/*! * restd_http_handler.c * * Copyright (c) 2015-2019, NADAL Jean-Baptiste. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301 USA * * @Author: NADAL Jean-Baptiste * @Date: 23/12/2019 * */ // This is an independent project of an individual developer. Dear PVS-Studio, please check it. // PVS-Studio Static Code Analyzer for C, C++, C#, and Java: http://www.viva64.com /*------------------------------- INCLUDES ----------------------------------*/ #include #include #include #include #include #include "restd_server.h" #include "restd_http_handler.h" #include "macro.h" #ifndef _DOXYGEN_SKIP static void http_free(restd_http_t *http); static size_t http_add_inbuf(struct evbuffer *buffer, restd_http_t *http, size_t maxsize); static int parse_requestline(restd_http_t *http, char *line); static int parse_headers(restd_http_t *http, struct evbuffer *in); static int parse_body(restd_http_t *http, struct evbuffer *in); static ssize_t parse_chunked_body(restd_http_t *http, struct evbuffer *in); static bool isValidPathname(const char *path); static void correctPathname(char *path); static char *evbuffer_peekln(struct evbuffer *buffer, size_t *n_rerestd_out, enum evbuffer_eol_style eol_style); static ssize_t evbuffer_drainln(struct evbuffer *buffer, size_t *n_rerestd_out, enum evbuffer_eol_style eol_style); #endif /** * HTTP protocol handler hook. * * This hook provides an easy way to handle HTTP request/response. * * @note * This hook must be registered at the top of hook chain. * * @code * restd_server_t *server = restd_server_new(); * restd_server_register_hook(server, restd_http_handler, NULL); * @endcode */ int restd_http_handler(short event, restd_conn_t *conn, void *userdata) { if (event & RESTD_EVENT_INIT) { DEBUG("==> HTTP INIT"); restd_http_t *http = http_new(conn->out); if (http == NULL) return RESTD_CLOSE; restd_conn_set_extra(conn, http, http_free_cb); return RESTD_OK; } else if (event & RESTD_EVENT_READ) { DEBUG("==> HTTP READ"); restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); int status = http_parser(http, conn->in); if (conn->method == NULL && http->request.method != NULL) { restd_conn_set_method(conn, http->request.method); } DEBUG("==> HTTP PATH: %s METHOD: %s", http->request.path, http->request.method); if (conn->server->request_handler != NULL) { status = conn->server->request_handler(event, conn, NULL); } return status; } else if (event & RESTD_EVENT_WRITE) { DEBUG("==> HTTP WRITE"); return RESTD_OK; } else if (event & RESTD_EVENT_CLOSE) { DEBUG("==> HTTP CLOSE=%x (TIMEOUT=%d, SHUTDOWN=%d)", event, event & RESTD_EVENT_TIMEOUT, event & RESTD_EVENT_SHUTDOWN); return RESTD_OK; } BUG_EXIT(); return RESTD_CLOSE; } /** * Return the request status. */ enum restd_http_request_status_e restd_http_get_status(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http == NULL) return RESTD_HTTP_ERROR; return http->request.status; } /*--------------------------------------------------------------------------*/ struct evbuffer *restd_http_get_inbuf(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return http->request.inbuf; } /*--------------------------------------------------------------------------*/ struct evbuffer *restd_http_get_outbuf(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return http->response.outbuf; } /** * Get request header. * * @param name name of header. * * @return value of string if found, otherwise NULL. */ const char *restd_http_get_request_header(restd_conn_t *conn, const char *name) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return http->request.headers->getstr(http->request.headers, name, false); } /** * Return the size of content from the request. */ off_t restd_http_get_content_length(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return