--- parser3/src/main/pa_http.C 2009/08/21 08:38:55 1.34 +++ parser3/src/main/pa_http.C 2020/10/12 21:57:20 1.91 @@ -1,20 +1,28 @@ /** @file Parser: http support functions. - Copyright(c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2017 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_HTTP_C="$Date: 2009/08/21 08:38:55 $"; - #include "pa_http.h" #include "pa_common.h" +#include "pa_base64.h" #include "pa_charsets.h" #include "pa_request_charsets.h" #include "pa_request.h" #include "pa_vfile.h" #include "pa_random.h" +volatile const char * IDENT_PA_HTTP_C="$Id: pa_http.C,v 1.91 2020/10/12 21:57:20 moko Exp $" IDENT_PA_HTTP_H; + +#ifdef _MSC_VER +#include +#define socklen_t int +#else +#define closesocket close +#endif + // defines #define HTTP_METHOD_NAME "method" @@ -22,163 +30,228 @@ static const char * const IDENT_HTTP_C=" #define HTTP_BODY_NAME "body" #define HTTP_TIMEOUT_NAME "timeout" #define HTTP_HEADERS_NAME "headers" -#define HTTP_COOKIES_NAME "cookies" #define HTTP_FORM_ENCTYPE_NAME "enctype" #define HTTP_ANY_STATUS_NAME "any-status" -#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.form[...]$.method[post]] - // by default add charset to content-type - -#define HTTP_TABLES_NAME "tables" +#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.method[post]] by default adds charset to content-type #define HTTP_USER "user" #define HTTP_PASSWORD "password" +#define HTTP_USER_AGENT "user-agent" #define DEFAULT_USER_AGENT "parser3" -# ifndef INADDR_NONE -# define INADDR_NONE ((ulong) -1) -# endif +#ifndef INADDR_NONE +#define INADDR_NONE ((ulong) -1) +#endif #undef CRLF #define CRLF "\r\n" +// helpers + +bool HTTP_Headers::add_header(const char *line){ + const char *value=strchr(line, ':'); + + if(value && value != line){ // we need only headers, not the response code + Header header(str_upper(line, value-line), String::Body(value+1).trim(String::TRIM_BOTH, " \t\n\r")); + + if(header.name == String::Body(HTTP_CONTENT_TYPE_UPPER) && content_type.is_empty()) + content_type=header.value; + + if(header.name == String::Body("CONTENT-LENGTH") && content_length==0) + content_length=pa_atoul(header.value.cstr(), 10); + + headers+=header; + + return true; + } + return false; +} + +class Cookies_table_template_columns: public ArrayString { +public: + Cookies_table_template_columns() { + *this+=new String("name"); + *this+=new String("value"); + *this+=new String("expires"); + *this+=new String("max-age"); + *this+=new String("domain"); + *this+=new String("path"); + *this+=new String("httponly"); + *this+=new String("secure"); + } +}; + + static bool set_addr(struct sockaddr_in *addr, const char* host, const short port){ memset(addr, 0, sizeof(*addr)); addr->sin_family=AF_INET; addr->sin_port=htons(port); if(host) { - ulong packed_ip=inet_addr(host); - if(packed_ip!=INADDR_NONE) - memcpy(&addr->sin_addr, &packed_ip, sizeof(packed_ip)); - else { - struct hostent *hostIP=gethostbyname(host); - if(hostIP) - memcpy(&addr->sin_addr, hostIP->h_addr, hostIP->h_length); - else - return false; - } - } else - addr->sin_addr.s_addr=INADDR_ANY; - return true; -} - -size_t guess_content_length(char* buf) { - char* ptr; - if((ptr=strstr(buf, "Content-Length:"))) // Apache - goto found; - if((ptr=strstr(buf, "content-length:"))) // Parser 3 - goto found; - if((ptr=strstr(buf, "Content-length:"))) // maybe 1 - goto found; - if((ptr=strstr(buf, "CONTENT-LENGTH:"))) // maybe 2 - goto found; - return 0; -found: - char *error_pos; - size_t result=(size_t)strtol(ptr+15/*strlen("CONTENT-LENGTH:")*/, &error_pos, 0); - - const size_t reasonable_initial_max=0x400*0x400*10 /*10M*/; - if(result>reasonable_initial_max) // sanity check - return reasonable_initial_max; - return 0;//result; + struct hostent *hostIP=gethostbyname(host); + if(hostIP && hostIP->h_addrtype == AF_INET){ + memcpy(&addr->sin_addr, hostIP->h_addr, hostIP->h_length); + return true; + } + } + return false; } -static int http_read_response(char*& response, size_t& response_size, int sock, bool fail_on_status_ne_200) { - int result=0; - // fetching some to local buffer, guessing on possible content-length - response_size=0x400*20; // initial size if content-length could not be determined - const size_t preview_size=0x400*20; - char preview_buf[preview_size+1/*terminator*/]; // 20K buffer to preview headers - ssize_t received_size=recv(sock, preview_buf, preview_size, 0); - if(received_size==0) - goto done; - if(received_size<0) { - if(int no=pa_socks_errno()) - throw Exception("http.timeout", - 0, - "error receiving response header: %s (%d)", pa_socks_strerr(no), no); - goto done; - } - // terminator [helps futher string searches] - preview_buf[received_size]=0; - // checking status - if(char* EOLat=strstr(preview_buf, "\n")) { - const String status_line(pa_strdup(preview_buf, EOLat-preview_buf)); - ArrayString astatus; - size_t pos_after=0; - status_line.split(astatus, pos_after, " "); - const String& status_code=*astatus.get(astatus.count()>1?1:0); - result=status_code.as_int(); - - if(fail_on_status_ne_200 && result!