/* * Copyright (c) 2020, Andreas Kling * Copyright (c) 2021, Max Wipfli * Copyright (c) 2022, Thomas Keppler * * SPDX-License-Identifier: BSD-2-Clause */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include namespace WebServer { Client::Client(NonnullOwnPtr socket, Core::Object* parent) : Core::Object(parent) , m_socket(move(socket)) { } void Client::die() { m_socket->close(); deferred_invoke([this] { remove_from_parent(); }); } void Client::start() { m_socket->on_ready_to_read = [this] { if (auto result = on_ready_to_read(); result.is_error()) { result.error().visit( [](AK::Error const& error) { warnln("Internal error: {}", error); }, [](HTTP::HttpRequest::ParseError const& error) { warnln("HTTP request parsing error: {}", HTTP::HttpRequest::parse_error_to_string(error)); }); die(); } }; } ErrorOr Client::on_ready_to_read() { // FIXME: Mostly copied from LibWeb/WebDriver/Client.cpp. As noted there, this should be move the LibHTTP and made spec compliant. auto buffer = TRY(ByteBuffer::create_uninitialized(m_socket->buffer_size())); for (;;) { if (!TRY(m_socket->can_read_without_blocking())) break; auto data = TRY(m_socket->read_some(buffer)); TRY(m_remaining_request.try_append(StringView { data })); if (m_socket->is_eof()) break; } if (m_remaining_request.is_empty()) return {}; auto request = TRY(m_remaining_request.to_byte_buffer()); dbgln_if(WEBSERVER_DEBUG, "Got raw request: '{}'", DeprecatedString::copy(request)); auto maybe_parsed_request = HTTP::HttpRequest::from_raw_request(TRY(m_remaining_request.to_byte_buffer())); if (maybe_parsed_request.is_error()) { if (maybe_parsed_request.error() == HTTP::HttpRequest::ParseError::RequestIncomplete) { // If request is not complete we need to wait for more data to arrive return {}; } return maybe_parsed_request.error(); } m_remaining_request.clear(); TRY(handle_request(maybe_parsed_request.value())); return {}; } ErrorOr Client::handle_request(HTTP::HttpRequest const& request) { auto resource_decoded = URL::percent_decode(request.resource()); if constexpr (WEBSERVER_DEBUG) { dbgln("Got HTTP request: {} {}", request.method_name(), request.resource()); for (auto& header : request.headers()) { dbgln(" {} => {}", header.name, header.value); } } if (request.method() != HTTP::HttpRequest::Method::GET) { TRY(send_error_response(501, request)); return false; } // Check for credentials if they are required if (Configuration::the().credentials().has_value()) { bool has_authenticated = verify_credentials(request.headers()); if (!has_authenticated) { auto const basic_auth_header = TRY("WWW-Authenticate: Basic realm=\"WebServer\", charset=\"UTF-8\""_string); Vector headers {}; TRY(headers.try_append(basic_auth_header)); TRY(send_error_response(401, request, move(headers))); return false; } } auto requested_path = TRY(String::from_deprecated_string(LexicalPath::join("/"sv, resource_decoded).string())); dbgln_if(WEBSERVER_DEBUG, "Canonical requested path: '{}'", requested_path); auto real_path = TRY(String::formatted("{}{}", Configuration::the().document_root_path(), requested_path)); if (FileSystem::is_directory(real_path.bytes_as_string_view())) { if (!resource_decoded.ends_with('/')) { TRY(send_redirect(TRY(String::formatted("{}/", requested_path)), request)); return true; } auto index_html_path = TRY(String::formatted("{}/index.html", real_path)); if (!FileSystem::exists(index_html_path)) { TRY(handle_directory_listing(requested_path, real_path, request)); return true; } real_path = index_html_path; } auto file = Core::DeprecatedFile::construct(real_path.bytes_as_string_view()); if (!file->open(Core::OpenMode::ReadOnly)) { TRY(send_error_response(404, request)); return false; } if (file->is_device()) { TRY(send_error_response(403, request)); return false; } auto stream = TRY(Core::File::open(real_path.bytes_as_string_view(), Core::File::OpenMode::Read)); auto const info = ContentInfo { .type = TRY(String::from_utf8(Core::guess_mime_type_based_on_filename(real_path.bytes_as_string_view()))), .length = TRY(FileSystem::size(real_path.bytes_as_string_view())) }; TRY(send_response(*stream, request, move(info))); return true; } ErrorOr Client::send_response(Stream& response, HTTP::HttpRequest const& request, ContentInfo content_info) { StringBuilder builder; TRY(builder.try_append("HTTP/1.0 200 OK\r\n"sv)); TRY(builder.try_append("Server: WebServer (SerenityOS)\r\n"sv)); TRY(builder.try_append("X-Frame-Options: SAMEORIGIN\r\n"sv)); TRY(builder.try_append("X-Content-Type-Options: nosniff\r\n"sv)); TRY(builder.try_append("Pragma: no-cache\r\n"sv)); if (content_info.type == "text/plain") TRY(builder.try_appendff("Content-Type: {}; charset=utf-8\r\n", content_info.type)); else TRY(builder.try_appendff("Content-Type: {}\r\n", content_info.type)); TRY(builder.try_appendff("Content-Length: {}\r\n", content_info.length)); TRY(builder.try_append("\r\n"sv)); auto builder_contents = TRY(builder.to_byte_buffer()); TRY(m_socket->write_until_depleted(builder_contents)); log_response(200, request); char buffer[PAGE_SIZE]; do { auto size = TRY(response.read_some({ buffer, sizeof(buffer) })).size(); if (response.is_eof() && size == 0) break; ReadonlyBytes write_buffer { buffer, size }; while (!write_buffer.is_empty()) { auto nwritten = TRY(m_socket->write_some(write_buffer)); if (nwritten == 0) { dbgln("EEEEEE got 0 bytes written!"); } write_buffer = write_buffer.slice(nwritten); } } while (true); auto keep_alive = false; if (auto it = request.headers().find_if([](auto& header) { return header.name.equals_ignoring_ascii_case("Connection"sv); }); !it.is_end()) { if (it->value.trim_whitespace().equals_ignoring_ascii_case("keep-alive"sv)) keep_alive = true; } if (!keep_alive) m_socket->close(); return {}; } ErrorOr Client::send_redirect(StringView redirect_path, HTTP::HttpRequest const& request) { StringBuilder builder; TRY(builder.try_append("HTTP/1.0 301 Moved Permanently\r\n"sv)); TRY(builder.try_append("Location: "sv)); TRY(builder.try_append(redirect_path)); TRY(builder.try_append("\r\n"sv)); TRY(builder.try_append("\r\n"sv)); auto builder_contents = TRY(builder.to_byte_buffer()); TRY(m_socket->write_until_depleted(builder_contents)); log_response(301, request); return {}; } static DeprecatedString folder_image_data() { static DeprecatedString cache; if (cache.is_empty()) { auto file = Core::MappedFile::map("/res/icons/16x16/filetype-folder.png"sv).release_value_but_fixme_should_propagate_errors(); // FIXME: change to TRY() and make method fallible cache = MUST(encode_base64(file->bytes())).to_deprecated_string(); } return cache; } static DeprecatedString file_image_data() { static DeprecatedString cache; if (cache.is_empty()) { auto file = Core::MappedFile::map("/res/icons/16x16/filetype-unknown.png"sv).release_value_but_fixme_should_propagate_errors(); // FIXME: change to TRY() and make method fallible cache = MUST(encode_base64(file->bytes())).to_deprecated_string(); } return cache; } ErrorOr Client::handle_directory_listing(String const& requested_path, String const& real_path, HTTP::HttpRequest const& request) { StringBuilder builder; TRY(builder.try_append("\n"sv)); TRY(builder.try_append("\n"sv)); TRY(builder.try_append("\n"sv)); TRY(builder.try_append("Index of "sv)); TRY(builder.try_append(escape_html_entities(requested_path))); TRY(builder.try_append("\n"sv)); TRY(builder.try_append("