http->request.contentlength; } /** * Return the actual size of data stored in in-buffer */ size_t restd_http_get_content_length_stored(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return evbuffer_get_length(http->request.inbuf); } /** * Remove content from the in-buffer. * * The return data gets null terminated for convenience. For an example, * if it reads 3 bytes, it will allocate 4 bytes and the 4th byte will * be set to null terminator. `storedsized` will still return 3. * * @param maxsize maximum length of data to read. 0 to read everything. * @param storedsize the size of data read and stored in the return. */ void *restd_http_get_content(restd_conn_t *conn, size_t maxsize, size_t *storedsize) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); size_t inbuflen = evbuffer_get_length(http->request.inbuf); size_t readlen = (maxsize == 0) ? inbuflen : ((inbuflen < maxsize) ? inbuflen : maxsize); if (readlen == 0) return NULL; void *data = malloc(readlen + 1); if (data == NULL) return NULL; size_t removedlen = evbuffer_remove(http->request.inbuf, data, readlen); ((char *)data)[removedlen] = '\0'; if (storedsize) *storedsize = removedlen; return data; } /** * Return whether the request is keep-alive request or not. * * @return 1 if keep-alive request, otherwise 0. */ int restd_http_is_keepalive_request(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->request.httpver == NULL) { return 0; } const char *connection = restd_http_get_request_header(conn, "Connection"); if (!strcmp(http->request.httpver, HTTP_PROTOCOL_11)) { // In HTTP/1.1, Keep-Alive is on by default unless explicitly specified. if (connection != NULL && !strcmp(connection, "close")) { return 0; } return 1; } else { // In older version, Keep-Alive is off by default unless requested. if (connection != NULL && (!strcmp(connection, "Keep-Alive") || !strcmp(connection, "TE"))) { return 1; } return 0; } } /** * Set response header. * * @param name name of header. * @param value value string to set. NULL to remove the header. * * @return 0 on success, -1 if we already sent it out. */ int restd_http_set_response_header(restd_conn_t *conn, const char *name, const char *value) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.frozen_header) { return -1; } if (value != NULL) { http->response.headers->putstr(http->response.headers, name, value); } else { http->response.headers->remove(http->response.headers, name); } return 0; } /** * Get response header. * * @param name name of header. * * @return value of string if found, otherwise NULL. */ const char *restd_http_get_response_header(restd_conn_t *conn, const char *name) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); return http->response.headers->getstr(http->response.headers, name, false); } /** * * @return 0 on success, -1 if we already sent it out. */ int restd_http_set_response_code(restd_conn_t *conn, int code, const char *reason) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.frozen_header) { return -1; } http->response.code = code; if (reason) http->response.reason = strdup(reason); return 0; } /** * * @param size content size. -1 for chunked transfer encoding. * @return 0 on success, -1 if we already sent it out. */ int restd_http_set_response_content(restd_conn_t *conn, const char *contenttype, off_t size) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.frozen_header) { return -1; } // Set Content-Type header. restd_http_set_response_header( conn, "Content-Type", (contenttype) ? contenttype : HTTP_DEF_CONTENTTYPE); if (size >= 0) { char clenval[20 + 1]; sprintf(clenval, "%jd", size); restd_http_set_response_header(conn, "Content-Length", clenval); http->response.contentlength = size; } else { restd_http_set_response_header(conn, "Transfer-Encoding", "chunked"); http->response.contentlength = -1; } return 0; } /** * @return total bytes sent, 0 on error. */ size_t restd_http_response(restd_conn_t *conn, int code, const char *contenttype, const void *data, off_t size) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); // Sanity Check if (http == NULL) return -1; if (http->response.frozen_header) { return 0; } // Set response headers. if (restd_http_get_response_header(conn, "Connection") == NULL) { restd_http_set_response_header( conn, "Connection", (restd_http_is_keepalive_request(conn)) ? "Keep-Alive" : "close"); } restd_http_set_response_code(conn, code, restd_http_get_reason(code)); restd_http_set_response_content(conn, contenttype, size); return restd_http_send_data(conn, data, size); } /** * * @return 0 total bytes put in out buffer, -1 if we already sent it out. */ size_t restd_http_send_header(restd_conn_t *conn) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.frozen_header) { return 0; } http->response.frozen_header = true; // Send status line. const char *reason = (http->response.reason) ? http->response.reason : restd_http_get_reason(http->response.code); evbuffer_add_printf(http->response.outbuf, "%s %d %s" HTTP_CRLF, http->request.httpver, http->response.code, reason); // Send headers. qlisttbl_obj_t obj; bzero((void *)&obj, sizeof(obj)); qlisttbl_t *tbl = http->response.headers; tbl->lock(tbl); while (tbl->getnext(tbl, &obj, NULL, false)) { evbuffer_add_printf(http->response.outbuf, "%s: %s" HTTP_CRLF, (char *)obj.name, (char *)obj.data); } tbl->unlock(tbl); // Send empty line, indicator of end of header. evbuffer_add(http->response.outbuf, HTTP_CRLF, CONST_STRLEN(HTTP_CRLF)); return evbuffer_get_length(http->response.outbuf); } /** * * @return 0 on success, -1 if we already sent it out. */ size_t restd_http_send_data(restd_conn_t *conn, const void *data, size_t size) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.contentlength < 0) { WARN("Content-Length is not set. Invalid usage."); return 0; } if ((http->response.bodyout + size) > http->response.contentlength) { WARN("Trying to send more data than supposed to"); return 0; } size_t beforesize = evbuffer_get_length(http->response.outbuf); if (!http->response.frozen_header) { restd_http_send_header(conn); } if (data != NULL && size > 0) { if (evbuffer_add(http->response.outbuf, data, size)) return 0; } http->response.bodyout += size; return (evbuffer_get_length(http->response.outbuf) - beforesize); } /*--------------------------------------------------------------------------*/ size_t restd_http_send_chunk(restd_conn_t *conn, const void *data, size_t size) { restd_http_t *http = (restd_http_t *)restd_conn_get_extra(conn); if (http->response.contentlength >= 0) { WARN("Content-Length is set. Invalid usage."); return 0; } if (!http->response.frozen_header) { restd_http_send_header(conn); } size_t beforesize = evbuffer_get_length(http->response.outbuf); int status = 0; if (size > 0) { status += evbuffer_add_printf(http->response.outbuf, "%zu" HTTP_CRLF, size); status += evbuffer_add(http->response.outbuf, data, size); status += evbuffer_add(http->response.outbuf, HTTP_CRLF, CONST_STRLEN(HTTP_CRLF)); } else { status += evbuffer_add_printf(http->response.outbuf, "0" HTTP_CRLF HTTP_CRLF); } if (status != 0) { WARN("Failed to add data to out-buffer. (size:%jd)", size); return 0; } size_t bytesout = evbuffer_get_length(http->response.outbuf) - beforesize; http->response.bodyout += bytesout; return bytesout; } /*--------------------------------------------------------------------------*/ const char *restd_http_get_reason(int code) { switch (code) { case HTTP_CODE_CONTINUE: return "Continue"; case HTTP_CODE_OK: return "OK"; case HTTP_CODE_CREATED: return "Created"; case HTTP_CODE_NO_CONTENT: return "No content"; case HTTP_CODE_PARTIAL_CONTENT: return "Partial Content"; case HTTP_CODE_MULTI_STATUS: return "Multi Status"; case HTTP_CODE_MOVED_TEMPORARILY: return "Moved Temporarily"; case HTTP_CODE_NOT_MODIFIED: return "Not Modified"; case HTTP_CODE_Brestd_REQUEST: return "Bad Request"; case HTTP_CODE_UNAUTHORIZED: return "Authorization Required"; case HTTP_CODE_FORBIDDEN: return "Forbidden"; case HTTP_CODE_NOT_FOUND: return "Not Found"; case HTTP_CODE_METHOD_NOT_ALLOWED: return "Method Not Allowed"; case HTTP_CODE_REQUEST_TIME_OUT: return "Request Time Out"; case HTTP_CODE_GONE: return "Gone"; case HTTP_CODE_REQUEST_URI_TOO_LONG: return "Request URI Too Long"; case HTTP_CODE_LOCKED: return "Locked"; case HTTP_CODE_INTERNAL_SERVER_ERROR: return "Internal Server Error"; case HTTP_CODE_NOT_IMPLEMENTED: return "Not Implemented"; case HTTP_CODE_SERVICE_UNAVAILABLE: return "Service Unavailable"; } WARN("Undefined code found. %d", code); return "-"; } /****************************************************************************** * Private internal functions. *****************************************************************************/ #ifndef _DOXYGEN_SKIP restd_http_t *http_new(struct evbuffer *out) { // Create a new connection container. restd_http_t *http = NEW_OBJECT(restd_http_t); if (http == NULL) return NULL; // Allocate additional resources. http->request.inbuf = evbuffer_new(); http->request.headers = qlisttbl(QLISTTBL_UNIQUE | QLISTTBL_CASEINSENSITIVE); http->response.headers = qlisttbl(QLISTTBL_UNIQUE | QLISTTBL_CASEINSENSITIVE); if (http->request.inbuf == NULL || http->request.headers == NULL || http->response.headers == NULL) { http_free(http); return NULL; } // Initialize structure. http->request.status = RESTD_HTTP_REQ_INIT; http->request.contentlength = -1; http->response.contentlength = -1; http->response.outbuf = out; return http; } /*--------------------------------------------------------------------------*/ static void http_free(restd_http_t *http) { if (http) { if (http->request.inbuf) evbuffer_free(http->request.inbuf); if (http->request.method) free(http->request.method); if (http->request.uri) free(http->request.uri); if (http->request.httpver) free(http->request.httpver); if (http->request.path) free(http->request.path); if (http->request.query) free(http->request.query); if (http->request.headers) http->request.headers->free(http->request.headers); if (http->request.host) free(http->request.host); if (http->request.domain) free(http->request.domain); if (http->response.headers) http->response.headers->free(http->response.headers); if (http->response.reason) free(http->response.reason); free(http); } } /*--------------------------------------------------------------------------*/ void http_free_cb(restd_conn_t *conn, void *userdata) { http_free((restd_http_t *)userdata); } /*--------------------------------------------------------------------------*/ static size_t http_add_inbuf(struct evbuffer *buffer, restd_http_t *http, size_t maxsize) { if (maxsize == 0 || evbuffer_get_length(buffer) == 0) { return 0; } return evbuffer_remove_buffer(buffer, http->request.inbuf, maxsize); } /*--------------------------------------------------------------------------*/ int http_parser(restd_http_t *http, struct evbuffer *in) { ASSERT(http != NULL && in != NULL); if (http->request.status == RESTD_HTTP_REQ_INIT) { char *line = evbuffer_readln(in, NULL, EVBUFFER_EOL_CRLF); if (line == NULL) return http->request.status; http->request.status = parse_requestline(http, line); free(line); // Do not call user callbacks until I reach the next state. if (http->request.status == RESTD_HTTP_REQ_INIT) { return RESTD_TAKEOVER; } } if (http->request.status == RESTD_HTTP_REQ_REQUESTLINE_DONE) { http->request.status = parse_headers(http, in); // Do not call user callbacks until I reach the next state. if (http->request.status == RESTD_HTTP_REQ_REQUESTLINE_DONE) { return RESTD_TAKEOVER; } } if (http->request.status == RESTD_HTTP_REQ_HEADER_DONE) { http->request.status = parse_body(http, in); // Do not call user callbacks until I reach the next state. if (http->request.status == RESTD_HTTP_REQ_HEADER_DONE) { return RESTD_TAKEOVER; } } if (http->request.status == RESTD_HTTP_REQ_DONE) { return RESTD_OK; } if (http->request.status == RESTD_HTTP_ERROR) { return RESTD_CLOSE; } BUG_EXIT(); return RESTD_CLOSE; } /*--------------------------------------------------------------------------*/ static int parse_requestline(restd_http_t *http, char *line) { // Parse request line. char *saveptr; char *method = strtok_r(line, " ", &saveptr); char *uri = strtok_r(NULL, " ", &saveptr); char *httpver = strtok_r(NULL, " ", &saveptr); char *tmp = strtok_r(NULL, " ", &saveptr); if (method == NULL || uri == NULL || httpver == NULL || tmp != NULL) { DEBUG("Invalid request line. %s", line); return RESTD_HTTP_ERROR; } // Set request method http->request.method = qstrupper(strdup(method)); // Set HTTP version http->request.httpver = qstrupper(strdup(httpver)); if (strcmp(http->request.httpver, HTTP_PROTOCOL_09) && strcmp(http->request.httpver, HTTP_PROTOCOL_10) && strcmp(http->request.httpver, HTTP_PROTOCOL_11)) { DEBUG("Unknown protocol: %s", http->request.httpver); return RESTD_HTTP_ERROR; } // Set URI if (uri[0] == '/') { http->request.uri = strdup(uri); } else if ((tmp = strstr(uri, "://"))) { // divide URI into host and path char *path = strstr(tmp + CONST_STRLEN("://"), "/"); if (path == NULL) { // URI has no path ex) http://domain.com:80 http->request.headers->putstr(http->request.headers, "Host", tmp + CONST_STRLEN("://")); http->request.uri = strdup("/"); } else { // URI has path, ex) http://domain.com:80/path *path = '\0'; http->request.headers->putstr(http->request.headers, "Host", tmp + CONST_STRLEN("://")); *path = '/'; http->request.uri = strdup(path); } } else { DEBUG("Invalid URI format. %s", uri); return RESTD_HTTP_ERROR; } // Set request path. Only path part from URI. http->request.path = strdup(http->request.uri); tmp = strstr(http->request.path, "?"); if (tmp) { *tmp = '\0'; http->request.query = strdup(tmp + 1); } else { http->request.query = strdup(""); } qurl_decode(http->request.path); // check path if (isValidPathname(http->request.path) == false) { DEBUG("Invalid URI format : %s", http->request.uri); return RESTD_HTTP_ERROR; } correctPathname(http->request.path); DEBUG("Method=%s, URI=%s, VER=%s", http->request.method, http->request.uri, http->request.httpver); return RESTD_HTTP_REQ_REQUESTLINE_DONE; } /*--------------------------------------------------------------------------*/ static int parse_headers(restd_http_t *http, struct evbuffer *in) { char *line; while ((line = evbuffer_readln(in, NULL, EVBUFFER_EOL_CRLF))) { if (IS_EMPTY_STR(line)) { const char *clen = http->request.headers->getstr( http->request.headers, "Content-Length", false); http->request.contentlength = (clen) ? atol(clen) : -1; free(line); return RESTD_HTTP_REQ_HEADER_DONE; } // Parse char *name, *value; char *tmp = strstr(line, ":"); if (tmp) { *tmp = '\0'; name = qstrtrim(line); value = qstrtrim(tmp + 1); } else { name = qstrtrim(line); value = ""; } // Add http->request.headers->putstr(http->request.headers, name, value); free(line); } return http->request.status; } /*--------------------------------------------------------------------------*/ static int parse_body(restd_http_t *http, struct evbuffer *in) { // Handle static data case. if (http->request.contentlength == 0) { return RESTD_HTTP_REQ_DONE; } else if (http->request.contentlength > 0) { if (http->request.contentlength > http->request.bodyin) { size_t maxread = http->request.contentlength - http->request.bodyin; if (maxread > 0 && evbuffer_get_length(in) > 0) { http->request.bodyin += http_add_inbuf(in, http, maxread); } } if (http->request.contentlength == http->request.bodyin) { return RESTD_HTTP_REQ_DONE; } } else { // Check if Transfer-Encoding is chunked. const char *tranenc = http->request.headers->getstr( http->request.headers, "Transfer-Encoding", false); if (tranenc != NULL && !strcmp(tranenc, "chunked")) { // TODO: handle chunked encoding for (;;) { ssize_t chunksize = parse_chunked_body(http, in); if (chunksize > 0) { continue; } else if (chunksize == 0) { return RESTD_HTTP_REQ_DONE; } else if (chunksize == -1) { return http->request.status; } else { return RESTD_HTTP_ERROR; } } } else { return RESTD_HTTP_REQ_DONE; } } return http->request.status; } /** * Parse chunked body and append it to inbuf. * * @return number of bytes in a chunk. so 0 for the ending chunk. -1 for not enough data, -2 format error. */ static ssize_t parse_chunked_body(restd_http_t *http, struct evbuffer *in) { // Peek chunk size. size_t crlf_len = 0; char *line = evbuffer_peekln(in, &crlf_len, EVBUFFER_EOL_CRLF); if (line == NULL) return -1; // not enough data. size_t linelen = strlen(line); // Parse chunk size int chunksize = -1; sscanf(line, "%x", &chunksize); free(line); if (chunksize < 0) return -2; // format error // Check if we've received whole data of this chunk. size_t datalen = linelen + crlf_len + chunksize + crlf_len; size_t inbuflen = evbuffer_get_length(in); if (inbuflen < datalen) { return -1; // not enough data. } // Copy chunk body evbuffer_drainln(in, NULL, EVBUFFER_EOL_CRLF); http_add_inbuf(in, http, chunksize); evbuffer_drainln(in, NULL, EVBUFFER_EOL_CRLF); return chunksize; } /** * validate file path */ static bool isValidPathname(const char *path) { if (path == NULL) return false; int len = strlen(path); if (len == 0 || len >= PATH_MAX) return false; else if (path[0] != '/') return false; else if (strpbrk(path, "\\:*?\"<>|") != NULL) return false; // check folder name length int n; char *t; for (n = 0, t = (char *)path; *t != '\0'; t++) { if (*t == '/') { n = 0; continue; } if (n >= FILENAME_MAX) { DEBUG("Filename too long."); return false; } n++; } return true; } /** * Correct pathname. * * @note * remove : heading & tailing white spaces, double slashes, tailing slash */ static void correctPathname(char *path) { // Take care of head & tail white spaces. qstrtrim(path); // Take care of double slashes. while (strstr(path, "//") != NULL) qstrreplace("sr", path, "//", "/"); // Take care of tailing slash. int len = strlen(path); if (len <= 1) return; if (path[len - 1] == '/') path[len - 1] = '\0'; } /*--------------------------------------------------------------------------*/ static char *evbuffer_peekln(struct evbuffer *buffer, size_t *n_rerestd_out, enum evbuffer_eol_style eol_style) { // Check if first line has arrived. struct evbuffer_ptr ptr = evbuffer_search_eol(buffer, NULL, n_rerestd_out, eol_style); if (ptr.pos == -1) return NULL; char *line = (char *)malloc(ptr.pos + 1); if (line == NULL) return NULL; // Linearizes buffer if (ptr.pos > 0) { char *bufferptr = (char *)evbuffer_pullup(buffer, ptr.pos); ASSERT(bufferptr != NULL); strncpy(line, bufferptr, ptr.pos); } line[ptr.pos] = '\0'; return line; } /*--------------------------------------------------------------------------*/ static ssize_t evbuffer_drainln(struct evbuffer *buffer, size_t *n_rerestd_out, enum evbuffer_eol_style eol_style) { char *line = evbuffer_readln(buffer, n_rerestd_out, eol_style); if (line == NULL) return -1; size_t linelen = strlen(line); free(line); return linelen; } #endif // _DOXYGEN_SKIP