=200) - throw Exception("http.status", - &status_code, - "invalid HTTP response status"); +class HTTP_response : public PA_Allocated { +public: + char *buf; + size_t length; + size_t buf_size; + size_t body_offset; + + HTTP_Headers headers; + const String &url; + + HTTP_response(const String& aurl) : buf(NULL), length(0), buf_size(0), body_offset(0), url(aurl){} + + void resize(size_t size){ + buf_size=size; + buf=(char *)pa_realloc(buf, size + 1); } - // detecting response_size - { - if(size_t content_length=guess_content_length(preview_buf)) - response_size=preview_size+content_length; // a little more than needed, will adjust response_size by actual received size later + + bool read(int sock, size_t size){ + if(length+size>buf_size) + resize(buf_size*2 + size); + ssize_t received_size=recv(sock, buf + length, size, 0); + if(received_size==0) + return false; + if(received_size<0) { + if(int no=pa_socks_errno()) + throw Exception("http.timeout", &url, "error receiving response body: %s (%d)", pa_socks_strerr(no), no); + return false; + } + length+=received_size; + buf[length]='\0'; + return true; } - // [gcc is happier this way, see goto above] - { - // allocating initial buf - response=(char*)pa_malloc_atomic(response_size+1/*terminator*/); // just setting memory block type - char* ptr=response; - size_t todo_size=response_size; - // coping part of already received body - memcpy(ptr, preview_buf, received_size); - ptr+=received_size; - todo_size-=received_size; - - // we use terminator byte for two purposes here: - // 1. we return there zero always, not knowing: maybe they would want to create String form $file.body? - // invariant: all Strings should have zero-terminated buffers - // 2. we use that out-of-size byte to detect if our content-length guess was wrong - // when recv gets more than we expected - // a) we know that the content-length guess was wrong - // b) we have space to put the first byte of extra data - // c) we use less code to detect normal situation: on last while-cycle recv expected to just return 0 - while(true) { - received_size=recv(sock, ptr, todo_size+1/*there is always a place for terminator*/, 0); - if(received_size==0) { - response_size-=todo_size; // in case we received less than expected, cut down the reported size + size_t first_line(){ + char *header=strchr(buf, '\n'); + if(!header) + return false; + + return header-buf; + } + + const char *status_code(char *status_line, int &result){ + char* status_start = strchr(status_line, ' '); + + if(!(status_start++)) + return status_line; + + char* status_end=strchr(status_start, ' '); + + if(!status_end) + return status_line; + + if(status_end==status_start) + return status_line; + + const char *result_str=pa_strdup(status_start, status_end-status_start); + result=pa_atoui(result_str, 10); + return result_str; + } + + bool body_start(){ + char *p=buf; + while((p=strchr(p, '\n'))) { + if(p[1]=='\r' && p[2]=='\n'){ // \r\n\r\n + *p='\0'; + body_offset=p-buf+3; + return true; + } + if(p[1]=='\n') { // \n\n + *p='\0'; + body_offset=p-buf+2; + return true; + } + p++; + } + return false; + } + + void parse_headers(){ + const String header_block(buf, String::L_TAINTED); + + ArrayString aheaders; + header_block.split(aheaders, 0, "\n"); + + Array_iterator i(aheaders); + i.next(); // skipping status + for(;i.has_next();){ + const char *line=i.next()->cstr(); + if(!headers.add_header(line)) + throw Exception("http.response", &url, "bad response from host - bad header \"%s\"", line); + } + } + + int read_response(int sock, bool fail_on_status_ne_200); +}; + +enum HTTP_response_state { + HTTP_STATUS_CODE, + HTTP_HEADERS, + HTTP_BODY +}; + +int HTTP_response::read_response(int sock, bool fail_on_status_ne_200) { + HTTP_response_state state=HTTP_STATUS_CODE; + int result=0; + + size_t chunk_size=0x400*16; + resize(2*chunk_size); + + while(read(sock, chunk_size)){ + switch(state){ + case HTTP_STATUS_CODE: { + size_t status_size=first_line(); + if(!status_size) + break; + + const char *status=status_code(pa_strdup(buf, status_size), result); + + if(!result || fail_on_status_ne_200 && result!=200) + throw Exception("http.status", status ? new String(status) : &String::Empty, "invalid HTTP response status"); + + state=HTTP_HEADERS; + } + + case HTTP_HEADERS: { + if(!body_start()) + break; + + parse_headers(); + + size_t content_length=check_file_size(headers.content_length, url); + if(content_length>0 && (content_length + body_offset) > length){ + resize(content_length + body_offset + 0x400*64); + } + + state=HTTP_BODY; break; } - if(received_size<0) { - if(int no=pa_socks_errno()) - throw Exception("http.timeout", - 0, - "error receiving response body: %s (%d)", pa_socks_strerr(no), no); + + case HTTP_BODY: { + chunk_size=0x400*64; break; } - // they've touched the terminator? - if((size_t)received_size>todo_size) - { - // that means that our guessed response_size was not big enough - const size_t grow_chunk_size=0x400*0x400; // 1M - response_size+=grow_chunk_size; - size_t ptr_offset=ptr-response; - response=(char*)pa_realloc(response, response_size+1/*terminator*/); - ptr=response+ptr_offset; - todo_size+=grow_chunk_size; - } - // can't do this before realloc: we need =0) closesocket(sock); - throw Exception("http.timeout", - 0, - "timeout occured while retrieving document"); + throw