeof(buffer) - 1, 0, (struct sockaddr *)&peer, &peerlen);
-			if(ret == -1)
-			{
-				Logger::error() << "Error during recvfrom in CLI server: " << strerror(errno);
-				return false;
-			}
-
-			std::string input{buffer};
-
-			auto pair = CLIHandler::splitCommand(input);
-
-			auto result = handler->processCommand(pair.first, pair.second);
-			char resultCode = '0';
-			if(result.first)
-			{
-				resultCode = '1';
-			}
-			std::string resultString;
-			resultString += resultCode;
-			resultString += result.second;
-			ret = sendto(s, resultString.c_str(), resultString.size(), 0, (struct sockaddr *)&peer, peerlen);
-			if(ret == -1)
-			{
-				Logger::error() << "Error during sendto in CLI server: " << strerror(errno);
-			}
-		}
-	};
-	std::thread t1{worker};
-	t1.detach();
-	return true;
-}

cliserver.h

@@ -1,16 +0,0 @@
-#ifndef CLISERVER_H
-#define CLISERVER_H
-#include <thread>
-#include "cli.h"
-
-class CLIServer
-{
-  private:
-	CLIHandler *handler = nullptr;
-
-  public:
-	CLIServer(CLIHandler &handler);
-	bool detachServer(std::string socketpath);
-};
-
-#endif // CLISERVER_H

config.cpp

@@ -71,6 +71,7 @@ Config::Config(const std::map<std::string, std::string> &map)
 
 	this->configmap = map;
 	this->wikipath = optional("wikipath", "/");
+	this->parser = optional("parser", "markdown");
 	this->handlersConfig.anon_username = optional("anon_username", "anonymouse");
 	this->handlersConfig.wikiname = required("wikiname");
 	this->logfile = required("logfile");

config.h

@@ -86,6 +86,7 @@ class Config
 	std::string templateprefix;
 	std::string logfile;
 	std::string connectionstring;
+	std::string parser;
 	int session_max_lifetime;
 	int threadscount;
 

database/permissionsdao.h

@@ -7,7 +7,6 @@ class PermissionsDao
   public:
 	PermissionsDao();
 	virtual std::optional<Permissions> find(std::string pagename, std::string username) = 0;
-	virtual void save(std::string pagename, std::string username, Permissions perms) = 0;
 };
 
 #endif // PERMISSIONSDAO_H

database/permissionsdaosqlite.cpp

@@ -41,21 +41,3 @@ std::optional<Permissions> PermissionsDaoSqlite::find(std::string pagename, std:
 
 	return Permissions{permissions};
 }
-
-void PermissionsDaoSqlite::save(std::string pagename, std::string username, Permissions perms)
-{
-	try
-	{
-		auto query =
-			*db
-			<< "INSERT OR REPLACE INTO permissions (id, permissions, userid, page) VALUES((SELECT id FROM permissions "
-			   "WHERE page = (SELECT id FROM page WHERE name = ?) AND userid = (SELECT id FROM user WHERE username = "
-			   "?)), ?, (SELECT id FROM user WHERE username = ?), (SELECT id FROM page WHERE name = ?))";
-		query << pagename << username << perms.getPermissions() << username << pagename;
-		query.execute();
-	}
-	catch(const sqlite::errors::no_rows &e)
-	{
-		throwFrom(e);
-	}
-}

database/permissionsdaosqlite.h

@@ -9,7 +9,6 @@ class PermissionsDaoSqlite : public PermissionsDao, protected SqliteDao
 	PermissionsDaoSqlite();
 
 	std::optional<Permissions> find(std::string pagename, std::string username) override;
-	virtual void save(std::string pagename, std::string username, Permissions perms) override;
 	using SqliteDao::SqliteDao;
 };
 

database/userdao.h

@@ -3,7 +3,6 @@
 #include <string>
 #include <optional>
 #include "../user.h"
-#include "queryoption.h"
 class UserDao
 {
   public:
@@ -11,7 +10,6 @@ class UserDao
 	virtual bool exists(std::string username) = 0;
 	virtual std::optional<User> find(std::string username) = 0;
 	virtual std::optional<User> find(int id) = 0;
-	virtual std::vector<User> list(QueryOption o) = 0;
 	virtual void deleteUser(std::string username) = 0;
 	virtual void save(const User &u) = 0;
 	virtual ~UserDao(){};

database/userdaosqlite.cpp

@@ -23,7 +23,6 @@ SOFTWARE.
 #include <memory>
 #include <cstring>
 #include "userdaosqlite.h"
-#include "sqlitequeryoption.h"
 
 UserDaoSqlite::UserDaoSqlite()
 {
@@ -83,39 +82,6 @@ std::optional<User> UserDaoSqlite::find(int id)
 	}
 }
 
