summaryrefslogtreecommitdiffhomepage
path: root/libs/httpd
diff options
context:
space:
mode:
Diffstat (limited to 'libs/httpd')
-rw-r--r--libs/httpd/luasrc/http/protocol.lua754
1 files changed, 754 insertions, 0 deletions
diff --git a/libs/httpd/luasrc/http/protocol.lua b/libs/httpd/luasrc/http/protocol.lua
new file mode 100644
index 000000000..01d3128b2
--- /dev/null
+++ b/libs/httpd/luasrc/http/protocol.lua
@@ -0,0 +1,754 @@
+--[[
+
+HTTP protocol implementation for LuCI
+(c) 2008 Freifunk Leipzig / Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+
+]]--
+
+module("luci.http.protocol", package.seeall)
+
+require("ltn12")
+require("luci.util")
+
+HTTP_MAX_CONTENT = 1024*4 -- 4 kB maximum content size
+HTTP_URLENC_MAXKEYLEN = 1024 -- maximum allowd size of urlencoded parameter names
+
+
+-- Decode an urlencoded string.
+-- Returns the decoded value.
+function urldecode( str )
+
+ local function __chrdec( hex )
+ return string.char( tonumber( hex, 16 ) )
+ end
+
+ if type(str) == "string" then
+ str = str:gsub( "+", " " ):gsub( "%%([a-fA-F0-9][a-fA-F0-9])", __chrdec )
+ end
+
+ return str
+end
+
+
+-- Extract and split urlencoded data pairs, separated bei either "&" or ";" from given url.
+-- Returns a table value with urldecoded values.
+function urldecode_params( url, tbl )
+
+ local params = tbl or { }
+
+ if url:find("?") then
+ url = url:gsub( "^.+%?([^?]+)", "%1" )
+ end
+
+ for i, pair in ipairs(luci.util.split( url, "[&;]+", nil, true )) do
+
+ -- find key and value
+ local key = urldecode( pair:match("^([^=]+)") )
+ local val = urldecode( pair:match("^[^=]+=(.+)$") )
+
+ -- store
+ if type(key) == "string" and key:len() > 0 then
+ if type(val) ~= "string" then val = "" end
+
+ if not params[key] then
+ params[key] = val
+ elseif type(params[key]) ~= "table" then
+ params[key] = { params[key], val }
+ else
+ table.insert( params[key], val )
+ end
+ end
+ end
+
+ return params
+end
+
+
+-- Encode given string in urlencoded format.
+-- Returns the encoded string.
+function urlencode( str )
+
+ local function __chrenc( chr )
+ return string.format(
+ "%%%02x", string.byte( chr )
+ )
+ end
+
+ if type(str) == "string" then
+ str = str:gsub(
+ "([^a-zA-Z0-9$_%-%.+!*'(),])",
+ __chrenc
+ )
+ end
+
+ return str
+end
+
+
+-- Encode given table to urlencoded string.
+-- Returns the encoded string.
+function urlencode_params( tbl )
+ local enc = ""
+
+ for k, v in pairs(tbl) do
+ enc = enc .. ( enc and "&" or "" ) ..
+ urlencode(k) .. "=" ..
+ urlencode(v)
+ end
+
+ return enc
+end
+
+
+-- Table of our process states
+local process_states = { }
+
+-- Extract "magic", the first line of a http message.
+-- Extracts the message type ("get", "post" or "response"), the requested uri
+-- or the status code if the line descripes a http response.
+process_states['magic'] = function( msg, chunk )
+
+ if chunk ~= nil then
+
+ -- Is it a request?
+ local method, uri, http_ver = chunk:match("^([A-Z]+) ([^ ]+) HTTP/([01]%.[019])$")
+
+ -- Yup, it is
+ if method then
+
+ msg.type = "request"
+ msg.request_method = method:lower()
+ msg.request_uri = uri
+ msg.http_version = http_ver
+ msg.headers = { }
+
+ -- We're done, next state is header parsing
+ return true, function( chunk )
+ return process_states['headers']( msg, chunk )
+ end
+
+ -- Is it a response?
