mongoose/src/http.c

1116 lines
42 KiB
C
Raw Normal View History

2020-12-05 11:26:32 +00:00
#include "arch.h"
#include "base64.h"
2022-07-28 10:18:17 +01:00
#include "fmt.h"
#include "http.h"
2022-10-28 15:35:40 +01:00
#include "json.h"
2020-12-05 11:26:32 +00:00
#include "log.h"
#include "net.h"
2023-03-27 14:11:39 -03:00
#include "printf.h"
#include "ssi.h"
2020-12-05 11:26:32 +00:00
#include "util.h"
2020-12-10 17:46:26 +00:00
#include "version.h"
2020-12-05 11:26:32 +00:00
#include "ws.h"
bool mg_to_size_t(struct mg_str str, size_t *val);
bool mg_to_size_t(struct mg_str str, size_t *val) {
size_t i = 0, max = (size_t) -1, max2 = max / 10, result = 0, ndigits = 0;
2024-03-15 07:42:24 +00:00
while (i < str.len && (str.buf[i] == ' ' || str.buf[i] == '\t')) i++;
if (i < str.len && str.buf[i] == '-') return false;
while (i < str.len && str.buf[i] >= '0' && str.buf[i] <= '9') {
size_t digit = (size_t) (str.buf[i] - '0');
if (result > max2) return false; // Overflow
result *= 10;
if (result > max - digit) return false; // Overflow
result += digit;
i++, ndigits++;
}
2024-03-15 07:42:24 +00:00
while (i < str.len && (str.buf[i] == ' ' || str.buf[i] == '\t')) i++;
if (ndigits == 0) return false; // #2322: Content-Length = 1 * DIGIT
if (i != str.len) return false; // Ditto
*val = (size_t) result;
return true;
}
2022-08-04 17:08:30 +01:00
// Chunk deletion marker is the MSB in the "processed" counter
#define MG_DMARK ((size_t) 1 << (sizeof(size_t) * 8 - 1))
2020-12-05 11:26:32 +00:00
// Multipart POST example:
2021-03-17 07:43:29 +00:00
// --xyz
// Content-Disposition: form-data; name="val"
//
// abcdef
// --xyz
// Content-Disposition: form-data; name="foo"; filename="a.txt"
// Content-Type: text/plain
//
// hello world
//
// --xyz--
size_t mg_http_next_multipart(struct mg_str body, size_t ofs,
struct mg_http_part *part) {
struct mg_str cd = mg_str_n("Content-Disposition", 19);
2024-03-15 07:42:24 +00:00
const char *s = body.buf;
2021-03-17 07:43:29 +00:00
size_t b = ofs, h1, h2, b1, b2, max = body.len;
// Init part params
if (part != NULL) part->name = part->filename = part->body = mg_str_n(0, 0);
// Skip boundary
while (b + 2 < max && s[b] != '\r' && s[b + 1] != '\n') b++;
if (b <= ofs || b + 2 >= max) return 0;
// MG_INFO(("B: %zu %zu [%.*s]", ofs, b - ofs, (int) (b - ofs), s));
2021-03-17 07:43:29 +00:00
// Skip headers
h1 = h2 = b + 2;
for (;;) {
while (h2 + 2 < max && s[h2] != '\r' && s[h2 + 1] != '\n') h2++;
if (h2 == h1) break;
if (h2 + 2 >= max) return 0;
// MG_INFO(("Header: [%.*s]", (int) (h2 - h1), &s[h1]));
2021-03-17 07:43:29 +00:00
if (part != NULL && h1 + cd.len + 2 < h2 && s[h1 + cd.len] == ':' &&
2024-03-15 07:42:24 +00:00
mg_ncasecmp(&s[h1], cd.buf, cd.len) == 0) {
2021-03-17 07:43:29 +00:00
struct mg_str v = mg_str_n(&s[h1 + cd.len + 2], h2 - (h1 + cd.len + 2));
part->name = mg_http_get_header_var(v, mg_str_n("name", 4));
part->filename = mg_http_get_header_var(v, mg_str_n("filename", 8));
}
h1 = h2 = h2 + 2;
}
b1 = b2 = h2 + 2;
2021-03-17 13:28:36 +00:00
while (b2 + 2 + (b - ofs) + 2 < max && !(s[b2] == '\r' && s[b2 + 1] == '\n' &&
memcmp(&s[b2 + 2], s, b - ofs) == 0))
2021-03-17 07:43:29 +00:00
b2++;
if (b2 + 2 >= max) return 0;
if (part != NULL) part->body = mg_str_n(&s[b1], b2 - b1);
// MG_INFO(("Body: [%.*s]", (int) (b2 - b1), &s[b1]));
2021-03-17 07:43:29 +00:00
return b2 + 2;
2021-03-15 13:20:53 +00:00
}
2020-12-05 11:26:32 +00:00
void mg_http_bauth(struct mg_connection *c, const char *user,
const char *pass) {
struct mg_str u = mg_str(user), p = mg_str(pass);
size_t need = c->send.len + 36 + (u.len + p.len) * 2;
if (c->send.size < need) mg_iobuf_resize(&c->send, need);
if (c->send.size >= need) {
2023-08-22 11:50:19 +01:00
size_t i, n = 0;
2022-12-09 09:29:34 +00:00
char *buf = (char *) &c->send.buf[c->send.len];
memcpy(buf, "Authorization: Basic ", 21); // DON'T use mg_send!
2023-08-22 11:50:19 +01:00
for (i = 0; i < u.len; i++) {
2024-03-15 07:42:24 +00:00
n = mg_base64_update(((unsigned char *) u.buf)[i], buf + 21, n);
}
2020-12-05 11:26:32 +00:00
if (p.len > 0) {
2022-12-09 09:29:34 +00:00
n = mg_base64_update(':', buf + 21, n);
2023-08-22 11:50:19 +01:00
for (i = 0; i < p.len; i++) {
2024-03-15 07:42:24 +00:00
n = mg_base64_update(((unsigned char *) p.buf)[i], buf + 21, n);
}
2020-12-05 11:26:32 +00:00
}
2022-12-09 09:29:34 +00:00
n = mg_base64_final(buf + 21, n);
c->send.len += 21 + (size_t) n + 2;
2020-12-05 11:26:32 +00:00
memcpy(&c->send.buf[c->send.len - 2], "\r\n", 2);
} else {
2022-12-09 09:29:34 +00:00
MG_ERROR(("%lu oom %d->%d ", c->id, (int) c->send.size, (int) need));
2020-12-05 11:26:32 +00:00
}
}
2022-06-18 04:23:56 +01:00
struct mg_str mg_http_var(struct mg_str buf, struct mg_str name) {
struct mg_str entry, k, v, result = mg_str_n(NULL, 0);
while (mg_span(buf, &entry, &buf, '&')) {
if (mg_span(entry, &k, &v, '=') && name.len == k.len &&
2024-03-15 07:42:24 +00:00
mg_ncasecmp(name.buf, k.buf, k.len) == 0) {
2022-06-18 04:23:56 +01:00
result = v;
break;
}
}
return result;
}
2020-12-05 11:26:32 +00:00
int mg_http_get_var(const struct mg_str *buf, const char *name, char *dst,
size_t dst_len) {
2020-12-05 11:26:32 +00:00
int len;
if (dst != NULL && dst_len > 0) {
dst[0] = '\0'; // If destination buffer is valid, always nul-terminate it
}
2020-12-05 11:26:32 +00:00
if (dst == NULL || dst_len == 0) {
len = -2; // Bad destination
2024-03-15 07:42:24 +00:00
} else if (buf->buf == NULL || name == NULL || buf->len == 0) {
2020-12-05 11:26:32 +00:00
len = -1; // Bad source
} else {
2022-06-18 04:23:56 +01:00
struct mg_str v = mg_http_var(*buf, mg_str(name));
2024-03-15 07:42:24 +00:00
if (v.buf == NULL) {
2022-06-18 04:23:56 +01:00
len = -4; // Name does not exist
} else {
2024-03-15 07:42:24 +00:00
len = mg_url_decode(v.buf, v.len, dst, dst_len, 1);
2022-06-18 04:23:56 +01:00
if (len < 0) len = -3; // Failed to decode
2020-12-05 11:26:32 +00:00
}
}
return len;
}
2022-02-22 20:20:56 +00:00
static bool isx(int c) {
return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F');
}
2020-12-05 11:26:32 +00:00
int mg_url_decode(const char *src, size_t src_len, char *dst, size_t dst_len,
