2 c2117f4b 2023-08-31 op * This is free and unencumbered software released into the public domain.
4 c2117f4b 2023-08-31 op * Anyone is free to copy, modify, publish, use, compile, sell, or
5 c2117f4b 2023-08-31 op * distribute this software, either in source code form or as a compiled
6 c2117f4b 2023-08-31 op * binary, for any purpose, commercial or non-commercial, and by any
9 c2117f4b 2023-08-31 op * In jurisdictions that recognize copyright laws, the author or authors
10 c2117f4b 2023-08-31 op * of this software dedicate any and all copyright interest in the
11 c2117f4b 2023-08-31 op * software to the public domain. We make this dedication for the benefit
12 c2117f4b 2023-08-31 op * of the public at large and to the detriment of our heirs and
13 c2117f4b 2023-08-31 op * successors. We intend this dedication to be an overt act of
14 c2117f4b 2023-08-31 op * relinquishment in perpetuity of all present and future rights to this
15 c2117f4b 2023-08-31 op * software under copyright law.
17 c2117f4b 2023-08-31 op * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 c2117f4b 2023-08-31 op * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 c2117f4b 2023-08-31 op * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
20 c2117f4b 2023-08-31 op * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
21 c2117f4b 2023-08-31 op * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
22 c2117f4b 2023-08-31 op * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 c2117f4b 2023-08-31 op * OTHER DEALINGS IN THE SOFTWARE.
26 04e4e993 2023-08-14 op #include "config.h"
28 04e4e993 2023-08-14 op #include <sys/uio.h>
30 04e4e993 2023-08-14 op #include <ctype.h>
31 04e4e993 2023-08-14 op #include <errno.h>
32 04e4e993 2023-08-14 op #include <limits.h>
33 04e4e993 2023-08-14 op #include <stdarg.h>
34 04e4e993 2023-08-14 op #include <stdio.h>
35 04e4e993 2023-08-14 op #include <stdlib.h>
36 04e4e993 2023-08-14 op #include <string.h>
37 04e4e993 2023-08-14 op #include <unistd.h>
39 3634fa70 2023-08-31 op #include "bufio.h"
40 04e4e993 2023-08-14 op #include "http.h"
41 04e4e993 2023-08-14 op #include "log.h"
42 b42d807f 2023-09-02 op #include "ws.h"
43 04e4e993 2023-08-14 op #include "xmalloc.h"
45 04e4e993 2023-08-14 op #ifndef nitems
46 04e4e993 2023-08-14 op #define nitems(x) (sizeof(x)/sizeof(x[0]))
49 2216d3fb 2023-09-07 op #define HTTP_MAX_UPLOAD 4096
52 3634fa70 2023-08-31 op http_init(struct client *clt, int fd)
54 3634fa70 2023-08-31 op memset(clt, 0, sizeof(*clt));
55 3634fa70 2023-08-31 op if (bufio_init(&clt->bio) == -1)
57 3634fa70 2023-08-31 op bufio_set_fd(&clt->bio, fd);
62 3634fa70 2023-08-31 op http_parse(struct client *clt)
64 3634fa70 2023-08-31 op struct buffer *rbuf = &clt->bio.rbuf;
65 3634fa70 2023-08-31 op struct request *req = &clt->req;
67 3634fa70 2023-08-31 op uint8_t *endln;
68 5e3e9499 2023-08-31 op char *frag, *query, *http, *line;
69 04e4e993 2023-08-14 op const char *errstr, *m;
71 3634fa70 2023-08-31 op while (!clt->reqdone) {
72 3634fa70 2023-08-31 op endln = memmem(rbuf->buf, rbuf->len, "\r\n", 2);
73 3634fa70 2023-08-31 op if (endln == NULL) {
74 3634fa70 2023-08-31 op errno = EAGAIN;
78 3634fa70 2023-08-31 op line = rbuf->buf;
79 3634fa70 2023-08-31 op if (endln == rbuf->buf)
80 3634fa70 2023-08-31 op clt->reqdone = 1;
82 3634fa70 2023-08-31 op len = endln - rbuf->buf + 2;
83 3634fa70 2023-08-31 op while (len > 0 && (line[len - 1] == '\r' ||
84 3634fa70 2023-08-31 op line[len - 1] == '\n' || line[len - 1] == ' ' ||
85 3634fa70 2023-08-31 op line[len - 1] == '\t'))
86 3634fa70 2023-08-31 op line[--len] = '\0';
88 3634fa70 2023-08-31 op /* first line */
89 3634fa70 2023-08-31 op if (clt->req.method == METHOD_UNKNOWN) {
90 3634fa70 2023-08-31 op if (!strncmp("GET ", line, 4)) {
91 3634fa70 2023-08-31 op req->method = METHOD_GET;
93 3634fa70 2023-08-31 op } else if (!strncmp("POST ", line, 5)) {
94 3634fa70 2023-08-31 op req->method = METHOD_POST;
97 3634fa70 2023-08-31 op errno = EINVAL;
101 5e3e9499 2023-08-31 op if ((http = strchr(line, ' ')) == NULL)
103 5e3e9499 2023-08-31 op if (*http != '\0')
104 5e3e9499 2023-08-31 op *http++ = '\0';
106 a2298955 2023-08-31 op if ((query = strchr(line, '?')))
