
777 lines
23 KiB
Raw Normal View History

2024-03-12 21:59:50 +01:00
#include <openssl/sha.h>
#include "lib/sha1.h"
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <limits.h>
#include <unistd.h>
#include "decode.h"
#include "lib/handle.h"
#include "lib/utils.h"
#include "lib/scheduler.h"
#include "server.h"
#include "lib/base64.h"
#include "config.h"
#define WS_MAGIC_STRING "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
#define HEADER_MAX_SIZE 8192
extern config_t g_server_config;
static int rule_check(const char *k, const char *v, const char *host, const char *_url, const char *_query, char *buf)
// first perfom rule check on host, if not success, perform on url
regmatch_t key_matches[10];
regmatch_t val_matches[2];
char *query = strdup(_query);
char *url = strdup(_url);
int ret;
char *target;
char *tmp, rep[10];
int idx = 0;
memset(rep, 0, 10);
LOG("Verify %s=%s on %s or %s", k, v, url, host);
// 1 group
if (!host || !(ret = regex_match(k, host, 10, key_matches)))
target = url;
ret = regex_match(k, url, 10, key_matches);
target = (char *)host;
if (!ret)
return 0;
LOG("Match found on %s", target);
tmp = (char *)v;
char *search = "<([a-zA-Z0-9]+)>";
while ((ret = regex_match(search, tmp, 2, val_matches)))
memcpy(buf + idx, tmp, val_matches[1].rm_so - 1);
idx += val_matches[1].rm_so - 1;
memcpy(rep, tmp + val_matches[1].rm_so, val_matches[1].rm_eo - val_matches[1].rm_so);
if (strcasecmp(rep, "url") == 0)
memcpy(buf + idx, url, strlen(url));
idx += strlen(url);
else if (strcasecmp(rep, "query") == 0)
memcpy(buf + idx, query, strlen(query));
idx += strlen(query);
else if (match_int(rep))
int i = atoi(rep);
memcpy(buf + idx, target + key_matches[i].rm_so, key_matches[i].rm_eo - key_matches[i].rm_so);
idx += key_matches[i].rm_eo - key_matches[i].rm_so;
else if (strcasecmp(rep, "break") == 0)
// ignore it
LOG("Found break command, will break after this rule");
{ // just keep it
memcpy(buf + idx, tmp + val_matches[1].rm_so - 1, val_matches[1].rm_eo + 2 - val_matches[1].rm_so);
idx += val_matches[1].rm_eo + 2 - val_matches[1].rm_so;
tmp += val_matches[1].rm_eo + 1;
// break;
// now modify the match 2 group
if (idx > 0)
if (tmp)
// copy the remainning of tmp
memcpy(buf + idx, tmp, strlen(tmp));
idx += strlen(tmp);
buf[idx] = '\0';
LOG("New URI is %s", buf);
return 1;
static char *apply_rules(dictionary_t rules, const char *host, char *url)
// rule check
char *query_string = url;
while ((*query_string != '?') && (*query_string != '\0'))
if (*query_string == '?')
*query_string = '\0';
// char* oldurl = strdup(url);
chain_t it;
char *k;
char *v;
int should_break = 0;
for_each_assoc(it, rules)
k = it->key;
if (it->value)
v = (char *)it->value;
// 1 group
if (regex_match("<break>$", v, 0, NULL))
should_break = 1;
if (rule_check(k, v, host, url, query_string, url))
query_string = url;
while ((*query_string != '?') && (*query_string != '\0'))
if (*query_string == '?')