int is_form_url_encoded) {
size_t i, j;
2020-12-11 09:35:50 +00:00
for (i = j = 0; i < src_len && j + 1 < dst_len; i++, j++) {
2020-12-05 11:26:32 +00:00
if (src[i] == '%') {
2020-12-11 09:35:50 +00:00
// Use `i + 2 < src_len`, not `i < src_len - 2`, note small src_len
2022-02-22 20:20:56 +00:00
if (i + 2 < src_len && isx(src[i + 1]) && isx(src[i + 2])) {
2020-12-05 11:26:32 +00:00
mg_unhex(src + i + 1, 2, (uint8_t *) &dst[j]);
i += 2;
} else {
return -1;
}
} else if (is_form_url_encoded && src[i] == '+') {
dst[j] = ' ';
} else {
dst[j] = src[i];
}
}
2020-12-11 09:35:50 +00:00
if (j < dst_len) dst[j] = '\0'; // Null-terminate the destination
return i >= src_len && j < dst_len ? (int) j : -1;
2020-12-05 11:26:32 +00:00
}
static bool isok(uint8_t c) {
return c == '\n' || c == '\r' || c >= ' ';
}
2022-02-22 20:20:56 +00:00
2020-12-05 11:26:32 +00:00
int mg_http_get_request_len(const unsigned char *buf, size_t buf_len) {
size_t i;
for (i = 0; i < buf_len; i++) {
2022-02-22 20:20:56 +00:00
if (!isok(buf[i])) return -1;
2020-12-05 11:26:32 +00:00
if ((i > 0 && buf[i] == '\n' && buf[i - 1] == '\n') ||
(i > 3 && buf[i] == '\n' && buf[i - 1] == '\r' && buf[i - 2] == '\n'))
return (int) i + 1;
}
return 0;
}
struct mg_str *mg_http_get_header(struct mg_http_message *h, const char *name) {
size_t i, n = strlen(name), max = sizeof(h->headers) / sizeof(h->headers[0]);
for (i = 0; i < max && h->headers[i].name.len > 0; i++) {
struct mg_str *k = &h->headers[i].name, *v = &h->headers[i].value;
2024-03-15 07:42:24 +00:00
if (n == k->len && mg_ncasecmp(k->buf, name, n) == 0) return v;
2020-12-05 11:26:32 +00:00
}
return NULL;
}
// Is it a valid utf-8 continuation byte
static bool vcb(uint8_t c) {
return (c & 0xc0) == 0x80;
}
// Get character length (valid utf-8). Used to parse method, URI, headers
static size_t clen(const char *s, const char *end) {
const unsigned char *u = (unsigned char *) s, c = *u;
long n = (long) (end - s);
if (c > ' ' && c < '~') return 1; // Usual ascii printed char
if ((c & 0xe0) == 0xc0 && n > 1 && vcb(u[1])) return 2; // 2-byte UTF8
if ((c & 0xf0) == 0xe0 && n > 2 && vcb(u[1]) && vcb(u[2])) return 3;
if ((c & 0xf8) == 0xf0 && n > 3 && vcb(u[1]) && vcb(u[2]) && vcb(u[3]))
return 4;
return 0;
}
// Skip until the newline. Return advanced `s`, or NULL on error
static const char *skiptorn(const char *s, const char *end, struct mg_str *v) {
2024-03-15 07:42:24 +00:00
v->buf = (char *) s;
while (s < end && s[0] != '\n' && s[0] != '\r') s++, v->len++; // To newline
if (s >= end || (s[0] == '\r' && s[1] != '\n')) return NULL; // Stray \r
if (s < end && s[0] == '\r') s++; // Skip \r
if (s >= end || *s++ != '\n') return NULL; // Skip \n
return s;
}
2023-06-27 14:55:06 -03:00
static bool mg_http_parse_headers(const char *s, const char *end,
struct mg_http_header *h, size_t max_hdrs) {
size_t i, n;
for (i = 0; i < max_hdrs; i++) {
struct mg_str k = {NULL, 0}, v = {NULL, 0};
if (s >= end) return false;
if (s[0] == '\n' || (s[0] == '\r' && s[1] == '\n')) break;
2024-03-15 07:42:24 +00:00
k.buf = (char *) s;
while (s < end && s[0] != ':' && (n = clen(s, end)) > 0) s += n, k.len += n;
if (k.len == 0) return false; // Empty name
if (s >= end || clen(s, end) == 0) return false; // Invalid UTF-8
if (*s++ != ':') return false; // Invalid, not followed by :
// if (clen(s, end) == 0) return false; // Invalid UTF-8
while (s < end && s[0] == ' ') s++; // Skip spaces
if ((s = skiptorn(s, end, &v)) == NULL) return false;
2024-03-15 07:42:24 +00:00
while (v.len > 0 && v.buf[v.len - 1] == ' ') v.len--; // Trim spaces
// MG_INFO(("--HH [%.*s] [%.*s]", (int) k.len, k.buf, (int) v.len, v.buf));
h[i].name = k, h[i].value = v; // Success. Assign values
2020-12-05 11:26:32 +00:00
}
2023-06-27 14:55:06 -03:00
return true;
2020-12-05 11:26:32 +00:00
}
int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
int is_response, req_len = mg_http_get_request_len((unsigned char *) s, len);
2022-09-29 16:53:11 +01:00
const char *end = s == NULL ? NULL : s + req_len, *qs; // Cannot add to NULL
2024-03-15 07:42:24 +00:00
const struct mg_str *cl;
size_t n;
2020-12-05 11:26:32 +00:00
memset(hm, 0, sizeof(*hm));
if (req_len <= 0) return req_len;
2024-03-15 07:42:24 +00:00
hm->message.buf = hm->head.buf = (char *) s;
hm->body.buf = (char *) end;
hm->head.len = (size_t) req_len;
2023-09-26 19:59:42 +01:00
hm->message.len = hm->body.len = (size_t) -1; // Set body length to infinite
2020-12-05 11:26:32 +00:00
// Parse request line
2024-03-15 07:42:24 +00:00
hm->method.buf = (char *) s;
while (s < end && (n = clen(s, end)) > 0) s += n, hm->method.len += n;
while (s < end && s[0] == ' ') s++; // Skip spaces
2024-03-15 07:42:24 +00:00
hm->uri.buf = (char *) s;
while (s < end && (n = clen(s, end)) > 0) s += n, hm->uri.len += n;
while (s < end && s[0] == ' ') s++; // Skip spaces
if ((s = skiptorn(s, end, &hm->proto)) == NULL) return false;
2021-02-09 21:16:33 +00:00
2020-12-05 11:26:32 +00:00
// If URI contains '?' character, setup query string
2024-03-15 07:42:24 +00:00
if ((qs = (const char *) memchr(hm->uri.buf, '?', hm->uri.len)) != NULL) {
hm->query.buf = (char *) qs + 1;
hm->query.len = (size_t) (&hm->uri.buf[hm->uri.len] - (qs + 1));
hm->uri.len = (size_t) (qs - hm->uri.buf);
2020-12-05 11:26:32 +00:00
}
2023-08-21 17:16:48 +01:00
// Sanity check. Allow protocol/reason to be empty
// Do this check after hm->method.len and hm->uri.len are finalised
if (hm->method.len == 0 || hm->uri.len == 0) return -1;
2023-06-27 14:55:06 -03:00
if (!mg_http_parse_headers(s, end, hm->headers,
sizeof(hm->headers) / sizeof(hm->headers[0])))
return -1; // error when parsing
2020-12-05 11:26:32 +00:00
if ((cl = mg_http_get_header(hm, "Content-Length")) != NULL) {
if (mg_to_size_t(*cl, &hm->body.len) == false) return -1;
hm->message.len = (size_t) req_len + hm->body.len;
2020-12-05 11:26:32 +00:00
}
// mg_http_parse() is used to parse both HTTP requests and HTTP
// responses. If HTTP response does not have Content-Length set, then
// body is read until socket is closed, i.e. body.len is infinite (~0).
