/** * sesimos - secure, simple, modern web server * @brief Client request handler * @file src/worker/request_handler.c * @author Lorenz Stechauner * @date 2022-12-28 */ #include "../defs.h" #include "func.h" #include "../workers.h" #include "../lib/mpmc.h" #include "../logger.h" #include "../lib/utils.h" #include "../server.h" #include "../lib/res.h" #include "../lib/error.h" #include #include #include static int request_handler(client_ctx_t *ctx); void request_handler_func(client_ctx_t *ctx) { logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix); switch (request_handler(ctx)) { case 0: respond(ctx); request_complete(ctx); handle_request(ctx); break; case 1: local_handle(ctx); break; case 2: proxy_handle(ctx); break; default: tcp_close(ctx); break; } } static void init_ctx(client_ctx_t *ctx) { ctx->conf = NULL; ctx->file = NULL; ctx->proxy = NULL; ctx->use_fastcgi = 0; ctx->chunks_transferred = 0; ctx->use_proxy = 0; ctx->ws_close = 0; ctx->proxy = NULL; ctx->msg_content[0] = 0; ctx->msg_buf = NULL; ctx->msg_buf_ptr = NULL; ctx->req_host[0] = 0; ctx->err_msg[0] = 0; ctx->req_s = ctx->socket.ts_last; memset(&ctx->uri, 0, sizeof(ctx->uri)); memset(&ctx->req, 0, sizeof(ctx->req)); memset(&ctx->res, 0, sizeof(ctx->res)); ctx->res.status = http_get_status(501); http_init_hdr(&ctx->res.hdr); sprintf(ctx->res.version, "1.1"); ctx->status.status = 0; ctx->status.origin = NONE; ctx->status.ws_key = NULL; } static int request_handler(client_ctx_t *ctx) { sock *client = &ctx->socket; char *err_msg = ctx->err_msg; http_res *res = &ctx->res; long ret; char buf0[1024], buf1[1024]; ctx->req_s = clock_micros(); init_ctx(ctx); http_add_header_field(&res->hdr, "Date", http_get_date(buf0, sizeof(buf0))); http_add_header_field(&res->hdr, "Server", SERVER_STR); /*if (ret <= 0) { if (errno != 0) return 0; ctx->c_keep_alive = 0; res->status = http_get_status(408); return 0; }*/ http_req *req = &ctx->req; ret = http_receive_request(client, req); if (ret != 0) { ctx->c_keep_alive = 0; error("Unable to receive http header"); sprintf(err_msg, "Unable to receive http header: %s.", error_str(errno, buf0, sizeof(buf0))); int err = error_get_http(); res->status = http_get_status(err == HTTP_ERROR_URI_TOO_LONG ? 414 : (err == HTTP_ERROR_TOO_MANY_HEADER_FIELDS ? 431 : 400)); errno = 0; return 0; } const char *hdr_connection = http_get_header_field(&req->hdr, "Connection"); ctx->c_keep_alive = (strcontains(hdr_connection, "keep-alive") || strcontains(hdr_connection, "Keep-Alive")); const char *host_ptr = http_get_header_field(&req->hdr, "Host"); if (host_ptr != NULL && strlen(host_ptr) > 255) { ctx->req_host[0] = 0; res->status = http_get_status(400); sprintf(err_msg, "Host header field is too long."); return 0; } else if (host_ptr == NULL || strchr(host_ptr, '/') != NULL) { if (strchr(ctx->socket.addr, ':') == NULL) { strcpy(ctx->req_host, ctx->socket.addr); } else { sprintf(ctx->req_host, "[%s]", ctx->socket.addr); } res->status = http_get_status(400); sprintf(err_msg, "The client provided no or an invalid Host header field."); return 0; } else { strcpy(ctx->req_host, host_ptr); } logger_set_prefix("[%s%*s%s]%s", BLD_STR, ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix); info(BLD_STR "%s %s", req->method, req->uri); if (strstarts(req->uri, "/.sesimos/res/")) { if (!streq(req->method, "GET") && !streq(req->method, "HEAD")) { res->status = http_get_status(405); http_add_header_field(&res->hdr, "Allow", "GET, HEAD"); return 0; } const res_t resources[] = { {"style.css", "text/css; charset=UTF-8", http_style_doc, http_style_doc_size}, {"icon-error.svg", "image/svg+xml; charset=UTF-8", http_icon_error, http_icon_error_size}, {"icon-info.svg", "image/svg+xml; charset=UTF-8", http_icon_info, http_icon_info_size}, {"icon-success.svg", "image/svg+xml; charset=UTF-8", http_icon_success, http_icon_success_size}, {"icon-warning.svg", "image/svg+xml; charset=UTF-8", http_icon_warning, http_icon_warning_size}, {"globe.svg", "image/svg+xml; charset=UTF-8", http_icon_globe, http_icon_globe_size}, }; res->status = http_get_status(404); for (int i = 0; i < sizeof(resources) / sizeof(res_t); i++) { const res_t *r = &resources[i]; if (streq(req->uri + 14, r->name)) { res->status = http_get_status(203); http_add_header_field(&res->hdr, "Content-Type", r->type); http_add_header_field(&res->hdr, "Cache-Control", "public, max-age=86400"); ctx->msg_buf = (char *) r->content; ctx->content_length = r->size; break; } } return 0; } ctx->conf = get_host_config(ctx->req_host); if (ctx->conf == NULL) { res->status = http_get_status(421); strcpy(ctx->err_msg, "The requested host name is not configured on the server."); return 0; } http_uri *uri = &ctx->uri; unsigned char dir_mode = (ctx->conf->type == CONFIG_TYPE_LOCAL ? ctx->conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION); ret = uri_init(uri, ctx->conf->local.webroot, req->uri, dir_mode); if (ret != 0) { if (ret == 1) { sprintf(err_msg, "Invalid URI: has to start with slash."); res->status = http_get_status(400); } else if (ret == 2) { sprintf(err_msg, "Invalid URI: contains relative path change (/../)."); res->status = http_get_status(400); } else if (ret == 3) { sprintf(err_msg, "The specified webroot directory does not exist."); res->status = http_get_status(404); } else { res->status = http_get_status(500); } return 0; } if (ctx->conf->type == CONFIG_TYPE_LOCAL && streq(req->method, "TRACE")) { return 1; } else if (dir_mode != URI_DIR_MODE_NO_VALIDATION) { ssize_t size = sizeof(buf0); url_decode(req->uri, buf0, &size); int change_proto = (!client->enc && !strstarts(uri->uri, "/.well-known/")); if (!streq(uri->uri, buf0) || change_proto) { res->status = http_get_status(308); size = url_encode(uri->uri, strlen(uri->uri), buf0, sizeof(buf0)); if (change_proto) { int p_len = snprintf(buf1, sizeof(buf1), "https://%s%s", ctx->req_host, buf0); if (p_len < 0 || p_len >= sizeof(buf1)) { res->status = http_get_status(500); error("Header field 'Location' too long"); return 0; } http_add_header_field(&res->hdr, "Location", buf1); } else { http_add_header_field(&res->hdr, "Location", buf0); } return 0; } } else if (!client->enc) { res->status = http_get_status(308); sprintf(buf0, "https://%s%s", ctx->req_host, req->uri); http_add_header_field(&res->hdr, "Location", buf0); return 0; } if (ctx->conf->type == CONFIG_TYPE_LOCAL) { return 1; } else if (ctx->conf->type == CONFIG_TYPE_REVERSE_PROXY) { return 2; } else { error("Unknown host type: %i", ctx->conf->type); res->status = http_get_status(501); } return 0; } int respond(client_ctx_t *ctx) { http_req *req = &ctx->req; http_res *res = &ctx->res; sock *client = &ctx->socket; http_status_ctx *status = &ctx->status; char *err_msg = ctx->err_msg; long ret = 0; char buf0[1024]; char msg_pre_buf_1[4096], msg_pre_buf_2[4096]; char buffer[CHUNK_SIZE]; if (!ctx->use_proxy) { if (ctx->conf != NULL && ctx->conf->type == CONFIG_TYPE_LOCAL && ctx->uri.is_static && res->status->code == 405) { http_add_header_field(&res->hdr, "Allow", "GET, HEAD, TRACE"); } if (http_get_header_field(&res->hdr, "Accept-Ranges") == NULL) { http_add_header_field(&res->hdr, "Accept-Ranges", "none"); } if (!ctx->use_fastcgi && ctx->file == NULL && ctx->msg_buf == NULL) { http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL); http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL); http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL); http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL); http_remove_header_field(&res->hdr, "Content-Encoding", HTTP_REMOVE_ALL); http_add_header_field(&res->hdr, "Date", http_get_date(buf0, sizeof(buf0))); http_add_header_field(&res->hdr, "Server", SERVER_STR); http_add_header_field(&res->hdr, "Cache-Control", "no-cache"); http_add_header_field(&res->hdr, "Content-Type", "text/html; charset=UTF-8"); // TODO list Locations on 3xx Redirects const http_doc_info *http_info = http_get_status_info(res->status->code); const http_status_msg *http_msg = http_get_error_msg(res->status->code); if (ctx->msg_content[0] == 0) { if (res->status->code >= 300 && res->status->code < 400) { const char *location = http_get_header_field(&res->hdr, "Location"); if (location != NULL) { snprintf(ctx->msg_content, sizeof(ctx->msg_content), " \n", location, location); } } } else