+ else
+
+ local http_ver, code, message = chunk:match("^HTTP/([01]%.[019]) ([0-9]+) ([^\r\n]+)$")
+
+ -- Is a response
+ if code then
+
+ msg.type = "response"
+ msg.status_code = code
+ msg.status_message = message
+ msg.http_version = http_ver
+ msg.headers = { }
+
+ -- We're done, next state is header parsing
+ return true, function( chunk )
+ return process_states['headers']( msg, chunk )
+ end
+ end
+ end
+ end
+
+ -- Can't handle it
+ return nil, "Invalid HTTP message magic"
+end
+
+
+-- Extract headers from given string.
+process_states['headers'] = function( msg, chunk )
+
+ if chunk ~= nil then
+
+ -- Look for a valid header format
+ local hdr, val = chunk:match( "^([A-Z][A-Za-z0-9%-_]+): +(.+)$" )
+
+ if type(hdr) == "string" and hdr:len() > 0 and
+ type(val) == "string" and val:len() > 0
+ then
+ msg.headers[hdr] = val
+
+ -- Valid header line, proceed
+ return true, nil
+
+ elseif #chunk == 0 then
+ -- Empty line, we won't accept data anymore
+ return false, nil
+ else
+ -- Junk data
+ return nil, "Invalid HTTP header received"
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Find first MIME boundary
+process_states['mime-init'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+ if #chunk >= #msg.mime_boundary + 2 then
+ local boundary = chunk:sub( 1, #msg.mime_boundary + 4 )
+
+ if boundary == "--" .. msg.mime_boundary .. "\r\n" then
+
+ -- Store remaining data in buffer
+ msg._mimebuffer = chunk:sub( #msg.mime_boundary + 5, #chunk )
+
+ -- Switch to header processing state
+ return true, function( chunk )
+ return process_states['mime-headers']( msg, chunk, filecb )
+ end
+ else
+ return nil, "Invalid MIME boundary"
+ end
+ else
+ return true
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Read MIME part headers
+process_states['mime-headers'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+
+ -- Combine look-behind buffer with current chunk
+ chunk = msg._mimebuffer .. chunk
+
+ if not msg._mimeheaders then
+ msg._mimeheaders = { }
+ end
+
+ local function __storehdr( k, v )
+ msg._mimeheaders[k] = v
+ return ""
+ end
+
+ -- Read all header lines
+ local ok, count = 1, 0
+ while ok > 0 do
+ chunk, ok = chunk:gsub( "^([A-Z][A-Za-z0-9%-_]+): +([^\r\n]+)\r\n", __storehdr )
+ count = count + ok
+ end
+
+ -- Headers processed, check for empty line
+ chunk, ok = chunk:gsub( "^\r\n", "" )
+
+ -- Store remaining buffer contents
+ msg._mimebuffer = chunk
+
+ -- End of headers
+ if ok > 0 then
+
+ -- When no Content-Type header is given assume text/plain
+ if not msg._mimeheaders['Content-Type'] then
+ msg._mimeheaders['Content-Type'] = 'text/plain'
+ end
+
+ -- Check Content-Disposition
+ if msg._mimeheaders['Content-Disposition'] then
+ -- Check for "form-data" token
+ if msg._mimeheaders['Content-Disposition']:match("^form%-data; ") then
+ -- Check for field name, filename
+ local field = msg._mimeheaders['Content-Disposition']:match('name="(.-)"')
+ local file = msg._mimeheaders['Content-Disposition']:match('filename="(.+)"$')
+
+ -- Is a file field and we have a callback
+ if file and filecb then
+ msg.params[field] = file
+ msg._mimecallback = function(chunk,eof)
+ filecb( {
+ name = field;
+ file = file;
+ headers = msg._mimeheaders
+ }, chunk, eof )
+ end
+
+ -- Treat as form field
+ else
+ msg.params[field] = ""
+ msg._mimecallback = function(chunk,eof)
+ msg.params[field] = msg.params[field] .. chunk
+ end
+ end
+
+ -- Header was valid, continue with mime-data
+ return true, function( chunk )
+ return process_states['mime-data']( msg, chunk, filecb )
+ end
+ else
+ -- Unknown Content-Disposition, abort
+ return nil, "Unexpected Content-Disposition MIME section header"
+ end
+ else
+ -- Content-Disposition is required, abort without
+ return nil, "Missing Content-Disposition MIME section header"
+ end
+
+ -- We parsed no headers yet and buffer is almost empty
+ elseif count > 0 or #chunk < 128 then
+ -- Keep feeding me with chunks
+ return true, nil
+ end
+
+ -- Buffer looks like garbage
+ return nil, "Malformed MIME section header"
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Read MIME part data
+process_states['mime-data'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+
+ -- Combine look-behind buffer with current chunk
+ local buffer = msg._mimebuffer .. chunk
+
+ -- Look for MIME boundary
+ local spos, epos = buffer:find( "\r\n--" .. msg.mime_boundary .. "\r\n", 1, true )
+
+ if spos then
+ -- Content data
+ msg._mimecallback( buffer:sub( 1, spos - 1 ), true )
+
+ -- Store remainder
+ msg._mimebuffer = buffer:sub( epos + 1, #buffer )
+
+ -- Next state is mime-header processing
+ return true, function( chunk )
+ return process_states['mime-headers']( msg, chunk, filecb )
+ end
+ else
+ -- Look for EOF?