//
// For HTTP requests though, according to
// http://tools.ietf.org/html/rfc7231#section-8.1.3,
// only POST and PUT methods have defined body semantics.
// Therefore, if Content-Length is not specified and methods are
// not one of PUT or POST, set body length to 0.
//
// So, if it is HTTP request, and Content-Length is not set,
// and method is not (PUT or POST) then reset body length to zero.
2024-03-15 07:42:24 +00:00
is_response = mg_ncasecmp(hm->method.buf, "HTTP/", 5) == 0;
2020-12-05 11:26:32 +00:00
if (hm->body.len == (size_t) ~0 && !is_response &&
mg_vcasecmp(&hm->method, "PUT") != 0 &&
mg_vcasecmp(&hm->method, "POST") != 0) {
hm->body.len = 0;
hm->message.len = (size_t) req_len;
2020-12-05 11:26:32 +00:00
}
// The 204 (No content) responses also have 0 body length
if (hm->body.len == (size_t) ~0 && is_response &&
mg_vcasecmp(&hm->uri, "204") == 0) {
hm->body.len = 0;
hm->message.len = (size_t) req_len;
}
2023-08-18 20:33:57 +01:00
if (hm->message.len < (size_t) req_len) return -1; // Overflow protection
2020-12-05 11:26:32 +00:00
return req_len;
}
static void mg_http_vprintf_chunk(struct mg_connection *c, const char *fmt,
2022-09-23 08:59:02 +01:00
va_list *ap) {
size_t len = c->send.len;
mg_send(c, " \r\n", 10);
2022-09-23 08:59:02 +01:00
mg_vxprintf(mg_pfn_iobuf, &c->send, fmt, ap);
if (c->send.len >= len + 10) {
mg_snprintf((char *) c->send.buf + len, 9, "%08lx", c->send.len - len - 10);
c->send.buf[len + 8] = '\r';
if (c->send.len == len + 10) c->is_resp = 0; // Last chunk, reset marker
}
2020-12-05 11:26:32 +00:00
mg_send(c, "\r\n", 2);
}
void mg_http_printf_chunk(struct mg_connection *c, const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
2022-09-23 08:59:02 +01:00
mg_http_vprintf_chunk(c, fmt, &ap);
2020-12-05 11:26:32 +00:00
va_end(ap);
}
void mg_http_write_chunk(struct mg_connection *c, const char *buf, size_t len) {
2022-02-10 17:11:03 +00:00
mg_printf(c, "%lx\r\n", (unsigned long) len);
2020-12-05 11:26:32 +00:00
mg_send(c, buf, len);
mg_send(c, "\r\n", 2);
if (len == 0) c->is_resp = 0;
2020-12-05 11:26:32 +00:00
}
2021-04-29 09:17:24 +01:00
// clang-format off
static const char *mg_http_status_code_str(int status_code) {
switch (status_code) {
case 100: return "Continue";
case 101: return "Switching Protocols";
case 102: return "Processing";
case 200: return "OK";
2021-04-29 09:17:24 +01:00
case 201: return "Created";
case 202: return "Accepted";
case 203: return "Non-authoritative Information";
2021-04-29 09:17:24 +01:00
case 204: return "No Content";
case 205: return "Reset Content";
2021-04-29 09:17:24 +01:00
case 206: return "Partial Content";
case 207: return "Multi-Status";
case 208: return "Already Reported";
case 226: return "IM Used";
case 300: return "Multiple Choices";
2021-04-29 09:17:24 +01:00
case 301: return "Moved Permanently";
case 302: return "Found";
case 303: return "See Other";
2021-04-29 09:17:24 +01:00
case 304: return "Not Modified";
case 305: return "Use Proxy";
case 307: return "Temporary Redirect";
case 308: return "Permanent Redirect";
2021-04-29 09:17:24 +01:00
case 400: return "Bad Request";
case 401: return "Unauthorized";
case 402: return "Payment Required";
2021-04-29 09:17:24 +01:00
case 403: return "Forbidden";
case 404: return "Not Found";
case 405: return "Method Not Allowed";
case 406: return "Not Acceptable";
case 407: return "Proxy Authentication Required";
case 408: return "Request Timeout";
case 409: return "Conflict";
case 410: return "Gone";
case 411: return "Length Required";
case 412: return "Precondition Failed";
case 413: return "Payload Too Large";
case 414: return "Request-URI Too Long";
case 415: return "Unsupported Media Type";
case 416: return "Requested Range Not Satisfiable";
case 417: return "Expectation Failed";
2021-04-29 09:17:24 +01:00
case 418: return "I'm a teapot";
case 421: return "Misdirected Request";
case 422: return "Unprocessable Entity";
case 423: return "Locked";
case 424: return "Failed Dependency";
case 426: return "Upgrade Required";
case 428: return "Precondition Required";
case 429: return "Too Many Requests";
case 431: return "Request Header Fields Too Large";
case 444: return "Connection Closed Without Response";
case 451: return "Unavailable For Legal Reasons";
case 499: return "Client Closed Request";
2021-04-29 09:17:24 +01:00
case 500: return "Internal Server Error";
case 501: return "Not Implemented";
case 502: return "Bad Gateway";
case 503: return "Service Unavailable";
case 504: return "Gateway Timeout";
case 505: return "HTTP Version Not Supported";
case 506: return "Variant Also Negotiates";
case 507: return "Insufficient Storage";
case 508: return "Loop Detected";
case 510: return "Not Extended";
case 511: return "Network Authentication Required";
case 599: return "Network Connect Timeout Error";
default: return "";
2021-04-29 09:17:24 +01:00
}
}
// clang-format on
2020-12-17 22:45:22 +00:00
void mg_http_reply(struct mg_connection *c, int code, const char *headers,
const char *fmt, ...) {
2020-12-05 11:26:32 +00:00
va_list ap;
2022-02-10 17:11:03 +00:00
size_t len;
mg_printf(c, "HTTP/1.1 %d %s\r\n%sContent-Length: \r\n\r\n", code,
mg_http_status_code_str(code), headers == NULL ? "" : headers);
len = c->send.len;
2020-12-05 11:26:32 +00:00
va_start(ap, fmt);
2022-08-13 20:34:20 +01:00
mg_vxprintf(mg_pfn_iobuf, &c->send, fmt, &ap);
2020-12-05 11:26:32 +00:00
va_end(ap);
if (c->send.len > 16) {
size_t n = mg_snprintf((char *) &c->send.buf[len - 15], 11, "%-10lu",
2023-01-27 09:36:16 +00:00
(unsigned long) (c->send.len - len));
c->send.buf[len - 15 + n] = ' '; // Change ending 0 to space
}
c->is_resp = 0;
2020-12-05 11:26:32 +00:00
}
static void http_cb(struct mg_connection *, int, void *);
2020-12-05 11:26:32 +00:00
static void restore_http_cb(struct mg_connection *c) {
mg_fs_close((struct mg_fd *) c->pfn_data);
c->pfn_data = NULL;
2020-12-05 11:26:32 +00:00
c->pfn = http_cb;
c->is_resp = 0;
2020-12-05 11:26:32 +00:00
}
char *mg_http_etag(char *buf, size_t len, size_t size, time_t mtime);
2021-07-29 14:21:20 +01:00
char *mg_http_etag(char *buf, size_t len, size_t size, time_t mtime) {
2022-02-10 11:56:55 +00:00
mg_snprintf(buf, len, "\"%lld.%lld\"", (int64_t) mtime, (int64_t) size);
2020-12-05 11:26:32 +00:00
return buf;
}
static void static_cb(struct mg_connection *c, int ev, void *ev_data) {
2020-12-05 11:26:32 +00:00
if (ev == MG_EV_WRITE || ev == MG_EV_POLL) {
struct mg_fd *fd = (struct mg_fd *) c->pfn_data;
2020-12-05 11:26:32 +00:00
// Read to send IO buffer directly, avoid extra on-stack buffer
2022-11-01 21:01:03 +00:00
size_t n, max = MG_IO_SIZE, space;
size_t *cl = (size_t *) &c->data[(sizeof(c->data) - sizeof(size_t)) /
sizeof(size_t) * sizeof(size_t)];
2020-12-05 11:26:32 +00:00
if (c->send.size < max) mg_iobuf_resize(&c->send, max);
2022-02-14 17:44:43 +00:00
if (c->send.len >= c->send.size) return; // Rate limit
if ((space = c->send.size - c->send.len) > *cl) space = *cl;
n = fd->fs->rd(fd->fd, c->send.buf + c->send.len, space);
2022-02-11 11:02:06 +00:00
c->send.len += n;
*cl -= n;
2022-02-11 11:02:06 +00:00
if (n == 0) restore_http_cb(c);
2020-12-05 11:26:32 +00:00
} else if (ev == MG_EV_CLOSE) {
restore_http_cb(c);
}
(void) ev_data;
}
2022-06-29 10:28:37 +01:00
// Known mime types. Keep it outside guess_content_type() function, since
// some environments don't like it defined there.
