lorenz.stechauner/sesimos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Activity
Files
7a2acb0e66d4a84a4c2ae40bc7645796c4b0c058
sesimos/src/worker/request_handler.c
Lorenz Stechauner 7a2acb0e66 Add workers
2022-12-29 21:41:40 +01:00

527 lines
22 KiB
C
Raw Blame History

/**
* sesimos - secure, simple, modern web server
* @brief Client request handler
* @file src/worker/request_handler.c
* @author Lorenz Stechauner
* @date 2022-12-28
*/
#include "../defs.h"
#include "request_handler.h"
#include "../workers.h"
#include "../lib/mpmc.h"
#include "../logger.h"
#include "../lib/utils.h"
#include "../lib/proxy.h"
#include "../lib/fastcgi.h"
#include "../lib/compress.h"
#include "../lib/websocket.h"
#include <string.h>
#include <openssl/err.h>
#include <arpa/inet.h>
static int request_handler(client_ctx_t *ctx);
void request_handler_func(client_ctx_t *ctx) {
logger_set_prefix("[%*s]%s", INET6_ADDRSTRLEN, ctx->s_addr, ctx->log_prefix);
if (request_handler(ctx) == 0) {
respond(ctx);
} else {
tcp_close(ctx);
}
}
static int request_handler(client_ctx_t *ctx) {
sock *client = &ctx->socket;
long ret;
char buf0[1024], buf1[1024];
char msg_buf[8192], err_msg[256];
char msg_content[1024];
const char *host_ptr, *hdr_connection;
msg_buf[0] = 0;
err_msg[0] = 0;
msg_content[0] = 0;
int accept_if_modified_since = 0;
ctx->use_fastcgi = 0;
ctx->use_proxy = 0;
int p_len;
fastcgi_cnx_t fcgi_cnx = {.socket = 0, .req_id = 0, .ctx = ctx};
http_status custom_status;
http_res *res = &ctx->res;
res->status = http_get_status(501);
res->hdr.field_num = 0;
res->hdr.last_field_num = -1;
sprintf(res->version, "1.1");
http_status_ctx *status = &ctx->status;
status->status = 0;
status->origin = NONE;
status->ws_key = NULL;
clock_gettime(CLOCK_MONOTONIC, &ctx->begin);
//ret = sock_poll_read(&client, NULL, NULL, 1, NULL, NULL, CLIENT_TIMEOUT * 1000);
http_add_header_field(&res->hdr, "Date", http_get_date(buf0, sizeof(buf0)));
http_add_header_field(&res->hdr, "Server", SERVER_STR);
/*if (ret <= 0) {
if (errno != 0) return 0;
ctx->c_keep_alive = 0;
res->status = http_get_status(408);
return 0;
}*/
//clock_gettime(CLOCK_MONOTONIC, &begin);
http_req *req = &ctx->req;
ret = http_receive_request(client, req);
if (ret != 0) {
ctx->c_keep_alive = 0;
if (ret < 0) {
return -1;
} else if (ret == 1) {
sprintf(err_msg, "Unable to parse http header: Invalid header format.");
} else if (ret == 2) {
sprintf(err_msg, "Unable to parse http header: Invalid method.");
} else if (ret == 3) {
sprintf(err_msg, "Unable to parse http header: Invalid version.");
} else if (ret == 4) {
sprintf(err_msg, "Unable to parse http header: Header contains illegal characters.");
} else if (ret == 5) {
sprintf(err_msg, "Unable to parse http header: End of header not found.");
}
res->status = http_get_status(400);
return 0;
}
hdr_connection = http_get_header_field(&req->hdr, "Connection");
ctx->c_keep_alive = (hdr_connection != NULL && (strstr(hdr_connection, "keep-alive") != NULL || strstr(hdr_connection, "Keep-Alive") != NULL));
host_ptr = http_get_header_field(&req->hdr, "Host");
if (host_ptr != NULL && strlen(host_ptr) > 255) {
ctx->req_host[0] = 0;
res->status = http_get_status(400);
sprintf(err_msg, "Host header field is too long.");
return 0;
} else if (host_ptr == NULL || strchr(host_ptr, '/') != NULL) {
if (strchr(ctx->addr, ':') == NULL) {
strcpy(ctx->req_host, ctx->addr);
} else {
sprintf(ctx->req_host, "[%s]", ctx->addr);
}
res->status = http_get_status(400);