-std::vector<User> UserDaoSqlite::list(QueryOption o)
-{
-	std::vector<User> result;
-
-	try
-	{
-
-		std::string queryOption = SqliteQueryOption(o).setOrderByColumn("username").setPrependWhere(true).build();
-		std::string query = "SELECT username, password, salt, permissions, enabled FROM user " + queryOption;
-
-		*db << query >>
-			[&](std::string username, std::vector<char> pw, std::vector<char> salt, int permisisons, bool enabled)
-		{
-			User tmp;
-			tmp.login = username;
-			tmp.password = pw;
-			tmp.salt = salt;
-			tmp.permissions = Permissions{permisisons};
-			tmp.enabled = enabled;
-			result.push_back(tmp);
-		};
-	}
-	catch(const sqlite::errors::no_rows &e)
-	{
-		return result;
-	}
-	catch(sqlite::sqlite_exception &e)
-	{
-		throwFrom(e);
-	}
-	return result;
-}
-
 void UserDaoSqlite::deleteUser(std::string username)
 {
 	// What to do with the contributions of the user?

database/userdaosqlite.h

@@ -13,7 +13,6 @@ class UserDaoSqlite : public UserDao, protected SqliteDao
 	std::optional<User> find(std::string username);
 	std::optional<User> find(int id);
 
-	std::vector<User> list(QueryOption o);
 	void deleteUser(std::string username);
 	void save(const User &u);
 	using SqliteDao::SqliteDao;

handlers/handler.h

@@ -9,10 +9,13 @@
 #include "../database/queryoption.h"
 #include "../logger.h"
 #include "../cache/icache.h"
+#include "../iparser.h"
+
 class Handler
 {
   protected:
 	ICache *cache;
+	IParser *parser;
 	Template *templ;
 	Database *database;
 	Session *userSession;
@@ -25,7 +28,7 @@ class Handler
 
   public:
 	Handler(HandlerConfig &handlersConfig, Template &templ, Database &db, Session &userSession, UrlProvider &provider,
-			ICache &cache)
+			ICache &cache, IParser &parser)
 	{
 		this->handlersConfig = &handlersConfig;
 		this->templ = &templ;
@@ -33,6 +36,7 @@ class Handler
 		this->userSession = &userSession;
 		this->urlProvider = &provider;
 		this->cache = &cache;
+		this->parser = &parser;
 	}
 
 	virtual Response handle(const Request &r);

handlers/handlerfactory.h

@@ -10,15 +10,16 @@ class HandlerFactory
 	Database &db;
 	UrlProvider &urlProvider;
 	ICache &cache;
+	IParser &parser;
 
 	template <class T> inline std::unique_ptr<T> produce(Session &userSession)
 	{
-		return std::make_unique<T>(handlerConfig, templ, db, userSession, urlProvider, cache);
+		return std::make_unique<T>(handlerConfig, templ, db, userSession, urlProvider, cache, parser);
 	}
 
   public:
-	HandlerFactory(HandlerConfig &handlerConfig, Template &templ, Database &db, UrlProvider &urlprovider, ICache &cache)
-		: handlerConfig(handlerConfig), templ(templ), db(db), urlProvider(urlprovider), cache(cache)
+	HandlerFactory(HandlerConfig &handlerConfig, Template &templ, Database &db, UrlProvider &urlprovider, ICache &cache, IParser &parser)
+		: handlerConfig(handlerConfig), templ(templ), db(db), urlProvider(urlprovider), cache(cache), parser(parser)
 	{
 	}
 	std::unique_ptr<Handler> createHandler(const std::string &action, Session &userSession);

handlers/handlerpageedit.cpp

@@ -21,8 +21,8 @@ SOFTWARE.
 #include "handlerpageedit.h"
 #include "../database/exceptions.h"
 #include "../request.h"
+#include "../parserlegacy.h"
 
-#include "../parser.h"
 bool HandlerPageEdit::canAccess(std::string page)
 {
 	return this->userSession->user.permissions.canEdit();
@@ -59,7 +59,7 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
 
 			// TODO: must check, whether categories differ, and perhaps don't allow every user
 			// to set categories
-			Parser parser;
+			ParserLegacy parser;
 			std::vector<std::string> cats = parser.extractCategories(newContent);
 			try
 			{
@@ -107,7 +107,7 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
 		if(r.post("do") == "preview")
 		{
 			std::string newContent = r.post("content");
-			Parser parser;
+			ParserLegacy parser;
 			TemplatePage templatePage = this->templ->getPage("page_creation_preview");
 			templatePage.setVar("actionurl", urlProvider->editPage(pagename));
 			templatePage.setVar("preview_content", parser.parse(pageDao, *this->urlProvider, newContent));

handlers/handlerpageview.cpp

@@ -21,7 +21,7 @@ SOFTWARE.
 #include "handlerpageview.h"
 #include "../database/exceptions.h"
 #include "../logger.h"
-#include "../parser.h"
+#include "../parserlegacy.h"
 #include "../htmllink.h"
 
 bool HandlerPageView::canAccess(std::string page)
@@ -130,7 +130,7 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
 
 	TemplatePage &page = this->templ->getPage(templatepartname);
 