if (strstarts(ctx->msg_content, "") || strstarts(ctx->msg_content, "msg_content[0] = 0; // TODO let relevant information pass? } char *proxy_doc = ""; if (ctx->conf != NULL && ctx->conf->type == CONFIG_TYPE_REVERSE_PROXY) { const http_status *status_hdr = http_get_status(status->status); char stat_str[8]; sprintf(stat_str, "%03i", status->status); snprintf(msg_pre_buf_2, sizeof(msg_pre_buf_2), http_proxy_doc, " success", (status->origin == CLIENT_REQ) ? " error" : " success", (status->origin == INTERNAL) ? " error" : " success", (status->origin == SERVER_REQ) ? " error" : (status->status == 0 ? "" : " success"), (status->origin == CLIENT_RES) ? " error" : " success", (status->origin == SERVER) ? " error" : (status->status == 0 ? "" : " success"), (status->origin == SERVER_RES) ? " error" : (status->status == 0 ? "" : " success"), (status->origin == INTERNAL) ? " error" : " success", (status->origin == INTERNAL || status->origin == SERVER) ? " error" : " success", res->status->code, res->status->msg, (status->status == 0) ? "???" : stat_str, (status_hdr != NULL) ? status_hdr->msg : "", ctx->req_host, SERVER_NAME); proxy_doc = msg_pre_buf_2; } ctx->msg_buf_ptr = malloc(4096); ctx->msg_buf = ctx->msg_buf_ptr; snprintf(msg_pre_buf_1, sizeof(msg_pre_buf_1), http_info->doc, res->status->code, res->status->msg, http_msg != NULL ? http_msg->msg : "", err_msg); ctx->content_length = snprintf(ctx->msg_buf, 4096, http_default_doc, res->status->code, res->status->msg, msg_pre_buf_1, http_info->mode, http_info->icon, http_info->color, ctx->req_host, proxy_doc, ctx->msg_content, SERVER_STR_HTML); } if (ctx->content_length >= 0) { sprintf(buf0, "%li", ctx->content_length); http_remove_header_field(&res->hdr, "Content-Length", HTTP_REMOVE_ALL); http_add_header_field(&res->hdr, "Content-Length", buf0); } else if (http_get_header_field(&res->hdr, "Transfer-Encoding") == NULL) { ctx->s_keep_alive = 0; } } if (ctx->use_proxy != 2) { http_remove_header_field(&res->hdr, "Connection", HTTP_REMOVE_ALL); http_remove_header_field(&res->hdr, "Keep-Alive", HTTP_REMOVE_ALL); if (ctx->s_keep_alive && ctx->c_keep_alive) { http_add_header_field(&res->hdr, "Connection", "keep-alive"); sprintf(buf0, "timeout=%i, max=%i", CLIENT_TIMEOUT, REQ_PER_CONNECTION); http_add_header_field(&res->hdr, "Keep-Alive", buf0); } else { http_add_header_field(&res->hdr, "Connection", "close"); } } http_send_response(client, res); ctx->res_ts = clock_micros(); const char *location = http_get_header_field(&res->hdr, "Location"); info("%s%s%03i %s%s%s (%s)%s", http_get_status_color(res->status->code), ctx->use_proxy ? "-> " : "", res->status->code, res->status->msg, location != NULL ? " -> " : "", location != NULL ? location : "", format_duration(ctx->res_ts - ctx->req_s, buf0), CLR_STR); // TODO access/error log file if (ctx->use_proxy) { // reverse proxy return 3; } else if (!streq(req->method, "HEAD")) { // default response if (ctx->msg_buf != NULL) { ret = sock_send_x(client, ctx->msg_buf, ctx->content_length, 0); if (ret <= 0) { error("Unable to send"); } } else if (ctx->file != NULL) { unsigned long len, snd_len = 0; while (snd_len < ctx->content_length) { len = fread(buffer, 1, CHUNK_SIZE, ctx->file); if (snd_len + len > ctx->content_length) { len = ctx->content_length - snd_len; } ret = sock_send_x(client, buffer, len, feof(ctx->file) ? 0 : MSG_MORE); if (ret <= 0) { error("Unable to send"); break; } snd_len += ret; } } else if (ctx->use_fastcgi) { // FastCGI return 2; } if (ret < 0) ctx->c_keep_alive = 0; } return 0; } void request_complete(client_ctx_t *ctx) { char buf[32]; ctx->req_e = clock_micros(); info("Transfer complete: %s", format_duration(ctx->req_e - ctx->req_s, buf)); if (ctx->file) fclose(ctx->file); free(ctx->msg_buf_ptr); uri_free(&ctx->uri); http_free_req(&ctx->req); http_free_res(&ctx->res); } void timeout_request(client_ctx_t *ctx) { init_ctx(ctx); logger_set_prefix("[%*s]%s", ADDRSTRLEN, ctx->socket.s_addr, ctx->log_prefix); ctx->s_keep_alive = 0; ctx->res.status = http_get_status(408); respond(ctx); tcp_close(ctx); }