sprintf(err_msg, "The client provided no or an invalid Host header field.");
return 0;
} else {
strcpy(ctx->req_host, host_ptr);
}
logger_set_prefix("[%s%*s%s]%s", BLD_STR, INET6_ADDRSTRLEN, ctx->req_host, CLR_STR, ctx->log_prefix);
info(BLD_STR "%s %s", req->method, req->uri);
ctx->conf = get_host_config(ctx->req_host);
if (ctx->conf == NULL) {
info("Unknown host, redirecting to default");
res->status = http_get_status(307);
sprintf(buf0, "https://%s%s", DEFAULT_HOST, req->uri);
http_add_header_field(&res->hdr, "Location", buf0);
return 0;
}
http_uri *uri = &ctx->uri;
unsigned char dir_mode = (ctx->conf->type == CONFIG_TYPE_LOCAL ? ctx->conf->local.dir_mode : URI_DIR_MODE_NO_VALIDATION);
ret = uri_init(uri, ctx->conf->local.webroot, req->uri, dir_mode);
if (ret != 0) {
if (ret == 1) {
sprintf(err_msg, "Invalid URI: has to start with slash.");
res->status = http_get_status(400);
} else if (ret == 2) {
sprintf(err_msg, "Invalid URI: contains relative path change (/../).");
res->status = http_get_status(400);
} else if (ret == 3) {
sprintf(err_msg, "The specified webroot directory does not exist.");
res->status = http_get_status(404);
} else {
res->status = http_get_status(500);
}
return 0;
}
if (dir_mode != URI_DIR_MODE_NO_VALIDATION) {
ssize_t size = sizeof(buf0);
url_decode(req->uri, buf0, &size);
int change_proto = strncmp(uri->uri, "/.well-known/", 13) != 0 && !client->enc;
if (strcmp(uri->uri, buf0) != 0 || change_proto) {
res->status = http_get_status(308);
size = url_encode(uri->uri, strlen(uri->uri), buf0, sizeof(buf0));
if (change_proto) {
p_len = snprintf(buf1, sizeof(buf1), "https://%s%s", ctx->req_host, buf0);
if (p_len < 0 || p_len >= sizeof(buf1)) {
res->status = http_get_status(500);
error("Header field 'Location' too long");
return 0;
}
http_add_header_field(&res->hdr, "Location", buf1);
} else {
http_add_header_field(&res->hdr, "Location", buf0);
}
return 0;
}
} else if (!client->enc) {
res->status = http_get_status(308);
sprintf(buf0, "https://%s%s", ctx->req_host, req->uri);
http_add_header_field(&res->hdr, "Location", buf0);
return 0;
}
if (ctx->conf->type == CONFIG_TYPE_LOCAL) {
if (strcmp(req->method, "TRACE") == 0) {
res->status = http_get_status(200);
http_add_header_field(&res->hdr, "Content-Type", "message/http");
ctx->content_length = snprintf(msg_buf, sizeof(msg_buf) - ctx->content_length, "%s %s HTTP/%s\r\n", req->method, req->uri, req->version);
for (int i = 0; i < req->hdr.field_num; i++) {
const http_field *f = &req->hdr.fields[i];
ctx->content_length += snprintf(msg_buf + ctx->content_length, sizeof(msg_buf) - ctx->content_length, "%s: %s\r\n", http_field_get_name(f), http_field_get_value(f));
}
return 0;
}
if (strncmp(uri->req_path, "/.well-known/", 13) == 0) {
http_add_header_field(&res->hdr, "Access-Control-Allow-Origin", "*");
}
if (strncmp(uri->req_path, "/.well-known/", 13) != 0 && strstr(uri->path, "/.") != NULL) {
res->status = http_get_status(403);
sprintf(err_msg, "Parts of this URI are hidden.");
return 0;
} else if (uri->filename == NULL && (int) uri->is_static && (int) uri->is_dir && strlen(uri->pathinfo) == 0) {
res->status = http_get_status(403);
sprintf(err_msg, "It is not allowed to list the contents of this directory.");
return 0;
} else if (uri->filename == NULL && (int) !uri->is_static && (int) uri->is_dir && strlen(uri->pathinfo) == 0) {
// TODO list directory contents
res->status = http_get_status(501);
sprintf(err_msg, "Listing contents of an directory is currently not implemented.");