-	Parser parser;
+
 	Response result;
 	result.setStatus(200);
 	std::string indexcontent;
@@ -138,8 +138,8 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
 
 	if(revisionid > 0)
 	{
-		indexcontent = createIndexContent(parser, revision->content);
-		parsedcontent = parser.parse(pageDao, *this->urlProvider, revision->content);
+		indexcontent = createIndexContent(*parser, revision->content);
+		parsedcontent = parser->parse(pageDao, *this->urlProvider, revision->content);
 	}
 	else
 	{
@@ -153,7 +153,7 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
 		}
 		else
 		{
-			indexcontent = createIndexContent(parser, revision->content);
+			indexcontent = createIndexContent(*parser, revision->content);
 			this->cache->put(cachekeyindexcontent, indexcontent);
 		}
 		if(cachedparsedcontent)
@@ -162,7 +162,7 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
 		}
 		else
 		{
-			parsedcontent = parser.parse(pageDao, *this->urlProvider, revision->content);
+			parsedcontent = parser->parse(pageDao, *this->urlProvider, revision->content);
 			this->cache->put(cachekeyparsedcontent, parsedcontent);
 		}
 	}

handlers/handlerusersettings.cpp

@@ -21,14 +21,13 @@ Response HandlerUserSettings::handleRequest(const Request &r)
 			auto userDao = this->database->createUserDao();
 			Authenticator authenticator(*userDao);
 
-			std::variant<User, AuthenticationError> authresult =
-				authenticator.authenticate(this->userSession->user.login, oldpassword);
+			std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword);
 			if(std::holds_alternative<AuthenticationError>(authresult))
 			{
 				return this->errorResponse("Invalid current password", "The old password you entered is invalid");
 			}
 			Random r;
-			std::vector<char> salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
+			std::vector<char> salt = r.getRandom(23);
 			User user = std::get<User>(authresult);
 			user.salt = salt;
 			user.password = authenticator.hash(newpassword, user.salt);

iparser.h

@@ -5,6 +5,8 @@
 #include "headline.h"
 #include "database/pagedao.h"
 #include "urlprovider.h"
+
+
 class IParser
 {
   public:
@@ -16,4 +18,6 @@ class IParser
 	virtual ~IParser(){};
 };
 
+
+
 #endif // PARSER_H

parserlegacy.cpp

@@ -24,29 +24,22 @@ SOFTWARE.
 #include <vector>
 #include <algorithm>
 #include <iterator>
-#include "parser.h"
+#include "parserlegacy.h"
 #include "utils.h"
 #include "htmllink.h"
-std::vector<Headline> Parser::extractHeadlines(std::string content) const
+std::vector<Headline> ParserLegacy::extractHeadlines(std::string content) const
 {
 	std::vector<Headline> result;
-	std::string reg = R"(\[h(1|2|3)\](.*?)\[/h\1\])";
-	std::regex headerfinder(reg);
-	auto begin = std::sregex_iterator(content.begin(), content.end(), headerfinder);
-	auto end = std::sregex_iterator();
-
-	for(auto it = begin; it != end; it++)
-	{
-		auto smatch = *it;
+	utils::regex_callback_extractor(std::regex(R"(\[h(1|2|3)\](.*?)\[/h\1\])"), content, [&](std::smatch &smatch) {
 		Headline h;
 		h.level = utils::toUInt(smatch.str(1));
 		h.title = smatch.str(2);
 		result.push_back(h);
-	}
+	});
 	return result;
 }
 
-std::vector<std::string> Parser::extractCategories(std::string content) const
+std::vector<std::string> ParserLegacy::extractCategories(std::string content) const
 {
 	std::vector<std::string> result;
 	std::string reg = R"(\[category\](.*?)\[/category\])";
@@ -62,7 +55,7 @@ std::vector<std::string> Parser::extractCategories(std::string content) const
 	return result;
 }
 
-std::string Parser::extractCommand(std::string cmdname, std::string content) const
+std::string ParserLegacy::extractCommand(std::string cmdname, std::string content) const
 {
 	std::string cmd = "[cmd:" + cmdname + "]";
 	std::string cmdend = "[/cmd:" + cmdname + "]";
@@ -81,7 +74,7 @@ std::string Parser::extractCommand(std::string cmdname, std::string content) con
 	}
 	return "";
 }
-std::string Parser::processLink(const PageDao &pageDao, UrlProvider &urlProvider, std::smatch &match) const
+std::string ParserLegacy::processLink(const PageDao &pageDao, UrlProvider &urlProvider, std::smatch &match) const
 {
 	std::string linktag = match.str(1);
 	std::string inside = match.str(2);
@@ -116,7 +109,7 @@ std::string Parser::processLink(const PageDao &pageDao, UrlProvider &urlProvider
 	return htmllink.render();
 }
 
-std::string Parser::parse(const PageDao &pagedao, UrlProvider &provider, std::string content) const
+std::string ParserLegacy::parse(const PageDao &pagedao, UrlProvider &provider, std::string content) const
 {
 	std::string result;
 	// we don't care about commands, but we nevertheless replace them with empty strings

parserlegacy.h

@@ -2,7 +2,7 @@
 #define PARSER_H
 #include "iparser.h"
 