+ local spos, epos = buffer:find( "\r\n--" .. msg.mime_boundary .. "--\r\n", 1, true )
+
+ if spos then
+ -- Content data
+ msg._mimecallback( buffer:sub( 1, spos - 1 ), true )
+
+ -- We processed the final MIME boundary, cleanup
+ msg._mimebuffer = nil
+ msg._mimeheaders = nil
+ msg._mimecallback = nil
+
+ -- We won't accept data anymore
+ return false
+ else
+ -- We're somewhere within a data section and our buffer is full
+ if #buffer > #chunk then
+ -- Flush buffered data
+ msg._mimecallback( buffer:sub( 1, #buffer - #chunk ), false )
+
+ -- Store new data
+ msg._mimebuffer = buffer:sub( #buffer - #chunk + 1, #buffer )
+
+ -- Buffer is not full yet, append new data
+ else
+ msg._mimebuffer = buffer
+ end
+
+ -- Keep feeding me
+ return true
+ end
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Init urldecoding stream
+process_states['urldecode-init'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+
+ -- Check for Content-Length
+ if msg.headers['Content-Length'] then
+ msg.content_length = tonumber(msg.headers['Content-Length'])
+
+ if msg.content_length <= HTTP_MAX_CONTENT then
+ -- Initialize buffer
+ msg._urldecbuffer = chunk
+ msg._urldeclength = 0
+
+ -- Switch to urldecode-key state
+ return true, function(chunk)
+ return process_states['urldecode-key']( msg, chunk, filecb )
+ end
+ else
+ return nil, "Request exceeds maximum allowed size"
+ end
+ else
+ return nil, "Missing Content-Length header"
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Process urldecoding stream, read and validate parameter key
+process_states['urldecode-key'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+
+ -- Prevent oversized requests
+ if msg._urldeclength >= msg.content_length then
+ return nil, "Request exceeds maximum allowed size"
+ end
+
+ -- Combine look-behind buffer with current chunk
+ local buffer = msg._urldecbuffer .. chunk
+ local spos, epos = buffer:find("=")
+
+ -- Found param
+ if spos then
+
+ -- Check that key doesn't exceed maximum allowed key length
+ if ( spos - 1 ) <= HTTP_URLENC_MAXKEYLEN then
+ local key = urldecode( buffer:sub( 1, spos - 1 ) )
+
+ -- Prepare buffers
+ msg.params[key] = ""
+ msg._urldeclength = msg._urldeclength + epos
+ msg._urldecbuffer = buffer:sub( epos + 1, #buffer )
+
+ -- Use file callback or store values inside msg.params
+ if filecb then
+ msg._urldeccallback = function( chunk, eof )
+ filecb( field, chunk, eof )
+ end
+ else
+ msg._urldeccallback = function( chunk, eof )
+ msg.params[key] = msg.params[key] .. chunk
+ end
+ end
+
+ -- Proceed with urldecode-value state
+ return true, function( chunk )
+ return process_states['urldecode-value']( msg, chunk, filecb )
+ end
+ else
+ return nil, "POST parameter exceeds maximum allowed length"
+ end
+ else
+ return nil, "POST data exceeds maximum allowed length"
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Process urldecoding stream, read parameter value
+process_states['urldecode-value'] = function( msg, chunk, filecb )
+
+ if chunk ~= nil then
+
+ -- Combine look-behind buffer with current chunk
+ local buffer = msg._urldecbuffer .. chunk
+
+ -- Check for EOF
+ if #buffer == 0 then
+ -- Compare processed length
