1 // This module handles HTTP transactions.
3 // Copyright (c) 1996-2023 by the citadel.org team
5 // This program is open source software. Use, duplication, or
6 // disclosure is subject to the GNU General Public License v3.
10 // Write data to the HTTP client. Encrypt if necessary.
11 int client_write(struct client_handle *ch, char *buf, int nbytes) {
13 return client_write_ssl(ch, buf, nbytes);
16 return write(ch->sock, buf, nbytes);
21 // Read data from the HTTP client. Decrypt if necessary.
22 // Returns number of bytes read, or -1 to indicate an error.
23 int client_read(struct client_handle *ch, char *buf, int nbytes) {
25 return client_read_ssl(ch, buf, nbytes);
28 int bytes_received = 0;
29 int bytes_this_block = 0;
30 while (bytes_received < nbytes) {
31 bytes_this_block = read(ch->sock, &buf[bytes_received], nbytes - bytes_received);
32 if (bytes_this_block < 1) {
35 bytes_received += bytes_this_block;
42 // Read a newline-terminated line of text from the client.
43 // Implemented in terms of client_read() and is therefore transparent...
44 // Returns the string length or -1 for error.
45 int client_readline(struct client_handle *ch, char *buf, int maxbytes) {
53 while (len < maxbytes) {
54 c = client_read(ch, &buf[len], 1);
56 syslog(LOG_DEBUG, "Socket error or zero-length read");
59 if (buf[len] == '\n') {
60 if ((len > 0) && (buf[len - 1] == '\r')) {
72 // printf() type function to send data to the web client.
73 void client_printf(struct client_handle *ch, const char *format, ...) {
75 StrBuf *Buf = NewStrBuf();
77 va_start(arg_ptr, format);
78 StrBufVAppendPrintf(Buf, format, arg_ptr);
81 client_write(ch, (char *) ChrPtr(Buf), StrLength(Buf));
86 // Push one new header into the response of an HTTP request.
87 // When completed, the HTTP transaction now owns the memory allocated for key and val.
88 void add_response_header(struct http_transaction *h, char *key, char *val) {
89 struct keyval new_response_header;
90 new_response_header.key = key;
91 new_response_header.val = val;
92 array_append(h->response_headers, &new_response_header);
96 // Entry point for this layer. Socket is connected. If running as an HTTPS
97 // server, SSL has already been negotiated. Now perform one transaction.
98 void perform_one_http_transaction(struct client_handle *ch) {
102 struct http_transaction h;
104 struct sockaddr_in sin;
105 int i; // general purpose iterator variable
107 memset(&h, 0, sizeof h);
108 h.request_headers = array_new(sizeof(struct keyval));
109 h.request_parms = array_new(sizeof(struct keyval));
110 h.response_headers = array_new(sizeof(struct keyval));
112 while (len = client_readline(ch, buf, sizeof buf), (len > 0)) {
115 if (lines_read == 1) { // First line is method and URL.
116 c = strchr(buf, ' '); // IGnore the HTTP-version.
118 h.method = strdup("NULL");
123 h.method = strdup(buf);
134 else { // Subsequent lines are headers.
135 c = strchr(buf, ':'); // Header line folding is obsolete so we don't support it.
138 struct keyval new_request_header;
140 new_request_header.key = strdup(buf);
142 new_request_header.val = strdup(c);
143 string_trim(new_request_header.key);
144 string_trim(new_request_header.val);
145 array_append(h.request_headers, &new_request_header);
147 syslog(LOG_DEBUG, "{ %s: %s", new_request_header.key, new_request_header.val);
154 // If the URL had any query parameters in it, parse them out now.
155 char *p = (h.url ? strchr(h.url, '?') : NULL);
157 *p++ = 0; // insert a null to remove parameters from the URL
158 char *tok, *saveptr = NULL;
159 for (tok = strtok_r(p, "&", &saveptr); tok!=NULL; tok = strtok_r(NULL, "&", &saveptr)) {
160 char *eq = strchr(tok, '=');
165 kv.key = strdup(tok);
167 array_append(h.request_parms, &kv);
169 syslog(LOG_DEBUG, "| %s = %s", kv.key, kv.val);
175 // build up the site prefix, such as https://foo.bar.com:4343
176 h.site_prefix = malloc(256);
177 strcpy(h.site_prefix, (is_https ? "https://" : "http://"));
178 char *hostheader = header_val(&h, "Host");
180 strcat(h.site_prefix, hostheader);
183 strcat(h.site_prefix, "127.0.0.1");
185 socklen_t llen = sizeof(sin);
186 if (getsockname(ch->sock, (struct sockaddr *) &sin, &llen) >= 0) {
187 sprintf(&h.site_prefix[strlen(h.site_prefix)], ":%d", ntohs(sin.sin_port));
190 // Now try to read in the request body (if one is present)
192 syslog(LOG_DEBUG, "Client disconnected");
196 syslog(LOG_DEBUG, "< %s %s", h.method, h.url);
199 // If there is a request body, read it now.
