summaryrefslogtreecommitdiffhomepage
path: root/plugins/cgi/cgi.cpp
diff options
context:
space:
mode:
authorRoland Reichwein <mail@reichwein.it>2020-04-18 15:07:33 +0200
committerRoland Reichwein <mail@reichwein.it>2020-04-18 15:07:33 +0200
commit5400eaea898bcf6526d5c18fa8c274ee51081002 (patch)
tree437d91f177860bcca2f0900bb4018dfc15b35c21 /plugins/cgi/cgi.cpp
parent39bd177bdb80c24e73f7cf3db4239e55e13eb152 (diff)
CGI interface
Diffstat (limited to 'plugins/cgi/cgi.cpp')
-rw-r--r--plugins/cgi/cgi.cpp294
1 files changed, 294 insertions, 0 deletions
diff --git a/plugins/cgi/cgi.cpp b/plugins/cgi/cgi.cpp
new file mode 100644
index 0000000..5921e98
--- /dev/null
+++ b/plugins/cgi/cgi.cpp
@@ -0,0 +1,294 @@
+#include "cgi.h"
+
+#include <boost/algorithm/string/predicate.hpp>
+#include <boost/coroutine2/coroutine.hpp>
+#include <boost/process.hpp>
+
+#include <filesystem>
+#include <fstream>
+#include <iostream>
+#include <string>
+#include <unordered_map>
+
+using namespace std::string_literals;
+namespace bp = boost::process;
+namespace fs = std::filesystem;
+
+namespace {
+
+ const std::string gateway_interface{"CGI/1.1"};
+
+ struct CGIContext
+ {
+ std::function<std::string(const std::string& key)>& GetServerParam;
+ std::function<std::string(const std::string& key)>& GetRequestParam; // request including body (POST...)
+ std::function<void(const std::string& key, const std::string& value)>& SetResponseHeader; // to be added to result string
+ fs::path& path;
+
+ CGIContext(std::function<std::string(const std::string& key)>& p_GetServerParam,
+ std::function<std::string(const std::string& key)>& p_GetRequestParam,
+ std::function<void(const std::string& key, const std::string& value)>& p_SetResponseHeader,
+ fs::path& p_path
+ )
+ : GetServerParam(p_GetServerParam)
+ , GetRequestParam(p_GetRequestParam)
+ , SetResponseHeader(p_SetResponseHeader)
+ , path(p_path)
+ {
+ }
+ };
+
+ // Return a reasonable mime type based on the extension of a file.
+ std::string mime_type(fs::path path)
+ {
+ using boost::algorithm::iequals;
+ auto const ext = [&path]
+ {
+ size_t pos = path.string().rfind(".");
+ if (pos == std::string::npos)
+ return std::string{};
+ return path.string().substr(pos);
+ }();
+ if(iequals(ext, ".htm")) return "text/html"; // TODO: unordered_map
+ if(iequals(ext, ".html")) return "text/html";
+ if(iequals(ext, ".php")) return "text/html";
+ if(iequals(ext, ".css")) return "text/css";
+ if(iequals(ext, ".txt")) return "text/plain";
+ if(iequals(ext, ".js")) return "application/javascript";
+ if(iequals(ext, ".json")) return "application/json";
+ if(iequals(ext, ".xml")) return "application/xml";
+ if(iequals(ext, ".swf")) return "application/x-shockwave-flash";
+ if(iequals(ext, ".flv")) return "video/x-flv";
+ if(iequals(ext, ".png")) return "image/png";
+ if(iequals(ext, ".jpe")) return "image/jpeg";
+ if(iequals(ext, ".jpeg")) return "image/jpeg";
+ if(iequals(ext, ".jpg")) return "image/jpeg";
+ if(iequals(ext, ".gif")) return "image/gif";
+ if(iequals(ext, ".bmp")) return "image/bmp";
+ if(iequals(ext, ".ico")) return "image/vnd.microsoft.icon";
+ if(iequals(ext, ".tiff")) return "image/tiff";
+ if(iequals(ext, ".tif")) return "image/tiff";
+ if(iequals(ext, ".svg")) return "image/svg+xml";
+ if(iequals(ext, ".svgz")) return "image/svg+xml";
+ return "application/text";
+ }
+
+ typedef boost::coroutines2::coroutine<std::string> coro_t;