107 a2298955 2023-08-31 op *query = '\0';
108 a2298955 2023-08-31 op if ((frag = strchr(line, '#')))
109 a2298955 2023-08-31 op *frag = '\0';
111 7add2c3c 2023-08-31 op clt->req.path = xstrdup(line);
113 5e3e9499 2023-08-31 op if (!strcmp(http, "HTTP/1.0"))
114 3634fa70 2023-08-31 op clt->req.version = HTTP_1_0;
115 5e3e9499 2023-08-31 op else if (!strcmp(http, "HTTP/1.1")) {
116 3634fa70 2023-08-31 op clt->req.version = HTTP_1_1;
117 3634fa70 2023-08-31 op clt->chunked = 1;
119 5e3e9499 2023-08-31 op log_warnx("unknown http version %s", http);
120 3634fa70 2023-08-31 op errno = EINVAL;
124 5e3e9499 2023-08-31 op line = http; /* so that no header below matches */
127 3634fa70 2023-08-31 op if (!strncasecmp(line, "Content-Length:", 15)) {
129 3634fa70 2023-08-31 op line += strspn(line, " \t");
130 2216d3fb 2023-09-07 op clt->req.clen = strtonum(line, 0, HTTP_MAX_UPLOAD,
132 3634fa70 2023-08-31 op if (errstr) {
133 3634fa70 2023-08-31 op log_warnx("content-length is %s: %s",
134 3634fa70 2023-08-31 op errstr, line);
135 3634fa70 2023-08-31 op errno = EINVAL;
140 b42d807f 2023-09-02 op if (!strncasecmp(line, "Connection:", 11)) {
142 b42d807f 2023-09-02 op line += strspn(line, " \t");
143 b42d807f 2023-09-02 op if (!strcasecmp(line, "upgrade"))
144 b42d807f 2023-09-02 op req->flags |= R_CONNUPGR;
147 b42d807f 2023-09-02 op if (!strncasecmp(line, "Upgrade:", 8)) {
149 b42d807f 2023-09-02 op line += strspn(line, " \t");
150 b42d807f 2023-09-02 op if (!strcasecmp(line, "websocket"))
151 b42d807f 2023-09-02 op req->flags |= R_UPGRADEWS;
154 b42d807f 2023-09-02 op if (!strncasecmp(line, "Sec-WebSocket-Version:", 22)) {
156 b42d807f 2023-09-02 op line += strspn(line, " \t");
157 b42d807f 2023-09-02 op if (strcmp(line, "13") != 0) {
158 b42d807f 2023-09-02 op log_warnx("unsupported websocket version %s",
160 b42d807f 2023-09-02 op errno = EINVAL;
163 b42d807f 2023-09-02 op req->flags |= R_WSVERSION;
166 b42d807f 2023-09-02 op if (!strncasecmp(line, "Sec-WebSocket-Key:", 18)) {
168 b42d807f 2023-09-02 op line += strspn(line, " \t");
169 b42d807f 2023-09-02 op req->secret = xstrdup(line);
172 3634fa70 2023-08-31 op buf_drain(rbuf, endln - rbuf->buf + 2);
175 04e4e993 2023-08-14 op if (req->method == METHOD_GET)
177 04e4e993 2023-08-14 op else if (req->method == METHOD_POST)
180 04e4e993 2023-08-14 op m = "unknown";
181 9daa6569 2023-08-31 op log_debug("< %s %s HTTP/%s", m, req->path,
182 9daa6569 2023-08-31 op req->version == HTTP_1_1 ? "1.1" : "1.0");
188 3634fa70 2023-08-31 op http_read(struct client *clt)
190 2216d3fb 2023-09-07 op struct request *req = &clt->req;
191 2216d3fb 2023-09-07 op struct buffer *rbuf = &clt->bio.rbuf;
194 87eb9c1e 2023-08-15 op /* clients may have sent more data than advertised */
195 2216d3fb 2023-09-07 op if (req->clen < rbuf->len)
198 2216d3fb 2023-09-07 op left = req->clen - rbuf->len;
200 3634fa70 2023-08-31 op if (left > 0) {
201 2216d3fb 2023-09-07 op errno = EAGAIN;
205 2216d3fb 2023-09-07 op buf_write(rbuf, "", 1); /* append a NUL byte */
206 2216d3fb 2023-09-07 op while (rbuf->len > 0 && (rbuf->buf[rbuf->len - 1] == '\r' ||
207 2216d3fb 2023-09-07 op (rbuf->buf[rbuf->len - 1] == '\n')))