// clang-format off
2024-03-15 07:42:24 +00:00
#define MG_C_STR(a) { (char *) (a), sizeof(a) - 1 }
2022-06-29 10:28:37 +01:00
static struct mg_str s_known_types[] = {
MG_C_STR("html"), MG_C_STR("text/html; charset=utf-8"),
MG_C_STR("htm"), MG_C_STR("text/html; charset=utf-8"),
MG_C_STR("css"), MG_C_STR("text/css; charset=utf-8"),
MG_C_STR("js"), MG_C_STR("text/javascript; charset=utf-8"),
MG_C_STR("gif"), MG_C_STR("image/gif"),
MG_C_STR("png"), MG_C_STR("image/png"),
MG_C_STR("jpg"), MG_C_STR("image/jpeg"),
MG_C_STR("jpeg"), MG_C_STR("image/jpeg"),
MG_C_STR("woff"), MG_C_STR("font/woff"),
MG_C_STR("ttf"), MG_C_STR("font/ttf"),
MG_C_STR("svg"), MG_C_STR("image/svg+xml"),
MG_C_STR("txt"), MG_C_STR("text/plain; charset=utf-8"),
MG_C_STR("avi"), MG_C_STR("video/x-msvideo"),
MG_C_STR("csv"), MG_C_STR("text/csv"),
MG_C_STR("doc"), MG_C_STR("application/msword"),
MG_C_STR("exe"), MG_C_STR("application/octet-stream"),
MG_C_STR("gz"), MG_C_STR("application/gzip"),
MG_C_STR("ico"), MG_C_STR("image/x-icon"),
MG_C_STR("json"), MG_C_STR("application/json"),
MG_C_STR("mov"), MG_C_STR("video/quicktime"),
MG_C_STR("mp3"), MG_C_STR("audio/mpeg"),
MG_C_STR("mp4"), MG_C_STR("video/mp4"),
MG_C_STR("mpeg"), MG_C_STR("video/mpeg"),
MG_C_STR("pdf"), MG_C_STR("application/pdf"),
MG_C_STR("shtml"), MG_C_STR("text/html; charset=utf-8"),
MG_C_STR("tgz"), MG_C_STR("application/tar-gz"),
MG_C_STR("wav"), MG_C_STR("audio/wav"),
MG_C_STR("webp"), MG_C_STR("image/webp"),
MG_C_STR("zip"), MG_C_STR("application/zip"),
MG_C_STR("3gp"), MG_C_STR("video/3gpp"),
{0, 0},
};
// clang-format on
2021-07-28 21:11:07 +01:00
static struct mg_str guess_content_type(struct mg_str path, const char *extra) {
struct mg_str entry, k, v, s = mg_str(extra);
size_t i = 0;
2021-07-28 21:11:07 +01:00
// Shrink path to its extension only
2024-03-15 07:42:24 +00:00
while (i < path.len && path.buf[path.len - i - 1] != '.') i++;
path.buf += path.len - i;
2021-07-28 21:11:07 +01:00
path.len = i;
// Process user-provided mime type overrides, if any
while (mg_span(s, &entry, &s, ',')) {
if (mg_span(entry, &k, &v, '=') && mg_strcmp(path, k) == 0) return v;
2020-12-15 11:58:30 +00:00
}
2021-07-28 21:11:07 +01:00
// Process built-in mime types
2024-03-15 07:42:24 +00:00
for (i = 0; s_known_types[i].buf != NULL; i += 2) {
2022-06-29 10:28:37 +01:00
if (mg_strcmp(path, s_known_types[i]) == 0) return s_known_types[i + 1];
2021-07-28 21:11:07 +01:00
}
return mg_str("text/plain; charset=utf-8");
2020-12-05 11:26:32 +00:00
}
static int getrange(struct mg_str *s, size_t *a, size_t *b) {
size_t i, numparsed = 0;
for (i = 0; i + 6 < s->len; i++) {
2024-03-15 07:42:24 +00:00
struct mg_str k, v = mg_str_n(s->buf + i + 6, s->len - i - 6);
if (memcmp(&s->buf[i], "bytes=", 6) != 0) continue;
if (mg_span(v, &k, &v, '-')) {
if (mg_to_size_t(k, a)) numparsed++;
if (v.len > 0 && mg_to_size_t(v, b)) numparsed++;
} else {
if (mg_to_size_t(v, a)) numparsed++;
2021-04-29 11:00:57 +01:00
}
break;
2021-04-29 11:00:57 +01:00
}
return (int) numparsed;
2021-04-29 11:00:57 +01:00
}
2020-12-05 11:26:32 +00:00
void mg_http_serve_file(struct mg_connection *c, struct mg_http_message *hm,
const char *path,
const struct mg_http_serve_opts *opts) {
char etag[64], tmp[MG_PATH_MAX];
2021-07-29 14:21:20 +01:00
struct mg_fs *fs = opts->fs == NULL ? &mg_fs_posix : opts->fs;
struct mg_fd *fd = NULL;
2021-07-29 14:21:20 +01:00
size_t size = 0;
time_t mtime = 0;
struct mg_str *inm = NULL;
struct mg_str mime = guess_content_type(mg_str(path), opts->mime_types);
bool gzip = false;
if (path != NULL) {
// If a browser sends us "Accept-Encoding: gzip", try to open .gz first
struct mg_str *ae = mg_http_get_header(hm, "Accept-Encoding");
if (ae != NULL && mg_strstr(*ae, mg_str("gzip")) != NULL) {
mg_snprintf(tmp, sizeof(tmp), "%s.gz", path);
fd = mg_fs_open(fs, tmp, MG_FS_READ);
if (fd != NULL) gzip = true, path = tmp;
}
// No luck opening .gz? Open what we've told to open
if (fd == NULL) fd = mg_fs_open(fs, path, MG_FS_READ);
}
// Failed to open, and page404 is configured? Open it, then
if (fd == NULL && opts->page404 != NULL) {
fd = mg_fs_open(fs, opts->page404, MG_FS_READ);
path = opts->page404;
2024-02-20 19:08:07 -03:00
mime = guess_content_type(mg_str(path), opts->mime_types);
}
2021-07-29 14:21:20 +01:00
if (fd == NULL || fs->st(path, &size, &mtime) == 0) {
2022-05-31 23:44:03 +01:00
mg_http_reply(c, 404, opts->extra_headers, "Not found\n");
mg_fs_close(fd);
2021-07-29 14:21:20 +01:00
// NOTE: mg_http_etag() call should go first!