+ if msg._urldeclength == msg.content_length then
+ -- Cleanup
+ msg._urldeclength = nil
+ msg._urldecbuffer = nil
+ msg._urldeccallback = nil
+
+ -- We won't accept data anymore
+ return false
+ else
+ return nil, "Content-Length mismatch"
+ end
+ end
+
+ -- Check for end of value
+ local spos, epos = buffer:find("[&;]")
+ if spos then
+
+ -- Flush buffer, send eof
+ msg._urldeccallback( buffer:sub( 1, spos - 1 ), true )
+ msg._urldecbuffer = buffer:sub( epos + 1, #buffer )
+ msg._urldeclength = msg._urldeclength + epos
+
+ -- Back to urldecode-key state
+ return true, function( chunk )
+ return process_states['urldecode-key']( msg, chunk, filecb )
+ end
+ else
+ -- We're somewhere within a data section and our buffer is full
+ if #buffer > #chunk then
+ -- Flush buffered data
+ msg._urldeccallback( buffer:sub( 1, #buffer - #chunk ), false )
+
+ -- Store new data
+ msg._urldeclength = msg._urldeclength + #buffer - #chunk
+ msg._urldecbuffer = buffer:sub( #buffer - #chunk + 1, #buffer )
+
+ -- Buffer is not full yet, append new data
+ else
+ msg._urldecbuffer = buffer
+ end
+
+ -- Keep feeding me
+ return true
+ end
+ else
+ return nil, "Unexpected EOF"
+ end
+end
+
+
+-- Decode MIME encoded data.
+function mimedecode_message_body( source, msg, filecb )
+
+ -- Find mime boundary
+ if msg and msg.headers['Content-Type'] then
+
+ local bound = msg.headers['Content-Type']:match("^multipart/form%-data; boundary=(.+)")
+
+ if bound then
+ msg.mime_boundary = bound
+ else
+ return nil, "No MIME boundary found or invalid content type given"
+ end
+ end
+
+ -- Create an initial LTN12 sink
+ -- The whole MIME parsing process is implemented as fancy sink, sinks replace themself
+ -- depending on current processing state (init, header, data). Return the initial state.
+ local sink = ltn12.sink.simplify(
+ function( chunk )
+ return process_states['mime-init']( msg, chunk, filecb )
+ end
+ )
+
+ -- Create a throttling LTN12 source
+ -- Frequent state switching in the mime parsing process leads to unwanted buffer aggregation.
+ -- This source checks wheather there's still data in our internal read buffer and returns an
+ -- empty string if there's already enough data in the processing queue. If the internal buffer
+ -- runs empty we're calling the original source to get the next chunk of data.
+ local tsrc = function()
+
+ -- XXX: we schould propably keep the maximum buffer size in sync with
+ -- the blocksize of our original source... but doesn't really matter
+ if msg._mimebuffer ~= null and #msg._mimebuffer > 256 then
+ return ""
+ else
+ return source()
+ end
+ end
+
+ -- Pump input data...
+ while true do
+ -- get data
+ local ok, err = ltn12.pump.step( tsrc, sink )
+
+ -- error
+ if not ok and err then
+ return nil, err
+
+ -- eof
+ elseif not ok then
+ return true
+ end
+ end
+end
+
+
+-- Decode urlencoded data.
+function urldecode_message_body( source, msg )
+
+ -- Create an initial LTN12 sink
+ -- Return the initial state.
+ local sink = ltn12.sink.simplify(
+ function( chunk )
+ return process_states['urldecode-init']( msg, chunk )
+ end
+ )
+
+ -- Create a throttling LTN12 source
+ -- See explaination in mimedecode_message_body().