208 2216d3fb 2023-09-07 op rbuf->buf[--rbuf->len] = '\0';
214 2216d3fb 2023-09-07 op http_postdata(struct client *clt, char **data, size_t *len)
217 2216d3fb 2023-09-07 op *data = clt->bio.rbuf.buf;
219 2216d3fb 2023-09-07 op *len = clt->bio.rbuf.len;
223 99861c4a 2023-09-07 op http_reply(struct client *clt, int code, const char *reason,
224 99861c4a 2023-09-07 op const char *ctype)
226 2c962d05 2023-08-31 op const char *version, *location = NULL;
227 b42d807f 2023-09-02 op char b32[32] = "";
229 04e4e993 2023-08-14 op log_debug("> %d %s", code, reason);
231 b42d807f 2023-09-02 op if (code == 101) {
232 b42d807f 2023-09-02 op if (ws_accept_hdr(clt->req.secret, b32, sizeof(b32)) == -1) {
233 b42d807f 2023-09-02 op clt->err = 1;
236 8701aaaa 2023-09-07 op free(clt->req.secret);
237 8701aaaa 2023-09-07 op clt->req.secret = NULL;
239 b42d807f 2023-09-02 op clt->chunked = 0;
242 04e4e993 2023-08-14 op if (code >= 300 && code < 400) {
243 04e4e993 2023-08-14 op location = ctype;
244 c83e450a 2023-08-14 op ctype = "text/html;charset=UTF-8";
247 2c962d05 2023-08-31 op version = "HTTP/1.1";
248 2c962d05 2023-08-31 op if (clt->req.version == HTTP_1_0)
249 2c962d05 2023-08-31 op version = "HTTP/1.0";
251 f39ef3e4 2023-09-07 op if (http_fmt(clt, "%s %d %s\r\n"
252 04e4e993 2023-08-14 op "Connection: close\r\n"
253 5ce4c55c 2023-09-02 op "Cache-Control: no-store\r\n",
254 5ce4c55c 2023-09-02 op version, code, reason) == -1)
256 5ce4c55c 2023-09-02 op if (ctype != NULL &&
257 f39ef3e4 2023-09-07 op http_fmt(clt, "Content-Type: %s\r\n", ctype) == -1)
259 5ce4c55c 2023-09-02 op if (location != NULL &&
260 f39ef3e4 2023-09-07 op http_fmt(clt, "Location: %s\r\n", location) == -1)
262 f39ef3e4 2023-09-07 op if (clt->chunked &&
263 f39ef3e4 2023-09-07 op http_writes(clt, "Transfer-Encoding: chunked\r\n") == -1)
265 b42d807f 2023-09-02 op if (code == 101) {
266 f39ef3e4 2023-09-07 op if (http_fmt(clt, "Upgrade: websocket\r\n"
267 b42d807f 2023-09-02 op "Connection: Upgrade\r\n"
268 b42d807f 2023-09-02 op "Sec-WebSocket-Accept: %s\r\n", b32) == -1)
271 f39ef3e4 2023-09-07 op if (http_write(clt, "\r\n", 2) == -1)
274 6d85a326 2023-08-31 op bufio_set_chunked(&clt->bio, clt->chunked);
276 c83e450a 2023-08-14 op if (location) {
277 3634fa70 2023-08-31 op if (http_writes(clt, "<a href='") == -1 ||
278 3634fa70 2023-08-31 op http_htmlescape(clt, location) == -1 ||
279 3634fa70 2023-08-31 op http_writes(clt, "'>") == -1 ||
280 3634fa70 2023-08-31 op http_htmlescape(clt, reason) == -1 ||
281 3634fa70 2023-08-31 op http_writes(clt, "</a>") == -1)
288 5ce4c55c 2023-09-02 op clt->err = 1;
293 3634fa70 2023-08-31 op http_flush(struct client *clt)
295 3634fa70 2023-08-31 op if (clt->err)
298 3634fa70 2023-08-31 op if (clt->len == 0)
301 3634fa70 2023-08-31 op if (bufio_compose(&clt->bio, clt->buf, clt->len) == -1) {
302 3634fa70 2023-08-31 op clt->err = 1;
306 3634fa70 2023-08-31 op clt->len = 0;
312 3634fa70 2023-08-31 op http_write(struct client *clt, const char *d, size_t len)
314 04e4e993 2023-08-14 op size_t avail;
316 3634fa70 2023-08-31 op if (clt->err)
319 35cca6c5 2023-09-07 op if (!clt->bio.chunked) {