return 0;
} else if (uri->filename == NULL || (strlen(uri->pathinfo) > 0 && (int) uri->is_static)) {
res->status = http_get_status(404);
return 0;
} else if (strlen(uri->pathinfo) != 0 && ctx->conf->local.dir_mode != URI_DIR_MODE_INFO) {
res->status = http_get_status(404);
return 0;
}
if (uri->is_static) {
res->status = http_get_status(200);
http_add_header_field(&res->hdr, "Accept-Ranges", "bytes");
if (strcmp(req->method, "GET") != 0 && strcmp(req->method, "HEAD") != 0) {
res->status = http_get_status(405);
return 0;
}
if (http_get_header_field(&req->hdr, "Content-Length") != NULL || http_get_header_field(&req->hdr, "Transfer-Encoding") != NULL) {
res->status = http_get_status(400);
sprintf(err_msg, "A GET request must not contain a payload");
return 0;
}
cache_init_uri(ctx->conf->cache, uri);
const char *last_modified = http_format_date(uri->meta->stat.st_mtime, buf0, sizeof(buf0));
http_add_header_field(&res->hdr, "Last-Modified", last_modified);
sprintf(buf1, "%s; charset=%s", uri->meta->type, uri->meta->charset);
http_add_header_field(&res->hdr, "Content-Type", buf1);
const char *accept_encoding = http_get_header_field(&req->hdr, "Accept-Encoding");
int enc = 0;
if (accept_encoding != NULL) {
if (uri->meta->filename_comp_br[0] != 0 && strstr(accept_encoding, "br") != NULL) {
ctx->file = fopen(uri->meta->filename_comp_br, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "br");
enc = COMPRESS_BR;
}
} else if (uri->meta->filename_comp_gz[0] != 0 && strstr(accept_encoding, "gzip") != NULL) {
ctx->file = fopen(uri->meta->filename_comp_gz, "rb");
if (ctx->file == NULL) {
cache_mark_dirty(ctx->conf->cache, uri->filename);
} else {
http_add_header_field(&res->hdr, "Content-Encoding", "gzip");
enc = COMPRESS_GZ;
}
}
if (enc != 0) {
http_add_header_field(&res->hdr, "Vary", "Accept-Encoding");
}
}
if (uri->meta->etag[0] != 0) {
if (enc) {
sprintf(buf0, "%s-%s", uri->meta->etag, (enc & COMPRESS_BR) ? "br" : (enc & COMPRESS_GZ) ? "gzip" : "");
http_add_header_field(&res->hdr, "ETag", buf0);
} else {
http_add_header_field(&res->hdr, "ETag", uri->meta->etag);
}
}
if (strncmp(uri->meta->type, "text/", 5) == 0) {
http_add_header_field(&res->hdr, "Cache-Control", "public, max-age=3600");
} else {
http_add_header_field(&res->hdr, "Cache-Control", "public, max-age=86400");
}
const char *if_modified_since = http_get_header_field(&req->hdr, "If-Modified-Since");
const char *if_none_match = http_get_header_field(&req->hdr, "If-None-Match");
if ((if_none_match != NULL && strstr(if_none_match, uri->meta->etag) == NULL) ||
(accept_if_modified_since && if_modified_since != NULL && strcmp(if_modified_since, last_modified) == 0))
{
res->status = http_get_status(304);
return 0;
}
const char *range = http_get_header_field(&req->hdr, "Range");
if (range != NULL) {
if (strlen(range) <= 6 || strncmp(range, "bytes=", 6) != 0) {
res->status = http_get_status(416);
http_remove_header_field(&res->hdr, "Content-Type", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Last-Modified", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "ETag", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Cache-Control", HTTP_REMOVE_ALL);
return 0;
}
range += 6;
char *ptr = strchr(range, '-');
if (ptr == NULL) {
res->status = http_get_status(416);
return 0;
}
ctx->file = fopen(uri->filename, "rb");
fseek(ctx->file, 0, SEEK_END);
unsigned long file_len = ftell(ctx->file);
fseek(ctx->file, 0, SEEK_SET);