*query_string = '\0';
if (should_break)
i = rules->cap;
LOG("Break rule check as matched found at %s -> %s", k, v);
return strdup(query_string);
static void ws_confirm_request(void *client, const char *key)
char buf[256];
char rkey[128];
char sha_d[20];
char base64[64];
strncpy(rkey, key, sizeof(rkey) - 1);
int n = (int)sizeof(rkey) - (int)strlen(key);
if (n < 0)
n = 0;
strncat(rkey, WS_MAGIC_STRING, n);
SHA_CTX context;
SHA1_CTX context;
SHA1_Update(&context, rkey, strlen(rkey));
SHA1_Final((uint8_t *)sha_d, &context);
Base64encode(base64, sha_d, 20);
// send accept to client
sprintf(buf, "HTTP/1.1 101 Switching Protocols\r\n");
antd_send(client, buf, strlen(buf));
sprintf(buf, "Upgrade: websocket\r\n");
antd_send(client, buf, strlen(buf));
sprintf(buf, "Connection: Upgrade\r\n");
antd_send(client, buf, strlen(buf));
sprintf(buf, "Sec-WebSocket-Accept: %s\r\n", base64);
antd_send(client, buf, strlen(buf));
sprintf(buf, "\r\n");
antd_send(client, buf, strlen(buf));
LOG("%s", "Websocket is now enabled for plugin");
static void *decode_request(void *data)
antd_request_t *rq = (antd_request_t *)data;
dictionary_t headers = dvalue(rq->request, "REQUEST_HEADER");
int ws = 0;
char *ws_key = NULL;
char *method = NULL;
char *tmp;
antd_task_t *task = NULL;
ws_key = (char *)dvalue(headers, "Sec-WebSocket-Key");
tmp = (char *)dvalue(headers, "Upgrade");
if (tmp && strcasecmp(tmp, "websocket") == 0)
ws = 1;
method = (char *)dvalue(rq->request, "METHOD");
task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE);
if (EQU(method, "GET"))
// if(ctype) free(ctype);
if (ws && ws_key != NULL)
ws_confirm_request(rq->client, ws_key);
// insert wsocket flag to request
// plugin should handle this ugraded connection
// not the server
dput(rq->request, "__web_socket__", strdup("1"));
// resolve task
task->handle = resolve_request;
return task;
else if (EQU(method, "HEAD") || EQU(method, "OPTIONS") || EQU(method, "DELETE"))
task->handle = resolve_request;
return task;
else if (EQU(method, "POST") || EQU(method, "PUT") || EQU(method, "PATCH"))
task->handle = resolve_request;
return task;
antd_error(rq->client, 501, "Request Method Not Implemented");
return task;
* Check if the current request is e reverse proxy
* return a proxy task if this is the case
static void *check_proxy(antd_request_t *rq, const char *path, const char *query)
char *pattern = "^(https?)://([^:]+):([0-9]+)(.*)$";
antd_task_t *task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
char buff[256];
regmatch_t matches[5];
int ret, size;
ret = regex_match(pattern, path, 5, matches);
if (!ret)
return NULL;
if (matches[1].rm_eo - matches[1].rm_so == 5)
// https is not supported for now
// TODO add https support
antd_error(rq->client, 503, "Service Unavailable");
return task;
// http proxy request
size = matches[2].rm_eo - matches[2].rm_so < (int)sizeof(buff) ? matches[2].rm_eo - matches[2].rm_so : (int)sizeof(buff);
(void)memcpy(buff, path + matches[2].rm_so, size);
buff[size] = '\0';
dput(rq->request, "PROXY_HOST", strdup(buff));
size = matches[3].rm_eo - matches[3].rm_so < (int)sizeof(buff) ? matches[3].rm_eo - matches[3].rm_so : (int)sizeof(buff);
(void)memcpy(buff, path + matches[3].rm_so, size);
buff[size] = '\0';
dput(rq->request, "PROXY_PORT", strdup(buff));
dput(rq->request, "PROXY_PATH", strdup(path + matches[4].rm_so));
dput(rq->request, "PROXY_QUERY", strdup(query));
task->handle = proxify;
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_READABLE | TASK_EVT_ON_WRITABLE);
return task;
* Decode the cookie header to a dictionary
* @param client The client socket
* @return The Dictionary socket or NULL
