(* COCANWIKI - a wiki written in Objective CAML.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: image.ml,v 1.16 2006/03/27 19:10:29 rich Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *)

open Apache
open Registry
open Cgi
open Printf

open ExtString

open Cocanwiki

let run r (q : cgi) dbh hostid {hostname = hostname} _ =
  let image = q#param "image" in
  let is_thumbnail = q#param_true "thumbnail" in
  let version =
    try Some (Int32.of_string (q#param "version")) with Not_found -> None in

  (* Get the image and its MIME type. *)
  let data, mime_type, deleted =
    try
      if not is_thumbnail then
	List.hd (
	  match version with
	  | None ->
	      PGSQL(dbh) "select image, mime_type, name is null
                            from images
                           where hostid = $hostid and name = $image"
	  | Some version ->
	      PGSQL(dbh) "select image, mime_type, name is null
                            from images
                           where hostid = $hostid
                             and (name = $image or name_deleted = $image)
                             and id = $version"
	)
      else (
	let data, mime_type, deleted =
	  List.hd (
	    match version with
	    | None ->
		PGSQL(dbh) "select thumbnail, tn_mime_type, name is null
                              from images
                             where hostid = $hostid and name = $image"
	    | Some version ->
		PGSQL(dbh) "select thumbnail, tn_mime_type, name is null
                              from images
                             where hostid = $hostid
                               and (name = $image or name_deleted = $image)
                               and id = $version"
	  ) in
	Option.get data, Option.get mime_type, deleted
      )
    with
      Not_found | ExtList.List.Empty_list ->
	raise (HttpError cHTTP_NOT_FOUND) in

  let deleted = Option.get deleted in

  (* If deleted, refuse to serve this image except if shown on the site. *)
  if deleted then (
    let referer =
      try Table.get (Request.headers_in r) "Referer" with Not_found -> "" in
    let ok =
      try ignore (String.find referer hostname); true
      with Invalid_string -> false in

    if not ok then (
      prerr_endline "image.ml: bandwidth theft avoided";
      raise (HttpError cHTTP_NOT_FOUND)
    )
  );

  (* Set a medium-length expiry time on this resource. *)
  Table.set (Request.headers_out r) "Expires" (Expires.medium ());

  (* Content-length header. *)
  Table.set (Request.headers_out r) "Content-Length"
    (string_of_int (String.length data));

  q#header ~content_type:mime_type ();
  ignore (print_string r data)

let () =
  register_script ~restrict:[CanView] run