+ local tsrc = function()
+ if msg._urldecbuffer ~= null and #msg._urldecbuffer > 0 then
+ return ""
+ else
+ return source()
+ end
+ end
+
+ -- Pump input data...
+ while true do
+ -- get data
+ local ok, err = ltn12.pump.step( tsrc, sink )
+
+ -- step
+ if not ok and err then
+ return nil, err
+
+ -- eof
+ elseif not ok then
+ return true
+ end
+ end
+end
+
+
+-- Parse a http message
+function parse_message( data, filecb )
+
+ local reader = _linereader( data, HTTP_MAX_READBUF )
+ local message = parse_message_header( reader )
+
+ if message then
+ parse_message_body( reader, message, filecb )
+ end
+
+ return message
+end
+
+
+-- Parse a http message header
+function parse_message_header( source )
+
+ local ok = true
+ local msg = { }
+
+ local sink = ltn12.sink.simplify(
+ function( chunk )
+ return process_states['magic']( msg, chunk )
+ end
+ )
+
+ -- Pump input data...
+ while ok do
+
+ -- get data
+ ok, err = ltn12.pump.step( source, sink )
+
+ -- error
+ if not ok and err then
+ return nil, err
+
+ -- eof
+ elseif not ok then
+
+ -- Process get parameters
+ if ( msg.request_method == "get" or msg.request_method == "post" ) and
+ msg.request_uri:match("?")
+ then
+ msg.params = urldecode_params( msg.request_uri )
+ else
+ msg.params = { }
+ end
+
+ -- Populate common environment variables
+ msg.env = {
+ CONTENT_LENGTH = msg.headers['Content-Length'];
+ CONTENT_TYPE = msg.headers['Content-Type'];
+ REQUEST_METHOD = msg.request_method:upper();
+ REQUEST_URI = msg.request_uri;
+ SCRIPT_NAME = msg.request_uri:gsub("?.+$","");
+ SCRIPT_FILENAME = "" -- XXX implement me
+ }
+
+ -- Populate HTTP_* environment variables
+ for i, hdr in ipairs( {
+ 'Accept',
+ 'Accept-Charset',
+ 'Accept-Encoding',
+ 'Accept-Language',
+ 'Connection',
+ 'Cookie',
+ 'Host',
+ 'Referer',
+ 'User-Agent',
+ } ) do
+ local var = 'HTTP_' .. hdr:upper():gsub("%-","_")
+ local val = msg.headers[hdr]
+
+ msg.env[var] = val
+ end
+ end
+ end
+
+ return msg
+end
+
+
+-- Parse a http message body
+function parse_message_body( source, msg, filecb )
+
+ -- Is it multipart/mime ?
+ if msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE and
+ msg.env.CONTENT_TYPE:match("^multipart/form%-data")
+ then
+
+ return mimedecode_message_body( source, msg, filecb )
+
+ -- Is it application/x-www-form-urlencoded ?
+ elseif msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE and
+ msg.env.CONTENT_TYPE == "application/x-www-form-urlencoded"
+ then
+
+ return urldecode_message_body( source, msg, filecb )
+
+ -- Unhandled encoding
+ -- If a file callback is given then feed it line by line, else
+ -- store whole buffer in message.content
+ else
+
+ local sink
+ local length = 0
+
+ -- If we have a file callback then feed it
+ if type(filecb) == "function" then
+ sink = filecb
+
+ -- ... else append to .content
+ else
+ msg.content = ""
+ msg.content_length = 0
+
+ sink = function( chunk )
+ if ( msg.content_length ) + #chunk <= HTTP_MAX_CONTENT then
+
+ msg.content = msg.content .. chunk
+ msg.content_length = msg.content_length + #chunk
+
+ return true
+ else
+ return nil, "POST data exceeds maximum allowed length"
+ end
+ end
+ end
+
+ -- Pump data...
+ while true do
+ local ok, err = ltn12.pump.step( source, sink )
+
+ if not ok and err then
+ return nil, err
+ elseif not err then
+ return true
+ end
+ end
+ end
+end