static void decode_cookie(const char *line, dictionary_t dic)
char *token, *token1;
char *cpstr = strdup(line);
char *orgcpy = cpstr;
trim(cpstr, ' ');
trim(cpstr, '\n');
trim(cpstr, '\r');
while ((token = strsep(&cpstr, ";")))
trim(token, ' ');
token1 = strsep(&token, "=");
if (token1 && token && strlen(token) > 0)
dput(dic, token1, strdup(token));
* Decode a query string (GET request or POST URL encoded) to
* a dictionary of key-value
* @param query : the query string
* @return a dictionary of key-value
static void decode_url_request(const char *query, dictionary_t dic)
if (query == NULL)
// str_copy = ;
char *token;
if (strlen(query) == 0)
char *str_copy = strdup(query);
char *org_copy = str_copy;
// dictionary dic = dict();
while ((token = strsep(&str_copy, "&")))
char *key;
char *val = NULL;
if (strlen(token) > 0)
key = strsep(&token, "=");
if (key && strlen(key) > 0)
val = strsep(&token, "=");
if (!val)
val = "";
dput(dic, key, url_decode(val));
// return dic;
* Decode the HTTP request header
void *decode_request_header(void *data)
antd_request_t *rq = (antd_request_t *)data;
rq->client->state = ANTD_CLIENT_HEADER_DECODE;
dictionary_t cookie = NULL;
char *line;
char *token;
char *query = NULL;
char *host = NULL;
char buf[2 * BUFFLEN];
int header_size = 0;
int ret;
char *url = (char *)dvalue(rq->request, "REQUEST_QUERY");
dictionary_t xheader = dvalue(rq->request, "REQUEST_HEADER");
dictionary_t request = dvalue(rq->request, "REQUEST_DATA");
char *port_s = (char *)dvalue(rq->request, "SERVER_PORT");
port_config_t *pcnf = (port_config_t *)dvalue(g_server_config.ports, port_s);
antd_task_t *task;
// first real all header
// this for check if web socket is enabled
while (((ret = read_buf(rq->client, buf, sizeof(buf))) > 0) && strcmp("\r\n", buf))
header_size += ret;
line = buf;
trim(line, '\n');
trim(line, '\r');
token = strsep(&line, ":");
trim(token, ' ');
trim(line, ' ');
if (token && line && strlen(line) > 0)
dput(xheader, token, strdup(line));
if (token != NULL && strcasecmp(token, "Cookie") == 0)
if (!cookie)
cookie = dict();
decode_cookie(line, cookie);
else if (token != NULL && strcasecmp(token, "Host") == 0)
host = strdup(line);
if (header_size > HEADER_MAX_SIZE)
antd_error(rq->client, 413, "Payload Too Large");
ERROR("Header size too large (%d): %d vs %d", rq->client->sock, header_size, HEADER_MAX_SIZE);
task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
return task;
if (ret == 0)
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE);
task = antd_create_task(decode_request_header, (void *)rq, NULL, rq->client->last_io);
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_READABLE);
return task;
// check for content length size
line = (char *)dvalue(xheader, "Content-Length");
if (line)
int clen = atoi(line);
if (clen > g_server_config.max_upload_size)
antd_error(rq->client, 413, "Request body data is too large");
// dirty fix, wait for message to be sent
// 100 ms sleep
task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
return task;
#ifdef USE_ZLIB
// check for gzip
line = (char *)dvalue(xheader, "Accept-Encoding");
if (line)
if (regex_match("gzip", line, 0, NULL))
rq->client->z_level = ANTD_CGZ;
else if (regex_match("deflate", line, 0, NULL))
rq->client->z_level = ANTD_CDEFL;
rq->client->z_level = ANTD_CNONE;
rq->client->z_level = ANTD_CNONE;
// if(line) free(line);
memset(buf, 0, sizeof(buf));
strncat(buf, url, sizeof(buf) - 1);
LOG("Original query (%d): %s", rq->client->sock, url);
query = apply_rules(pcnf->rules, host, buf);
LOG("Processed query: %s", query);
if (cookie)
dput(rq->request, "COOKIE", cookie);
if (host)
// check if this is a reverse proxy ?