Exception("http.timeout", 0, "timeout occurred while retrieving document"); return 0; // never } else { alarm(timeout_secs); @@ -251,15 +293,11 @@ static int http_request(char*& response, struct sockaddr_in dest; if(!set_addr(&dest, host, port)) - throw Exception("http.host", - 0, - "can not resolve hostname \"%s\"", host); + throw Exception("http.host", 0, "can not resolve hostname \"%s\"", host); if((sock=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP/*0*/))<0) { int no=pa_socks_errno(); - throw Exception("http.connect", - 0, - "can not make socket: %s (%d)", pa_socks_strerr(no), no); + throw Exception("http.connect", 0, "can not make socket: %s (%d)", pa_socks_strerr(no), no); } // To enable SO_DONTLINGER (that is, disable SO_LINGER) @@ -278,30 +316,26 @@ static int http_request(char*& response, if(connect(sock, (struct sockaddr *)&dest, sizeof(dest))) { int no=pa_socks_errno(); - throw Exception("http.connect", - 0, - "can not connect to host \"%s\": %s (%d)", host, pa_socks_strerr(no), no); + throw Exception("http.connect", 0, "can not connect to host \"%s\": %s (%d)", host, pa_socks_strerr(no), no); } if(send(sock, request, request_size, 0)!=(ssize_t)request_size) { int no=pa_socks_errno(); - throw Exception("http.timeout", - 0, - "error sending request: %s (%d)", pa_socks_strerr(no), no); + throw Exception("http.timeout", 0, "error sending request: %s (%d)", pa_socks_strerr(no), no); } - result=http_read_response(response, response_size, sock, fail_on_status_ne_200); - closesocket(sock); + result=response.read_response(sock, fail_on_status_ne_200); + closesocket(sock); #ifdef PA_USE_ALARM - alarm(0); + alarm(0); #endif return result; } catch(...) { #ifdef PA_USE_ALARM - alarm(0); + alarm(0); #endif - if(sock>=0) - closesocket(sock); + if(sock>=0) + closesocket(sock); rethrow; } #ifdef PA_USE_ALARM @@ -313,25 +347,44 @@ static int http_request(char*& response, struct Http_pass_header_info { Request_charsets* charsets; String* request; - bool user_agent_specified; - bool content_type_specified; + bool* user_agent_specified; + bool* content_type_specified; + bool* content_type_url_encoded; }; #endif -static void http_pass_header(HashStringValue::key_type name, - HashStringValue::value_type value, + +char *pa_http_safe_header_name(const char *name) { + char *result=pa_strdup(name); + char *n=result; + if(!pa_isalpha((unsigned char)*n)) + *n++ = '_'; + for(; *n; ++n) { + if (!pa_isalnum((unsigned char)*n) && *n != '-' && *n != '_') + *n = '_'; + } + return result; +} + +static void http_pass_header(HashStringValue::key_type aname, + HashStringValue::value_type avalue, Http_pass_header_info *info) { - String aname=String(name, String::L_URI); + const char* name_cstr=aname.cstr(); - *info->request << aname << ": " - << attributed_meaning_to_string(*value, String::L_URI, false) - << CRLF; + if(strcasecmp(name_cstr, HTTP_CONTENT_LENGTH)==0) + return; + + String name=String(pa_http_safe_header_name(capitalize(name_cstr)), String::L_AS_IS); + String value=attributed_meaning_to_string(*avalue, String::L_HTTP_HEADER, true); + + *info->request << name << ": " << value << CRLF; - const String::Body name_upper=aname.change_case(info->charsets->source(), String::CC_UPPER); - if(name_upper==HTTP_USER_AGENT_UPPER) - info->user_agent_specified=true; - if(name_upper==HTTP_CONTENT_TYPE_UPPER) - info->content_type_specified=true; + if(strcasecmp(name_cstr, HTTP_USER_AGENT)==0) + *info->user_agent_specified=true; + if(strcasecmp(name_cstr, HTTP_CONTENT_TYPE)==0){ + *info->content_type_specified=true; + *info->content_type_url_encoded=pa_strncasecmp(value.cstr(), HTTP_CONTENT_TYPE_FORM_URLENCODED)==0; + } } static void http_pass_cookie(HashStringValue::key_type name, @@ -356,15 +409,11 @@ static const String* basic_authorization combined<key, *row->get(0), info->result); } -static void form_value2string( - HashStringValue::key_type key, - HashStringValue::value_type value, - String* result) -{ + +static void form_value2string(HashStringValue::key_type key, HashStringValue::value_type value, String* result) { if(const String* svalue=value->get_string()) form_string_value2string(key, *svalue, *result); else if(Table* tvalue=value->get_table()) { Form_table_value2string_info info(key, *result); tvalue->for_each(form_table_value2string, &info); } else - throw Exception(PARSER_RUNTIME, - new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value can be string or table only (file is allowed for $."HTTP_METHOD_NAME"[POST] + $."HTTP_FORM_ENCTYPE_NAME"["HTTP_CONTENT_TYPE_MULTIPART_FORMDATA"])", value->type()); + throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), + "is %s, " HTTP_FORM_NAME " option value can be string or table only (file is allowed for $." HTTP_METHOD_NAME "[POST] + $." HTTP_FORM_ENCTYPE_NAME "[" HTTP_CONTENT_TYPE_MULTIPART_FORMDATA "])", value->type()); } const char* pa_form2string(HashStringValue& form, Request_charsets& charsets) { String string; form.for_each(form_value2string, &string); - return string.transcode_and_untaint_cstr(String::L_URI, &charsets); + return string.untaint_and_transcode_cstr(String::L_URI, &charsets); } struct FormPart { Request* r; const char* boundary; - String