// Upload handler
//
-// Copyright (c) 1996-2022 by the citadel.org team
+// Copyright (c) 1996-2023 by the citadel.org team
//
// This program is open source software. Use, duplication, or
// disclosure are subject to the GNU General Public License v3.
#include "webcit.h"
+Array *upload_list = NULL; // all files uploaded to this webcit instance
+pthread_mutex_t upload_list_mutex = PTHREAD_MUTEX_INITIALIZER; // Lock it before modifying
+
+
// This function is called by the MIME parser to handle data uploaded by the browser.
void upload_handler(char *name, char *filename, char *partnum, char *disp,
void *content, char *cbtype, char *cbcharset,
size_t length, char *encoding, char *cbid, void *userdata)
{
- syslog(LOG_DEBUG, "upload_handler()");
- syslog(LOG_DEBUG, " name: %s", name);
- syslog(LOG_DEBUG, " filename: %s", filename);
- syslog(LOG_DEBUG, " part number: %s", partnum);
- syslog(LOG_DEBUG, " disposition: %s", disp);
- syslog(LOG_DEBUG, "content type: %s", cbtype);
- syslog(LOG_DEBUG, " char set: %s", cbcharset);
- syslog(LOG_DEBUG, " length: %ld", length);
- syslog(LOG_DEBUG, " encoding: %s", encoding);
- syslog(LOG_DEBUG, " id: %s", cbid);
-
- // Write the upload to a file that we can pull later when the user saves the message.
- char tempfile[PATH_MAX];
- snprintf(tempfile, sizeof tempfile, "/tmp/ctdl_upload_XXXXXX");
- int fd = mkstemp(tempfile);
- if (fd < 0) {
- syslog(LOG_ERR, "upload: %s: %m", tempfile);
+ struct uploaded_file u;
+
+ // create a random ID for the attachment
+ for (int i=0; i<sizeof(u.id); ++i) {
+ u.id[i] = (rand() % 26) + 'a';
+ }
+ u.id[sizeof(u.id)-1] = 0;
+
+ syslog(LOG_DEBUG,
+ "upload_handler: name=%s, filename=%s, partnum=%s, disp=%s, cbtype=%s, cbcharset=%s, length=%ld, encoding=%s, cbid=%s",
+ name, filename, partnum, disp, cbtype, cbcharset, length, encoding, cbid
+ );
+
+ safestrncpy(u.filename, filename, sizeof(u.filename));
+ safestrncpy(u.content_type, cbtype, sizeof(u.content_type));
+ u.length = length;
+
+ // Write the upload to a file that we can access later when the user saves the message.
+ // tmpfile() creates a file with zero links in the directory, so it will be deleted when it is closed.
+ u.fp = tmpfile();
+ if (!u.fp) {
+ syslog(LOG_ERR, "upload: %m");
+ return;
+ }
+ if (fwrite(content, length, 1, u.fp) != 1) {
+ syslog(LOG_ERR, "upload: %m");
+ fclose(u.fp);
return;
}
- write(fd, content, length);
- close(fd);
+
+ // Add it to the list of uploads the server is holding.
+ pthread_mutex_lock(&upload_list_mutex);
+ if (upload_list == NULL) {
+ upload_list = array_new(sizeof(struct uploaded_file));
+ }
+ array_append(upload_list, &u);
+ pthread_mutex_unlock(&upload_list_mutex);
+
+ for (int i=0; i<array_len(upload_list); ++i) {
+ memcpy(&u, array_get_element_at(upload_list, i), sizeof(struct uploaded_file));
+ }
+
+ // Create a JSON object describing this upload
+ JsonValue *j_one_upload = NewJsonObject(HKEY(""));
+ JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), u.id, -1));
+ JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), u.filename, -1));
+ JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), u.content_type, -1));
+ JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), u.length));
+
+ // ...and attach it to the array of uploads
+ JsonValue *j_uploads = (JsonValue *) userdata;
+ JsonArrayAppend(j_uploads, j_one_upload);
}
+
// upload handler
void upload_files(struct http_transaction *h, struct ctdlsession *c) {
// FIXME reject uploads if we're not logged in
- // h->request_body will contain the upload(s) in MIME format
- mime_parser(h->request_body, (h->request_body + h->request_body_length), *upload_handler, NULL, NULL, NULL, 0);
+ // This will be a JSON Array of all files that were uploaded during this HTTP transaction.