task = check_proxy(rq, buf, query);
if (task)
if (query)
return task;
LOG("REQUEST_URI:%s", buf);
dput(rq->request, "REQUEST_URI", url_decode(buf));
if (query)
decode_url_request(query, request);
dput(rq->request, "REQUEST_QUERY", query);
// free(url);
// header ok, now checkmethod
task = antd_create_task(decode_request, (void *)rq, NULL, rq->client->last_io);
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE); //
return task;
* Decode post query string to string
static char *post_data_decode(void *client, int len)
char *query = (char *)malloc((len + 1) * sizeof(char));
char *ptr = query;
int readlen = len > BUFFLEN ? BUFFLEN : len;
int read = 0, stat = 1;
while (readlen > 0 && stat >= 0)
stat = antd_recv_upto(client, ptr + read, readlen);
if (stat > 0)
read += stat;
readlen = (len - read) > BUFFLEN ? BUFFLEN : (len - read);
if (stat == 0)
if (difftime(time(NULL), ((antd_client_t *)client)->last_io) > MAX_IO_WAIT_TIME)
stat = -1;
usleep(POLL_EVENT_TO * 1000);
if (read > 0)
query[read] = '\0';
query = NULL;
return query;
static void *decode_multi_part_request_data(void *data)
// loop through each part separated by the boundary
char *line;
char *part_name = NULL;
char *part_file = NULL;
char *file_path;
char buf[BUFFLEN];
char *field;
int len;
// dictionary dic = NULL;
int fd = -1;
char *token, *keytoken, *valtoken;
antd_request_t *rq = (antd_request_t *)data;
antd_task_t *task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE);
char *boundary = (char *)dvalue(rq->request, "MULTI_PART_BOUNDARY");
dictionary_t dic = (dictionary_t)dvalue(rq->request, "REQUEST_DATA");
// search for content disposition:
while (((len = read_buf(rq->client, buf, sizeof(buf))) > 0) && !strstr(buf, "Content-Disposition:"))
if (len <= 0 || !strstr(buf, "Content-Disposition:"))
return task;
char *boundend = __s("%s--", boundary);
line = buf;
// extract parameters from header
while ((token = strsep(&line, ";")))
keytoken = strsep(&token, "=");
if (keytoken && strlen(keytoken) > 0)
trim(keytoken, ' ');
valtoken = strsep(&token, "=");
if (valtoken)
trim(valtoken, ' ');
trim(valtoken, '\n');
trim(valtoken, '\r');
trim(valtoken, '\"');
if (strcmp(keytoken, "name") == 0)
part_name = strdup(valtoken);
else if (strcmp(keytoken, "filename") == 0)
part_file = strdup(valtoken);
line = NULL;
// get the binary data
LOG("Part file: %s part name: %s", part_file, part_name);
if (part_name != NULL)
// go to the beginning of data bock
while ((len = read_buf(rq->client, buf, sizeof(buf))) > 0 && strncmp(buf, "\r\n", 2) != 0)
if (part_file == NULL)
* This allow only 1024 bytes of data (max),
* out of this range, the data is cut out.