-class Parser : public IParser
+class ParserLegacy : public IParser
 {
   private:
 	std::string processLink(const PageDao &pageDao, UrlProvider &urlProvider, std::smatch &match) const;
@@ -13,7 +13,7 @@ class Parser : public IParser
 	std::vector<std::string> extractCategories(std::string content) const override;
 	std::string parse(const PageDao &pagedao, UrlProvider &provider, std::string content) const override;
 	using IParser::IParser;
-	~Parser(){};
+	~ParserLegacy(){};
 };
 
 #endif // PARSER_H

parsermarkdown.cpp

@@ -0,0 +1,71 @@
+#include "parsermarkdown.h"
+#include "logger.h"
+#include "htmllink.h"
+
+std::string ParserMarkdown::processLink(const PageDao &pageDao, UrlProvider &urlProvider, std::smatch &match) const
+{
+	std::string inner = match.str(1);
+	std::string link = match.str(2);
+	HtmlLink htmllink;
+	htmllink.href = link;
+	htmllink.innervalue = inner;
+
+	if(link.find("http://") == 0 || link.find("https://") == 0)
+	{
+		return htmllink.render();
+	}
+
+	if(pageDao.exists(link))
+	{
+		htmllink.cssclass = "exists";
+	}
+	else
+	{
+		htmllink.cssclass = "notexists";
+	}
+
+	htmllink.href = urlProvider.page(htmllink.href);
+
+	return htmllink.render();
+}
+
+ParserMarkdown::ParserMarkdown()
+{
+}
+
+std::vector<Headline> ParserMarkdown::extractHeadlines(std::string content) const
+{
+	std::vector<Headline> result;
+	utils::regex_callback_extractor(std::regex(R"((#{1,6}) (.*))"), content, [&](std::smatch &smatch) {
+		Headline h;
+		h.level = smatch.str(1).length();
+		h.title = smatch.str(2);
+		result.push_back(h);
+	});
+	return result;
+}
+
+std::string ParserMarkdown::parse(const PageDao &pagedao, UrlProvider &provider, std::string content) const
+{
+	std::shared_ptr<maddy::ParserConfig> config = std::make_shared<maddy::ParserConfig>();
+	auto maddy = std::make_shared<maddy::Parser>(config);
+
+	auto linkParser = std::make_shared<maddy::LinkParser>();
+	linkParser->setCallback([&](std::smatch &match) { return processLink(pagedao, provider, match); });
+	maddy->setLinkParser(linkParser);
+	// TODO: hack because the parser breaks if there is an \r
+	content = utils::strreplace(content, "\r", "");
+	std::stringstream s{content};
+	std::string result = maddy->Parse(s);
+	return result;
+}
+
+std::string ParserMarkdown::extractCommand(std::string cmdname, std::string content) const
+{
+	return "";
+}
+
+std::vector<std::string> ParserMarkdown::extractCategories(std::string content) const
+{
+	return { };
+}

parsermarkdown.h

@@ -0,0 +1,21 @@
+#ifndef PARSER_MARKDOWN_H
+#define PARSER_MARKDOWN_H
+
+#include "iparser.h"
+#include "maddy/parser.h"
+
+class ParserMarkdown : public IParser
+{
+private:
+	std::string processLink(const PageDao &pageDao, UrlProvider &urlProvider, std::smatch &match) const;
+
+public:
+	ParserMarkdown();
+	std::vector<Headline> extractHeadlines(std::string content) const;
+	std::string parse(const PageDao &pagedao, UrlProvider &provider, std::string content) const;
+
+	std::string extractCommand(std::string cmdname, std::string content) const;
+	std::vector<std::string> extractCategories(std::string content) const;
+};
+
+#endif // PARSER_MARKDOWN_H

permissions.cpp

@@ -20,17 +20,6 @@ SOFTWARE.
 */
 #include "permissions.h"
 
-static const std::map<std::string, int> permmap = {{"can_read", PERM_CAN_READ},
-												   {"can_edit", PERM_CAN_EDIT},
-												   {"can_page_history", PERM_CAN_PAGE_HISTORY},
-												   {"can_global_history", PERM_CAN_GLOBAL_HISTORY},
-												   {"can_delete", PERM_CAN_DELETE},
-												   {"can_see_page_list", PERM_CAN_SEE_PAGE_LIST},
-												   {"can_create", PERM_CAN_CREATE},
-												   {"can_see_category_list", PERM_CAN_SEE_CATEGORY_LIST},
-												   {"can_see_links_here", PERM_CAN_SEE_LINKS_HERE},
-												   {"can_search", PERM_CAN_SEARCH}};
-
 Permissions::Permissions(int permissions)
 {
 	this->permissions = permissions;
@@ -47,20 +36,3 @@ Permissions::Permissions(const std::string &str)
 		}
 	}
 }
-
-std::string Permissions::toString(int perms)
-{
-	std::string result;
-	for(auto pair : permmap)
-	{
-		if(pair.second & perms)
-		{
-			result += pair.first + ",";
-		}
-	}
-	if(result.size() > 0)
-	{
-		result.pop_back();
-	}
-	return result;
-}

