--- parser3/src/main/pa_request.C 2016/09/29 18:49:43 1.360 +++ parser3/src/main/pa_request.C 2020/10/28 22:32:02 1.384 @@ -1,12 +1,13 @@ /** @file Parser: request class main part. @see compile.C and execute.C. - Copyright (c) 2001-2015 Art. Lebedev Studio (http://www.artlebedev.com) + Copyright (c) 2001-2017 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ #include "pa_sapi.h" #include "pa_common.h" +#include "pa_os.h" #include "pa_request.h" #include "pa_wwrapper.h" #include "pa_vclass.h" @@ -32,44 +33,61 @@ #include "pa_vconsole.h" #include "pa_vdate.h" -volatile const char * IDENT_PA_REQUEST_C="$Id: pa_request.C,v 1.360 2016/09/29 18:49:43 moko Exp $" IDENT_PA_REQUEST_H IDENT_PA_REQUEST_CHARSETS_H IDENT_PA_REQUEST_INFO_H IDENT_PA_VCONSOLE_H; +volatile const char * IDENT_PA_REQUEST_C="$Id: pa_request.C,v 1.384 2020/10/28 22:32:02 moko Exp $" IDENT_PA_REQUEST_H IDENT_PA_REQUEST_CHARSETS_H IDENT_PA_REQUEST_INFO_H IDENT_PA_VCONSOLE_H; // consts #define UNHANDLED_EXCEPTION_METHOD_NAME "unhandled_exception" -/// content type of exception response, when no @MAIN:exception handler defined -const char* UNHANDLED_EXCEPTION_CONTENT_TYPE="text/plain"; - /// content type of response when no $MAIN:defaults.content-type defined const char* DEFAULT_CONTENT_TYPE="text/html"; +const uint LOOP_LIMIT=20000; +const uint EXECUTE_RECOURSION_LIMIT=1000; +const size_t FILE_SIZE_LIMIT=512*1024*1024; + // defines for globals #define MAIN_METHOD_NAME "main" #define AUTO_METHOD_NAME "auto" +#define USE_METHOD_NAME "use" #define AUTOUSE_METHOD_NAME "autouse" + #define EXCEPTION_TYPE_PART_NAME "type" #define EXCEPTION_SOURCE_PART_NAME "source" #define EXCEPTION_COMMENT_PART_NAME "comment" +#define ORIGIN_KEY "origin" + // globals const String main_method_name(MAIN_METHOD_NAME); const String auto_method_name(AUTO_METHOD_NAME); -const String autouse_method_name(AUTOUSE_METHOD_NAME); +static const String use_method_name(USE_METHOD_NAME); +static const String autouse_method_name(AUTOUSE_METHOD_NAME); const String exception_type_part_name(EXCEPTION_TYPE_PART_NAME); const String exception_source_part_name(EXCEPTION_SOURCE_PART_NAME); const String exception_comment_part_name(EXCEPTION_COMMENT_PART_NAME); const String exception_handled_part_name(EXCEPTION_HANDLED_PART_NAME); +static const String origin_key(ORIGIN_KEY); + +int pa_loop_limit=LOOP_LIMIT; +int pa_execute_recoursion_limit=EXECUTE_RECOURSION_LIMIT; +size_t pa_file_size_limit=FILE_SIZE_LIMIT; + // defines for statics #define CHARSETS_NAME "CHARSETS" #define MIME_TYPES_NAME "MIME-TYPES" #define STRICT_VARS_NAME "STRICT-VARS" #define PROTOTYPE_NAME "OBJECT-PROTOTYPE" +#define LIMITS_NAME "LIMITS" +#define LOOP_LIMIT_NAME "max_loop" +#define RECOURSION_LIMIT_NAME "max_recoursion" +#define FILE_SIZE_LIMIT_NAME "max_file_size" +#define LOCK_WAIT_TIMEOUT_NAME "lock_wait_timeout" #define CONF_METHOD_NAME "conf" #define POST_PROCESS_METHOD_NAME "postprocess" #define CLASS_PATH_NAME "CLASS_PATH" @@ -85,6 +103,12 @@ static const String main_class_name(MAIN static const String mime_types_name(MIME_TYPES_NAME); static const String strict_vars_name(STRICT_VARS_NAME); static const String prototype_name(PROTOTYPE_NAME); +static const String limits_name(LIMITS_NAME); +static const String loop_limit_name(LOOP_LIMIT_NAME); +static const String recoursion_limit_name(RECOURSION_LIMIT_NAME); +static const String file_size_limit_name(FILE_SIZE_LIMIT_NAME); +static const String lock_wait_timeout_name(LOCK_WAIT_TIMEOUT_NAME); + static const String conf_method_name(CONF_METHOD_NAME); static const String