2 // This module handles HTTP transactions.
4 // Copyright (c) 1996-2021 by the citadel.org team
6 // This program is open source software. It runs great on the
7 // Linux operating system (and probably elsewhere). You can use,
8 // copy, and run it under the terms of the GNU General Public
11 // This program is distributed in the hope that it will be useful,
12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 // GNU General Public License for more details.
18 // Write data to the HTTP client. Encrypt if necessary.
19 int client_write(struct client_handle *ch, char *buf, int nbytes) {
21 return client_write_ssl(ch, buf, nbytes);
24 return write(ch->sock, buf, nbytes);
29 // Read data from the HTTP client. Decrypt if necessary.
30 // Returns number of bytes read, or -1 to indicate an error.
31 int client_read(struct client_handle *ch, char *buf, int nbytes) {
33 return client_read_ssl(ch, buf, nbytes);
36 int bytes_received = 0;
37 int bytes_this_block = 0;
38 while (bytes_received < nbytes) {
39 bytes_this_block = read(ch->sock, &buf[bytes_received], nbytes - bytes_received);
40 if (bytes_this_block < 1) {
43 bytes_received += bytes_this_block;
50 // Read a newline-terminated line of text from the client.
51 // Implemented in terms of client_read() and is therefore transparent...
52 // Returns the string length or -1 for error.
53 int client_readline(struct client_handle *ch, char *buf, int maxbytes) {
61 while (len < maxbytes) {
62 c = client_read(ch, &buf[len], 1);
64 syslog(LOG_DEBUG, "Socket error or zero-length read");
67 if (buf[len] == '\n') {
68 if ((len > 0) && (buf[len - 1] == '\r')) {
80 // printf() type function to send data to the web client.
81 void client_printf(struct client_handle *ch, const char *format, ...) {
83 StrBuf *Buf = NewStrBuf();
85 va_start(arg_ptr, format);
86 StrBufVAppendPrintf(Buf, format, arg_ptr);
89 client_write(ch, (char *) ChrPtr(Buf), StrLength(Buf));
94 // Push one new header into the response of an HTTP request.
95 // When completed, the HTTP transaction now owns the memory allocated for key and val.
96 void add_response_header(struct http_transaction *h, char *key, char *val) {
97 struct keyval new_response_header;
98 new_response_header.key = key;
99 new_response_header.val = val;
100 array_append(h->response_headers, &new_response_header);
104 // Entry point for this layer. Socket is connected. If running as an HTTPS
105 // server, SSL has already been negotiated. Now perform one transaction.
106 void perform_one_http_transaction(struct client_handle *ch) {
110 struct http_transaction h;
112 struct sockaddr_in sin;
113 int i; // general purpose iterator variable
115 memset(&h, 0, sizeof h);
116 h.request_headers = array_new(sizeof(struct keyval));
117 h.request_parms = array_new(sizeof(struct keyval));
118 h.response_headers = array_new(sizeof(struct keyval));
120 while (len = client_readline(ch, buf, sizeof buf), (len > 0)) {
123 if (lines_read == 1) { // First line is method and URL.
124 c = strchr(buf, ' '); // IGnore the HTTP-version.
126 h.method = strdup("NULL");
131 h.method = strdup(buf);
142 else { // Subsequent lines are headers.
143 c = strchr(buf, ':'); // Header line folding is obsolete so we don't support it.
146 struct keyval new_request_header;
148 new_request_header.key = strdup(buf);
150 new_request_header.val = strdup(c);
151 striplt(new_request_header.key);
152 striplt(new_request_header.val);
153 array_append(h.request_headers, &new_request_header);
155 syslog(LOG_DEBUG, "\033[1m\033[35m{ %s: %s\033[0m", new_request_header.key, new_request_header.val);
162 // If the URL had any query parameters in it, parse them out now.
163 char *p = strchr(h.url, '?');
165 *p++ = 0; // insert a null to remove parameters from the URL
166 char *tok, *saveptr = NULL;
167 for (tok = strtok_r(p, "&", &saveptr); tok!=NULL; tok = strtok_r(NULL, "&", &saveptr)) {
168 char *eq = strchr(tok, '=');
173 kv.key = strdup(tok);
175 array_append(h.request_parms, &kv);
176 syslog(LOG_DEBUG, "\033[1m\033[33m| %s = %s\033[0m", kv.key, kv.val);
181 // build up the site prefix, such as https://foo.bar.com:4343
182 h.site_prefix = malloc(256);
183 strcpy(h.site_prefix, (is_https ? "https://" : "http://"));
184 char *hostheader = header_val(&h, "Host");
186 strcat(h.site_prefix, hostheader);
189 strcat(h.site_prefix, "127.0.0.1");
191 socklen_t llen = sizeof(sin);
192 if (getsockname(ch->sock, (struct sockaddr *) &sin, &llen) >= 0) {
193 sprintf(&h.site_prefix[strlen(h.site_prefix)], ":%d", ntohs(sin.sin_port));
196 // Now try to read in the request body (if one is present)
198 syslog(LOG_DEBUG, "Client disconnected");
201 syslog(LOG_DEBUG, "\033[33m\033[1m< %s %s\033[0m", h.method, h.url);
203 // If there is a request body, read it now.
