3 // Copyright (c) 1996-2023 by the citadel.org team
5 // This program is open source software. Use, duplication, or
6 // disclosure are subject to the GNU General Public License v3.
10 Array *upload_list = NULL; // all files uploaded to this webcit instance
11 pthread_mutex_t upload_list_mutex = PTHREAD_MUTEX_INITIALIZER; // Lock it before modifying
14 // This function is called by the MIME parser to handle data uploaded by the browser.
15 void upload_handler(char *name, char *filename, char *partnum, char *disp,
16 void *content, char *cbtype, char *cbcharset,
17 size_t length, char *encoding, char *cbid, void *userdata)
19 struct uploaded_file u;
21 // create a random ID for the attachment
22 for (int i=0; i<sizeof(u.id); ++i) {
23 u.id[i] = (rand() % 26) + 'a';
25 u.id[sizeof(u.id)-1] = 0;
27 safestrncpy(u.filename, filename, sizeof(u.filename));
28 safestrncpy(u.content_type, cbtype, sizeof(u.content_type));
31 // Write the upload to a file that we can access later when the user saves the message.
32 // tmpfile() creates a file with zero links in the directory, so it will be deleted when it is closed.
35 syslog(LOG_ERR, "upload: %m");
38 if (fwrite(content, length, 1, u.fp) != 1) {
39 syslog(LOG_ERR, "upload: %m");
44 // Add it to the list of uploads the server is holding.
45 pthread_mutex_lock(&upload_list_mutex);
46 if (upload_list == NULL) {
47 upload_list = array_new(sizeof(struct uploaded_file));
49 array_append(upload_list, &u);
50 pthread_mutex_unlock(&upload_list_mutex);
52 for (int i=0; i<array_len(upload_list); ++i) {
53 memcpy(&u, array_get_element_at(upload_list, i), sizeof(struct uploaded_file));
56 // Create a JSON object describing this upload
57 JsonValue *j_one_upload = NewJsonObject(HKEY(""));
58 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("ref"), u.id, -1));
59 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("uploadfilename"), u.filename, -1));
60 JsonObjectAppend(j_one_upload, NewJsonPlainString(HKEY("contenttype"), u.content_type, -1));
61 JsonObjectAppend(j_one_upload, NewJsonNumber(HKEY("contentlength"), u.length));
63 // ...and attach it to the array of uploads
64 JsonValue *j_uploads = (JsonValue *) userdata;
65 JsonArrayAppend(j_uploads, j_one_upload);
69 void upload_files(struct http_transaction *h, struct ctdlsession *c) {
70 // FIXME reject uploads if we're not logged in
72 // This will be a JSON Array of all files that were uploaded during this HTTP transaction.
73 // Normally the browser will upload only one file per transaction, but that behavior is not guaranteed.
74 JsonValue *j_uploads = NewJsonArray(HKEY(""));
76 // h->request_body_with_synth_headers will contain the upload(s) in MIME format including headers
77 mime_parser(h->request_body_with_synth_headers, (h->request_body+h->request_body_length), *upload_handler, NULL, NULL, j_uploads, 0);
79 // probably do something more clever here
80 h->response_code = 200;
81 h->response_string = strdup("OK");
83 // send back a JSON array of all files uploaded
84 StrBuf *sj = NewStrBuf();
85 SerializeJson(sj, j_uploads, 1); // '1' == free the source object
86 add_response_header(h, strdup("Content-type"), strdup("application/json"));
87 h->response_code = 200;
88 h->response_string = strdup("OK");
89 h->response_body_length = StrLength(sj);
90 h->response_body = SmashStrBuf(&sj);
91 syslog(LOG_DEBUG, "upload: %s", h->response_body);
95 // Caller has requested /ctdl/p or /ctdl/p/ but we still have to dispatch based on the method
96 void ctdl_p_base(struct http_transaction *h, struct ctdlsession *c) {
97 upload_files(h, c); // we should only do this for POST requests
101 // delete an uploaded item
102 void delete_upload(struct uploaded_file this_one) {
104 struct uploaded_file *u;
106 pthread_mutex_lock(&upload_list_mutex);
107 for (i=0; i<array_len(upload_list); ++i) {
108 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
109 if (!strcmp(u->id, this_one.id)) {
110 fclose(u->fp); // this deletes the file because it has 0 links
111 array_delete_element_at(upload_list, i);
112 i = array_len(upload_list) + 1; // Go out of scope; we're done here
115 pthread_mutex_unlock(&upload_list_mutex);
119 // DAV delete an uploaded item
120 void dav_delete_upload(struct http_transaction *h, struct ctdlsession *c, struct uploaded_file this_one) {
121 delete_upload(this_one);
126 // Remove an uploaded item from the upload_list. Caller now owns the file handle and is responsible for closing it.
127 struct uploaded_file pop_upload(char *id) {
129 struct uploaded_file *u;
130 struct uploaded_file ret;
132 memset(&ret, 0, sizeof(struct uploaded_file));
134 pthread_mutex_lock(&upload_list_mutex);
135 for (i=0; i<array_len(upload_list); ++i) {
136 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
137 if (!strcmp(u->id, id)) {
139 array_delete_element_at(upload_list, i);
140 i = array_len(upload_list) + 1; // Go out of scope; we're done here
143 pthread_mutex_unlock(&upload_list_mutex);
145 return(ret); // ret will be all-zeroes if we didn't find it
149 // Handle operations on a specific upload
150 void specific_upload(struct http_transaction *h, struct ctdlsession *c, char *name) {
152 struct uploaded_file *u;
153 struct uploaded_file this_one;
155 if (upload_list == NULL) {
160 memset(&this_one, 0, sizeof(struct uploaded_file));
161 pthread_mutex_lock(&upload_list_mutex);
162 for (i=0; i<array_len(upload_list); ++i) {
163 u = (struct uploaded_file *) array_get_element_at(upload_list, i), sizeof(struct uploaded_file);
164 if (!strcmp(u->id, name)) {
165 memcpy(&this_one, u, sizeof(struct uploaded_file));
166 i = array_len(upload_list) + 1; // Go out of scope; we're done here
169 pthread_mutex_unlock(&upload_list_mutex);
171 // If we found a matching ID, now dispatch based on the HTTP method.
173 if (IsEmptyStr(this_one.id)) { // didn't find a match
176 else if (!strcasecmp(h->method, "GET")) { // fetch the item
179 else if (!strcasecmp(h->method, "DELETE")) { // delete the item
180 dav_delete_upload(h, c, this_one);
182 else { // unsupported method
188 // Dispatcher for paths starting with /ctdl/p/
189 void ctdl_p(struct http_transaction *h, struct ctdlsession *c) {
192 if (num_tokens(h->url, '/') == 3) { // /ctdl/p
197 extract_token(buf, h->url, 3, '/', sizeof buf);
198 if (num_tokens(h->url, '/') == 4) {
199 if (IsEmptyStr(buf)) {
200 ctdl_p_base(h, c); // /ctdl/p/
203 specific_upload(h, c, &h->url[8]);
208 // If we get to this point, the client requested an action we don't know how to perform.