From 5c794fa9a78b8e0f78dea63cfabdc33732d2261c Mon Sep 17 00:00:00 2001
From: Alexander Myltsev <a.myltsev@gmail.com>
Date: Wed, 7 Dec 2022 14:21:20 +0300
Subject: [PATCH 1/4] Save SID in a cookie at contest login.

---
 lib/new_server_html.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/new_server_html.c b/lib/new_server_html.c
index e220fc8c4f..8c1f743456 100644
--- a/lib/new_server_html.c
+++ b/lib/new_server_html.c
@@ -1181,6 +1181,15 @@ ns_submit_button_2(
   return buf;
 }
 
+static const char*
+role_text(int role) {
+  switch (role) {
+    case USER_ROLE_ADMIN: return "admin";
+    case USER_ROLE_JUDGE: return "judge";
+    default: return "contestant";
+  }
+}
+
 void
 ns_refresh_page(
         FILE *fout,
@@ -1199,6 +1208,10 @@ ns_refresh_page(
   if (phr->client_key) {
     fprintf(fout, "Set-Cookie: EJSID=%016llx; Path=/; SameSite=Lax\n", phr->client_key);
   }
+  if (phr->session_id) {
+    fprintf(fout, "Set-Cookie: SID_%s_%d=%016llx; SameSite=Lax; Secure; Max-Age=864000; HttpOnly\n",
+            role_text(phr->role), phr->contest_id, phr->session_id);
+  }
   fprintf(fout, "Location: %s\n\n", url);
 }
 

From f6a5aad953ed93ce56f3c6712d7b8464bc5fca1c Mon Sep 17 00:00:00 2001
From: Alexander Myltsev <a.myltsev@gmail.com>
Date: Wed, 7 Dec 2022 18:13:05 +0300
Subject: [PATCH 2/4] Make the cookie not "secure" for testing.

---
 include/ejudge/ej_types.h | 1 +
 lib/new_server_html.c     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/ejudge/ej_types.h b/include/ejudge/ej_types.h
index d7a9e4fb04..84b073af37 100644
--- a/include/ejudge/ej_types.h
+++ b/include/ejudge/ej_types.h
@@ -26,6 +26,7 @@ typedef long long ej_time64_t;   /* time_t for new file formats */
 typedef ruint32_t ej_size_t;     /* size_t as stored in files */
 typedef ruint32_t ej_ip4_t;      /* IP address as stored in files */
 typedef unsigned long long ej_cookie_t;   /* cookie */
+#define PRI_COOKIE "016llx"
 typedef unsigned long long ej_tsc_t; /* timestamp counter type */
 typedef long long ej_size64_t;   /* size for use in config files, parse expressions, etc */
 
diff --git a/lib/new_server_html.c b/lib/new_server_html.c
index 8c1f743456..006e455b8c 100644
--- a/lib/new_server_html.c
+++ b/lib/new_server_html.c
@@ -1209,7 +1209,7 @@ ns_refresh_page(
     fprintf(fout, "Set-Cookie: EJSID=%016llx; Path=/; SameSite=Lax\n", phr->client_key);
   }
   if (phr->session_id) {
-    fprintf(fout, "Set-Cookie: SID_%s_%d=%016llx; SameSite=Lax; Secure; Max-Age=864000; HttpOnly\n",
+    fprintf(fout, "Set-Cookie: SID_%s_%d=%" PRI_COOKIE "; SameSite=Lax; Max-Age=864000; HttpOnly\n",
             role_text(phr->role), phr->contest_id, phr->session_id);
   }
   fprintf(fout, "Location: %s\n\n", url);

From fa4a257632f4ab0c374278e99bba4c84f3ec5f72 Mon Sep 17 00:00:00 2001
From: Alexander Myltsev <a.myltsev@gmail.com>
Date: Wed, 7 Dec 2022 19:23:09 +0300
Subject: [PATCH 3/4] Add cgi-bin/link.

---
 cgi-bin/link          | 39 +++++++++++++++++++++++++++++++++++++++
 lib/new_server_html.c |  2 +-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100755 cgi-bin/link

diff --git a/cgi-bin/link b/cgi-bin/link
new file mode 100755
index 0000000000..ce8e7957fb
--- /dev/null
+++ b/cgi-bin/link
@@ -0,0 +1,39 @@
+#!/usr/bin/python3
+import cgi
+import os
+import re
+import http.cookies
+
+import cgitb
+cgitb.enable()
+
+def main():
+    path_info = os.getenv('PATH_INFO', '')
+
+    m = re.match('/(\d+)/(\d+)', path_info)
+    if not m:
+        print('\nMalformed request')
+        return
+
+    contest_id = int(m.group(1))
+    run_id = int(m.group(2))
+
+    cookies = os.getenv('HTTP_COOKIE', '')
+    jar = http.cookies.SimpleCookie()
+    jar.load(cookies)
+
+    scheme = os.getenv('REQUEST_SCHEME', 'https')
+    host = os.getenv('HTTP_HOST')
+    location = f'{scheme}://{host}/cgi-bin'
+
+    for role, script in (('admin', 'master'), ('judge', 'judge'), ('contestant', 'user')):
+        key = f'SID_{role}_{contest_id}'
+        if key in jar:
+            sid = jar[key].value
+            print(f'Location: {location}/new-{script}?SID={sid}&action=36&run_id={run_id}\n')
+            return
+    print(f'Location: {location}/new-master?contest_id={contest_id}\n')
+
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/new_server_html.c b/lib/new_server_html.c
index 006e455b8c..beb3ff7620 100644
--- a/lib/new_server_html.c
+++ b/lib/new_server_html.c
@@ -1209,7 +1209,7 @@ ns_refresh_page(
     fprintf(fout, "Set-Cookie: EJSID=%016llx; Path=/; SameSite=Lax\n", phr->client_key);
   }
   if (phr->session_id) {
-    fprintf(fout, "Set-Cookie: SID_%s_%d=%" PRI_COOKIE "; SameSite=Lax; Max-Age=864000; HttpOnly\n",
+    fprintf(fout, "Set-Cookie: SID_%s_%d=%" PRI_COOKIE "; Secure; SameSite=Lax; Max-Age=864000; HttpOnly\n",
             role_text(phr->role), phr->contest_id, phr->session_id);
   }
   fprintf(fout, "Location: %s\n\n", url);

From 17e3c017bee51eb5f9aff0b06307bd3150acb119 Mon Sep 17 00:00:00 2001
From: Alexander Myltsev <a.myltsev@gmail.com>
Date: Fri, 9 Dec 2022 18:59:43 +0300
Subject: [PATCH 4/4] Make cookie not 'HttpOnly' for the JS redirector.

---
 lib/new_server_html.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/new_server_html.c b/lib/new_server_html.c
index beb3ff7620..1bac6e9750 100644
--- a/lib/new_server_html.c
+++ b/lib/new_server_html.c
@@ -1209,7 +1209,7 @@ ns_refresh_page(
     fprintf(fout, "Set-Cookie: EJSID=%016llx; Path=/; SameSite=Lax\n", phr->client_key);
   }
   if (phr->session_id) {
-    fprintf(fout, "Set-Cookie: SID_%s_%d=%" PRI_COOKIE "; Secure; SameSite=Lax; Max-Age=864000; HttpOnly\n",
+    fprintf(fout, "Set-Cookie: SID_%s_%d=%" PRI_COOKIE "; Secure; SameSite=Lax; Max-Age=864000\n",
             role_text(phr->role), phr->contest_id, phr->session_id);
   }
   fprintf(fout, "Location: %s\n\n", url);