+ // Normally the browser will upload only one file per transaction, but that behavior is not guaranteed.
+ JsonValue *j_uploads = NewJsonArray(HKEY(""));
+
+ // h->request_body_with_synth_headers will contain the upload(s) in MIME format including headers
+ mime_parser(h->request_body_with_synth_headers, (h->request_body+h->request_body_length), *upload_handler, NULL, NULL, j_uploads, 0);
+
+ // probably do something more clever here
+ h->response_code = 200;
+ h->response_string = strdup("OK");
+
+ // send back a JSON array of all files uploaded
+ StrBuf *sj = NewStrBuf();
+ SerializeJson(sj, j_uploads, 1); // '1' == free the source object
+ add_response_header(h, strdup("Content-type"), strdup("application/json"));
+ h->response_code = 200;
+ h->response_string = strdup("OK");
+ h->response_body_length = StrLength(sj);
+ h->response_body = SmashStrBuf(&sj);
+ syslog(LOG_DEBUG, "upload: %s", h->response_body);
+}
+
+
+// Caller has requested /ctdl/p or /ctdl/p/ but we still have to dispatch based on the method
+void ctdl_p_base(struct http_transaction *h, struct ctdlsession *c) {
+ upload_files(h, c); // we should only do this for POST requests
+}
+
+
+// delete an uploaded item
+void delete_upload(struct uploaded_file this_one) {
+ int i;
+ struct uploaded_file *u;
+
+ pthread_mutex_lock(&upload_list_mutex);
+ for (i=0; i<array_len(upload_list); ++i) {
+ u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
+ if (!strcmp(u->id, this_one.id)) {
+ fclose(u->fp); // this deletes the file because it has 0 links
+ array_delete_element_at(upload_list, i);
+ i = array_len(upload_list) + 1; // Go out of scope; we're done here
+ }
+ }
+ pthread_mutex_unlock(&upload_list_mutex);
+}
+
+
+// DAV delete an uploaded item
+void dav_delete_upload(struct http_transaction *h, struct ctdlsession *c, struct uploaded_file this_one) {
+ delete_upload(this_one);
+ do_204(h);
+}
+
+
+// Remove an uploaded item from the upload_list. Caller now owns the file handle and is responsible for closing it.
+struct uploaded_file pop_upload(char *id) {
+ int i;
+ struct uploaded_file *u;
+ struct uploaded_file ret;
+
+ memset(&ret, 0, sizeof(struct uploaded_file));
+
+ pthread_mutex_lock(&upload_list_mutex);
+ for (i=0; i<array_len(upload_list); ++i) {
+ u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
+ if (!strcmp(u->id, id)) {
+ ret = *u;
+ array_delete_element_at(upload_list, i);
+ i = array_len(upload_list) + 1; // Go out of scope; we're done here
+ }
+ }
+ pthread_mutex_unlock(&upload_list_mutex);
+
+ return(ret); // ret will be all-zeroes if we didn't find it
+}
+
+
+// When reloading attachments already in an existing message, accept only parts that are tagged as attachments.
+void attachment_filter(char *name, char *filename, char *partnum, char *disp,
+ void *content, char *cbtype, char *cbcharset,
+ size_t length, char *encoding, char *cbid, void *userdata)
+{
+ struct uploaded_file u;
+
+ if (!strcasecmp(disp, "attachment")) {
+ upload_handler(name, filename, partnum, disp, content, cbtype, cbcharset, length, encoding, cbid, userdata);
+ }
+}
+
+
+// Load the attachments from an existing message. This is typically used when forwarding a message,
+// so the attachments don't have to be sent out to the browser and back.