if (file_len == 0) {
ctx->content_length = 0;
return 0;
}
long num1 = 0;
long num2 = (long) file_len - 1;
if (ptr != range) num1 = (long) strtoul(range, NULL, 10);
if (ptr[1] != 0) num2 = (long) strtoul(ptr + 1, NULL, 10);
if (num1 >= file_len || num2 >= file_len || num1 > num2) {
res->status = http_get_status(416);
return 0;
}
sprintf(buf0, "bytes %li-%li/%li", num1, num2, file_len);
http_add_header_field(&res->hdr, "Content-Range", buf0);
res->status = http_get_status(206);
fseek(ctx->file, num1, SEEK_SET);
ctx->content_length = num2 - num1 + 1;
return 0;
}
if (ctx->file == NULL) {
ctx->file = fopen(uri->filename, "rb");
}
fseek(ctx->file, 0, SEEK_END);
ctx->content_length = ftell(ctx->file);
fseek(ctx->file, 0, SEEK_SET);
} else {
int mode;
if (strcmp(uri->filename + strlen(uri->filename) - 4, ".ncr") == 0) {
mode = FASTCGI_SESIMOS;
} else if (strcmp(uri->filename + strlen(uri->filename) - 4, ".php") == 0) {
mode = FASTCGI_PHP;
} else {
res->status = http_get_status(500);
error("Invalid FastCGI extension: %s", uri->filename);
return 0;
}
struct stat statbuf;
stat(uri->filename, &statbuf);
char *last_modified = http_format_date(statbuf.st_mtime, buf0, sizeof(buf0));
http_add_header_field(&res->hdr, "Last-Modified", last_modified);
res->status = http_get_status(200);
if (fastcgi_init(&fcgi_cnx, mode, 0 /* TODO */, ctx->req_num, client, req, uri) != 0) {
res->status = http_get_status(503);
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
return 0;
}
const char *client_content_length = http_get_header_field(&req->hdr, "Content-Length");
const char *client_transfer_encoding = http_get_header_field(&req->hdr, "Transfer-Encoding");
if (client_content_length != NULL) {
unsigned long client_content_len = strtoul(client_content_length, NULL, 10);
ret = fastcgi_receive(&fcgi_cnx, client, client_content_len);
} else if (client_transfer_encoding != NULL && strstr(client_transfer_encoding, "chunked") != NULL) {
ret = fastcgi_receive_chunked(&fcgi_cnx, client);
} else {
ret = 0;
}
if (ret != 0) {
if (ret < 0) {
return -1;
} else {
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
}
res->status = http_get_status(502);
return 0;
}
fastcgi_close_stdin(&fcgi_cnx);
ret = fastcgi_header(&fcgi_cnx, res, err_msg);
if (ret != 0) {
return (ret < 0) ? -1 : 0;
}
const char *status_hdr = http_get_header_field(&res->hdr, "Status");
if (status_hdr != NULL) {
int status_code = (int) strtoul(status_hdr, NULL, 10);
res->status = http_get_status(status_code);
http_remove_header_field(&res->hdr, "Status", HTTP_REMOVE_ALL);
if (res->status == NULL && status_code >= 100 && status_code <= 999) {
custom_status.code = status_code;
strcpy(custom_status.type, "");
strcpy(custom_status.msg, status_hdr + 4);
res->status = &custom_status;
} else if (res->status == NULL) {
res->status = http_get_status(500);
sprintf(err_msg, "The status_hdr code was set to an invalid or unknown value.");
return 0;
}
}
const char *content_length_f = http_get_header_field(&res->hdr, "Content-Length");
ctx->content_length = (content_length_f == NULL) ? -1 : strtol(content_length_f, NULL, 10);
const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (content_encoding == NULL &&
content_type != NULL &&
strncmp(content_type, "text/html", 9) == 0 &&
ctx->content_length != -1 &&
ctx->content_length <= sizeof(msg_content) - 1)
{
fastcgi_dump(&fcgi_cnx, msg_content, sizeof(msg_content));
return 0;
}
ctx->use_fastcgi = 1;
if (ctx->content_length != -1 && ctx->content_length < 1024000) {