post_process_method_name(POST_PROCESS_METHOD_NAME); static const String class_path_name(CLASS_PATH_NAME); @@ -121,9 +145,8 @@ Request::Request(SAPI_Info& asapi_info, wcontext(0), flang(adefault_lang), fconnection(0), - finterrupted(false), - fskip(SKIP_NOTHING), fin_cycle(0), + fskip(SKIP_NOTHING), // public request_info(arequest_info), @@ -203,19 +226,15 @@ Value& Request::get_self() { return meth VStateless_class* Request::get_class(const String& name){ VStateless_class* result=classes().get(name); if(!result) - if(Value* value=main_class.get_element(autouse_method_name)) - if(Junction* junction=value->get_junction()) - if(const Method *method=junction->method) { - Value *vname=new VString(name); - VMethodFrame frame(*method, 0 /*no parent*/, main_class); - - frame.store_params(&vname, 1); - // we don't need the result - execute_method(frame); - - result=classes().get(name); - } - + if(const Method *method=main_class.get_element_method(autouse_method_name)){ + Value *vname=new VString(name); + CONSTRUCTOR_FRAME_ACTION(*method, 0 /*no parent*/, main_class, { + frame.store_params(&vname, 1); + // we don't need the result + call(frame); + }); + result=classes().get(name); + } return result; } @@ -265,6 +284,53 @@ void Request::configure_admin(VStateless } #endif + Value* limits=conf_class.get_element(limits_name); + + pa_loop_limit=LOOP_LIMIT; + if(limits) + if(Value* loop_limit=limits->get_element(loop_limit_name)) { + if(loop_limit->is_evaluated_expr()) { + pa_loop_limit=loop_limit->as_int(); + if(pa_loop_limit==0) pa_loop_limit=INT_MAX; + } else + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." LOOP_LIMIT_NAME " must be int"); + } + + pa_execute_recoursion_limit=EXECUTE_RECOURSION_LIMIT; + if(limits) + if(Value* recoursion_limit=limits->get_element(recoursion_limit_name)) { + if(recoursion_limit->is_evaluated_expr()) { + pa_execute_recoursion_limit=recoursion_limit->as_int(); + if(pa_execute_recoursion_limit==0) pa_execute_recoursion_limit=INT_MAX; + } else + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." RECOURSION_LIMIT_NAME " must be int"); + } + + pa_file_size_limit=FILE_SIZE_LIMIT; + if(limits) + if(Value* file_size_limit=limits->get_element(file_size_limit_name)) { + if(file_size_limit->is_evaluated_expr()) { + double limit=file_size_limit->as_double(); + if(limit >= (double)SSIZE_MAX) + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." FILE_SIZE_LIMIT_NAME " must be less then %.15g", (double)SSIZE_MAX); + pa_file_size_limit=(size_t)limit; + if(pa_file_size_limit==0) pa_file_size_limit=SSIZE_MAX; + } else + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." FILE_SIZE_LIMIT_NAME " must be number"); + } + + pa_lock_attempts=PA_LOCK_ATTEMPTS; + if(limits) + if(Value* lock_wait_timeout=limits->get_element(lock_wait_timeout_name)) { + if(lock_wait_timeout->is_evaluated_expr()) { + double limit=lock_wait_timeout->as_double(); + if(limit >= 3600*24) + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." LOCK_WAIT_TIMEOUT_NAME " must be less then %d", 3600*24); + pa_lock_attempts=(unsigned int)(limit*2)+1; + } else + throw Exception(PARSER_RUNTIME, 0, "$" MAIN_CLASS_NAME ":LIMITS." LOCK_WAIT_TIMEOUT_NAME " must be number"); + } + // configure method_frame options // until someone with less privileges have overriden them methoded_array().configure_admin(*this); @@ -332,16 +398,11 @@ void Request::configure() { @test log stack trace */ -void Request::core(const char* config_filespec, bool config_fail_on_read_problem, bool header_only) { +void Request::core(const char* config_filespec, bool header_only) { try { // loading config - if(config_filespec) { - const String& filespec=*new String(config_filespec); - use_file_directly(main_class, - filespec, - config_fail_on_read_problem, - true /*file must exist if 'fail on read problem' not set*/); - } + if(config_filespec) + use_file_directly(main_class, *new String(config_filespec), true, true /*file must exist if 'fail on read problem' not set*/); // filling mail received mail.fill_received(*this); @@ -361,15 +422,10 @@ void Request::core(const char* config_fi while(const char* before=strchr(after, '/')) { String& sfile_spec=*new String; if(after!=request_info.path_translated) { - sfile_spec.append_strdup( - request_info.path_translated, before-request_info.path_translated, - String::L_CLEAN); + sfile_spec.append_strdup(request_info.path_translated, before-request_info.path_translated, String::L_CLEAN); sfile_spec << "/" AUTO_FILE_NAME; - use_file_directly(main_class, - sfile_spec, - true /*fail on read problem*/, - false /*but ignore absence, sole user*/); + use_file_directly(main_class, sfile_spec, true /*fail on read problem*/, false /*but ignore absence, sole user*/); } for(after=before+1;*after=='/';after++); } @@ -388,11 +444,9 @@ void Request::core(const char* config_fi } // execute @main[] - const String* body_string=execute_virtual_method(main_class, main_method_name); + const String* body_string=execute_method(main_class, main_method_name); if(!body_string) - throw Exception(PARSER_RUNTIME, - 0, - "'" MAIN_METHOD_NAME "' method not found"); + throw Exception(PARSER_RUNTIME, 0, "'" MAIN_METHOD_NAME "' method not found"); // extract response body Value* body_value=response.fields().get(download_name_upper); // $response:download? @@ -403,18 +457,15 @@ void Request::core(const char* config_fi body_value=new VString(*body_string); // just result of ^main[] // @postprocess - if(Value* value=main_class.get_element(post_process_method_name)) - if(Junction* junction=value->get_junction()) - if(const Method *method=junction->method) { - // preparing to pass parameters to - // @postprocess[data] - VMethodFrame frame(*method, 0 /*no parent*/, main_class); - - frame.store_params(&body_value, 1); - execute_method(frame); - - body_value=&frame.result(); - } + if(const Method *method=main_class.get_method(post_process_method_name)) { + // preparing to pass parameters to + // @postprocess[data] + METHOD_FRAME_ACTION(*method, 0 /*no parent*/, main_class, { + frame.store_params(&body_value, 1); + call(frame); + body_value=&frame.result(); + }); + } VFile* body_file=body_value->as_vfile(flang, &charsets); @@ -439,80 +490,65 @@ void Request::core(const char* config_fi // maybe we'd be lucky enough as to report an error // in a gracefull way... - if(Value* value=main_class.get_element(*new String(UNHANDLED_EXCEPTION_METHOD_NAME))) { - if(Junction* junction=value->get_junction()) { - if(const Method *method=junction->method) { - // preparing to pass parameters to - // @unhandled_exception[exception;stack] - - // $stack[^table::create{name file lineno colno}] - Table::columns_type stack_trace_columns(new ArrayString); - *stack_trace_columns+=new String("name"); - *stack_trace_columns+=new String("file"); - *stack_trace_columns+=new String("lineno"); - *stack_trace_columns+=new String("colno"); - Table& stack_trace=*new Table(stack_trace_columns); - if(!exception_trace.is_empty()/*signed!