320 35cca6c5 2023-09-07 op if (bufio_compose(&clt->bio, d, len) == -1) {
321 35cca6c5 2023-09-07 op clt->err = 1;
327 35cca6c5 2023-09-07 op if (clt->buf == NULL) {
328 35cca6c5 2023-09-07 op clt->cap = 1024;
329 35cca6c5 2023-09-07 op if ((clt->buf = malloc(clt->cap)) == NULL) {
330 35cca6c5 2023-09-07 op clt->err = 1;
335 04e4e993 2023-08-14 op while (len > 0) {
336 35cca6c5 2023-09-07 op avail = clt->cap - clt->len;
337 04e4e993 2023-08-14 op if (avail > len)
340 3634fa70 2023-08-31 op memcpy(clt->buf + clt->len, d, avail);
341 3634fa70 2023-08-31 op clt->len += avail;
342 04e4e993 2023-08-14 op len -= avail;
344 35cca6c5 2023-09-07 op if (clt->len == clt->cap) {
345 3634fa70 2023-08-31 op if (http_flush(clt) == -1)
354 3634fa70 2023-08-31 op http_writes(struct client *clt, const char *str)
356 3634fa70 2023-08-31 op return http_write(clt, str, strlen(str));
360 3634fa70 2023-08-31 op http_fmt(struct client *clt, const char *fmt, ...)
366 04e4e993 2023-08-14 op va_start(ap, fmt);
367 04e4e993 2023-08-14 op r = vasprintf(&str, fmt, ap);
370 04e4e993 2023-08-14 op if (r == -1) {
371 04e4e993 2023-08-14 op log_warn("vasprintf");
372 3634fa70 2023-08-31 op clt->err = 1;
376 3634fa70 2023-08-31 op r = http_write(clt, str, r);
382 3634fa70 2023-08-31 op http_urlescape(struct client *clt, const char *str)
387 04e4e993 2023-08-14 op for (; *str; ++str) {
388 04e4e993 2023-08-14 op if (iscntrl((unsigned char)*str) ||
389 04e4e993 2023-08-14 op isspace((unsigned char)*str) ||
390 04e4e993 2023-08-14 op *str == '\'' || *str == '"' || *str == '\\') {
391 04e4e993 2023-08-14 op r = snprintf(tmp, sizeof(tmp), "%%%2X",
392 04e4e993 2023-08-14 op (unsigned char)*str);
393 04e4e993 2023-08-14 op if (r < 0 || (size_t)r >= sizeof(tmp)) {
394 04e4e993 2023-08-14 op log_warn("snprintf failed");
395 3634fa70 2023-08-31 op clt->err = 1;
398 3634fa70 2023-08-31 op if (http_write(clt, tmp, r) == -1)
400 3634fa70 2023-08-31 op } else if (http_write(clt, str, 1) == -1)
408 3634fa70 2023-08-31 op http_htmlescape(struct client *clt, const char *str)
412 04e4e993 2023-08-14 op for (; *str; ++str) {
413 04e4e993 2023-08-14 op switch (*str) {
415 3634fa70 2023-08-31 op r = http_writes(clt, "<");
418 3634fa70 2023-08-31 op r = http_writes(clt, ">");
421 3634fa70 2023-08-31 op r = http_writes(clt, ">");
424 3634fa70 2023-08-31 op r = http_writes(clt, """);
427 3634fa70 2023-08-31 op r = http_writes(clt, "'");
430 3634fa70 2023-08-31 op r = http_write(clt, str, 1);
442 3634fa70 2023-08-31 op http_close(struct client *clt)
444 3634fa70 2023-08-31 op if (clt->err)
446 3634fa70 2023-08-31 op if (clt->len != 0 && http_flush(clt) == -1)
448 3634fa70 2023-08-31 op if (bufio_compose(&clt->bio, NULL, 0) == -1)
449 3634fa70 2023-08-31 op clt->err = 1;
450 3634fa70 2023-08-31 op return (clt->err ? -1 : 0);
454 3634fa70 2023-08-31 op http_free(struct client *clt)
456 35cca6c5 2023-09-07 op free(clt->buf);
457 3634fa70 2023-08-31 op free(clt->req.path);
458 b42d807f 2023-09-02 op free(clt->req.secret);
459 3634fa70 2023-08-31 op free(clt->req.ctype);
460 3634fa70 2023-08-31 op free(clt->req.body);
461 3634fa70 2023-08-31 op bufio_free(&clt->bio);