projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Skeleton code for filters.
[citadel.git] / webcit-ng / server / request.c
1 // This module sits directly above the HTTP layer.  By the time we get here,
2 // an HTTP request has been fully received and parsed.  Control is passed up
3 // to this layer to actually perform the request.  We then fill in the response
4 // and pass control back down to the HTTP layer to output the response back to
5 // the client.
6 //
7 // Copyright (c) 1996-2023 by the citadel.org team
8 //
9 // This program is open source software.  Use, duplication, or disclosure is subject to the GNU General Public License v3.
10
11 #include "webcit.h"
12
13
14 // Not found!  Wowzers.
15 void do_404(struct http_transaction *h) {
16         h->response_code = 404;
17         h->response_string = strdup("NOT FOUND");
18         add_response_header(h, strdup("Content-type"), strdup("text/plain"));
19         h->response_body = strdup("404 NOT FOUND\r\n");
20         h->response_body_length = strlen(h->response_body);
21 }
22
23
24 // Method not allowed
25 void do_405(struct http_transaction *h) {
26         h->response_code = 412;
27         h->response_string = strdup("METHOD NOT ALLOWED");
28 }
29
30
31 // Precondition failed (such as if-match)
32 void do_412(struct http_transaction *h) {
33         h->response_code = 412;
34         h->response_string = strdup("PRECONDITION FAILED");
35 }
36
37
38 // Succeed with no output
39 void do_204(struct http_transaction *h) {
40         h->response_code = 204;
41         h->response_string = strdup("No content");
42 }
43
44
45 // We throw an HTTP error "502 bad gateway" when we need to connect to Citadel, but can't.
46 void do_502(struct http_transaction *h) {
47         h->response_code = 502;
48         h->response_string = strdup("bad gateway");
49         add_response_header(h, strdup("Content-type"), strdup("text/plain"));
50         h->response_body = strdup(_("This program was unable to connect or stay connected to the Citadel server.  Please report this problem to your system administrator."));
51         h->response_body_length = strlen(h->response_body);
52 }
53
54
55 // Tell the client to authenticate using HTTP-AUTH (RFC 2617)
56 void request_http_authenticate(struct http_transaction *h) {
57         h->response_code = 401;
58         h->response_string = strdup("Unauthorized");
59         add_response_header(h, strdup("WWW-Authenticate"), strdup("Basic realm=\"Citadel Server\""));
60 }
61
62
63 // Easy and fun utility function to throw a redirect.
64 void http_redirect(struct http_transaction *h, char *to_where) {
65         syslog(LOG_DEBUG, "Redirecting to: %s", to_where);
66         h->response_code = 302;
67         h->response_string = strdup("Moved Temporarily");
68         add_response_header(h, strdup("Location"), strdup(to_where));
69         add_response_header(h, strdup("Content-type"), strdup("text/plain"));
70         h->response_body = strdup(to_where);
71         h->response_body_length = strlen(h->response_body);
72 }
73
74
75 // perform_request() is the entry point for *every* HTTP transaction.
76 void perform_request(struct http_transaction *h) {
77         struct ctdlsession *c;
78
79         // Determine which code path to take based on the beginning of the URL.
80         // This is implemented as a series of strncasecmp() calls rather than a
81         // lookup table in order to make the code more readable.
82
83         if (IsEmptyStr(h->url)) {       // Sanity check
84                 do_404(h);
85                 return;
86         }
87
88         // Right about here is where we should try to handle anything that doesn't start
89         // with the /ctdl/ prefix.
90         // Root (/) ...
91
92         if ((!strcmp(h->url, "/")) && (!strcasecmp(h->method, "GET"))) {
93                 http_redirect(h, "/ctdl/s/index.html");
94                 return;
95         }
96
97         // Legacy URL patterns (/readnew?gotoroom=xxx&start_reading_at=yyy) ...
98         // Direct room name (/my%20blog) ...
99
100         // HTTP-01 challenge [RFC5785 section 3, RFC8555 section 9.2]
101         if (!strncasecmp(h->url, HKEY("/.well-known"))) {       // Static content
102                 output_static(h);
103                 return;
104         }
105
106         if (!strcasecmp(h->url, "/favicon.ico")) {
107                 output_static(h);
108                 return;
109         }
110
111         // Everything below this line is strictly REST URL patterns.
112
113         if (strncasecmp(h->url, HKEY("/ctdl/"))) {              // Reject non-REST
114                 do_404(h);
115                 return;
116         }
117
118         if (!strncasecmp(h->url, HKEY("/ctdl/s/"))) {           // Static content
119                 output_static(h);
120                 return;
121         }
122
123         if (h->url[7] != '/') {
124                 do_404(h);
125                 return;
126         }
127
128         // Anything below this line:
129         //      1. Is in the format of /ctdl/?/*
130         //      2. Requires a connection to a Citadel server.
131
132         c = connect_to_citadel(h);
133         if (c == NULL) {
134                 do_502(h);
135                 return;
136         }
137
138         // WebDAV methods like OPTIONS and PROPFIND *require* a logged-in session,
139         // even if the Citadel server allows anonymous access.
140         if (IsEmptyStr(c->auth)) {
141                 if (       (!strcasecmp(h->method, "OPTIONS"))
142                         || (!strcasecmp(h->method, "PROPFIND"))
143                         || (!strcasecmp(h->method, "REPORT"))
144                         || (!strcasecmp(h->method, "DELETE"))
145                         || (!strcasecmp(h->method, "MOVE"))
146                         || (!strcasecmp(h->method, "COPY"))
147                 ) {
148                         request_http_authenticate(h);
149                         disconnect_from_citadel(c);
150                         return;
151                 }
152         }
153
154         // Break down the URL by path and send the request to the appropriate part of the program.
155         switch (h->url[6]) {
156         case 'a':               // /ctdl/a/ == RESTful path to admin functions
157                 ctdl_a(h, c);
158                 break;
159         case 'c':               // /ctdl/c/ == misc Citadel server commands
160                 ctdl_c(h, c);
161                 break;
162         case 'f':               // /ctdl/f/ == RESTful path to floors
163                 ctdl_f(h, c);
164                 break;
165         case 'r':               // /ctdl/r/ == RESTful path to rooms
166                 ctdl_r(h, c);
167                 break;
168         case 'u':               // /ctdl/u/ == RESTful path to users
169                 ctdl_u(h, c);
170                 break;
171         case 'p':               // /ctdl/p/ == RESTful path to upload functions
172                 ctdl_p(h, c);
173                 break;
174         default:
175                 do_404(h);
176         }
177
178         // Are we in an authenticated session?  If so, set a cookie so we stay logged in.
179         if (!IsEmptyStr(c->auth)) {
180                 char koekje[AUTH_MAX];
181                 char *exp = http_datestring(time(NULL) + (86400 * 30));
182                 snprintf(koekje, AUTH_MAX, "wcauth=%s; path=/ctdl/; Expires=%s", c->auth, exp); // warn
183                 free(exp);
184                 add_response_header(h, strdup("Set-Cookie"), strdup(koekje));
185         }
186
187         // Durlng development we are foiling the browser cache completely.  In production we'll be more selective.
188         add_response_header(h, strdup("Cache-Control"), strdup("no-store, must-revalidate"));
189         add_response_header(h, strdup("Pragma"), strdup("no-cache"));
190         add_response_header(h, strdup("Expires"), strdup("0"));
191
192         // Unbind from our Citadel server connection.
193         disconnect_from_citadel(c);
194 }
Citadel server, clients, utilities