string; + String* string; Form_table_value2string_info* info; + + struct BinaryBlock{ + const char* ptr; + size_t length; + + BinaryBlock(String* astring, Request* r): ptr(astring->untaint_and_transcode_cstr(String::L_AS_IS, &r->charsets)), length(strlen(ptr)){} + BinaryBlock(const char* aptr, size_t alength): ptr(aptr), length(alength){} + }; + + Array blocks; + + FormPart(Request* ar, const char* aboundary): r(ar), boundary(aboundary), string(new String()){} + + const char *post(size_t &length){ + if(blocks.count()){ + blocks+=BinaryBlock(string, r); + + length=0; + for(size_t i=0; icharsets.source(), part.r->charsets.client()) - << "\""; +static void form_part_boundary_header(FormPart& part, String::Body name, const char* file_name=0) { + *part.string << "--" << part.boundary << CRLF CONTENT_DISPOSITION_CAPITALIZED ": form-data; name=\"" << name << "\""; if(file_name){ if(strcmp(file_name, NONAME_DAT)!=0) - part.string << "; filename=\"" << file_name << "\""; - part.string << CRLF HTTP_CONTENT_TYPE ": " << part.r->mime_type_of(file_name); + *part.string << "; filename=\"" << file_name << "\""; + *part.string << CRLF HTTP_CONTENT_TYPE_CAPITALIZED ": " << part.r->mime_type_of(file_name); } - part.string << CRLF CRLF; + *part.string << CRLF CRLF; } -static void form_string_value2part( - HashStringValue::key_type key, - const String& value, - FormPart& part) -{ +static void form_string_value2part(HashStringValue::key_type key, const String& value, FormPart& part) { form_part_boundary_header(part, key); - part.string << Charset::transcode(value, part.r->charsets.source(), part.r->charsets.client()) << CRLF; + *part.string << value << CRLF; } -static void form_file_value2part( - HashStringValue::key_type key, - VFile& vfile, - FormPart& part) -{ +static void form_file_value2part(HashStringValue::key_type key, VFile& vfile, FormPart& part) { form_part_boundary_header(part, key, vfile.fields().get(name_name)->as_string().cstr()); - part.string.append_know_length(vfile.value_ptr(), vfile.value_size(), String::L_FILE_POST); - part.string << CRLF; + part.blocks+=FormPart::BinaryBlock(part.string, part.r); + part.blocks+=FormPart::BinaryBlock(vfile.value_ptr(), vfile.value_size()); + part.string=new String(); + *part.string << CRLF; } static void form_table_value2part(Table::element_type row, FormPart* part) { form_string_value2part(part->info->key, *row->get(0), *part); } -static void form_value2part( - HashStringValue::key_type key, - HashStringValue::value_type value, - FormPart& part) -{ +static void form_value2part(HashStringValue::key_type key, HashStringValue::value_type value, FormPart& part) { if(const String* svalue=value->get_string()) form_string_value2part(key, *svalue, part); else if(Table* tvalue=value->get_table()) { - Form_table_value2string_info info(key, part.string); + Form_table_value2string_info info(key, *part.string); part.info = &info; tvalue->for_each(form_table_value2part, &part); } else if(VFile* vfile=static_cast(value->as("file"))){ form_file_value2part(key, *vfile, part); } else - throw Exception(PARSER_RUNTIME, - new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value can be string, table or file only", value->type()); + throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), "is %s, " HTTP_FORM_NAME " option value can be string, table or file only", value->type()); } const char* pa_form2string_multipart(HashStringValue& form, Request& r, const char* boundary, size_t& post_size){ - FormPart formpart; - formpart.r=&r; - formpart.boundary=boundary; - formpart.info=NULL; + FormPart formpart(&r, boundary); form.for_each(form_value2part, formpart); - formpart.string << "--" << boundary << "--"; - post_size=formpart.string.length(); // very surprizing, but it calculates correct post_size even with binary files! - return formpart.string.untaint_cstr(String::L_AS_IS); // without transcoding + *formpart.string << "--" << boundary << "--"; + // @todo: return binary blocks here to save memory in pa_internal_file_read_http + return formpart.post(post_size); } -static void find_headers_end(char* p, - char*& headers_end_at, - char*& raw_body) -{ - raw_body=p; - // \n\n - // \r\n\r\n - while((p=strchr(p, '\n'))) { - headers_end_at=++p; // \n>.< - if(*p=='\r') // \r\n>\r?<\n - p++; - if(*p=='\n') { // \r\n\r>\n?< - raw_body=p+1; - return; - } +// Set-Cookie: name=value; Domain=docs.foo.com; Path=/accounts; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly +static ArrayString* parse_cookie(Request& r, const String& cookie) { + char *current=pa_strdup(cookie.cstr()); + + const String* name=0; + const String* value=&String::Empty; + const String* expires=&String::Empty; + const String* max_age=&String::Empty; + const String* path=&String::Empty; + const String* domain=&String::Empty; + const String* httponly=&String::Empty; + const String* secure=&String::Empty; + + bool first_pair=true; + + do { + if(char *meaning=search_stop(current, ';')) + if(char *attribute=search_stop(meaning, '=')) { + const String* sname=new String(unescape_chars(attribute, strlen(attribute), &r.charsets.source(), true/*don't convert '"' to space*/), String::L_TAINTED); + const String* smeaning=0; + if(meaning) + smeaning=new