} else if (mg_http_etag(etag, sizeof(etag), size, mtime) != NULL &&
(inm = mg_http_get_header(hm, "If-None-Match")) != NULL &&
mg_vcasecmp(inm, etag) == 0) {
mg_fs_close(fd);
2022-08-13 14:44:08 +01:00
mg_http_reply(c, 304, opts->extra_headers, "");
2020-12-05 11:26:32 +00:00
} else {
2021-04-29 11:00:57 +01:00
int n, status = 200;
2022-07-01 17:28:06 +01:00
char range[100];
size_t r1 = 0, r2 = 0, cl = size;
2023-06-27 14:55:06 -03:00
2021-04-29 11:00:57 +01:00
// Handle Range header
struct mg_str *rh = mg_http_get_header(hm, "Range");
2022-07-01 17:28:06 +01:00
range[0] = '\0';
if (rh != NULL && (n = getrange(rh, &r1, &r2)) > 0) {
2021-04-29 11:00:57 +01:00
// If range is specified like "400-", set second limit to content len
if (n == 1) r2 = cl - 1;
if (r1 > r2 || r2 >= cl) {
status = 416;
cl = 0;
2022-02-10 11:56:55 +00:00
mg_snprintf(range, sizeof(range), "Content-Range: bytes */%lld\r\n",
(int64_t) size);
2021-04-29 11:00:57 +01:00
} else {
status = 206;
cl = r2 - r1 + 1;
2022-02-10 11:56:55 +00:00
mg_snprintf(range, sizeof(range),
"Content-Range: bytes %llu-%llu/%llu\r\n", (uint64_t) r1,
(uint64_t) (r1 + cl - 1), (uint64_t) size);
fs->sk(fd->fd, r1);
2021-04-29 11:00:57 +01:00
}
}
2020-12-05 11:26:32 +00:00
mg_printf(c,
2022-02-10 17:11:03 +00:00
"HTTP/1.1 %d %s\r\n"
"Content-Type: %.*s\r\n"
"Etag: %s\r\n"
"Content-Length: %llu\r\n"
"%s%s%s\r\n",
2024-03-15 07:42:24 +00:00
status, mg_http_status_code_str(status), (int) mime.len, mime.buf,
etag, (uint64_t) cl, gzip ? "Content-Encoding: gzip\r\n" : "",
range, opts->extra_headers ? opts->extra_headers : "");
2020-12-05 11:26:32 +00:00
if (mg_vcasecmp(&hm->method, "HEAD") == 0) {
c->is_draining = 1;
2022-08-13 14:44:08 +01:00
c->is_resp = 0;
mg_fs_close(fd);
2020-12-05 11:26:32 +00:00
} else {
// Track to-be-sent content length at the end of c->data, aligned
size_t *clp = (size_t *) &c->data[(sizeof(c->data) - sizeof(size_t)) /
sizeof(size_t) * sizeof(size_t)];
c->pfn = static_cb;
2021-07-29 14:21:20 +01:00
c->pfn_data = fd;
*clp = cl;
2020-12-05 11:26:32 +00:00
}
}
}
2021-07-29 14:21:20 +01:00
struct printdirentrydata {
struct mg_connection *c;
struct mg_http_message *hm;
const struct mg_http_serve_opts *opts;
2021-07-29 14:21:20 +01:00
const char *dir;
2020-12-05 11:26:32 +00:00
};
2023-06-30 05:25:58 -04:00
#if MG_ENABLE_DIRLIST
2021-07-29 14:21:20 +01:00
static void printdirentry(const char *name, void *userdata) {
struct printdirentrydata *d = (struct printdirentrydata *) userdata;
struct mg_fs *fs = d->opts->fs == NULL ? &mg_fs_posix : d->opts->fs;
size_t size = 0;
time_t t = 0;
2022-02-10 11:56:55 +00:00
char path[MG_PATH_MAX], sz[40], mod[40];
2021-07-29 14:21:20 +01:00
int flags, n = 0;
// MG_DEBUG(("[%s] [%s]", d->dir, name));
2022-02-10 11:56:55 +00:00
if (mg_snprintf(path, sizeof(path), "%s%c%s", d->dir, '/', name) >
sizeof(path)) {
MG_ERROR(("%s truncated", name));
} else if ((flags = fs->st(path, &size, &t)) == 0) {
MG_ERROR(("%lu stat(%s): %d", d->c->id, path, errno));
2020-12-05 11:26:32 +00:00
} else {
2021-07-29 14:21:20 +01:00
const char *slash = flags & MG_FS_DIR ? "/" : "";
if (flags & MG_FS_DIR) {
2022-02-10 11:56:55 +00:00
mg_snprintf(sz, sizeof(sz), "%s", "[DIR]");
2020-12-05 11:26:32 +00:00
} else {
2022-02-10 17:11:03 +00:00
mg_snprintf(sz, sizeof(sz), "%lld", (uint64_t) size);
2020-12-05 11:26:32 +00:00
}
#if defined(MG_HTTP_DIRLIST_TIME_FMT)
2023-02-12 10:41:51 +00:00
{
char time_str[40];
2023-02-12 10:41:51 +00:00
struct tm *time_info = localtime(&t);
strftime(time_str, sizeof time_str, "%Y/%m/%d %H:%M:%S", time_info);
mg_snprintf(mod, sizeof(mod), "%s", time_str);
}
#else
mg_snprintf(mod, sizeof(mod), "%lu", (unsigned long) t);
#endif
2021-07-29 14:21:20 +01:00
n = (int) mg_url_encode(name, strlen(name), path, sizeof(path));
mg_printf(d->c,
" <tr><td><a href=\"%.*s%s\">%s%s</a></td>"
2022-02-10 17:11:03 +00:00
"<td name=%lu>%s</td><td name=%lld>%s</td></tr>\n",
2021-11-02 16:40:25 +00:00
n, path, slash, name, slash, (unsigned long) t, mod,
flags & MG_FS_DIR ? (int64_t) -1 : (int64_t) size, sz);
2020-12-05 11:26:32 +00:00
}
}
static void listdir(struct mg_connection *c, struct mg_http_message *hm,
const struct mg_http_serve_opts *opts, char *dir) {
const char *sort_js_code =
2021-02-07 22:43:49 +00:00
"<script>function srt(tb, sc, so, d) {"
"var tr = Array.prototype.slice.call(tb.rows, 0),"
"tr = tr.sort(function (a, b) { var c1 = a.cells[sc], c2 = b.cells[sc],"
"n1 = c1.getAttribute('name'), n2 = c2.getAttribute('name'), "
"t1 = a.cells[2].getAttribute('name'), "
"t2 = b.cells[2].getAttribute('name'); "
"return so * (t1 < 0 && t2 >= 0 ? -1 : t2 < 0 && t1 >= 0 ? 1 : "
"n1 ? parseInt(n2) - parseInt(n1) : "
"c1.textContent.trim().localeCompare(c2.textContent.trim())); });";
const char *sort_js_code2 =
2021-02-07 22:43:49 +00:00
"for (var i = 0; i < tr.length; i++) tb.appendChild(tr[i]); "
"if (!d) window.location.hash = ('sc=' + sc + '&so=' + so); "
"};"
"window.onload = function() {"
"var tb = document.getElementById('tb');"
"var m = /sc=([012]).so=(1|-1)/.exec(window.location.hash) || [0, 2, 1];"
"var sc = m[1], so = m[2]; document.onclick = function(ev) { "
"var c = ev.target.rel; if (c) {if (c == sc) so *= -1; srt(tb, c, so); "
"sc = c; ev.preventDefault();}};"
"srt(tb, sc, so, true);"
"}"
"</script>";
2021-07-29 14:21:20 +01:00
struct mg_fs *fs = opts->fs == NULL ? &mg_fs_posix : opts->fs;
struct printdirentrydata d = {c, hm, opts, dir};
char tmp[10], buf[MG_PATH_MAX];
2021-07-29 14:21:20 +01:00
size_t off, n;
2024-03-15 07:42:24 +00:00
int len = mg_url_decode(hm->uri.buf, hm->uri.len, buf, sizeof(buf), 0);
struct mg_str uri = len > 0 ? mg_str_n(buf, (size_t) len) : hm->uri;
2020-12-05 11:26:32 +00:00
2021-07-29 14:21:20 +01:00
mg_printf(c,
"HTTP/1.1 200 OK\r\n"
"Content-Type: text/html; charset=utf-8\r\n"
"%s"
"Content-Length: \r\n\r\n",
opts->extra_headers == NULL ? "" : opts->extra_headers);
off = c->send.len; // Start of body
mg_printf(c,
"<!DOCTYPE html><html><head><title>Index of %.*s</title>%s%s"
"<style>th,td {text-align: left; padding-right: 1em; "
"font-family: monospace; }</style></head>"
2022-02-10 17:11:03 +00:00
"<body><h1>Index of %.*s</h1><table cellpadding=\"0\"><thead>"