200 char *ccl = header_val(&h, "Content-Length");
202 h.request_body_length = atol(ccl);
204 if (h.request_body_length > 0) {
205 syslog(LOG_DEBUG, "Reading request body (%ld bytes)", h.request_body_length);
207 // Sometimes we need the request body by itself, sometimes we need it with headers.
208 // So we save it with synthetic headers, and also provide a pointer into the place where the body begins.
210 char *cct = header_val(&h, "Content-Type");
212 h.request_body_with_synth_headers = malloc(h.request_body_length + 1024);
213 memset(h.request_body_with_synth_headers, h.request_body_length + 1024, 0);
214 sprintf(h.request_body_with_synth_headers, "Content-Type: %s\r\n\r\n", cct);
215 h.request_body = h.request_body_with_synth_headers + strlen(h.request_body_with_synth_headers);
217 else { // a request body absent a Content-Type: header is invalid, but handle it anyway.
218 h.request_body_with_synth_headers = malloc(h.request_body_length);
219 memset(h.request_body_with_synth_headers, h.request_body_length, 0);
220 h.request_body = h.request_body_with_synth_headers;
223 client_read(ch, h.request_body, h.request_body_length);
225 // Write the entire request body to stderr -- not what you want during normal operation.
226 #ifdef REQUEST_BODY_TO_STDERR
227 write(2, HKEY("--- REQUEST BODY BEGIN ---\n"));
228 write(2, h.request_body, h.request_body_length);
229 write(2, HKEY("--- REQUEST BODY END ---\n"));
234 // Now pass control up to the next layer to perform the request.
237 // Write the entire response body to stderr -- not what you want during normal operation.
238 #ifdef RESPONSE_BODY_TO_STDERR
239 write(2, HKEY("--- RESPONSE BODY BEGIN ---\n"));
240 write(2, h.response_body, h.response_body_length);
241 write(2, HKEY("--- RESPONSE BODY END ---\n"));
244 // Output the results back to the client.
246 syslog(LOG_DEBUG, "> %03d %s", h.response_code, h.response_string);
248 client_printf(ch, "HTTP/1.1 %03d %s\r\n", h.response_code, h.response_string);
249 client_printf(ch, "Connection: close\r\n");
250 client_printf(ch, "Content-Length: %ld\r\n", h.response_body_length);
251 char *datestring = http_datestring(time(NULL));
253 client_printf(ch, "Date: %s\r\n", datestring);
257 client_printf(ch, "Content-encoding: identity\r\n"); // change if we gzip/deflate
258 int number_of_response_headers = array_len(h.response_headers);
259 for (i=0; i<number_of_response_headers; ++i) {
260 struct keyval *kv = array_get_element_at(h.response_headers, i);
262 syslog(LOG_DEBUG, "} %s: %s", kv->key, kv->val);
264 client_printf(ch, "%s: %s\r\n", kv->key, kv->val);
266 client_printf(ch, "\r\n");
267 if ((h.response_body_length > 0) && (h.response_body != NULL)) {
268 client_write(ch, h.response_body, h.response_body_length);
272 // free the transaction memory
273 while (array_len(h.request_headers) > 0) {
274 struct keyval *kv = array_get_element_at(h.request_headers, 0);
275 if (kv->key) free(kv->key);
276 if (kv->val) free(kv->val);
277 array_delete_element_at(h.request_headers, 0);
279 array_free(h.request_headers);
280 while (array_len(h.request_parms) > 0) {
281 struct keyval *kv = array_get_element_at(h.request_parms, 0);
282 if (kv->key) free(kv->key);
283 if (kv->val) free(kv->val);
284 array_delete_element_at(h.request_parms, 0);
286 array_free(h.request_parms);
287 while (array_len(h.response_headers) > 0) {
288 struct keyval *kv = array_get_element_at(h.response_headers, 0);
289 if (kv->key) free(kv->key);
290 if (kv->val) free(kv->val);
291 array_delete_element_at(h.response_headers, 0);
293 array_free(h.response_headers);
300 if (h.request_body_with_synth_headers) {
301 free(h.request_body_with_synth_headers);
303 if (h.response_string) {
304 free(h.response_string);
312 // Utility function to fetch a specific header from a completely read-in request.
313 // Returns the value of the requested header, or NULL if the specified header was not sent.
314 // The caller does NOT own the memory of the returned pointer, but can count on the pointer
315 // to still be valid through the end of the transaction.
316 char *header_val(struct http_transaction *h, char *requested_header) {
319 for (i=0; i<array_len(h->request_headers); ++i) {
320 kv = array_get_element_at(h->request_headers, i);
321 if (!strcasecmp(kv->key, requested_header)) {
329 // Utility function to fetch a specific URL parameter from a completely read-in request.
330 // Returns the value of the requested parameter, or NULL if the specified parameter was not sent.
331 // The caller does NOT own the memory of the returned pointer, but can count on the pointer
332 // to still be valid through the end of the transaction.
333 char *get_url_param(struct http_transaction *h, char *requested_param) {
336 for (i=0; i<array_len(h->request_parms); ++i) {
337 kv = array_get_element_at(h->request_parms, i);
338 if (!strcasecmp(kv->key, requested_param)) {