String(unescape_chars(meaning, strlen(meaning), &r.charsets.source(), true/*don't convert '"' to space*/), String::L_TAINTED); + + if(first_pair) { + // name + value + name=sname; + value=smeaning; + first_pair=false; + } else { + const String& slower=sname->change_case(r.charsets.source(), String::CC_LOWER); + + if(slower == "expires") + expires=smeaning; + else if(slower == "max-age") + max_age=smeaning; + else if(slower == "domain") + domain=smeaning; + else if(slower == "path") + path=smeaning; + else if(slower == "httponly") + httponly=new String("1", String::L_CLEAN); + else if(slower == "secure") + secure=new String("1", String::L_CLEAN); + else { + // todo@ ? + } + } + } + } while(current); + + if(!name) + return 0; + + ArrayString* result=new ArrayString(8); + *result+=name; + *result+=value; + *result+=expires; + *result+=max_age; + *result+=domain; + *result+=path; + *result+=httponly; + *result+=secure; + + return result; +} + +Table* parse_cookies(Request& r, Table *cookies){ + Table& result=*new Table(new Cookies_table_template_columns); + + for(Array_iterator i(*cookies); i.has_next(); ) + if(ArrayString* row=parse_cookie(r, *i.next()->get(0))) + result+=row; + + return &result; +} + +void tables_update(HashStringValue& tables, const String::Body name, const String& value){ + Table *table; + if(Value *valready=tables.get(name)) { + // second+ appearence + table=valready->get_table(); + } else { + // first appearence + Table::columns_type columns=new ArrayString(1); + *columns+=new String("value"); + table=new Table(columns); + tables.put(name, new VTable(table)); } - headers_end_at=0; + // this string becomes next row + ArrayString& row=*new ArrayString(1); + row+=&value; + *table+=&row; } /// @todo build .cookies field. use ^file.tables.SET-COOKIES.menu{ for now -File_read_http_result pa_internal_file_read_http(Request& r, - const String& file_spec, - bool as_text, - HashStringValue *options, - bool transcode_text_result) { +File_read_http_result pa_internal_file_read_http(Request& r, const String& file_spec, bool as_text, HashStringValue *options, bool transcode_text_result) { File_read_http_result result; char host[MAX_STRING]; + const char *idna_host; const char* uri; - short port; + short port=80; const char* method="GET"; bool method_is_get=true; HashStringValue* form=0; - const char* body_cstr=0; int timeout_secs=2; bool fail_on_status_ne_200=true; bool omit_post_charset=false; Value* vheaders=0; Value* vcookies=0; Value* vbody=0; - Charset *asked_remote_charset=0; + Charset* asked_remote_charset=0; + Charset* real_remote_charset=0; const char* user_cstr=0; const char* password_cstr=0; const char* encode=0; @@ -558,8 +693,11 @@ File_read_http_result pa_internal_file_r omit_post_charset=vomit_post_charset->as_bool(); } if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { - asked_remote_charset=&charsets.get(vcharset_name->as_string(). - change_case(r.charsets.source(), String::CC_UPPER)); + asked_remote_charset=&pa_charsets.get(vcharset_name->as_string()); + } + if(Value* vresponse_charset_name=options->get(PA_RESPONSE_CHARSET_NAME)) { + valid_options++; + real_remote_charset=&pa_charsets.get(vresponse_charset_name->as_string()); } if(Value* vuser=options->get(HTTP_USER)) { valid_options++; @@ -571,62 +709,58 @@ File_read_http_result pa_internal_file_r } if(valid_options!=options->count()) - throw Exception(PARSER_RUNTIME, - 0, - "invalid option passed"); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } if(!asked_remote_charset) // defaulting to $request:charset asked_remote_charset=&(r.charsets).source(); if(encode){ if(method_is_get) - throw Exception(PARSER_RUNTIME, - 0, - "you can not use $."HTTP_FORM_ENCTYPE_NAME" option with method GET"); + throw Exception(PARSER_RUNTIME, 0, "you can not use $." HTTP_FORM_ENCTYPE_NAME " option with method GET"); multipart=strcasecmp(encode, HTTP_CONTENT_TYPE_MULTIPART_FORMDATA)==0; if(!multipart && strcasecmp(encode, HTTP_CONTENT_TYPE_FORM_URLENCODED)!=0) - throw Exception(PARSER_RUNTIME, - 0, - "$."HTTP_FORM_ENCTYPE_NAME" option value can be "HTTP_CONTENT_TYPE_FORM_URLENCODED" or "HTTP_CONTENT_TYPE_MULTIPART_FORMDATA" only"); + throw Exception(PARSER_RUNTIME, 0, "$." HTTP_FORM_ENCTYPE_NAME " option value can be " HTTP_CONTENT_TYPE_FORM_URLENCODED " or " HTTP_CONTENT_TYPE_MULTIPART_FORMDATA " only"); } if(vbody){ if(method_is_get) - throw Exception(PARSER_RUNTIME, - 0, - "you can not use $."HTTP_BODY_NAME" option with method GET"); + throw Exception(PARSER_RUNTIME, 0, "you can not use $." HTTP_BODY_NAME " option with method GET"); if(form) - throw Exception(PARSER_RUNTIME, - 0, - "you can not use options $."HTTP_BODY_NAME" and $."HTTP_FORM_NAME" together"); + throw Exception(PARSER_RUNTIME, 0, "you can not use options $." HTTP_BODY_NAME " and $." HTTP_FORM_NAME " together"); } //preparing request String& connect_string=*new String(file_spec); - String request_head_and_body; + const char* request; + size_t request_size; { // influence URLencoding of tainted pieces to String::L_URI lang Temp_client_charset temp(r.charsets, *asked_remote_charset); - const char* connect_string_cstr=connect_string.transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); + const char* connect_string_cstr=connect_string.untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); const char* current=connect_string_cstr; if(strncmp(current, "http://", 7)!