projects / citadel.git / blob
? search:


8c3fd44e0c5d12c771cfcb549ee0ccaa748f28a2
[citadel.git] / webcit-ng / server / upload.c
1 // Upload handler
2 //
3 // Copyright (c) 1996-2023 by the citadel.org team
4 //
5 // This program is open source software.  Use, duplication, or
6 // disclosure are subject to the GNU General Public License v3.
7
8 #include "webcit.h"
9
10 Array *upload_list = NULL;                                      // all files uploaded to this webcit instance
11 pthread_mutex_t upload_list_mutex = PTHREAD_MUTEX_INITIALIZER;  // Lock it before modifying
12
13
14 // This function is called by the MIME parser to handle data uploaded by the browser.
15 void upload_handler(char *name, char *filename, char *partnum, char *disp,
16                     void *content, char *cbtype, char *cbcharset,
17                     size_t length, char *encoding, char *cbid, void *userdata)
18 {
19         syslog(LOG_DEBUG, "upload_handler()");
20         syslog(LOG_DEBUG, "        name: %s", name);
21         syslog(LOG_DEBUG, "    filename: %s", filename);
22         syslog(LOG_DEBUG, " part number: %s", partnum);
23         syslog(LOG_DEBUG, " disposition: %s", disp);
24         syslog(LOG_DEBUG, "content type: %s", cbtype);
25         syslog(LOG_DEBUG, "    char set: %s", cbcharset);
26         syslog(LOG_DEBUG, "      length: %ld", length);
27         syslog(LOG_DEBUG, "    encoding: %s", encoding);
28         syslog(LOG_DEBUG, "          id: %s", cbid);
29         //fprintf(stderr, "\033[31m--------------------------------------------\n");
30         //write(content, length, 1, stderr);    // FIXME
31         //printf(stderr, "--------------------------------------------\033[0m\n");
32
33         struct uploaded_file u;
34
35         // create a random ID for the attachment
36         for (int i=0; i<sizeof(u.id); ++i) {
37                 u.id[i] = (rand() % 26) + 'a';
38         }
39         u.id[sizeof(u.id)-1] = 0;
40
41         safestrncpy(u.filename, filename, sizeof(u.filename));
42         safestrncpy(u.content_type, cbtype, sizeof(u.content_type));
43         u.length = length;
44
45         // Write the upload to a file that we can access later when the user saves the message.
46         // tmpfile() creates a file with zero links in the directory, so it will be deleted when it is closed.
47         u.fp = tmpfile();
48         if (!u.fp) {
49                 syslog(LOG_ERR, "upload: %m");
50                 return;
51         }
52         if (fwrite(content, length, 1, u.fp) != 1) {
53                 syslog(LOG_ERR, "upload: %m");
54                 fclose(u.fp);
55                 return;
56         }
57
58         // Add it to the list of uploads the server is holding.
59         pthread_mutex_lock(&upload_list_mutex);
60         if (upload_list == NULL) {
61                 upload_list = array_new(sizeof(struct uploaded_file));
62         }
63         array_append(upload_list, &u);
64         pthread_mutex_unlock(&upload_list_mutex);
65
66         for (int i=0; i<array_len(upload_list); ++i) {
67                 memcpy(&u, array_get_element_at(upload_list, i), sizeof(struct uploaded_file));
68                 syslog(LOG_DEBUG, "%d: %s %s", i, u.id, u.filename);
69         }
70
71         // Create a JSON object describing this upload
72         JsonValue *j_one_upload = NewJsonObject(HKEY(""));
73         JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), u.id, -1));
74         JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), u.filename, -1));
75         JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), u.content_type, -1));
76         JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), u.length));
77
78         // ...and attach it to the array of uploads
79         JsonValue *j_uploads = (JsonValue *) userdata;
80         JsonArrayAppend(j_uploads, j_one_upload);
81 }
82
83 // upload handler
84 void upload_files(struct http_transaction *h, struct ctdlsession *c) {
85         // FIXME reject uploads if we're not logged in
86
87         // This will be a JSON Array of all files that were uploaded during this HTTP transaction.
88         // Normally the browser will upload only one file per transaction, but that behavior is not guaranteed.