2021-07-29 14:21:20 +01:00
"<tr><th><a href=\"#\" rel=\"0\">Name</a></th><th>"
"<a href=\"#\" rel=\"1\">Modified</a></th>"
"<th><a href=\"#\" rel=\"2\">Size</a></th></tr>"
"<tr><td colspan=\"3\"><hr></td></tr>"
"</thead>"
"<tbody id=\"tb\">\n",
2024-03-15 07:42:24 +00:00
(int) uri.len, uri.buf, sort_js_code, sort_js_code2, (int) uri.len,
uri.buf);
2022-02-10 17:11:03 +00:00
mg_printf(c, "%s",
" <tr><td><a href=\"..\">..</a></td>"
"<td name=-1></td><td name=-1>[DIR]</td></tr>\n");
2021-07-29 14:21:20 +01:00
fs->ls(dir, printdirentry, &d);
2021-07-29 14:21:20 +01:00
mg_printf(c,
"</tbody><tfoot><tr><td colspan=\"3\"><hr></td></tr></tfoot>"
"</table><address>Mongoose v.%s</address></body></html>\n",
MG_VERSION);
2022-02-10 11:56:55 +00:00
n = mg_snprintf(tmp, sizeof(tmp), "%lu", (unsigned long) (c->send.len - off));
2021-07-29 14:21:20 +01:00
if (n > sizeof(tmp)) n = 0;
memcpy(c->send.buf + off - 12, tmp, n); // Set content length
2022-08-28 13:58:41 +01:00
c->is_resp = 0; // Mark response end
2021-07-29 14:21:20 +01:00
}
2023-06-30 05:25:58 -04:00
#endif
2021-07-29 14:21:20 +01:00
// Resolve requested file into `path` and return its fs->st() result
2021-09-20 12:24:44 +01:00
static int uri_to_path2(struct mg_connection *c, struct mg_http_message *hm,
struct mg_fs *fs, struct mg_str url, struct mg_str dir,
char *path, size_t path_size) {
2022-04-05 12:54:20 +01:00
int flags, tmp;
2021-09-15 07:43:48 +01:00
// Append URI to the root_dir, and sanitize it
2024-03-15 07:42:24 +00:00
size_t n = mg_snprintf(path, path_size, "%.*s", (int) dir.len, dir.buf);
2023-08-15 15:09:48 +01:00
if (n + 2 >= path_size) {
2023-06-30 05:25:58 -04:00
mg_http_reply(c, 400, "", "Exceeded path size");
return -1;
}
2021-09-20 12:24:44 +01:00
path[path_size - 1] = '\0';
2023-08-15 15:09:48 +01:00
// Terminate root dir with slash
if (n > 0 && path[n - 1] != '/') path[n++] = '/', path[n] = '\0';
if (url.len < hm->uri.len) {
2024-03-15 07:42:24 +00:00
mg_url_decode(hm->uri.buf + url.len, hm->uri.len - url.len, path + n,
2023-08-15 15:09:48 +01:00
path_size - n, 0);
}
2022-04-05 12:54:20 +01:00
path[path_size - 1] = '\0'; // Double-check
2023-06-30 05:25:58 -04:00
if (!mg_path_is_sane(path)) {
mg_http_reply(c, 400, "", "Invalid path");
return -1;
}
2022-04-05 12:54:20 +01:00
n = strlen(path);
while (n > 1 && path[n - 1] == '/') path[--n] = 0; // Trim trailing slashes
2022-04-05 12:54:20 +01:00
flags = mg_vcmp(&hm->uri, "/") == 0 ? MG_FS_DIR : fs->st(path, NULL, NULL);
2024-03-15 07:42:24 +00:00
MG_VERBOSE(("%lu %.*s -> %s %d", c->id, (int) hm->uri.len, hm->uri.buf, path,
flags));
2022-04-05 12:54:20 +01:00
if (flags == 0) {
2022-05-31 23:44:03 +01:00
// Do nothing - let's caller decide
2022-04-05 12:54:20 +01:00
} else if ((flags & MG_FS_DIR) && hm->uri.len > 0 &&
2024-03-15 07:42:24 +00:00
hm->uri.buf[hm->uri.len - 1] != '/') {
2022-04-05 12:54:20 +01:00
mg_printf(c,
"HTTP/1.1 301 Moved\r\n"
"Location: %.*s/\r\n"
"Content-Length: 0\r\n"
"\r\n",
2024-03-15 07:42:24 +00:00
(int) hm->uri.len, hm->uri.buf);
2022-11-20 12:18:15 +00:00
c->is_resp = 0;
2022-05-31 23:44:03 +01:00
flags = -1;
2022-04-05 12:54:20 +01:00
} else if (flags & MG_FS_DIR) {
if (((mg_snprintf(path + n, path_size - n, "/" MG_HTTP_INDEX) > 0 &&
(tmp = fs->st(path, NULL, NULL)) != 0) ||
(mg_snprintf(path + n, path_size - n, "/index.shtml") > 0 &&
(tmp = fs->st(path, NULL, NULL)) != 0))) {
flags = tmp;
2022-08-13 14:44:08 +01:00
} else if ((mg_snprintf(path + n, path_size - n, "/" MG_HTTP_INDEX ".gz") >
0 &&
(tmp = fs->st(path, NULL, NULL)) !=
0)) { // check for gzipped index
flags = tmp;
2022-08-13 14:44:08 +01:00
path[n + 1 + strlen(MG_HTTP_INDEX)] =
'\0'; // Remove appended .gz in index file name
2022-04-05 12:54:20 +01:00
} else {
path[n] = '\0'; // Remove appended index file name
2021-07-29 14:21:20 +01:00
}
2021-07-24 22:00:37 +01:00
}
2021-07-29 14:21:20 +01:00
return flags;
2021-07-24 22:00:37 +01:00
}
2021-09-20 12:24:44 +01:00
static int uri_to_path(struct mg_connection *c, struct mg_http_message *hm,
const struct mg_http_serve_opts *opts, char *path,
2021-09-20 12:24:44 +01:00
size_t path_size) {
struct mg_fs *fs = opts->fs == NULL ? &mg_fs_posix : opts->fs;
struct mg_str k, v, part, s = mg_str(opts->root_dir), u = {NULL, 0}, p = u;
while (mg_span(s, &part, &s, ',')) {
if (!mg_span(part, &k, &v, '=')) k = part, v = mg_str_n(NULL, 0);
2023-08-15 15:09:48 +01:00
if (v.len == 0) v = k, k = mg_str("/"), u = k, p = v;
2021-09-20 12:24:44 +01:00
if (hm->uri.len < k.len) continue;
2024-03-15 07:42:24 +00:00
if (mg_strcmp(k, mg_str_n(hm->uri.buf, k.len)) != 0) continue;
2021-09-20 12:24:44 +01:00
u = k, p = v;
}
return uri_to_path2(c, hm, fs, u, p, path, path_size);
}
2021-07-24 22:00:37 +01:00
void mg_http_serve_dir(struct mg_connection *c, struct mg_http_message *hm,
const struct mg_http_serve_opts *opts) {
2022-07-01 17:28:06 +01:00
char path[MG_PATH_MAX];
2021-09-15 07:43:48 +01:00
const char *sp = opts->ssi_pattern;
2021-09-20 12:24:44 +01:00
int flags = uri_to_path(c, hm, opts, path, sizeof(path));
2022-05-31 23:44:03 +01:00
if (flags < 0) {
// Do nothing: the response has already been sent by uri_to_path()
} else if (flags & MG_FS_DIR) {
2023-06-30 05:25:58 -04:00
#if MG_ENABLE_DIRLIST
2021-09-20 12:24:44 +01:00
listdir(c, hm, opts, path);
2023-06-30 05:25:58 -04:00
#else
mg_http_reply(c, 403, "", "Forbidden\n");
#endif
} else if (flags && sp != NULL &&
mg_globmatch(sp, strlen(sp), path, strlen(path))) {
2021-09-20 12:24:44 +01:00
mg_http_serve_ssi(c, opts->root_dir, path);
} else {
mg_http_serve_file(c, hm, path, opts);
}
2020-12-05 11:26:32 +00:00
}
2021-02-15 14:42:55 +00:00
static bool mg_is_url_safe(int c) {
return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z') || c == '.' || c == '_' || c == '-' || c == '~';
}
size_t mg_url_encode(const char *s, size_t sl, char *buf, size_t len) {
2021-02-15 14:42:55 +00:00
size_t i, n = 0;
for (i = 0; i < sl; i++) {
int c = *(unsigned char *) &s[i];
if (n + 4 >= len) return 0;
if (mg_is_url_safe(c)) {
buf[n++] = s[i];
} else {
buf[n++] = '%';
mg_hex(&s[i], 1, &buf[n]);
n += 2;
}
}
if (len > 0 && n < len - 1) buf[n] = '\0'; // Null-terminate the destination
if (len > 0) buf[len - 1] = '\0'; // Always.