=0) - throw Exception(PARSER_RUNTIME, - &connect_string, - "does not start with http://"); //never + throw Exception(PARSER_RUNTIME, &connect_string, "does not start with http://"); //never current+=7; strncpy(host, current, sizeof(host)-1); host[sizeof(host)-1]=0; char* host_uri=lsplit(host, '/'); uri=host_uri?current+(host_uri-1-host):"/"; char* port_cstr=lsplit(host, ':'); - char* error_pos=0; - port=port_cstr?(short)strtol(port_cstr, &error_pos, 0):80; + + if (port_cstr){ + char* error_pos=0; + port=(short)strtol(port_cstr, &error_pos, 10); + if(port==0 || *error_pos) + throw Exception(PARSER_RUNTIME, &connect_string, "invalid port number '%s'", port_cstr); + } + + idna_host=pa_idna_encode(host, r.charsets.source()); // making request head String head; @@ -634,193 +768,144 @@ File_read_http_result pa_internal_file_r if(method_is_get && form) head << (strchr(uri, '?')!=0?"&":"?") << pa_form2string(*form, r.charsets); - head <<" HTTP/1.0" CRLF "host: "<< host << CRLF; + head <<" HTTP/1.0" CRLF "Host: "<< idna_host; + if (port != 80) + head << ":" << port_cstr; + head << CRLF; - char* boundary=0; + char* boundary= multipart ? get_uuid_boundary() : 0; - if(multipart){ - uuid uuid=get_uuid(); - const int boundary_bufsize=10+32+1/*for zero-teminator*/+1/*for faulty snprintfs*/; - boundary=new(PointerFreeGC) char[boundary_bufsize]; - snprintf(boundary, boundary_bufsize, - "----------%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X", - uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, - uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, - uuid.node[0], uuid.node[1], uuid.node[2], - uuid.node[3], uuid.node[4], uuid.node[5]); - } + String user_headers; + bool user_agent_specified=false; + bool content_type_specified=false; + bool content_type_url_encoded=false; + if(vheaders && !vheaders->is_string()) { // allow empty + if(HashStringValue *headers=vheaders->get_hash()) { + Http_pass_header_info info={ + &(r.charsets), + &user_headers, + &user_agent_specified, + &content_type_specified, + &content_type_url_encoded}; + headers->for_each(http_pass_header, &info); + } else + throw Exception(PARSER_RUNTIME, 0, "headers param must be hash"); + }; + const char* request_body=0; size_t post_size=0; if(form && !method_is_get) { - head << HTTP_CONTENT_TYPE ": " << (multipart ? HTTP_CONTENT_TYPE_MULTIPART_FORMDATA : HTTP_CONTENT_TYPE_FORM_URLENCODED); + head << "Content-Type: " << (multipart ? HTTP_CONTENT_TYPE_MULTIPART_FORMDATA : HTTP_CONTENT_TYPE_FORM_URLENCODED); if(!omit_post_charset) head << "; charset=" << asked_remote_charset->NAME_CSTR(); if(multipart) { head << "; boundary=" << boundary; - body_cstr=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); + request_body=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); } else { - body_cstr=pa_form2string(*form, r.charsets); - post_size=strlen(body_cstr); + request_body=pa_form2string(*form, r.charsets); + post_size=strlen(request_body); } head << CRLF; - } else if (vbody) { - // transcode tainted pieces and then URI-encode them - body_cstr=vbody->as_string().untaint_cstr(String::L_AS_IS, 0, &(r.charsets)); - - // now transcode is needed only if own content-type was specified _and_ clean chars with code>127 are in the body - // @todo: I don't like the current behaviour - body_cstr=Charset::transcode( - String::C(body_cstr, strlen(body_cstr)), - r.charsets.source(), - *asked_remote_charset - ); - post_size=strlen(body_cstr); + } else if(vbody) { + // $.body was specified + if(content_type_url_encoded){ + // transcode + url-encode + request_body=vbody->as_string().untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); + } else { + // content-type != application/x-www-form-urlencoded -> transcode only, don't url-encode! + const String &sbody=vbody->as_string(); + request_body=Charset::transcode(String::C(sbody.cstr(), sbody.length()), r.charsets.source(), *asked_remote_charset).str; + } + post_size=strlen(request_body); } // http://www.ietf.org/rfc/rfc2617.txt if(const String* authorization_field_value=basic_authorization_field(user_cstr, password_cstr)) - head<<"authorization: "<<*authorization_field_value<is_string()) { // allow empty - if(HashStringValue *headers=vheaders->get_hash()) { - Http_pass_header_info info={&(r.charsets), &head, false}; - headers->for_each(http_pass_header, &info); - user_agent_specified=info.user_agent_specified; - content_type_specified=info.content_type_specified; - } else - throw Exception(PARSER_RUNTIME, - &connect_string, - "headers param must be hash"); - }; if(!user_agent_specified) // defaulting - head << HTTP_USER_AGENT ": " DEFAULT_USER_AGENT CRLF; + head << "User-Agent: " DEFAULT_USER_AGENT CRLF; if(form && !method_is_get && content_type_specified) // POST + form + content-type was specified - throw Exception(PARSER_RUNTIME, - &connect_string, - "$.content-type can't be specified with method POST"); + throw Exception(PARSER_RUNTIME, 0, "$.content-type can't be specified with method