permissions.h

@@ -14,12 +14,20 @@
 
 #include <string>
 #include <map>
-
 class Permissions
-
 {
   private:
 	int permissions = 0;
+	const std::map<std::string, int> permmap = {{"can_read", PERM_CAN_READ},
+												{"can_edit", PERM_CAN_EDIT},
+												{"can_page_history", PERM_CAN_PAGE_HISTORY},
+												{"can_global_history", PERM_CAN_GLOBAL_HISTORY},
+												{"can_delete", PERM_CAN_DELETE},
+												{"can_see_page_list", PERM_CAN_SEE_PAGE_LIST},
+												{"can_create", PERM_CAN_CREATE},
+												{"can_see_category_list", PERM_CAN_SEE_CATEGORY_LIST},
+												{"can_see_links_here", PERM_CAN_SEE_LINKS_HERE},
+												{"can_search", PERM_CAN_SEARCH}};
 
   public:
 	Permissions()
@@ -94,13 +102,6 @@ class Permissions
 	{
 		return this->permissions & PERM_CAN_SEE_PAGE_LIST;
 	}
-
-	std::string toString() const
-	{
-		return Permissions::toString(this->permissions);
-	}
-
-	static std::string toString(int perms);
 };
 
 #endif // PERMISSIONS_H

qswiki.cpp

@@ -25,7 +25,6 @@ SOFTWARE.
 #include <unistd.h>
 #include <sys/types.h>
 #include <filesystem>
-#include <getopt.h>
 #include "gateway/gatewayinterface.h"
 #include "gateway/gatewayfactory.h"
 #include "handlers/handlerfactory.h"
@@ -38,10 +37,9 @@ SOFTWARE.
 #include "requestworker.h"
 #include "cache/fscache.h"
 #include "sandbox/sandboxfactory.h"
-#include "cli.h"
-#include "cliconsole.h"
-#include "cliserver.h"
-#include "version.h"
+#include "iparser.h"
+#include "parserlegacy.h"
+#include "parsermarkdown.h"
 
 void sigterm_handler(int arg)
 {
@@ -62,10 +60,6 @@ void setup_signal_handlers()
 	}
 }
 
-#define OPT_PRINT_VERSION 23
-
-static struct option long_options[] = {{"cli", no_argument, 0, 'c'}, {"version", no_argument, 0, OPT_PRINT_VERSION}};
-
 std::unique_ptr<ICache> createCache(const ConfigVariableResolver &resolver)
 {
 
@@ -74,42 +68,23 @@ std::unique_ptr<ICache> createCache(const ConfigVariableResolver &resolver)
 	return std::make_unique<FsCache>(path);
 }
 
+std::unique_ptr<IParser> createParser(const ConfigVariableResolver &resolver)
+{
+	std::string parser = resolver.getConfig("parser");
+	if(parser == "legacy")
+	{
+		return std::make_unique<ParserLegacy>();
+	}
+	return std::make_unique<ParserMarkdown>();
+}
+
 int main(int argc, char **argv)
 {
-
-	char *configfilepath = NULL;
-	int option;
-	int option_index;
-	bool cli_mode = false;
-
 	if(geteuid() == 0)
 	{
 		std::cerr << "Do not run this as root!" << std::endl;
 		return 1;
 	}
-
-	while((option = getopt_long(argc, argv, "cv", long_options, &option_index)) != -1)
-	{
-		switch(option)
-		{
-		case 'c':
-			cli_mode = true;
-			break;
-		case OPT_PRINT_VERSION:
-			std::cout << get_version_string() << std::endl;
-			exit(EXIT_SUCCESS);
-			break;
-		}
-	}
-
-	if(optind == argc)
-	{
-		std::cerr << "Missing config path" << std::endl;
-		return 1;
-	}
-
-	configfilepath = argv[optind++];
-
 	auto sandbox = createSandbox();
 	// TODO: do we want to keep it mandatory or configurable?
 	if(!sandbox->supported())
@@ -117,18 +92,35 @@ int main(int argc, char **argv)
 		Logger::error() << "Sandbox is not supported, exiting";
 		exit(EXIT_FAILURE);
 	}
+	if(!sandbox->enableForInit())
+	{
+		Logger::error() << "Sandboxing for init mode could not be activated.";
+		exit(EXIT_FAILURE);
+	}
+
 	if(argc < 2)
 	{
 		std::cerr << "no path to config file provided" << std::endl;
 		return 1;
 	}
-	std::string configpath = std::filesystem::absolute(configfilepath).string();
 
 	try
 	{
-		ConfigReader configreader(configpath);
+		ConfigReader configreader(argv[1]);
 		Config config = configreader.readConfig();
 