89         JsonValue *j_uploads = NewJsonArray(HKEY(""));
90
91         // h->request_body_with_synth_headers will contain the upload(s) in MIME format including headers
92         mime_parser(h->request_body_with_synth_headers, (h->request_body+h->request_body_length), *upload_handler, NULL, NULL, j_uploads, 0);
93
94         // probably do something more clever here
95         h->response_code = 200;
96         h->response_string = strdup("OK");
97
98         // send back a JSON array of all files uploaded
99         StrBuf *sj = NewStrBuf();
100         SerializeJson(sj, j_uploads, 1);        // '1' == free the source object
101         add_response_header(h, strdup("Content-type"), strdup("application/json"));
102         h->response_code = 200;
103         h->response_string = strdup("OK");
104         h->response_body_length = StrLength(sj);
105         h->response_body = SmashStrBuf(&sj);
106 }
107
108
109 // Caller has requested /ctdl/p or /ctdl/p/ but we still have to dispatch based on the method
110 void ctdl_p_base(struct http_transaction *h, struct ctdlsession *c) {
111         upload_files(h, c);             // we should only do this for POST requests
112 }
113
114
115 // delete an uploaded item
116 void delete_upload(struct uploaded_file this_one) {
117         int i;
118         struct uploaded_file *u;
119
120         pthread_mutex_lock(&upload_list_mutex);
121         for (i=0; i<array_len(upload_list); ++i) {
122                 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
123                 if (!strcmp(u->id, this_one.id)) {
124                         fclose(u->fp);                          // this deletes the file because it has 0 links
125                         array_delete_element_at(upload_list, i);
126                         i = array_len(upload_list) + 1;         // Go out of scope; we're done here
127                 }
128         }
129         pthread_mutex_unlock(&upload_list_mutex);
130 }
131
132
133 // DAV delete an uploaded item
134 void dav_delete_upload(struct http_transaction *h, struct ctdlsession *c, struct uploaded_file this_one) {
135         delete_upload(this_one);
136         do_204(h);
137 }
138
139
140 // Remove an uploaded item from the upload_list.  Caller now owns the file handle and is responsible for closing it.
141 struct uploaded_file pop_upload(char *id) {
142         int i;
143         struct uploaded_file *u;
144         struct uploaded_file ret;
145
146         memset(&ret, 0, sizeof(struct uploaded_file));
147
148         pthread_mutex_lock(&upload_list_mutex);
149         for (i=0; i<array_len(upload_list); ++i) {
150                 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
151                 if (!strcmp(u->id, id)) {
152                         ret = *u;
153                         array_delete_element_at(upload_list, i);
154                         i = array_len(upload_list) + 1;         // Go out of scope; we're done here
155                 }
156         }
157         pthread_mutex_unlock(&upload_list_mutex);
158
159         return(ret);                                            // ret will be all-zeroes if we didn't find it
160 }
161
162
163 // Handle operations on a specific upload
164 void specific_upload(struct http_transaction *h, struct ctdlsession *c, char *name) {
165         int i;
166         struct uploaded_file *u;
167         struct uploaded_file this_one;
168
169         if (upload_list == NULL) {
170                 do_404(h);
171                 return;
172         }
173
174         memset(&this_one, 0, sizeof(struct uploaded_file));
175         pthread_mutex_lock(&upload_list_mutex);
176         for (i=0; i<array_len(upload_list); ++i) {
177                 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
178                 if (!strcmp(u->id, name)) {
179                         memcpy(&this_one, u, sizeof(struct uploaded_file));
180                         i = array_len(upload_list) + 1;         // Go out of scope; we're done here
181                 }
182         }
183         pthread_mutex_unlock(&upload_list_mutex);
184
185         // If we found a matching ID, now dispatch based on the HTTP method.
186
187         if (IsEmptyStr(this_one.id)) {                          // didn't find a match
188                 do_404(h);
189         }
190         else if (!strcasecmp(h->method, "GET")) {               // fetch the item
191                 do_405(h);
192         }
193         else if (!strcasecmp(h->method, "DELETE")) {            // delete the item
194                 dav_delete_upload(h, c, this_one);
195         }
196         else {                                                  // unsupported method
197                 do_405(h);
198         }
199 }
200
201
202 // Dispatcher for paths starting with /ctdl/p/
203 void ctdl_p(struct http_transaction *h, struct ctdlsession *c) {
204         char buf[SIZ];
205
206         if (num_tokens(h->url, '/') == 3) {     //      /ctdl/p
207                 ctdl_p_base(h, c);
208                 return;
209         }
210
211         extract_token(buf, h->url, 3, '/', sizeof buf);
212         if (num_tokens(h->url, '/') == 4) {
213                 if (IsEmptyStr(buf)) {
214                         ctdl_p_base(h, c);      //      /ctdl/p/
215                 }
216                 else {
217                         specific_upload(h, c, &h->url[8]);
218                 }
219                 return;
220         }
221
222         // If we get to this point, the client requested an action we don't know how to perform.
223         do_404(h);
224 }
Citadel server, clients, utilities