POST"); if(vcookies && !vcookies->is_string()){ // allow empty if(HashStringValue* cookies=vcookies->get_hash()) { - head << "cookie: "; - Http_pass_header_info info={&(r.charsets), &head, false}; + head << "Cookie: "; + Http_pass_header_info info={&(r.charsets), &head, 0, 0, 0}; cookies->for_each(http_pass_cookie, &info); head << CRLF; } else - throw Exception(PARSER_RUNTIME, - &connect_string, - "cookies param must be hash"); + throw Exception(PARSER_RUNTIME, 0, "cookies param must be hash"); } - if(body_cstr) - head << "content-length: " << format(post_size, "%u") << CRLF; - - // head + end of header - request_head_and_body << head.untaint_cstr(String::L_AS_IS, 0, &(r.charsets)) << CRLF; + if(request_body) + head << "Content-Length: " << format(post_size, "%u") << CRLF; + + head << CRLF; + + const char *request_head=head.untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); - // body - if(body_cstr) - request_head_and_body << body_cstr; + if(request_body){ + size_t head_size = strlen(request_head); + request_size=post_size + head_size; + char *ptr=(char *)pa_malloc_atomic(request_size); + memcpy(ptr, request_head, head_size); + memcpy(ptr+head_size, request_body, post_size); + request=ptr; + } else { + request_size=strlen(request_head); + request=request_head; + } } - const char* request_cstr=request_head_and_body.cstr(); - size_t request_size=strlen(request_cstr); - - if(multipart) - request_size=file_untaint(request_cstr, request_size); - char* response; - size_t response_size; + HTTP_response response(connect_string); // sending request - int status_code=http_request(response, response_size, - host, port, request_cstr, request_size, - timeout_secs, fail_on_status_ne_200); - - // processing results - char* raw_body; size_t raw_body_size; - char* headers_end_at; - find_headers_end(response, - headers_end_at, - raw_body); - raw_body_size=response_size-(raw_body-response); - + int status_code=http_request(response, idna_host, port, request, request_size, timeout_secs, fail_on_status_ne_200); + + // processing results + char* raw_body=response.buf + response.body_offset; + size_t raw_body_size=response.length - response.body_offset; + result.headers=new HashStringValue; VHash* vtables=new VHash; - result.headers->put(HTTP_TABLES_NAME, vtables); - Charset* real_remote_charset=0; // undetected, yet + result.headers->put("tables", vtables); - if(headers_end_at) { - *headers_end_at=0; - const String header_block(String::C(response, headers_end_at-response), String::L_TAINTED); - - ArrayString aheaders; - HashStringValue& tables=vtables->hash(); + if (!real_remote_charset && !response.headers.content_type.is_empty()) + real_remote_charset=detect_charset(response.headers.content_type.cstr()); - size_t pos_after=0; - header_block.split(aheaders, pos_after, "\n"); - - // processing headers - size_t aheaders_count=aheaders.count(); - for(size_t i=1; iget_table(); - } else { - // first appearence - Table::columns_type columns=new ArrayString(1); - *columns+=new String("value"); - table=new Table(columns); - } - // this string becomes next row - ArrayString& row=*new ArrayString(1); - row+=&HEADER_VALUE; - *table+=&row; - // not existed before? add it - if(!existed) - tables.put(HEADER_NAME, new VTable(table)); - } + if(as_text) + real_remote_charset=pa_charsets.checkBOM(raw_body, raw_body_size, real_remote_charset); - result.headers->put(HEADER_NAME, new VString(HEADER_VALUE)); - } - } + if (!real_remote_charset) + real_remote_charset=asked_remote_charset; // never null + + for(Array_iterator i(response.headers.headers); i.has_next(); ){ + HTTP_Headers::Header header=i.next(); + + header.transcode(*real_remote_charset, r.charsets.source()); + + String &header_value=*new String(header.value, String::L_TAINTED); - if(as_text && raw_body_size>=3 && strncmp(raw_body, "\xEF\xBB\xBF", 3)==0){ - // skip UTF-8 signature (BOM code) - raw_body+=3; - raw_body_size-=3; + tables_update(vtables->hash(), header.name, header_value); + result.headers->put(header.name, new VString(header_value)); } + // filling $.cookies + if(vcookies=vtables->hash().get("SET-COOKIE")) + result.headers->put(HTTP_COOKIES_NAME, new VTable(parse_cookies(r, vcookies->get_table()))); + // output response String::C real_body=String::C(raw_body, raw_body_size); if(as_text && transcode_text_result && raw_body_size) { // raw_body_size must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below - // defaulting to used-asked charset [it's never empty!] - if(!real_remote_charset) - real_remote_charset=asked_remote_charset; - real_body=Charset::transcode(real_body, *real_remote_charset, r.charsets.source()); - } result.str=const_cast(real_body.str); // hacking a little @@ -833,3 +918,210 @@ File_read_http_result pa_internal_file_r return result; } + +/* ********************** httpd *************************** */ + +class HTTPD_request : public HTTP_response { +public: + const char *method; + const char *uri; + + HTTPD_request() : HTTP_response(String::Empty), method(NULL), uri(NULL){}; + + const char *extract_method(char *method_line){ + char* uri_start = strchr(method_line, ' '); + + if(!uri_start || uri_start == method_line) + return