2021-02-15 14:42:55 +00:00
return n;
}
void mg_http_creds(struct mg_http_message *hm, char *user, size_t userlen,
char *pass, size_t passlen) {
2020-12-05 11:26:32 +00:00
struct mg_str *v = mg_http_get_header(hm, "Authorization");
user[0] = pass[0] = '\0';
2024-03-15 07:42:24 +00:00
if (v != NULL && v->len > 6 && memcmp(v->buf, "Basic ", 6) == 0) {
2020-12-05 11:26:32 +00:00
char buf[256];
2024-03-15 07:42:24 +00:00
size_t n = mg_base64_decode(v->buf + 6, v->len - 6, buf, sizeof(buf));
2023-08-22 11:50:19 +01:00
const char *p = (const char *) memchr(buf, ':', n > 0 ? n : 0);
2020-12-05 11:26:32 +00:00
if (p != NULL) {
2023-08-22 11:50:19 +01:00
mg_snprintf(user, userlen, "%.*s", p - buf, buf);
mg_snprintf(pass, passlen, "%.*s", n - (size_t) (p - buf) - 1, p + 1);
2020-12-05 11:26:32 +00:00
}
2024-03-15 07:42:24 +00:00
} else if (v != NULL && v->len > 7 && memcmp(v->buf, "Bearer ", 7) == 0) {
mg_snprintf(pass, passlen, "%.*s", (int) v->len - 7, v->buf + 7);
2020-12-05 11:26:32 +00:00
} else if ((v = mg_http_get_header(hm, "Cookie")) != NULL) {
2021-03-17 07:43:29 +00:00
struct mg_str t = mg_http_get_header_var(*v, mg_str_n("access_token", 12));
2024-03-15 07:42:24 +00:00
if (t.len > 0) mg_snprintf(pass, passlen, "%.*s", (int) t.len, t.buf);
2020-12-05 11:26:32 +00:00
} else {
mg_http_get_var(&hm->query, "access_token", pass, passlen);
}
}
2021-03-17 07:43:29 +00:00
static struct mg_str stripquotes(struct mg_str s) {
2024-03-15 07:42:24 +00:00
return s.len > 1 && s.buf[0] == '"' && s.buf[s.len - 1] == '"'
? mg_str_n(s.buf + 1, s.len - 2)
2021-03-17 07:43:29 +00:00
: s;
}
struct mg_str mg_http_get_header_var(struct mg_str s, struct mg_str v) {
size_t i;
for (i = 0; v.len > 0 && i + v.len + 2 < s.len; i++) {
2024-03-15 07:42:24 +00:00
if (s.buf[i + v.len] == '=' && memcmp(&s.buf[i], v.buf, v.len) == 0) {
const char *p = &s.buf[i + v.len + 1], *b = p, *x = &s.buf[s.len];
2021-03-17 13:28:36 +00:00
int q = p < x && *p == '"' ? 1 : 0;
while (p < x &&
(q ? p == b || *p != '"' : *p != ';' && *p != ' ' && *p != ','))
p++;
2024-03-15 07:42:24 +00:00
// MG_INFO(("[%.*s] [%.*s] [%.*s]", (int) s.len, s.buf, (int) v.len,
// v.buf, (int) (p - b), b));
return stripquotes(mg_str_n(b, (size_t) (p - b + q)));
2021-03-17 07:43:29 +00:00
}
}
return mg_str_n(NULL, 0);
}
2022-06-30 21:54:50 +01:00
long mg_http_upload(struct mg_connection *c, struct mg_http_message *hm,
struct mg_fs *fs, const char *dir, size_t max_size) {
char buf[20] = "0", file[MG_PATH_MAX], path[MG_PATH_MAX];
2022-06-30 21:54:50 +01:00
long res = 0, offset;
mg_http_get_var(&hm->query, "offset", buf, sizeof(buf));
mg_http_get_var(&hm->query, "file", file, sizeof(file));
2022-06-30 21:54:50 +01:00
offset = strtol(buf, NULL, 0);
mg_snprintf(path, sizeof(path), "%s%c%s", dir, MG_DIRSEP, file);
2022-06-30 21:54:50 +01:00
if (hm->body.len == 0) {
mg_http_reply(c, 200, "", "%ld", res); // Nothing to write
} else if (file[0] == '\0') {
mg_http_reply(c, 400, "", "file required");
res = -1;
} else if (mg_path_is_sane(file) == false) {
mg_http_reply(c, 400, "", "%s: invalid file", file);
res = -2;
} else if (offset < 0) {
mg_http_reply(c, 400, "", "offset required");
res = -3;
} else if ((size_t) offset + hm->body.len > max_size) {
mg_http_reply(c, 400, "", "%s: over max size of %lu", path,
(unsigned long) max_size);
res = -4;
2022-06-13 14:48:52 +01:00
} else {
struct mg_fd *fd;
2022-06-30 21:54:50 +01:00
size_t current_size = 0;
MG_DEBUG(("%s -> %lu bytes @ %ld", path, hm->body.len, offset));
2022-06-30 21:54:50 +01:00
if (offset == 0) fs->rm(path); // If offset if 0, truncate file
fs->st(path, &current_size, NULL);
if (offset > 0 && current_size != (size_t) offset) {
2022-06-30 21:54:50 +01:00
mg_http_reply(c, 400, "", "%s: offset mismatch", path);
res = -5;
2022-06-30 21:54:50 +01:00
} else if ((fd = mg_fs_open(fs, path, MG_FS_WRITE)) == NULL) {
mg_http_reply(c, 400, "", "open(%s): %d", path, errno);
res = -6;
} else {
2024-03-15 07:42:24 +00:00
res = offset + (long) fs->wr(fd->fd, hm->body.buf, hm->body.len);
mg_fs_close(fd);
2022-06-30 21:54:50 +01:00
mg_http_reply(c, 200, "", "%ld", res);
}
}
2022-03-14 11:16:41 +00:00
return res;
}
int mg_http_status(const struct mg_http_message *hm) {
2024-03-15 07:42:24 +00:00
return atoi(hm->uri.buf);
}
2023-09-21 19:04:32 +01:00
static bool is_hex_digit(int c) {
return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F');
}
2023-09-26 19:59:42 +01:00
static int skip_chunk(const char *buf, int len, int *pl, int *dl) {
int i = 0, n = 0;
if (len < 3) return 0;
while (i < len && is_hex_digit(buf[i])) i++;
if (i == 0) return -1; // Error, no length specified
2023-12-29 11:59:02 +00:00
if (i > (int) sizeof(int) * 2) return -1; // Chunk length is too big
2023-09-26 19:59:42 +01:00
if (len < i + 1 || buf[i] != '\r' || buf[i + 1] != '\n') return -1; // Error
2023-12-29 11:59:02 +00:00
n = (int) mg_unhexn(buf, (size_t) i); // Decode chunk length
2023-09-26 19:59:42 +01:00
if (n < 0) return -1; // Error
2023-12-29 11:59:02 +00:00
if (n > len - i - 4) return 0; // Chunk not yet fully buffered
2023-09-26 19:59:42 +01:00
if (buf[i + n + 2] != '\r' || buf[i + n + 3] != '\n') return -1; // Error
*pl = i + 2, *dl = n;
return i + 2 + n + 2;
2022-08-04 17:08:30 +01:00
}
static void http_cb(struct mg_connection *c, int ev, void *ev_data) {
2020-12-05 11:26:32 +00:00
