diff options
Diffstat (limited to 'plugins/cgi/cgi.cpp')
-rw-r--r-- | plugins/cgi/cgi.cpp | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/plugins/cgi/cgi.cpp b/plugins/cgi/cgi.cpp new file mode 100644 index 0000000..5921e98 --- /dev/null +++ b/plugins/cgi/cgi.cpp @@ -0,0 +1,294 @@ +#include "cgi.h" + +#include <boost/algorithm/string/predicate.hpp> +#include <boost/coroutine2/coroutine.hpp> +#include <boost/process.hpp> + +#include <filesystem> +#include <fstream> +#include <iostream> +#include <string> +#include <unordered_map> + +using namespace std::string_literals; +namespace bp = boost::process; +namespace fs = std::filesystem; + +namespace { + + const std::string gateway_interface{"CGI/1.1"}; + + struct CGIContext + { + std::function<std::string(const std::string& key)>& GetServerParam; + std::function<std::string(const std::string& key)>& GetRequestParam; // request including body (POST...) + std::function<void(const std::string& key, const std::string& value)>& SetResponseHeader; // to be added to result string + fs::path& path; + + CGIContext(std::function<std::string(const std::string& key)>& p_GetServerParam, + std::function<std::string(const std::string& key)>& p_GetRequestParam, + std::function<void(const std::string& key, const std::string& value)>& p_SetResponseHeader, + fs::path& p_path + ) + : GetServerParam(p_GetServerParam) + , GetRequestParam(p_GetRequestParam) + , SetResponseHeader(p_SetResponseHeader) + , path(p_path) + { + } + }; + + // Return a reasonable mime type based on the extension of a file. + std::string mime_type(fs::path path) + { + using boost::algorithm::iequals; + auto const ext = [&path] + { + size_t pos = path.string().rfind("."); + if (pos == std::string::npos) + return std::string{}; + return path.string().substr(pos); + }(); + if(iequals(ext, ".htm")) return "text/html"; // TODO: unordered_map + if(iequals(ext, ".html")) return "text/html"; + if(iequals(ext, ".php")) return "text/html"; + if(iequals(ext, ".css")) return "text/css"; + if(iequals(ext, ".txt")) return "text/plain"; + if(iequals(ext, ".js")) return "application/javascript"; + if(iequals(ext, ".json")) return "application/json"; + if(iequals(ext, ".xml")) return "application/xml"; + if(iequals(ext, ".swf")) return "application/x-shockwave-flash"; + if(iequals(ext, ".flv")) return "video/x-flv"; + if(iequals(ext, ".png")) return "image/png"; + if(iequals(ext, ".jpe")) return "image/jpeg"; + if(iequals(ext, ".jpeg")) return "image/jpeg"; + if(iequals(ext, ".jpg")) return "image/jpeg"; + if(iequals(ext, ".gif")) return "image/gif"; + if(iequals(ext, ".bmp")) return "image/bmp"; + if(iequals(ext, ".ico")) return "image/vnd.microsoft.icon"; + if(iequals(ext, ".tiff")) return "image/tiff"; + if(iequals(ext, ".tif")) return "image/tiff"; + if(iequals(ext, ".svg")) return "image/svg+xml"; + if(iequals(ext, ".svgz")) return "image/svg+xml"; + return "application/text"; + } + + typedef boost::coroutines2::coroutine<std::string> coro_t; + + // returns true iff std::string is empty or contains newline + bool isEmpty(const std::string& s) + { + return s.empty() || s == "\r" || s == "\n"s || s == "\r\n"s; + } + + void trimLinebreak(std::string& s) + { + size_t pos = s.find_last_not_of("\r\n"); + if (pos != s.npos) + s = s.substr(0, pos + 1); + } + + std::unordered_map<std::string, std::function<void(std::string&, CGIContext&)>> headerMap { + { "Content-Type", [](std::string& v, CGIContext& c){ c.SetResponseHeader("content_type", v); } } + }; + + void handleHeader(const std::string& s, CGIContext& context) + { + size_t pos = s.find(": "); + if (pos == s.npos) + return; + + std::string key {s.substr(0, pos)}; + std::string value {s.substr(pos + 2)}; + + + auto it {headerMap.find(key)}; + if (it == headerMap.end()) + std::cout << "Warning: Unhandled CGI header: " << s << std::endl; + else + it->second(value, context); + } + + void setCGIEnvironment(bp::environment& env, CGIContext& c) + { + std::string authorization {c.GetRequestParam("authorization")}; + if (!authorization.empty()) + env["AUTH_TYPE"] = c.GetRequestParam("authorization"); + + env["CONTENT_LENGTH"] = c.GetRequestParam("content_length"); + env["CONTENT_TYPE"] = c.GetRequestParam("content_type"); + env["GATEWAY_INTERFACE"] = gateway_interface; + + std::string target {c.GetRequestParam("target")}; + size_t query_pos {target.find("?")