+		// TODO: config.connectiontring only works as long as we only support sqlite of course
+		if(!sandbox->enablePreWorker({
+			   config.configVarResolver.getConfig("cache_fs_dir"),
+			   config.templatepath,
+			   std::filesystem::path(config.logfile).parent_path(),
+			   std::filesystem::path(config.connectionstring).parent_path(),
+		   }))
+		{
+			Logger::error() << "Sandboxing for pre worker stage could not be activated.";
+			exit(EXIT_FAILURE);
+		}
+
 		setup_signal_handlers();
 
 		std::fstream logstream;
@@ -136,34 +128,6 @@ int main(int argc, char **argv)
 		Logger::setStream(&logstream);
 
 		auto database = createDatabase(config);
-		std::string socketPath = config.configVarResolver.getConfig("socketpath");
-		CLIHandler cliHandler(config, *database);
-
-		if(cli_mode)
-		{
-			CLIConsole console{cliHandler, socketPath};
-			console.startInteractive();
-			return 0;
-		}
-
-		// TODO: config.connectiontring only works as long as we only support sqlite of course
-		if(!sandbox->enable({
-			   config.configVarResolver.getConfig("cache_fs_dir"),
-			   config.templatepath,
-			   std::filesystem::path(config.logfile).parent_path(),
-			   std::filesystem::path(config.connectionstring).parent_path(),
-		   }))
-		{
-			Logger::error() << "Sandboxing for worker could not be enabled!";
-			exit(EXIT_FAILURE);
-		}
-
-		CLIServer cliServer{cliHandler};
-		if(!cliServer.detachServer(socketPath))
-		{
-			Logger::error() << "Error: Failed to detach unix socket server";
-			return 1;
-		}
 
 		// TODO: quite ugly, anon-handling must be rethought
 		auto userdao = database->createUserDao();
@@ -186,11 +150,19 @@ int main(int argc, char **argv)
 		auto cache = createCache(config.configVarResolver);
 		cache->clear();
 
-		HandlerFactory handlerFactory{config.handlersConfig, siteTemplate, *database.get(), urlProvider, *cache.get()};
+		auto parser = createParser(config.configVarResolver);
+
+
+		HandlerFactory handlerFactory{config.handlersConfig, siteTemplate, *database.get(), urlProvider, *cache.get(), *parser.get()};
 		RequestWorker requestWorker{handlerFactory, database->createSessionDao(), siteTemplate};
 
 		auto interface = createGateway(config);
 
+		if(!sandbox->enableForWorker())
+		{
+			Logger::error() << "Sandboxing for worker could not be enabled!";
+			exit(EXIT_FAILURE);
+		}
 		interface->work(requestWorker);
 	}
 	catch(const std::exception &e)

sandbox/sandbox-linux.cpp

@@ -23,6 +23,52 @@
  * obvious systemcalls. To whitelist, we need to analyse our
  * dependencies (http library, sqlite wrapper, sqlite lib etc.) */
 
+bool SandboxLinux::enableForInit()
+{
+	umask(0027);
+	struct qssb_policy policy = {0};
+	int blacklisted_syscalls[] = {QSSB_SYS(execveat), QSSB_SYS(execve), -1};
+	policy.blacklisted_syscalls = blacklisted_syscalls;
+	policy.no_new_privs = 1;
+	int result = qssb_enable_policy(&policy);
+	if(result != 0)
+	{
+		Logger::error() << "Failed to install sandboxing policy (init): " << result;
+		return false;
+	}
+	return true;
+}
+
+bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
+{
+	std::sort(fsPaths.begin(), fsPaths.end(),
+			  [](const std::string &a, const std::string &b) { return a.length() < b.length(); });
+
+	struct qssb_path_policy *policies = new qssb_path_policy[fsPaths.size()];
+	for(unsigned int i = 0; i < fsPaths.size(); i++)
+	{
+		policies[i].next = policies + (i + 1);
+		policies[i].mountpoint = fsPaths[i].c_str();
+		policies[i].policy = QSSB_MOUNT_ALLOW_READ | QSSB_MOUNT_ALLOW_WRITE;
+	}
+	policies[fsPaths.size() - 1].next = NULL;
+
+	struct qssb_policy policy = {0};
+	policy.path_policies = policies;
+	policy.namespace_options |= QSSB_UNSHARE_MOUNT;
+	policy.namespace_options |= QSSB_UNSHARE_USER;
+	int blacklisted_syscalls[] = {QSSB_SYS(execveat), QSSB_SYS(execve), -1};
+	policy.blacklisted_syscalls = blacklisted_syscalls;
+	int result = qssb_enable_policy(&policy);
+	if(result != 0)
+	{
+		Logger::error() << "Failed to install sandboxing policy (preworker): %i" << result;
+		return false;
+	}
+	delete[] policies;
+	return true;
+}
+
 bool SandboxLinux::supported()
 {
 	std::fstream stream;
@@ -40,43 +86,32 @@ bool SandboxLinux::supported()
 	}
 	return true;
 }
-bool SandboxLinux::enable(std::vector<std::string> fsPaths)
+bool SandboxLinux::enableForWorker()
 {
-	std::sort(fsPaths.begin(), fsPaths.end(),
-			  [](const std::string &a, const std::string &b) { return a.length() < b.length(); });
+	struct qssb_policy policy = {0};
+	policy.drop_caps = 1;
+	policy.not_dumpable = 1;
+	policy.no_new_privs = 1;
 
