3 // Copyright (c) 1996-2023 by the citadel.org team
5 // This program is open source software. Use, duplication, or
6 // disclosure are subject to the GNU General Public License v3.
10 struct uploaded_file {
13 char content_type[256];
18 Array *upload_list = NULL; // all files uploaded to this webcit instance
19 pthread_mutex_t upload_list_mutex = PTHREAD_MUTEX_INITIALIZER; // Lock it before modifying
22 // This function is called by the MIME parser to handle data uploaded by the browser.
23 void upload_handler(char *name, char *filename, char *partnum, char *disp,
24 void *content, char *cbtype, char *cbcharset,
25 size_t length, char *encoding, char *cbid, void *userdata)
27 syslog(LOG_DEBUG, "upload_handler()");
28 syslog(LOG_DEBUG, " name: %s", name);
29 syslog(LOG_DEBUG, " filename: %s", filename);
30 syslog(LOG_DEBUG, " part number: %s", partnum);
31 syslog(LOG_DEBUG, " disposition: %s", disp);
32 syslog(LOG_DEBUG, "content type: %s", cbtype);
33 syslog(LOG_DEBUG, " char set: %s", cbcharset);
34 syslog(LOG_DEBUG, " length: %ld", length);
35 syslog(LOG_DEBUG, " encoding: %s", encoding);
36 syslog(LOG_DEBUG, " id: %s", cbid);
38 struct uploaded_file u;
40 safestrncpy(u.filename, filename, sizeof(u.filename));
41 safestrncpy(u.content_type, cbtype, sizeof(u.content_type));
44 // Write the upload to a file that we can access later when the user saves the message.
47 syslog(LOG_ERR, "upload: %m");
50 fwrite(content, length, 1, u.fp); // this file will be deleted by the OS when it is closed
52 // Add it to the list of uploads the server is holding.
53 pthread_mutex_lock(&upload_list_mutex);
54 if (upload_list == NULL) {
55 upload_list = array_new(sizeof(struct uploaded_file));
57 array_append(upload_list, &u);
58 pthread_mutex_unlock(&upload_list_mutex);
60 for (int i=0; i<array_len(upload_list); ++i) {
61 memcpy(&u, array_get_element_at(upload_list, i), sizeof(struct uploaded_file));
62 syslog(LOG_DEBUG, "%d: %s %s", i, u.id, u.filename);
65 // Create a JSON object describing this upload
66 JsonValue *j_one_upload = NewJsonObject(HKEY(""));
67 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), u.id, -1));
68 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), u.filename, -1));
69 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), u.content_type, -1));
70 JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), u.length));
72 // ...and attach it to the array of uploads
73 JsonValue *j_uploads = (JsonValue *) userdata;
74 JsonArrayAppend(j_uploads, j_one_upload);
78 void upload_files(struct http_transaction *h, struct ctdlsession *c) {
79 // FIXME reject uploads if we're not logged in
81 // This will be a JSON Array of all files that were uploaded during this HTTP transaction.
82 // Normally the browser will upload only one file per transaction, but that behavior is not guaranteed.
83 JsonValue *j_uploads = NewJsonArray(HKEY(""));
85 // h->request_body will contain the upload(s) in MIME format
86 mime_parser(h->request_body, (h->request_body + h->request_body_length), *upload_handler, NULL, NULL, j_uploads, 0);
88 // probably do something more clever here
89 h->response_code = 200;
90 h->response_string = strdup("OK");
92 // send back a JSON array of all files uploaded
93 StrBuf *sj = NewStrBuf();
94 SerializeJson(sj, j_uploads, 1); // '1' == free the source object
95 add_response_header(h, strdup("Content-type"), strdup("application/json"));
96 h->response_code = 200;
97 h->response_string = strdup("OK");
98 h->response_body_length = StrLength(sj);
99 h->response_body = SmashStrBuf(&sj);
103 // Caller has requested /ctdl/p or /ctdl/p/ but we still have to dispatch based on the method
104 void ctdl_p_base(struct http_transaction *h, struct ctdlsession *c) {
105 upload_files(h, c); // we should only do this for POST requests
109 // DAV delete an uploaded item
110 void dav_delete_upload(struct http_transaction *h, struct ctdlsession *c, struct uploaded_file this_one) {
112 struct uploaded_file *u;
114 pthread_mutex_lock(&upload_list_mutex);
115 for (i=0; i<array_len(upload_list); ++i) {
116 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
117 if (!strcmp(u->id, this_one.id)) {
118 fclose(u->fp); // this deletes the file because it has 0 links
119 array_delete_element_at(upload_list, i);
120 i = array_len(upload_list) + 1; // Go out of scope; we're done here
123 pthread_mutex_unlock(&upload_list_mutex);
129 // Handle operations on a specific upload
130 void specific_upload(struct http_transaction *h, struct ctdlsession *c, char *name) {
132 struct uploaded_file *u;
133 struct uploaded_file this_one;
135 if (upload_list == NULL) {
140 memset(&this_one, 0, sizeof(struct uploaded_file));
141 pthread_mutex_lock(&upload_list_mutex);
142 for (i=0; i<array_len(upload_list); ++i) {
143 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
144 if (!strcmp(u->id, name)) {
145 memcpy(&this_one, u, sizeof(struct uploaded_file));
146 i = array_len(upload_list) + 1; // Go out of scope; we're done here
149 pthread_mutex_unlock(&upload_list_mutex);
151 // If we found a matching ID, now dispatch based on the HTTP method.
153 if (IsEmptyStr(this_one.id)) { // didn't find a match
156 else if (!strcasecmp(h->method, "GET")) { // fetch the item
159 else if (!strcasecmp(h->method, "DELETE")) { // delete the item
160 dav_delete_upload(h, c, this_one);
162 else { // unsupported method
168 // Dispatcher for paths starting with /ctdl/p/
169 void ctdl_p(struct http_transaction *h, struct ctdlsession *c) {
172 if (num_tokens(h->url, '/') == 3) { // /ctdl/p
177 extract_token(buf, h->url, 3, '/', sizeof buf);
178 if (num_tokens(h->url, '/') == 4) {
179 if (IsEmptyStr(buf)) {
180 ctdl_p_base(h, c); // /ctdl/p/
183 specific_upload(h, c, &h->url[8]);
188 // If we get to this point, the client requested an action we don't know how to perform.