webcit-ng/http.c

   1 //
   2 // This module handles HTTP transactions.
   3 //
   4 // Copyright (c) 1996-2021 by the citadel.org team
   5 //
   6 // This program is open source software.  It runs great on the
   7 // Linux operating system (and probably elsewhere).  You can use,
   8 // copy, and run it under the terms of the GNU General Public
   9 // License version 3.
  10 //
  11 // This program is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 // GNU General Public License for more details.
  15
  16 #include "webcit.h"
  17
  18 // Write data to the HTTP client.  Encrypt if necessary.
  19 int client_write(struct client_handle *ch, char *buf, int nbytes) {
  20         if (is_https) {
  21                 return client_write_ssl(ch, buf, nbytes);
  22         }
  23         else {
  24                 return write(ch->sock, buf, nbytes);
  25         }
  26 }
  27
  28
  29 // Read data from the HTTP client.  Decrypt if necessary.
  30 // Returns number of bytes read, or -1 to indicate an error.
  31 int client_read(struct client_handle *ch, char *buf, int nbytes) {
  32         if (is_https) {
  33                 return client_read_ssl(ch, buf, nbytes);
  34         }
  35         else {
  36                 int bytes_received = 0;
  37                 int bytes_this_block = 0;
  38                 while (bytes_received < nbytes) {
  39                         bytes_this_block = read(ch->sock, &buf[bytes_received], nbytes - bytes_received);
  40                         if (bytes_this_block < 1) {
  41                                 return (-1);
  42                         }
  43                         bytes_received += bytes_this_block;
  44                 }
  45                 return (nbytes);
  46         }
  47 }
  48
  49
  50 // Read a newline-terminated line of text from the client.
  51 // Implemented in terms of client_read() and is therefore transparent...
  52 // Returns the string length or -1 for error.
  53 int client_readline(struct client_handle *ch, char *buf, int maxbytes) {
  54         int len = 0;
  55         int c = 0;
  56
  57         if (buf == NULL) {
  58                 return (-1);
  59         }
  60
  61         while (len < maxbytes) {
  62                 c = client_read(ch, &buf[len], 1);
  63                 if (c <= 0) {
  64                         syslog(LOG_DEBUG, "Socket error or zero-length read");
  65                         return (-1);
  66                 }
  67                 if (buf[len] == '\n') {
  68                         if ((len > 0) && (buf[len - 1] == '\r')) {
  69                                 --len;
  70                         }
  71                         buf[len] = 0;
  72                         return (len);
  73                 }
  74                 ++len;
  75         }
  76         return (len);
  77 }
  78
  79
  80 // printf() type function to send data to the web client.
  81 void client_printf(struct client_handle *ch, const char *format, ...) {
  82         va_list arg_ptr;
  83         StrBuf *Buf = NewStrBuf();
  84
  85         va_start(arg_ptr, format);
  86         StrBufVAppendPrintf(Buf, format, arg_ptr);
  87         va_end(arg_ptr);
  88
  89         client_write(ch, (char *) ChrPtr(Buf), StrLength(Buf));
  90         FreeStrBuf(&Buf);
  91 }
  92
  93
  94 // Push one new header into the response of an HTTP request.
  95 // When completed, the HTTP transaction now owns the memory allocated for key and val.
  96 void add_response_header(struct http_transaction *h, char *key, char *val) {
  97         struct http_header *new_response_header = malloc(sizeof(struct http_header));
  98         new_response_header->key = key;
  99         new_response_header->val = val;
 100         new_response_header->next = h->response_headers;
 101         h->response_headers = new_response_header;
 102 }
 103
 104
 105 // Entry point for this layer.  Socket is connected.  If running as an HTTPS
 106 // server, SSL has already been negotiated.  Now perform one transaction.
 107 void perform_one_http_transaction(struct client_handle *ch) {
 108         char buf[1024];
 109         int len;
 110         int lines_read = 0;
 111         struct http_transaction h;
 112         char *c, *d;
 113         struct sockaddr_in sin;
 114         struct http_header *clh;                // general purpose iterator variable
 115
 116         memset(&h, 0, sizeof h);
 117
 118         while (len = client_readline(ch, buf, sizeof buf), (len > 0)) {
 119                 ++lines_read;
 120
 121                 if (lines_read == 1) {          // First line is method and URI.
 122                         c = strchr(buf, ' ');   // IGnore the HTTP-version.
 123                         if (c == NULL) {
 124                                 h.method = strdup("NULL");
 125                                 h.uri = strdup("/");
 126                         }
 127                         else {
 128                                 *c = 0;
 129                                 h.method = strdup(buf);
 130                                 ++c;
 131                                 d = c;
 132                                 c = strchr(d, ' ');
 133                                 if (c != NULL) {
 134                                         *c = 0;
 135                                 }
 136                                 ++c;
 137                                 h.uri = strdup(d);
 138                         }
 139                 }
 140                 else {                  // Subsequent lines are headers.
 141                         c = strchr(buf, ':');   // Header line folding is obsolete so we don't support it.