*/) - for(size_t i=exception_trace.bottom_index(); ias_bool()) { SAPI::log(sapi_info, "%s", exception_cstr); } - // ERROR. write it out - output_result(body_file, header_only, false); + if(body_string) { // could report an error beautifully? + VString body_vstring(*body_string); + VFile* body_file=body_vstring.as_vfile(flang, &charsets); + // write it out the error + output_result(body_file, header_only, false); + } else { + // doing that ugly + SAPI::send_error(sapi_info, exception_cstr, !strcmp(e.type(), "file.missing") ? "404" : "500"); + } } catch(const Exception& e) { // exception in unhandled exception Request::Exception_details details=get_details(e); const char* exception_cstr=get_exception_cstr(e, details); - // unconditionally log the beast - SAPI::log(sapi_info, "%s", exception_cstr); - - throw Exception(0, - 0, - "in %s", - exception_cstr); + // unconditionally log the beast in exception handler + throw Exception(0, 0, "Unhandled exception in %s", exception_cstr); } } } @@ -522,11 +558,7 @@ uint Request::register_file(String::Body return file_list.count()-1; } -void Request::use_file_directly(VStateless_class& aclass, - const String& file_spec, - bool fail_on_read_problem, - bool fail_on_file_absence) { - +void Request::use_file_directly(VStateless_class& aclass, const String& file_spec, bool fail_on_read_problem, bool fail_on_file_absence) { // cyclic dependence check if(used_files.get(file_spec)) return; @@ -542,11 +574,8 @@ void Request::use_file_directly(VStatele void Request::use_file(VStateless_class& aclass, const String& file_name, const String* use_filespec/*absolute*/) { - if(file_name.is_empty()) - throw Exception(PARSER_RUNTIME, - 0, - "usage failed - no filename was specified"); + throw Exception(PARSER_RUNTIME, 0, "usage failed - no filename was specified"); const String* filespec=0; @@ -573,26 +602,30 @@ void Request::use_file(VStateless_class& break; // found along class_path } } else - throw Exception(PARSER_RUNTIME, - 0, - "$" CLASS_PATH_NAME " must be string or table"); + throw Exception(PARSER_RUNTIME, 0, "$" CLASS_PATH_NAME " must be string or table"); if(!filespec) - throw Exception(PARSER_RUNTIME, - &file_name, - "not found along " MAIN_CLASS_NAME ":" CLASS_PATH_NAME); + throw Exception(PARSER_RUNTIME, &file_name, "not found along $" MAIN_CLASS_NAME ":" CLASS_PATH_NAME); } else - throw Exception(PARSER_RUNTIME, - &file_name, - "usage failed - no $" MAIN_CLASS_NAME ":" CLASS_PATH_NAME " were specified"); + throw Exception(PARSER_RUNTIME, &file_name, "usage failed - no $" MAIN_CLASS_NAME ":" CLASS_PATH_NAME " were specified"); } use_file_directly(aclass, *filespec); } -void Request::use_file(VStateless_class& aclass, const String& file_name, const String* use_filespec/*absolute*/, Operation::Origin origin) { +void Request::use_file(const String& file_name, const String* use_filespec/*absolute*/, Operation::Origin origin) { static String use("USE"); try { - use_file(aclass, file_name, use_filespec); + static VHash* voptions=new VHash(); + if(const Method *method=main_class.get_method(use_method_name)){ + Value *params[]={new VString(file_name), voptions}; + voptions->hash().put(origin_key, new VString(*use_filespec)); + + CONSTRUCTOR_FRAME_ACTION(*method, 0 /*no parent*/, main_class, { + frame.store_params(params, 2); + // we don't need the result + call(frame); + }); + } } catch (...) { exception_trace.push(Trace(&use, origin)); rethrow; @@ -615,12 +648,11 @@ void Request::use_buf(VStateless_class& VStateless_class& cclass=*cclasses.get(i); // locate and execute possible @conf[] static - Execute_nonvirtual_method_result executed=execute_nonvirtual_method(cclass, conf_method_name, vfilespec, false/*no string result