dmt: Add routing / proper request handling

All requests are handled by interpreting the $PATH_INFO environment
variable, which is set by the main path component of the HTTP request.
All requests are assumed to be GET requests, as no other request method
is supported.

Elements in the $PATH_INFO are split into an array on the '/' delimiter,
and we apply some sanity checks to the string to prevent potential
exploits.

Routes are established for all present API endpoints and valid resources
/ pages.

Signed-off-by: Malfurious <m@lfurio.us>

1 files changed, 30 insertions, 2 deletions

diff --git a/dmt/dmt b/dmt/dmt
index 771ef88..c23e844 100755
--- a/dmt/dmt
+++ b/dmt/dmt
@@ -9,6 +9,16 @@ CYCHE_STATUS_FILE="/data/status"
 CYCHE_VERSION_FILE="/version"
 source config.sh
 
+sane_path_info() {
+    # Permit only '-_./' and alphanumeric, as in "/Foo/bar_baz/ex-420.txt".
+    # Fail if any ".." or "//" is detected to prevent bad file access.
+    # Final path info is split on '/' for easy forming into an array.
+    ( (! echo "$PATH_INFO" | grep -Eq '^[-_\.\/A-Za-z0-9]+$') \
+        || (! echo "$PATH_INFO" | grep -Evq '\.\.|//') ) \
+        && exit 1
+    echo "$PATH_INFO" | sed 's/\// /g'
+}
+
 integer() {
     [ "$1" -eq "$1" ] >/dev/null 2>&1
 }
@@ -80,5 +90,23 @@ api_log() {
     fi
 }
 
-page_template="html/jobs.html"
-template html/master.html text/html
+route=($(sane_path_info)) || exit 1
+
+case ${route[0]} in
+    "api")
+        case ${route[1]} in
+            "status") api_status ;;
+            "job") api_job "${route[2]}" ;;
+            "log") api_log "${route[2]}" ;;
+        esac
+        ;;
+
+    "")
+        page_template="html/jobs.html"
+        template "html/master.html" text/html
+        ;;
+
+    "style.css")
+        template "style.css" text/css
+        ;;
+esac