 142                         if (c != NULL) {
 143                                 struct http_header *new_request_header = malloc(sizeof(struct http_header));
 144                                 *c = 0;
 145                                 new_request_header->key = strdup(buf);
 146                                 ++c;
 147                                 new_request_header->val = strdup(c);
 148                                 striplt(new_request_header->key);
 149                                 striplt(new_request_header->val);
 150                                 new_request_header->next = h.request_headers;
 151                                 h.request_headers = new_request_header;
 152 #ifdef DEBUG_HTTP
 153                                 syslog(LOG_DEBUG, "{ %s: %s", new_request_header->key, new_request_header->val);
 154 #endif
 155                         }
 156                 }
 157
 158         }
 159
 160         // build up the site prefix, such as https://foo.bar.com:4343
 161         h.site_prefix = malloc(256);
 162         strcpy(h.site_prefix, (is_https ? "https://" : "http://"));
 163         char *hostheader = header_val(&h, "Host");
 164         if (hostheader) {
 165                 strcat(h.site_prefix, hostheader);
 166         }
 167         else {
 168                 strcat(h.site_prefix, "127.0.0.1");
 169         }
 170         socklen_t llen = sizeof(sin);
 171         if (getsockname(ch->sock, (struct sockaddr *) &sin, &llen) >= 0) {
 172                 sprintf(&h.site_prefix[strlen(h.site_prefix)], ":%d", ntohs(sin.sin_port));
 173         }
 174
 175         // Now try to read in the request body (if one is present)
 176         if (len < 0) {
 177                 syslog(LOG_DEBUG, "Client disconnected");
 178         }
 179         else {
 180                 syslog(LOG_DEBUG, "\033[33m\033[1m< %s %s\033[0m", h.method, h.uri);
 181
 182                 // If there is a request body, read it now.
 183                 char *ccl = header_val(&h, "Content-Length");
 184                 if (ccl) {
 185                         h.request_body_length = atol(ccl);
 186                 }
 187                 if (h.request_body_length > 0) {
 188                         syslog(LOG_DEBUG, "Reading request body (%ld bytes)", h.request_body_length);
 189                         h.request_body = malloc(h.request_body_length);
 190                         client_read(ch, h.request_body, h.request_body_length);
 191
 192                         //write(2, HKEY("\033[31m"));
 193                         //write(2, h.request_body, h.request_body_length);
 194                         //write(2, HKEY("\033[0m\n"));
 195
 196                 }
 197                 // Now pass control up to the next layer to perform the request.
 198                 perform_request(&h);
 199
 200                 // Output the results back to the client.
 201                 //write(2, HKEY("\033[32m"));
 202                 //write(2, h.response_body, h.response_body_length);
 203                 //write(2, HKEY("\033[0m\n"));
 204
 205                 syslog(LOG_DEBUG, "> %03d %s", h.response_code, h.response_string);
 206                 client_printf(ch, "HTTP/1.1 %03d %s\r\n", h.response_code, h.response_string);
 207                 client_printf(ch, "Connection: close\r\n");
 208                 client_printf(ch, "Content-Length: %ld\r\n", h.response_body_length);
 209                 char *datestring = http_datestring(time(NULL));
 210                 if (datestring) {
 211                         client_printf(ch, "Date: %s\r\n", datestring);
 212                         free(datestring);
 213                 }
 214
 215                 client_printf(ch, "Content-encoding: identity\r\n");    // change if we gzip/deflate
 216                 for (clh = h.response_headers; clh != NULL; clh = clh->next) {
 217 #ifdef DEBUG_HTTP
 218                         syslog(LOG_DEBUG, "} %s: %s", clh->key, clh->val);
 219 #endif
 220                         client_printf(ch, "%s: %s\r\n", clh->key, clh->val);
 221                 }
 222                 client_printf(ch, "\r\n");
 223                 if ((h.response_body_length > 0) && (h.response_body != NULL)) {
 224                         client_write(ch, h.response_body, h.response_body_length);
 225                 }
 226         }
 227
 228         // free the transaction memory
 229         while (h.request_headers) {
 230                 if (h.request_headers->key)
 231                         free(h.request_headers->key);
 232                 if (h.request_headers->val)
 233                         free(h.request_headers->val);
 234                 clh = h.request_headers->next;
 235                 free(h.request_headers);
 236                 h.request_headers = clh;
 237         }
 238         while (h.response_headers) {
 239                 if (h.response_headers->key)
 240                         free(h.response_headers->key);
 241                 if (h.response_headers->val)
 242                         free(h.response_headers->val);
 243                 clh = h.response_headers->next;
 244                 free(h.response_headers);
 245                 h.response_headers = clh;
 246         }
 247         if (h.method)
 248                 free(h.method);
 249         if (h.uri)
 250                 free(h.uri);
 251         if (h.request_body)
 252                 free(h.request_body);
 253         if (h.response_string)
 254                 free(h.response_string);
 255         if (h.site_prefix)
 256                 free(h.site_prefix);
 257 }
 258
 259
 260 // Utility function to fetch a specific header from a completely read-in request.
 261 // Returns the value of the requested header, or NULL if the specified header was not sent.
 262 // The caller does NOT own the memory of the returned pointer, but can count on the pointer
 263 // to still be valid through the end of the transaction.
 264 char *header_val(struct http_transaction *h, char *requested_header) {
 265         struct http_header *clh;        // general purpose iterator variable
 266         for (clh = h->request_headers; clh != NULL; clh = clh->next) {
 267                 if (!strcasecmp(clh->key, requested_header)) {
 268                         return (clh->val);
 269                 }
 270         }
 271         return (NULL);
 272 }