ctx->use_fastcgi |= FASTCGI_COMPRESS_HOLD;
}
ctx->content_length = -1;
int http_comp = http_get_compression(req, res);
if (http_comp & COMPRESS) {
if (http_comp & COMPRESS_BR) {
ctx->use_fastcgi |= FASTCGI_COMPRESS_BR;
sprintf(buf0, "br");
} else if (http_comp & COMPRESS_GZ) {
ctx->use_fastcgi |= FASTCGI_COMPRESS_GZ;
sprintf(buf0, "gzip");
}
http_add_header_field(&res->hdr, "Vary", "Accept-Encoding");
http_add_header_field(&res->hdr, "Content-Encoding", buf0);
http_remove_header_field(&res->hdr, "Content-Length", HTTP_REMOVE_ALL);
}
if (http_get_header_field(&res->hdr, "Content-Length") == NULL) {
http_add_header_field(&res->hdr, "Transfer-Encoding", "chunked");
}
}
} else if (ctx->conf->type == CONFIG_TYPE_REVERSE_PROXY) {
info("Reverse proxy for " BLD_STR "%s:%i" CLR_STR, ctx->conf->proxy.hostname, ctx->conf->proxy.port);
http_remove_header_field(&res->hdr, "Date", HTTP_REMOVE_ALL);
http_remove_header_field(&res->hdr, "Server", HTTP_REMOVE_ALL);
ret = proxy_init(req, res, status, ctx->conf, client, ctx, &custom_status, err_msg);
ctx->use_proxy = (ret == 0);
if (res->status->code == 101) {
const char *connection = http_get_header_field(&res->hdr, "Connection");
const char *upgrade = http_get_header_field(&res->hdr, "Upgrade");
if (connection != NULL && upgrade != NULL &&
(strstr(connection, "upgrade") != NULL || strstr(connection, "Upgrade") != NULL) &&
strcmp(upgrade, "websocket") == 0)
{
const char *ws_accept = http_get_header_field(&res->hdr, "Sec-WebSocket-Accept");
if (ws_calc_accept_key(status->ws_key, buf0) == 0) {
ctx->use_proxy = (strcmp(buf0, ws_accept) == 0) ? 2 : 1;
}
} else {
status->status = 101;
status->origin = INTERNAL;
res->status = http_get_status(501);
}
}
// Let 300 be formatted by origin server
if (ctx->use_proxy && res->status->code >= 301 && res->status->code < 600) {
const char *content_type = http_get_header_field(&res->hdr, "Content-Type");
const char *content_length_f = http_get_header_field(&res->hdr, "Content-Length");
const char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (content_encoding == NULL && content_type != NULL && content_length_f != NULL && strncmp(content_type, "text/html", 9) == 0) {
long content_len = strtol(content_length_f, NULL, 10);
if (content_len <= sizeof(msg_content) - 1) {
if (status->status != 101) {
status->status = res->status->code;
status->origin = res->status->code >= 400 ? SERVER : NONE;
}
ctx->use_proxy = 0;
proxy_dump(msg_content, content_len);
}
}
}
/*
char *content_encoding = http_get_header_field(&res->hdr, "Content-Encoding");
if (use_proxy && content_encoding == NULL) {
int http_comp = http_get_compression(&req, &res);
if (http_comp & COMPRESS_BR) {
use_proxy |= PROXY_COMPRESS_BR;
} else if (http_comp & COMPRESS_GZ) {
use_proxy |= PROXY_COMPRESS_GZ;
}
}
char *transfer_encoding = http_get_header_field(&res->hdr, "Transfer-Encoding");
int chunked = transfer_encoding != NULL && strcmp(transfer_encoding, "chunked") == 0;
http_remove_header_field(&res->hdr, "Transfer-Encoding", HTTP_REMOVE_ALL);
ret = sprintf(buf0, "%s%s%s",
(use_proxy & PROXY_COMPRESS_BR) ? "br" :
((use_proxy & PROXY_COMPRESS_GZ) ? "gzip" : ""),
((use_proxy & PROXY_COMPRESS) && chunked) ? ", " : "",
chunked ? "chunked" : "");
if (ret > 0) {
http_add_header_field(&res->hdr, "Transfer-Encoding", buf0);
}
*/
} else {
error("Unknown host type: %i", ctx->conf->type);
res->status = http_get_status(501);
}
return 0;
}
View Git Blame Copy Permalink