NULL; + + char* uri_end=strchr(uri_start+1, ' '); + + if(!uri_end || uri_end == uri_start+1) + return NULL; + + uri=pa_strdup(uri_start+1, uri_end-uri_start-1); + return str_upper(method_line, uri_start-method_line); + } + + void read_header(int); + size_t read_post(int, char *, size_t); +}; + +enum HTTPD_request_state { + HTTPD_METHOD, + HTTPD_HEADERS +}; + +void HTTPD_request::read_header(int sock) { + enum HTTPD_request_state state = HTTPD_METHOD; + + size_t chunk_size = 0x400*4; + resize(chunk_size); + + while(read(sock, chunk_size)){ + switch(state){ + case HTTPD_METHOD: { + size_t method_size = first_line(); + if(!method_size) + break; + + char *method_line = pa_strdup(buf, method_size); + method = extract_method(method_line); + + if(!method || strcmp(method, "GET") && strcmp(method, "HEAD") && strcmp(method, "POST") && strcmp(method, "PUT") && strcmp(method, "DELETE")) + throw Exception("httpd.method", new String(method ? method : method_line), "invalid request method"); + state = HTTPD_HEADERS; + } + + case HTTPD_HEADERS: { + if(!body_start()) + break; + + parse_headers(); + return; + } + } + } + + if(state == HTTPD_METHOD) + throw Exception("httpd.request", 0, "bad request from host - no method found (size=%u)", length); + + if(state == HTTPD_HEADERS){ + parse_headers(); + body_offset=length; + } +} + +size_t HTTPD_request::read_post(int sock, char *body, size_t max_bytes) { + size_t total_read = min(length - body_offset, max_bytes); + memcpy(body, buf, total_read); + + while (total_read < max_bytes){ + ssize_t received_size = recv(sock, buf + total_read, max_bytes - total_read, 0); + if(received_size == 0) + return total_read; + if(received_size < 0) { + if(int no = pa_socks_errno()) + throw Exception("httpd.timeout", &url, "error receiving request body: %s (%d)", pa_socks_strerr(no), no); + return total_read; + } + total_read += received_size; + } + return total_read; +} + +/* ********************************************************** */ + +Array &HTTPD_Connection::headers() { + return request->headers.headers; +} + +const char *HTTPD_Connection::method() { + return request->method; +} + +const char *HTTPD_Connection::uri() { + return request->uri; +} + +const char *HTTPD_Connection::content_type() { + return request->headers.content_type.cstr(); +} + +uint64_t HTTPD_Connection::content_length(){ + return request->headers.content_length; +} + +void HTTPD_Connection::read_header(){ + request = new HTTPD_request(); + request->read_header(sock); +} + +size_t HTTPD_Connection::read_post(char *body, size_t max_bytes) { + return request->read_post(sock, body, max_bytes); +} + +size_t HTTPD_Connection::send_body(const void *buf, size_t size) { + if(send(sock, (const char*)buf, size, 0) != (ssize_t)size) { + int no=pa_socks_errno(); + throw Exception("httpd.timeout", 0, "error sending response: %s (%d)", pa_socks_strerr(no), no); + } + return size; +} + +static int sock_on = 1; + +int HTTPD_Server::bind(const char *host_port){ + struct sockaddr_in me; + + const char *port = strchr(host_port, ':'); + const char *host = NULL; + if(port && port > host_port){ + host = pa_strdup(host_port, port - host_port); + port += 1; + } else { + port = host_port; + } + + if(!set_addr(&me, host, pa_atoui(port, 10))){ + if (host) + throw Exception("httpd.bind", 0, "can not resolve hostname \"%s\"", host); + me.sin_addr.s_addr=INADDR_ANY; + } + + int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP/*0*/); + + if(sock < 0){ + int no=pa_socks_errno(); + throw Exception("httpd.bind", 0, "can not make socket: %s (%d)", pa_socks_strerr(no), no); + } + + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&sock_on, sizeof(sock_on)) || + setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (char *)&sock_on, sizeof(sock_on)) || + ::bind(sock, (struct sockaddr*)&me, sizeof(me)) || + listen(sock, 16)) { + closesocket(sock); + int no = pa_socks_errno(); + throw Exception("httpd.bind", 0, "can not bind socket: %s (%d)", pa_socks_strerr(no), no); + } + return sock; +} + +static int ready(int fd,int operation,int timeout_value){ + struct timeval timeout = {0, timeout_value * 1000}; + fd_set fds; + FD_ZERO(&fds); + FD_SET(fd, &fds); + switch (operation){ + case 0: return select(fd + 1, &fds, NULL, NULL, &timeout)>0; /* read */ + case 1: return select(fd + 1, NULL, &fds, NULL, &timeout)>0; /* write */ + default: return select(fd + 1, &fds, &fds, NULL, &timeout)>0; /* both */ + } +} + +HTTPD_Connection *HTTPD_Server::accept(int sock, int timeout_value) { + int ready = ::ready(sock, 0, timeout_value); + if (ready < 0) { + int no=pa_socks_errno(); + if(no == EINTR) + return NULL; + throw Exception("httpd.accept", 0, "error waiting for connection: %s (%d)", pa_socks_strerr(no), no); + } + if (ready == 0) { + /* Timeout */ + return NULL; + } + + struct sockaddr_in addr; + socklen_t sock_addr_len = sizeof(struct sockaddr_in); + memset(&addr, 0, sock_addr_len); + + int csock = ::accept(sock, (struct sockaddr *)&addr, &sock_addr_len); + if(csock == -1){ + int no=pa_socks_errno(); + throw Exception("httpd.accept", 0, "error accepting connection: %s (%d)", pa_socks_strerr(no), no); + } + + return new HTTPD_Connection(csock, pa_strdup(inet_ntoa(addr.sin_addr))); +} +