+
+ // returns true iff std::string is empty or contains newline
+ bool isEmpty(const std::string& s)
+ {
+ return s.empty() || s == "\r" || s == "\n"s || s == "\r\n"s;
+ }
+
+ void trimLinebreak(std::string& s)
+ {
+ size_t pos = s.find_last_not_of("\r\n");
+ if (pos != s.npos)
+ s = s.substr(0, pos + 1);
+ }
+
+ std::unordered_map<std::string, std::function<void(std::string&, CGIContext&)>> headerMap {
+ { "Content-Type", [](std::string& v, CGIContext& c){ c.SetResponseHeader("content_type", v); } }
+ };
+
+ void handleHeader(const std::string& s, CGIContext& context)
+ {
+ size_t pos = s.find(": ");
+ if (pos == s.npos)
+ return;
+
+ std::string key {s.substr(0, pos)};
+ std::string value {s.substr(pos + 2)};
+
+
+ auto it {headerMap.find(key)};
+ if (it == headerMap.end())
+ std::cout << "Warning: Unhandled CGI header: " << s << std::endl;
+ else
+ it->second(value, context);
+ }
+
+ void setCGIEnvironment(bp::environment& env, CGIContext& c)
+ {
+ std::string authorization {c.GetRequestParam("authorization")};
+ if (!authorization.empty())
+ env["AUTH_TYPE"] = c.GetRequestParam("authorization");
+
+ env["CONTENT_LENGTH"] = c.GetRequestParam("content_length");
+ env["CONTENT_TYPE"] = c.GetRequestParam("content_type");
+ env["GATEWAY_INTERFACE"] = gateway_interface;
+
+ std::string target {c.GetRequestParam("target")};
+ size_t query_pos {target.find("?")};
+ std::string query;
+ if (query_pos != target.npos) {
+ query = target.substr(0, query_pos);
+ target = target.substr(query_pos + 1);
+ }
+
+ env["PATH_INFO"] = target;
+ env["PATH_TRANSLATED"] = c.path.string();
+ env["QUERY_STRING"] = query;
+ env["REMOTE_ADDR"] = "";
+ env["REMOTE_HOST"] = "";
+ env["REMOTE_IDENT"] = "";
+ env["REMOTE_USER"] = "";
+ env["REQUEST_METHOD"] = c.GetRequestParam("method");
+ env["SCRIPT_NAME"] = c.GetRequestParam("rel_target");
+ env["SERVER_NAME"] = c.GetRequestParam("host");
+ env["SERVER_PORT"] = c.GetServerParam("port");
+ env["SERVER_PROTOCOL"] = c.GetRequestParam("http_version");
+ env["SERVER_SOFTWARE"] = c.GetServerParam("version");
+
+ env["HTTP_ACCEPT"] = c.GetRequestParam("http_accept");
+ env["HTTP_ACCEPT_CHARSET"] = c.GetRequestParam("http_accept_charset");
+ env["HTTP_ACCEPT_ENCODING"] = c.GetRequestParam("http_accept_encoding");
+ env["HTTP_ACCEPT_LANGUAGE"] = c.GetRequestParam("http_accept_language");
+ env["HTTP_CONNECTION"] = c.GetRequestParam("http_connection");
+ env["HTTP_HOST"] = c.GetRequestParam("http_host");
+ env["HTTP_USER_AGENT"] = c.GetRequestParam("http_user_agent");
+ }
+
+ std::string executeFile(const fs::path& filename, CGIContext& context)
+ {
+ bp::opstream is_in;
+ bp::ipstream is_out;
+
+ //std::cout << "Executing " << filename << std::endl;
+
+ bp::environment env {boost::this_process::environment()};
+ setCGIEnvironment(env, context);
+
+ bp::child child(filename.string(), env, (bp::std_out & bp::std_err) > is_out, bp::std_in < is_in);
+
+ is_in << context.GetRequestParam("body");
+
+ std::string output;
+ std::string line;
+
+ // TODO: C++20 coroutine
+ coro_t::push_type processLine( [&](coro_t::pull_type& in){
+ std::string line;
+ // read header lines
+ while (in && !isEmpty(line = in.get())) {
+ trimLinebreak(line);
+ handleHeader(line, context);
+ in();
+ }
+
+ // read empty line
+ if (!isEmpty(line))
+ throw std::runtime_error("Missing empty line between CGI header and body");
+ if (in)
+ in();
+