needed*/); - if(executed.method) + if(execute_method_if_exists(cclass, conf_method_name, vfilespec)) configure_admin(cclass/*, executed.method->name*/); // locate and execute possible @auto[] static - execute_nonvirtual_method(cclass, auto_method_name, vfilespec, false/*no result needed*/); + execute_method_if_exists(cclass, auto_method_name, vfilespec); cclass.enable_default_setter(); } @@ -677,16 +709,11 @@ static void add_header_attribute(HashStr ); } -static void output_sole_piece(Request& r, - bool header_only, - VFile& body_file, - Value* body_file_content_type) { +static void output_sole_piece(Request& r, bool header_only, VFile& body_file, Value* body_file_content_type) { // transcode text body when "text/*" or simple result String::C output(body_file.value_ptr(), body_file.value_size()); if(!body_file_content_type/*vstring.as_vfile*/ || body_file_content_type->as_string().pos("text/")==0) - output=Charset::transcode(output, - r.charsets.source(), - r.charsets.client()); + output=Charset::transcode(output, r.charsets.source(), r.charsets.client()); // prepare header: Content-Length SAPI::add_header_attribute(r.sapi_info, HTTP_CONTENT_LENGTH, format(output.length, "%u")); @@ -728,16 +755,10 @@ static void parse_range(const String* s, } } -static void output_pieces(Request& r, - bool header_only, - const String& filename, - size_t content_length, - Value& date, - bool add_last_modified) -{ +static void output_pieces(Request& r, bool header_only, const String& filename, size_t content_length, Value& date, bool add_last_modified) { SAPI::add_header_attribute(r.sapi_info, "accept-ranges", "bytes"); - const size_t BUFSIZE = 10*0x400; + const size_t BUFSIZE = 128*0x400; char buf[BUFSIZE]; const char *range = SAPI::Env::get(r.sapi_info, "HTTP_RANGE"); size_t offset=0; @@ -790,10 +811,8 @@ static void output_pieces(Request& r, size_t to_read = 0; size_t size = 0; do{ - to_read = part_lengthfields().get(response_body_file_name)) { // $response:[download|body][$.file[filespec]] -- optput specified file const String& sresponse_body_file=vresponse_body_file->as_string(); - size_t content_length=0; + uint64_t content_length=0; time_t atime=0, mtime=0, ctime=0; - file_stat(absolute(sresponse_body_file), - content_length, - atime, mtime, ctime); + file_stat(absolute(sresponse_body_file), content_length, atime, mtime, ctime); VDate* vdate=0; if(Value* v=body_file->fields().get("mdate")) { @@ -875,18 +892,13 @@ void Request::output_result(VFile* body_ if(!vdate) vdate=new VDate((pa_time_t)mtime); - output_pieces(*this, header_only, - sresponse_body_file, - content_length, - *vdate, - info.add_last_modified); + output_pieces(*this, header_only, sresponse_body_file, (size_t)content_length, *vdate, info.add_last_modified); } else { if(body_file_content_type) if(HashStringValue *hash=body_file_content_type->get_hash()) body_file_content_type=hash->get(value_name); - output_sole_piece(*this, header_only, - *body_file, body_file_content_type); + output_sole_piece(*this, header_only, *body_file, body_file_content_type); } } @@ -903,16 +915,14 @@ const String& Request::mime_type_of(cons if(const String* result=mime_types->item(1)) return *result; else - throw Exception(PARSER_RUNTIME, - 0, - MIME_TYPES_NAME " table column elements must not be empty"); + throw Exception(PARSER_RUNTIME, 0, MIME_TYPES_NAME " table column elements must not be empty"); } } return *new String("application/octet-stream"); } -const String* Request::get_used_filename(uint file_no){ +const String* Request::get_used_filespec(uint file_no){ if(file_no < file_list.count()) return new String(file_list[file_no], String::L_TAINTED); return 0;