}; + std::string query; + if (query_pos != target.npos) { + query = target.substr(0, query_pos); + target = target.substr(query_pos + 1); + } + + env["PATH_INFO"] = target; + env["PATH_TRANSLATED"] = c.path.string(); + env["QUERY_STRING"] = query; + env["REMOTE_ADDR"] = ""; + env["REMOTE_HOST"] = ""; + env["REMOTE_IDENT"] = ""; + env["REMOTE_USER"] = ""; + env["REQUEST_METHOD"] = c.GetRequestParam("method"); + env["SCRIPT_NAME"] = c.GetRequestParam("rel_target"); + env["SERVER_NAME"] = c.GetRequestParam("host"); + env["SERVER_PORT"] = c.GetServerParam("port"); + env["SERVER_PROTOCOL"] = c.GetRequestParam("http_version"); + env["SERVER_SOFTWARE"] = c.GetServerParam("version"); + + env["HTTP_ACCEPT"] = c.GetRequestParam("http_accept"); + env["HTTP_ACCEPT_CHARSET"] = c.GetRequestParam("http_accept_charset"); + env["HTTP_ACCEPT_ENCODING"] = c.GetRequestParam("http_accept_encoding"); + env["HTTP_ACCEPT_LANGUAGE"] = c.GetRequestParam("http_accept_language"); + env["HTTP_CONNECTION"] = c.GetRequestParam("http_connection"); + env["HTTP_HOST"] = c.GetRequestParam("http_host"); + env["HTTP_USER_AGENT"] = c.GetRequestParam("http_user_agent"); + } + + std::string executeFile(const fs::path& filename, CGIContext& context) + { + bp::opstream is_in; + bp::ipstream is_out; + + //std::cout << "Executing " << filename << std::endl; + + bp::environment env {boost::this_process::environment()}; + setCGIEnvironment(env, context); + + bp::child child(filename.string(), env, (bp::std_out & bp::std_err) > is_out, bp::std_in < is_in); + + is_in << context.GetRequestParam("body"); + + std::string output; + std::string line; + + // TODO: C++20 coroutine + coro_t::push_type processLine( [&](coro_t::pull_type& in){ + std::string line; + // read header lines + while (in && !isEmpty(line = in.get())) { + trimLinebreak(line); + handleHeader(line, context); + in(); + } + + // read empty line + if (!isEmpty(line)) + throw std::runtime_error("Missing empty line between CGI header and body"); + if (in) + in(); + + // read remainder + while (in) { + line = in.get(); + output += line + '\n'; + in(); + } + + throw std::runtime_error("Input missing on processing CGI body"); + }); + + while (child.running() && std::getline(is_out, line)) { + processLine(line); + } + + child.wait(); + + return output; + } + + // Used to return errors by generating response page and HTTP status code + std::string HttpStatus(std::string status, std::string message, std::function<plugin_interface_setter_type>& SetResponseHeader) + { + SetResponseHeader("status", status); + SetResponseHeader("content_type", "text/html"); + return status + " " + message; + } + +} // anonymous namespace + +std::string cgi_plugin::name() +{ + return "cgi"; +} + +cgi_plugin::cgi_plugin() +{ + //std::cout << "Plugin constructor" << std::endl; +} + +cgi_plugin::~cgi_plugin() +{ + //std::cout << "Plugin destructor" << std::endl; +} + +std::string cgi_plugin::generate_page( + std::function<std::string(const std::string& key)>& GetServerParam, + std::function<std::string(const std::string& key)>& GetRequestParam, // request including body (POST...) + std::function<void(const std::string& key, const std::string& value)>& SetResponseHeader // to be added to result string +) +{ + try { + // Make sure we can handle the method + std::string method {GetRequestParam("method")}; + if (method != "GET" && method != "HEAD") + return HttpStatus("400", "Unknown HTTP method", SetResponseHeader); + + // Request path must not contain "..". + std::string rel_target{GetRequestParam("rel_target")}; + size_t query_pos{rel_target.find("?")}; + if (query_pos != rel_target.npos) + rel_target = rel_target.substr(0, query_pos); + + std::string target{GetRequestParam("target")}; + if (rel_target.find("..") != std::string::npos) { + return HttpStatus("400", "Illegal request: "s + target, SetResponseHeader); + } + + // Build the path to the requested file + std::string doc_root{GetRequestParam("doc_root")}; + fs::path path {fs::path{doc_root} / rel_target}; + if (target.size() && target.back() != '/' && fs::is_directory(path)) { + std::string location{GetRequestParam("location") + "/"s}; + SetResponseHeader("location", location); + return HttpStatus("301", "Correcting directory path", SetResponseHeader); + } + + try { + if (!fs::is_regular_file(path)) { + return HttpStatus("500", "Bad Script: "s + rel_target, SetResponseHeader); + } + } catch (const std::exception& ex) { + return HttpStatus("500", "Bad file access: "s + rel_target, SetResponseHeader); + } + + try { + if ((fs::status(path).permissions() & fs::perms::others_exec) == fs::perms::none) { + return HttpStatus("500", "Script not executable: "s + rel_target, SetResponseHeader); + } + } catch (const std::exception& ex) { + return HttpStatus("500", "Bad file status access: "s + rel_target, SetResponseHeader); + } + + SetResponseHeader("content_type", mime_type(path)); + + CGIContext context(GetServerParam, GetRequestParam, SetResponseHeader, path); + + try { + return executeFile(path, context); + } catch (const std::runtime_error& ex) { + return HttpStatus("404", "Not found: "s + GetRequestParam("target"), SetResponseHeader); + } catch (const std::exception& ex) { + return HttpStatus("500", "Internal Server Error: "s + ex.what(), SetResponseHeader); + } + + } catch (const std::exception& ex) { + return HttpStatus("500", "Unknown Error: "s + ex.what(), SetResponseHeader); + } +} + |