Index of "sv)); TRY(builder.try_append(escape_html_entities(requested_path))); TRY(builder.try_append("

\n"sv)); TRY(builder.try_append("
\n"sv)); TRY(builder.try_append("\n"sv)); Core::DirIterator dt(real_path.bytes_as_string_view()); Vector names; while (dt.has_next()) TRY(names.try_append(dt.next_path())); quick_sort(names); for (auto& name : names) { StringBuilder path_builder; TRY(path_builder.try_append(real_path)); TRY(path_builder.try_append('/')); // NOTE: In the root directory of the webserver, ".." should be equal to ".", since we don't want // the user to see e.g. the size of the parent directory (and it isn't unveiled, so stat fails). if (requested_path == "/" && name == "..") TRY(path_builder.try_append("."sv)); else TRY(path_builder.try_append(name)); struct stat st; memset(&st, 0, sizeof(st)); int rc = stat(path_builder.to_deprecated_string().characters(), &st); if (rc < 0) { perror("stat"); } bool is_directory = S_ISDIR(st.st_mode); TRY(builder.try_append(""sv)); TRY(builder.try_appendff("", is_directory ? "folder" : "file")); TRY(builder.try_append(""sv)); TRY(builder.try_appendff("", st.st_size)); TRY(builder.try_append(""sv)); TRY(builder.try_append("\n"sv)); } TRY(builder.try_append("
"sv)); TRY(builder.try_append(escape_html_entities(name))); TRY(builder.try_append(" {:10} "sv)); TRY(builder.try_append(TRY(Core::DateTime::from_timestamp(st.st_mtime).to_string()))); TRY(builder.try_append("
\n"sv)); TRY(builder.try_append("
\n"sv)); TRY(builder.try_append("Generated by WebServer (SerenityOS)\n"sv)); TRY(builder.try_append("\n"sv)); TRY(builder.try_append("\n"sv)); auto response = builder.to_deprecated_string(); FixedMemoryStream stream { response.bytes() }; return send_response(stream, request, { .type = TRY("text/html"_string), .length = response.length() }); } ErrorOr Client::send_error_response(unsigned code, HTTP::HttpRequest const& request, Vector const& headers) { auto reason_phrase = HTTP::HttpResponse::reason_phrase_for_code(code); StringBuilder content_builder; TRY(content_builder.try_append("

"sv)); TRY(content_builder.try_appendff("{} ", code)); TRY(content_builder.try_append(reason_phrase)); TRY(content_builder.try_append("

"sv)); StringBuilder header_builder; TRY(header_builder.try_appendff("HTTP/1.0 {} ", code)); TRY(header_builder.try_append(reason_phrase)); TRY(header_builder.try_append("\r\n"sv)); for (auto& header : headers) { TRY(header_builder.try_append(header)); TRY(header_builder.try_append("\r\n"sv)); } TRY(header_builder.try_append("Content-Type: text/html; charset=UTF-8\r\n"sv)); TRY(header_builder.try_appendff("Content-Length: {}\r\n", content_builder.length())); TRY(header_builder.try_append("\r\n"sv)); TRY(m_socket->write_until_depleted(TRY(header_builder.to_byte_buffer()))); TRY(m_socket->write_until_depleted(TRY(content_builder.to_byte_buffer()))); log_response(code, request); return {}; } void Client::log_response(unsigned code, HTTP::HttpRequest const& request) { outln("{} :: {:03d} :: {} {}", Core::DateTime::now().to_deprecated_string(), code, request.method_name(), request.url().serialize().substring(1)); } bool Client::verify_credentials(Vector const& headers) { VERIFY(Configuration::the().credentials().has_value()); auto& configured_credentials = Configuration::the().credentials().value(); for (auto& header : headers) { if (header.name.equals_ignoring_ascii_case("Authorization"sv)) { auto provided_credentials = HTTP::HttpRequest::parse_http_basic_authentication_header(header.value); if (provided_credentials.has_value() && configured_credentials.username == provided_credentials->username && configured_credentials.password == provided_credentials->password) return true; } } return false; } }