-	struct qssb_policy *policy = qssb_init_policy();
-	if(policy == NULL)
-	{
-		Logger::error() << "Failed to init sandboxing policy (worker) ";
-		return false;
-	}
-	for(unsigned int i = 0; i < fsPaths.size(); i++)
-	{
-		qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ | QSSB_FS_ALLOW_WRITE, fsPaths[i].c_str());
-	}
-	policy->drop_caps = 1;
-	policy->not_dumpable = 1;
-	policy->no_new_privs = 1;
-	policy->mount_path_policies_to_chroot = 1;
 	/* TODO: as said, a whitelist approach is better. As such, this list is bound to be incomplete in the
 	 * sense that more could be listed here and some critical ones are probably missing */
-
-	/* TODO: use qssb groups */
-	long blacklisted_syscalls[] = {QSSB_SYS(setuid),	  QSSB_SYS(connect), QSSB_SYS(chroot),	 QSSB_SYS(pivot_root),
-								   QSSB_SYS(mount),		  QSSB_SYS(setns),	 QSSB_SYS(unshare),	 QSSB_SYS(ptrace),
-								   QSSB_SYS(personality), QSSB_SYS(prctl),	 QSSB_SYS(execveat), QSSB_SYS(execve),
-								   QSSB_SYS(fork)};
-	qssb_append_syscalls_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, blacklisted_syscalls,
-								sizeof(blacklisted_syscalls) / sizeof(blacklisted_syscalls[0]));
-	qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
-
-	if(qssb_enable_policy(policy) != 0)
+	int blacklisted_syscalls[] = {QSSB_SYS(setuid),
+								  QSSB_SYS(connect),
+								  QSSB_SYS(chroot),
+								  QSSB_SYS(pivot_root),
+								  QSSB_SYS(mount),
+								  QSSB_SYS(setns),
+								  QSSB_SYS(unshare),
+								  QSSB_SYS(ptrace),
+								  QSSB_SYS(personality),
+								  QSSB_SYS(prctl),
+								  -1};
+	policy.blacklisted_syscalls = blacklisted_syscalls;
+	if(qssb_enable_policy(&policy) != 0)
 	{
 		Logger::error() << "Sandbox: Activation of seccomp blacklist failed!";
-		qssb_free_policy(policy);
 		return false;
 	}
-	qssb_free_policy(policy);
+
 	return true;
 }

sandbox/sandbox-linux.h

@@ -8,6 +8,8 @@ class SandboxLinux : public Sandbox
   public:
 	using Sandbox::Sandbox;
 	bool supported() override;
-	bool enable(std::vector<std::string> fsPaths) override;
+	bool enableForInit() override;
+	bool enablePreWorker(std::vector<std::string> fsPaths) override;
+	bool enableForWorker() override;
 };
 #endif

sandbox/sandbox-openbsd.h

@@ -6,6 +6,10 @@ class SandboxOpenBSD : public Sandbox
 {
   public:
 	bool supported() override;
-	bool enable(std::vector<std::string> fsPaths) override;
+	bool enableForInit() override;
+	bool enableForWorker() override;
+
+  private:
+	bool seccomp_blacklist(std::vector<int> syscalls);
 };
 #endif

sandbox/sandbox.h

@@ -10,7 +10,16 @@ class Sandbox
 	/* Whether the platform has everything required to active all sandbnox modes */
 	virtual bool supported() = 0;
 
-	/* Activated after we have acquired resources (bound to ports etc.)*/
-	virtual bool enable(std::vector<std::string> fsPaths) = 0;
+	/* Activated early. At this point, we need more system calls
+	 * than later on */
+	virtual bool enableForInit() = 0;
+
+	/* Activated after config has been read. Now we now which paths we need access to */
+	virtual bool enablePreWorker(std::vector<std::string> fsPaths) = 0;
+
+	/* Activated after we have acquired resources (bound to ports etc.)
+	 *
+	 * This should allow us to further restrcit the process */
+	virtual bool enableForWorker() = 0;
 };
 #endif