+ // read remainder
+ while (in) {
+ line = in.get();
+ output += line + '\n';
+ in();
+ }
+
+ throw std::runtime_error("Input missing on processing CGI body");
+ });
+
+ while (child.running() && std::getline(is_out, line)) {
+ processLine(line);
+ }
+
+ child.wait();
+
+ return output;
+ }
+
+ // Used to return errors by generating response page and HTTP status code
+ std::string HttpStatus(std::string status, std::string message, std::function<plugin_interface_setter_type>& SetResponseHeader)
+ {
+ SetResponseHeader("status", status);
+ SetResponseHeader("content_type", "text/html");
+ return status + " " + message;
+ }
+
+} // anonymous namespace
+
+std::string cgi_plugin::name()
+{
+ return "cgi";
+}
+
+cgi_plugin::cgi_plugin()
+{
+ //std::cout << "Plugin constructor" << std::endl;
+}
+
+cgi_plugin::~cgi_plugin()
+{
+ //std::cout << "Plugin destructor" << std::endl;
+}
+
+std::string cgi_plugin::generate_page(
+ std::function<std::string(const std::string& key)>& GetServerParam,
+ std::function<std::string(const std::string& key)>& GetRequestParam, // request including body (POST...)
+ std::function<void(const std::string& key, const std::string& value)>& SetResponseHeader // to be added to result string
+)
+{
+ try {
+ // Make sure we can handle the method
+ std::string method {GetRequestParam("method")};
+ if (method != "GET" && method != "HEAD")
+ return HttpStatus("400", "Unknown HTTP method", SetResponseHeader);
+
+ // Request path must not contain "..".
+ std::string rel_target{GetRequestParam("rel_target")};
+ size_t query_pos{rel_target.find("?")};
+ if (query_pos != rel_target.npos)
+ rel_target = rel_target.substr(0, query_pos);
+
+ std::string target{GetRequestParam("target")};
+ if (rel_target.find("..") != std::string::npos) {
+ return HttpStatus("400", "Illegal request: "s + target, SetResponseHeader);
+ }
+
+ // Build the path to the requested file
+ std::string doc_root{GetRequestParam("doc_root")};
+ fs::path path {fs::path{doc_root} / rel_target};
+ if (target.size() && target.back() != '/' && fs::is_directory(path)) {
+ std::string location{GetRequestParam("location") + "/"s};
+ SetResponseHeader("location", location);
+ return HttpStatus("301", "Correcting directory path", SetResponseHeader);
+ }
+
+ try {
+ if (!fs::is_regular_file(path)) {
+ return HttpStatus("500", "Bad Script: "s + rel_target, SetResponseHeader);
+ }
+ } catch (const std::exception& ex) {
+ return HttpStatus("500", "Bad file access: "s + rel_target, SetResponseHeader);
+ }
+
+ try {
+ if ((fs::status(path).permissions() & fs::perms::others_exec) == fs::perms::none) {
+ return HttpStatus("500", "Script not executable: "s + rel_target, SetResponseHeader);
+ }
+ } catch (const std::exception& ex) {
+ return HttpStatus("500", "Bad file status access: "s + rel_target, SetResponseHeader);
+ }
+
+ SetResponseHeader("content_type", mime_type(path));
+
+ CGIContext context(GetServerParam, GetRequestParam, SetResponseHeader, path);
+
+ try {
+ return executeFile(path, context);
+ } catch (const std::runtime_error& ex) {
+ return HttpStatus("404", "Not found: "s + GetRequestParam("target"), SetResponseHeader);
+ } catch (const std::exception& ex) {
+ return HttpStatus("500", "Internal Server Error: "s + ex.what(), SetResponseHeader);
+ }
+
+ } catch (const std::exception& ex) {
+ return HttpStatus("500", "Unknown Error: "s + ex.what(), SetResponseHeader);
+ }
+}
+