Implement user quota

This feature allows admins to set a specific quota for each user, in
MiB. This feature is particularly useful for shared instances, where
unlimited user storage might be unfeasible or even dangerous for the
server.

Also, a nice HTML5 <progress> element has been added to the site that
shows how much of the quota has been consumed.

If no quota is set, slcl falls back to the default behaviour i.e.,
assume unlimited storage.

Limitations:

- While HTTP does specify a Content-Length, which determines the length
of the whole request, it does not specify how many files are involved
or their individual sizes.
- Because of this, if multiple files are uploaded simultaneously, the
whole request would be dropped if user quota is exceeded, even if not
all files exceeded it.
- Also, Content-Length adds the length of some HTTP boilerplate
(e.g.: boundaries), but slcl must rely on this before accepting the
whole request. In other words, this means some requests might be
rejected by slcl because of the extra bytes caused by such boilerplate.
- When the quota is exceeded, slcl must close the connection so that
the rest of the transfer is cancelled. Unfortunately, this means no
HTML can be sent back to the customer to inform about the situation.

1 files changed, 91 insertions, 0 deletions

diff --git a/auth.c b/auth.c
index 630bb0a..b3ed872 100644
--- a/auth.c
+++ b/auth.c
@@ -372,6 +372,97 @@ const char *auth_dir(const struct auth *const a)
     return a->dir.str;
 }
 
+int auth_quota(const struct auth *const a, const char *const user,
+    bool *const available, unsigned long long *const quota)
+{
+    int ret = -1;
+    const char *const path = a->db.str;
+    char *const db = dump_db(path);
+    cJSON *json = NULL;
+
+    if (!db)
+    {
+        fprintf(stderr, "%s: dump_db failed\n", __func__);
+        goto end;
+    }
+    else if (!(json = cJSON_Parse(db)))
+    {
+        fprintf(stderr, "%s: cJSON_Parse failed\n", __func__);
+        goto end;
+    }
+
+    const cJSON *const users = cJSON_GetObjectItem(json, "users");
+
+    if (!users)
+    {
+        fprintf(stderr, "%s: could not find users\n", __func__);
+        goto end;
+    }
+    else if (!cJSON_IsArray(users))
+    {
+        fprintf(stderr, "%s: expected JSON array for users\n", __func__);
+        goto end;
+    }
+
+    *available = false;
+
+    const cJSON *u;
+
+    cJSON_ArrayForEach(u, users)
+    {
+        const cJSON *const n = cJSON_GetObjectItem(u, "name"),
+            *const q = cJSON_GetObjectItem(u, "quota");
+        const char *name;
+
+        if (!n || !(name = cJSON_GetStringValue(n)))
+        {
+            fprintf(stderr, "%s: missing username\n", __func__);
+            goto end;
+        }
+        else if (!strcmp(name, user))
+        {
+            const char *qs;
+
+            if (!q || !(qs = cJSON_GetStringValue(q)) || !*qs)
+            {
+                /* Unlimited quota. */
+                ret = 0;
+                goto end;
+            }
+
+            char *end;
+
+            errno = 0;
+            *available = true;
+            *quota = strtoull(qs, &end, 10);
+
+            const unsigned long long mul = 1024 * 1024;
+
+            if (errno || *end != '\0')
+            {
+                fprintf(stderr, "%s: invalid quota %s: %s\n",
+                    __func__, qs, strerror(errno));
+                goto end;
+            }
+            else if (*quota >= ULLONG_MAX / mul)
+            {
+                fprintf(stderr, "%s: quota %s too large\n", __func__, qs);
+                goto end;
+            }
+
+            *quota *= 1024 * 1024;
+            break;
+        }
+    }
+
+    ret = 0;
+
+end:
+    free(db);
+    cJSON_Delete(json);
+    return ret;
+}
+
 static int create_db(const char *const path)
 {
     int ret = -1;