setup/sqlite.sql

@@ -25,13 +25,24 @@ count integer
 CREATE TABLE category(id INTEGER PRIMARY KEY, name varchar(255));
 CREATE TABLE categorymember(id INTEGER PRIMARY KEY, category REFERENCES category(id), page REFERENCES page (id));
 CREATE INDEX revisionid ON revision (revisionid DESC);
-CREATE INDEX pagename ON page (name);
-CREATE INDEX token ON session (token);
-CREATE VIRTUAL TABLE search USING fts5(content, page UNINDEXED, content=revision,content_rowid=id);
+CREATE INDEX pagename ON page (name)
+;
+CREATE INDEX token ON session (token)
+;
+CREATE TRIGGER search_ai AFTER INSERT ON revision BEGIN
+  DELETE FROM search WHERE page = new.page;
+  INSERT INTO search(rowid, content, page) VALUES (new.id, new.content, new.page);
+END;
+CREATE TRIGGER search_au AFTER UPDATE ON revision BEGIN
+  DELETE FROM search WHERE page = old.page;
+  INSERT INTO search(rowid, content, page) VALUES (new.id, new.content, new.page);
+END;
+CREATE VIRTUAL TABLE search USING fts5(content, page UNINDEXED, content=revision,content_rowid=id)
+/* search(content,page) */;
+CREATE TABLE IF NOT EXISTS 'search_data'(id INTEGER PRIMARY KEY, block BLOB);
+CREATE TABLE IF NOT EXISTS 'search_idx'(segid, term, pgno, PRIMARY KEY(segid, term)) WITHOUT ROWID;
+CREATE TABLE IF NOT EXISTS 'search_docsize'(id INTEGER PRIMARY KEY, sz BLOB);
+CREATE TABLE IF NOT EXISTS 'search_config'(k PRIMARY KEY, v) WITHOUT ROWID;
 CREATE TRIGGER search_ad AFTER DELETE ON revision BEGIN
   INSERT INTO search(search, rowid, content, page) VALUES('delete', old.id, old.content, old.page);
 END;
-CREATE TRIGGER search_ai AFTER INSERT ON revision BEGIN
-  INSERT INTO search(search, rowid, content, page) SELECT 'delete', id, content, page FROM revision WHERE page = new.page AND revisionid = new.revisionid - 1; 
-  INSERT INTO search(rowid, content, page) VALUES (new.id, new.content, new.page);
-END;

template.cpp

@@ -130,10 +130,11 @@ std::string Template::renderRevisionList(const std::vector<Revision> &revisions,
 	std::stringstream stream;
 	UrlProvider urlprovider(*this->configUrls);
 
-	auto genwithoutpage = [&]
-	{
+	auto genwithoutpage = [&] {
 		for(const Revision &revision : revisions)
 		{
+
+			Logger::debug() << "processing: " << revision.revision;
 			stream << "<tr><td><a href=\"" << urlprovider.pageRevision(revision.page, revision.revision) << "\">"
 				   << revision.revision << "</a></td>"
 				   << "<td>" << revision.author << "</td>"
@@ -142,8 +143,7 @@ std::string Template::renderRevisionList(const std::vector<Revision> &revisions,
 		}
 	};
 
-	auto genwithpage = [&]
-	{
+	auto genwithpage = [&] {
 		for(const Revision &revision : revisions)
 		{
 

utils.cpp

@@ -46,12 +46,6 @@ std::string utils::html_xss(std::string_view str)
 		case '%':
 			result += "%";
 			break;
-		case '\'':
-			result += "'";
-			break;
-		case '&':
-			result += "&";
-			break;
 		default:
 			result += c;
 		}
@@ -182,19 +176,13 @@ std::string utils::toISODate(time_t t)
 	return std::string{result};
 }
 
-std::string utils::trim(const std::string &str)
+void utils::regex_callback_extractor(std::regex regex, const std::string &input, std::function<void (std::smatch &)> callback)
 {
-	std::string_view chars = " \t\n\r";
-	std::string_view view = str;
-	auto n = view.find_first_not_of(chars);
-	if(n != std::string_view::npos)
+	auto begin = std::sregex_iterator(input.begin(), input.end(), regex);
+	auto end = std::sregex_iterator();
+	for(auto it = begin; it != end; it++)
 	{
-		view.remove_prefix(n);
+		std::smatch smatch = *it;
+		callback(smatch);
 	}
-	n = view.find_last_not_of(chars);
-	if(n != std::string_view::npos)
-	{
-		view.remove_suffix(view.size() - n - 1);
-	}
-	return std::string{view};
 }

utils.h

@@ -60,6 +60,7 @@ template <class T, class U> std::vector<U> getAll(std::multimap<T, U> map, T key
 std::string regex_callback_replacer(std::regex regex, const std::string &input,
 									std::function<std::string(std::smatch &)> callback);
 
+void regex_callback_extractor(std::regex regex, const std::string &input, std::function<void(std::smatch &)> callback);
 std::string readCompleteFile(std::string_view filepath);
 
 inline std::string nz(const char *s)
@@ -93,7 +94,5 @@ template <class T> inline std::string toString(const T &v)
 	return std::string(v.begin(), v.end());
 }
 
-std::string trim(const std::string &str);
-
 } // namespace utils
 #endif

version.cpp

@@ -1,11 +0,0 @@
-#include "version.h"
-
-std::string git_commit_id()
-{
-	return std::string(GITCOMMIT);
-}
-
-std::string get_version_string()
-{
-	return git_commit_id() + " Built: " + __DATE__ + " " + __TIME__;
-}

version.h

@@ -1,7 +0,0 @@
-#ifndef VERSION_H
-#define VERSION_H
-
-#include <string>
-std::string git_commit_id();
-std::string get_version_string();
-#endif // VERSION_H