+void load_attachments_from_message(struct http_transaction *h, struct ctdlsession *c, char *name) {
+ syslog(LOG_DEBUG, "\033[33mload_attachments_from_message: method is \033[35m%s\033[33m, name is \033[33m%s\033[0m", h->method, name);
+
+ char buf[1024];
+ StrBuf *Body = NULL;
+
+ ctdl_printf(c, "MSG2 %ld", atol(name));
+ ctdl_readline(c, buf, sizeof buf);
+ if (buf[0] != '1') {
+ do_404(h);
+ return;
+ }
+
+ JsonValue *j_uploads = NewJsonArray(HKEY(""));
+ Body = NewStrBuf();
+ while (ctdl_readline(c, buf, sizeof buf), strcmp(buf, "000")) {
+ StrBufAppendPrintf(Body, "%s\n", buf);
+ }
+ char *raw_message = SmashStrBuf(&Body);
+ mime_parser(raw_message, NULL, *attachment_filter, NULL, NULL, j_uploads, 0);
+ free(raw_message);
// probably do something more clever here
h->response_code = 200;
h->response_string = strdup("OK");
+
+ // send back a JSON array of all files uploaded
+ StrBuf *sj = NewStrBuf();
+ SerializeJson(sj, j_uploads, 1); // '1' == free the source object
add_response_header(h, strdup("Content-type"), strdup("application/json"));
- h->response_body = "{}";
- h->response_body_length = strlen(h->response_body);
-}
\ No newline at end of file
+ h->response_code = 200;
+ h->response_string = strdup("OK");
+ h->response_body_length = StrLength(sj);
+ h->response_body = SmashStrBuf(&sj);
+ syslog(LOG_DEBUG, "upload: %s", h->response_body);
+}
+
+
+// Handle operations on a specific upload
+void specific_upload(struct http_transaction *h, struct ctdlsession *c, char *name) {
+ int i;
+ struct uploaded_file *u;
+ struct uploaded_file this_one;
+
+ syslog(LOG_DEBUG, "\033[33mspecific_upload: method is \033[35m%s\033[33m, name is \033[33m%s\033[0m", h->method, name);
+
+ // GET of a msgnum is a request to load the attachments from an existing message.
+ if ( (!strcasecmp(h->method, "GET")) && (atol(name) > 0) ) {
+ load_attachments_from_message(h, c, name);
+ return;
+ }
+
+ if (upload_list == NULL) {
+ do_404(h);
+ return;
+ }
+
+ memset(&this_one, 0, sizeof(struct uploaded_file));
+ pthread_mutex_lock(&upload_list_mutex);
+ for (i=0; i<array_len(upload_list); ++i) {
+ u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
+ if (!strcmp(u->id, name)) {
+ memcpy(&this_one, u, sizeof(struct uploaded_file));
+ i = array_len(upload_list) + 1; // Go out of scope; we're done here
+ }
+ }
+ pthread_mutex_unlock(&upload_list_mutex);
+
+ // If we found a matching ID, now dispatch based on the HTTP method.
+
+ if (IsEmptyStr(this_one.id)) { // didn't find a match
+ do_404(h);
+ }
+ else if (!strcasecmp(h->method, "GET")) { // fetch the item
+ do_405(h);
+ }
+ else if (!strcasecmp(h->method, "DELETE")) { // delete the item
+ dav_delete_upload(h, c, this_one);
+ }
+ else { // unsupported method
+ do_405(h);
+ }
+}
+
+
+// Dispatcher for paths starting with /ctdl/p/
+void ctdl_p(struct http_transaction *h, struct ctdlsession *c) {
+ char buf[SIZ];
+
+ if (num_tokens(h->url, '/') == 3) { // /ctdl/p
+ ctdl_p_base(h, c);
+ return;
+ }
+
+ extract_token(buf, h->url, 3, '/', sizeof buf);
+ if (num_tokens(h->url, '/') == 4) {
+ if (IsEmptyStr(buf)) {
+ ctdl_p_base(h, c); // /ctdl/p/
+ }
+ else {
+ specific_upload(h, c, &h->url[8]);
+ }
+ return;
+ }
+
+ // If we get to this point, the client requested an action we don't know how to perform.
+ do_404(h);
+}
projects / citadel.git / blobdiff