if (ev == MG_EV_READ || ev == MG_EV_CLOSE) {
struct mg_http_message hm;
2023-09-26 19:59:42 +01:00
size_t ofs = 0; // Parsing offset
while (c->is_resp == 0 && ofs < c->recv.len) {
const char *buf = (char *) c->recv.buf + ofs;
int n = mg_http_parse(buf, c->recv.len - ofs, &hm);
struct mg_str *te; // Transfer - encoding header
bool is_chunked = false;
2023-09-26 19:59:42 +01:00
if (n < 0) {
// We don't use mg_error() here, to avoid closing pipelined requests
// prematurely, see #2592
MG_ERROR(("HTTP parse, %lu bytes", c->recv.len));
c->is_draining = 1;
mg_hexdump(buf, c->recv.len - ofs > 16 ? 16 : c->recv.len - ofs);
c->recv.len = 0;
2023-09-26 19:59:42 +01:00
return;
2022-08-04 17:08:30 +01:00
}
2024-03-01 23:29:12 +00:00
if (n == 0) break; // Request is not buffered yet
mg_call(c, MG_EV_HTTP_HDRS, &hm); // Got all HTTP headers
if (ev == MG_EV_CLOSE) { // If client did not set Content-Length
2023-09-26 19:59:42 +01:00
hm.message.len = c->recv.len - ofs; // and closes now, deliver MSG
2024-03-15 07:42:24 +00:00
hm.body.len = hm.message.len - (size_t) (hm.body.buf - hm.message.buf);
2020-12-05 11:26:32 +00:00
}
if ((te = mg_http_get_header(&hm, "Transfer-Encoding")) != NULL) {
if (mg_vcasecmp(te, "chunked") == 0) {
is_chunked = true;
} else {
2023-12-29 11:59:02 +00:00
mg_error(c, "Invalid Transfer-Encoding"); // See #2460
return;
}
} else if (mg_http_get_header(&hm, "Content-length") == NULL) {
// #2593: HTTP packets must contain either Transfer-Encoding or
// Content-length
2024-03-15 07:42:24 +00:00
bool is_response = mg_ncasecmp(hm.method.buf, "HTTP/", 5) == 0;
bool require_content_len = false;
if (!is_response && (mg_vcasecmp(&hm.method, "POST") == 0 ||
2024-03-01 23:29:12 +00:00
mg_vcasecmp(&hm.method, "PUT") == 0)) {
// POST and PUT should include an entity body. Therefore, they should
// contain a Content-length header. Other requests can also contain a
// body, but their content has no defined semantics (RFC 7231)
require_content_len = true;
} else if (is_response) {
// HTTP spec 7.2 Entity body: All other responses must include a body
// or Content-Length header field defined with a value of 0.
int status = mg_http_status(&hm);
require_content_len = status >= 200 && status != 204 && status != 304;
}
if (require_content_len) {
mg_http_reply(c, 411, "", "");
MG_ERROR(("%s", "Content length missing from request"));
}
}
2023-09-26 19:59:42 +01:00
if (is_chunked) {
2023-09-26 19:59:42 +01:00
// For chunked data, strip off prefixes and suffixes from chunks
// and relocate them right after the headers, then report a message
char *s = (char *) c->recv.buf + ofs + n;
int o = 0, pl, dl, cl, len = (int) (c->recv.len - ofs - (size_t) n);
// Find zero-length chunk (the end of the body)
while ((cl = skip_chunk(s + o, len - o, &pl, &dl)) > 0 && dl) o += cl;
if (cl == 0) break; // No zero-len chunk, buffer more data
if (cl < 0) {
mg_error(c, "Invalid chunk");
break;
}
// Zero chunk found. Second pass: strip + relocate
o = 0, hm.body.len = 0, hm.message.len = (size_t) n;
while ((cl = skip_chunk(s + o, len - o, &pl, &dl)) > 0) {
memmove(s + hm.body.len, s + o + pl, (size_t) dl);
o += cl, hm.body.len += (size_t) dl, hm.message.len += (size_t) dl;
if (dl == 0) break;
}
ofs += (size_t) (n + o);
} else { // Normal, non-chunked data
2023-09-26 19:59:42 +01:00
size_t len = c->recv.len - ofs - (size_t) n;
if (hm.body.len > len) break; // Buffer more data
ofs += (size_t) n + hm.body.len;
2020-12-05 11:26:32 +00:00
}
2023-09-26 19:59:42 +01:00
if (c->is_accepted) c->is_resp = 1; // Start generating response
mg_call(c, MG_EV_HTTP_MSG, &hm); // User handler can clear is_resp
2020-12-05 11:26:32 +00:00
}
2023-09-26 19:59:42 +01:00
if (ofs > 0) mg_iobuf_del(&c->recv, 0, ofs); // Delete processed data
2020-12-05 11:26:32 +00:00
}
(void) ev_data;
2020-12-05 11:26:32 +00:00
}
static void mg_hfn(struct mg_connection *c, int ev, void *ev_data) {
2022-10-28 15:35:40 +01:00
if (ev == MG_EV_HTTP_MSG) {
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
2024-04-17 16:13:10 -03:00
if (mg_match(hm->uri, mg_str("/quit"), NULL)) {
2022-10-28 15:35:40 +01:00
mg_http_reply(c, 200, "", "ok\n");
c->is_draining = 1;
c->data[0] = 'X';
2024-04-17 16:13:10 -03:00
} else if (mg_match(hm->uri, mg_str("/debug"), NULL)) {
2022-10-28 15:35:40 +01:00
int level = (int) mg_json_get_long(hm->body, "$.level", MG_LL_DEBUG);
mg_log_set(level);
mg_http_reply(c, 200, "", "Debug level set to %d\n", level);
} else {
mg_http_reply(c, 200, "", "hi\n");
}
} else if (ev == MG_EV_CLOSE) {
if (c->data[0] == 'X') *(bool *) c->fn_data = true;
2022-10-28 15:35:40 +01:00
}
}
void mg_hello(const char *url) {
struct mg_mgr mgr;
bool done = false;
mg_mgr_init(&mgr);
if (mg_http_listen(&mgr, url, mg_hfn, &done) == NULL) done = true;
while (done == false) mg_mgr_poll(&mgr, 100);
mg_mgr_free(&mgr);
}
2020-12-05 11:26:32 +00:00
struct mg_connection *mg_http_connect(struct mg_mgr *mgr, const char *url,
mg_event_handler_t fn, void *fn_data) {
struct mg_connection *c = mg_connect(mgr, url, fn, fn_data);
if (c != NULL) c->pfn = http_cb;
2020-12-05 11:26:32 +00:00
return c;
}
struct mg_connection *mg_http_listen(struct mg_mgr *mgr, const char *url,
mg_event_handler_t fn, void *fn_data) {
struct mg_connection *c = mg_listen(mgr, url, fn, fn_data);
if (c != NULL) c->pfn = http_cb;
2020-12-05 11:26:32 +00:00
return c;
}