204 char *ccl = header_val(&h, "Content-Length");
206 h.request_body_length = atol(ccl);
208 if (h.request_body_length > 0) {
209 syslog(LOG_DEBUG, "Reading request body (%ld bytes)", h.request_body_length);
210 h.request_body = malloc(h.request_body_length);
211 client_read(ch, h.request_body, h.request_body_length);
213 //write(2, HKEY("\033[31m"));
214 //write(2, h.request_body, h.request_body_length);
215 //write(2, HKEY("\033[0m\n"));
218 // Now pass control up to the next layer to perform the request.
221 // Output the results back to the client.
222 //write(2, HKEY("\033[32m"));
223 //write(2, h.response_body, h.response_body_length);
224 //write(2, HKEY("\033[0m\n"));
226 syslog(LOG_DEBUG, "> %03d %s", h.response_code, h.response_string);
227 client_printf(ch, "HTTP/1.1 %03d %s\r\n", h.response_code, h.response_string);
228 client_printf(ch, "Connection: close\r\n");
229 client_printf(ch, "Content-Length: %ld\r\n", h.response_body_length);
230 char *datestring = http_datestring(time(NULL));
232 client_printf(ch, "Date: %s\r\n", datestring);
236 client_printf(ch, "Content-encoding: identity\r\n"); // change if we gzip/deflate
237 int number_of_response_headers = array_len(h.response_headers);
238 for (i=0; i<number_of_response_headers; ++i) {
239 struct keyval *kv = array_get_element_at(h.response_headers, i);
241 syslog(LOG_DEBUG, "\033[1m\033[35m} %s: %s\033[0m", kv->key, kv->val);
243 client_printf(ch, "%s: %s\r\n", kv->key, kv->val);
245 client_printf(ch, "\r\n");
246 if ((h.response_body_length > 0) && (h.response_body != NULL)) {
247 client_write(ch, h.response_body, h.response_body_length);
251 // free the transaction memory
252 while (array_len(h.request_headers) > 0) {
253 struct keyval *kv = array_get_element_at(h.request_headers, 0);
254 if (kv->key) free(kv->key);
255 if (kv->val) free(kv->val);
256 array_delete_element_at(h.request_headers, 0);
258 array_free(h.request_headers);
259 while (array_len(h.request_parms) > 0) {
260 struct keyval *kv = array_get_element_at(h.request_parms, 0);
261 if (kv->key) free(kv->key);
262 if (kv->val) free(kv->val);
263 array_delete_element_at(h.request_parms, 0);
265 array_free(h.request_parms);
266 while (array_len(h.response_headers) > 0) {
267 struct keyval *kv = array_get_element_at(h.response_headers, 0);
268 if (kv->key) free(kv->key);
269 if (kv->val) free(kv->val);
270 array_delete_element_at(h.response_headers, 0);
272 array_free(h.response_headers);
279 if (h.request_body) {
280 free(h.request_body);
282 if (h.response_string) {
283 free(h.response_string);
291 // Utility function to fetch a specific header from a completely read-in request.
292 // Returns the value of the requested header, or NULL if the specified header was not sent.
293 // The caller does NOT own the memory of the returned pointer, but can count on the pointer
294 // to still be valid through the end of the transaction.
295 char *header_val(struct http_transaction *h, char *requested_header) {
298 for (i=0; i<array_len(h->request_headers); ++i) {
299 kv = array_get_element_at(h->request_headers, i);
300 if (!strcasecmp(kv->key, requested_header)) {
308 // Utility function to fetch a specific URL parameter from a completely read-in request.
309 // Returns the value of the requested parameter, or NULL if the specified parameter was not sent.
310 // The caller does NOT own the memory of the returned pointer, but can count on the pointer
311 // to still be valid through the end of the transaction.
312 char *get_url_param(struct http_transaction *h, char *requested_param) {
315 for (i=0; i<array_len(h->request_parms); ++i) {
316 kv = array_get_element_at(h->request_parms, i);
317 if (!strcasecmp(kv->key, requested_param)) {