* Need an efficient way to handle this
len = read_buf(rq->client, buf, sizeof(buf));
if (len > 0)
line = buf;
trim(line, '\n');
trim(line, '\r');
trim(line, ' ');
dput(dic, part_name, strdup(line));
// find the next boundary
while ((len = read_buf(rq->client, buf, sizeof(buf))) > 0 && !strstr(buf, boundary))
line = buf;
file_path = __s("%s/%s.%u", g_server_config.tmpdir, part_file, (unsigned)time(NULL));
fd = open(file_path, O_WRONLY | O_CREAT, 0600);
if (fd > 0)
int totalsize = 0, len = 0;
// read until the next boundary
// TODO: this is not efficient for big file
// need a solution
while ((len = read_buf(rq->client, buf, sizeof(buf))) > 0 && !strstr(buf, boundary))
len = guard_write(fd, buf, len);
totalsize += len;
// remove \r\n at the end
lseek(fd, 0, SEEK_SET);
// fseek(fp,-2, SEEK_CUR);
totalsize -= 2;
int stat = ftruncate(fd, totalsize);
LOG("Write %d bytes to %s", totalsize, file_path);
line = buf;
field = __s("%s.file", part_name);
dput(dic, field, strdup(part_file));
field = __s("%s.tmp", part_name);
dput(dic, field, strdup(file_path));
field = __s("%s.size", part_name);
dput(dic, field, __s("%d", totalsize));
field = __s("%s.ext", part_name);
dput(dic, field, ext(part_file));
ERROR("Cannot write file to :%s", file_path);
* The upload procedure may take time, the task access time should be updated
* after the procedure finish
task->access_time = rq->client->last_io;
// check if end of request
if (line && strstr(line, boundend))
// LOG("End request %s", boundend);
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE);
return task;
if (line && strstr(line, boundary))
// continue upload
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_READABLE);
task->handle = decode_multi_part_request_data;
return task;
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE);
return task;
* Decode the multi-part form data from the POST request
* If it is a file upload, copy the file to tmp dir
static void *decode_multi_part_request(void *data, const char *ctype)
char *boundary;
char line[BUFFLEN];
char *str_copy = (char *)ctype;
int len;
antd_request_t *rq = (antd_request_t *)data;
antd_task_t *task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
// antd_task_bind_event(task, rq->client->sock, 0, );
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE);
// dictionary dic = NULL;
boundary = strsep(&str_copy, "="); // discard first part
boundary = str_copy;
if (boundary && strlen(boundary) > 0)
// dic = dict();
trim(boundary, ' ');
dput(rq->request, "MULTI_PART_BOUNDARY", strdup(boundary));
// find first boundary
while (((len = read_buf(rq->client, line, sizeof(line))) > 0) && !strstr(line, boundary))
if (len > 0)
task->handle = decode_multi_part_request_data;
return task;
void *decode_post_request(void *data)
antd_request_t *rq = (antd_request_t *)data;
rq->client->state = ANTD_CLIENT_RQ_DATA_DECODE;
dictionary_t request = dvalue(rq->request, "REQUEST_DATA");
dictionary_t headers = dvalue(rq->request, "REQUEST_HEADER");
char *ctype = NULL;
int clen = -1;
char *tmp;
antd_task_t *task = NULL;
ctype = (char *)dvalue(headers, "Content-Type");
tmp = (char *)dvalue(headers, "Content-Length");
if (tmp)
clen = atoi(tmp);
char *method = (char *)dvalue(rq->request, "METHOD");
task = antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE | TASK_EVT_ON_READABLE);
if (!method || (!EQU(method, "POST") && !EQU(method, "PUT") && !EQU(method, "PATCH")))
return task;
if (ctype == NULL || clen == -1)
antd_error(rq->client, 400, "Bad Request, missing content description");
return task;
// decide what to do with the data
if (strstr(ctype, FORM_URL_ENCODE))
char *pquery = post_data_decode(rq->client, clen);
if (pquery)
decode_url_request(pquery, request);
else if (clen > 0)
// WARN: this may not work on ssl socket
// antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_READABLE | TASK_EVT_ON_WRITABLE);
// task->handle = decode_post_request;
antd_error(rq->client, 400, "Bad Request, missing content data");
return task;
else if (strstr(ctype, FORM_MULTI_PART))
return decode_multi_part_request(rq, ctype);
/*let plugin hande this data as we dont known how to deal with it*/
dput(request, "HAS_RAW_BODY", strdup("true"));
antd_task_bind_event(task, rq->client->sock, 0, TASK_EVT_ON_WRITABLE);
return task;