From a2dea1d84783676133de3f7933c0224a514f55d9 Mon Sep 17 00:00:00 2001
From: lxsang <xsang.le@gmail.com>
Date: Wed, 7 Dec 2016 10:57:14 +0100
Subject: [PATCH] only allow acess to known server files

---
 http_server.c     |  31 ++++++++++++++++++++++++-------
 plugins/.DS_Store | Bin 6148 -> 6148 bytes
 plugins/utils.c   |   3 +++
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/http_server.c b/http_server.c
index dd3a9b6..71e25e7 100644
--- a/http_server.c
+++ b/http_server.c
@@ -68,8 +68,24 @@ void accept_request(int client)
 	{
 		if (S_ISDIR(st.st_mode))
 			strcat(path, "/index.html");
-		serve_file(client, path);
-
+		// check if the mime is supported
+		// if the minme is not supported
+		// find an handler plugin to process it
+		// if the plugin is not found, forbidden access to the file should be sent
+		char* mime_type = mime(path);
+		if(strcmp(mime_type,"application/octet-stream") == 0)
+		{
+			sprintf(buf,"/%s-api%s",ext(path),url);
+			LOG("WARNING::::Access octetstream via handler %s\n", buf);
+			if(execute_plugin(client,buf,method,query_string) < 0)
+				cannot_execute(client);
+		}
+		else
+		{
+			headers(client,mime_type);
+			// if the mime is supported, send the file
+			serve_file(client, path);
+		}		
 	}
 
 	close(client);
@@ -126,10 +142,12 @@ void __b(int client, const unsigned char* data, int size)
 void catb(int client, FILE* ptr)
 {
 	unsigned char buffer[BUFFLEN];
+	size_t size;
 	while(!feof(ptr))
 	{
-		fread(buffer,BUFFLEN,1,ptr);
-		__b(client,buffer,BUFFLEN);
+		size = fread(buffer,1,BUFFLEN,ptr);
+		__b(client,buffer,size);
+		//if(!__b(client,buffer,size)) return;
 	}
 	//fclose(ptr);
 }
@@ -226,7 +244,7 @@ int get_line(int sock, char *buf, int size)
 /* Parameters: the socket to print the headers on
 *             the name of the file */
 /**********************************************************************/
-void headers(int client, const char *filename)
+void headers(int client, const char *mime_type)
 {
 	char buf[1024];
 	//printf("Mime %s\n", mime(filename));
@@ -234,7 +252,7 @@ void headers(int client, const char *filename)
 	send(client, buf, strlen(buf), 0);
 	strcpy(buf, SERVER_STRING);
 	send(client, buf, strlen(buf), 0);
-	sprintf(buf, "Content-Type: %s\r\n",mime(filename));
+	sprintf(buf, "Content-Type: %s\r\n",mime_type);
 	send(client, buf, strlen(buf), 0);
 	strcpy(buf, "\r\n");
 	send(client, buf, strlen(buf), 0);
@@ -289,7 +307,6 @@ void serve_file(int client, const char *filename)
 		not_found(client);
 	else
 	{
-		headers(client, filename);
 		if(is_bin(filename))
 			catb(client,resource);
 		else
diff --git a/plugins/.DS_Store b/plugins/.DS_Store
index eb4c1a910ea0694754600d7271cf222650c789ca..6dee398ac628348e9bdca1583a2d63cd4dc00fff 100644
GIT binary patch
delta 264
zcmZoMXfc=|#>B`mu~2NHo}wr_0|Nsi1A_nqLncEiLq%C|QC?2|#Er}AK@#i?$qe~G
zn2ju%mk!awz{-%qP|A=Cgq09&a2a-nG@y<gpn<szi41vYvRn*#Kr>T-vME4WkeYl<
zHD(M2Km$q{(t!r$F%)Aph?Sv;p#*3^5koG_ij5uaY@69R_&I<++_>>O^JIPzT^^u&
TL4IUt0OHL)B0HETHn0Ey89zFT

delta 84
zcmZoMXfc=|#>CJzu~2NHo}w@#0|NsP3otO`mIW8(<>cq3Pb}2je3;RNZSx043&zdt
j9Q+(W<(nTeerKM{FQUr{(s2NY87ABCNN<i2S;7ner!p0w

diff --git a/plugins/utils.c b/plugins/utils.c
index 8309c0e..dfdbcf6 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -175,6 +175,9 @@ char* mime(const char* file)
 		return "application/x-font-woff";
 	else if(IEQU(ex,"otf"))
 		return "application/x-font-otf";
+	//audio
+	else if(IEQU(ex,"mp3"))
+		return "audio/mpeg";
 	else 
 		// The other type will be undestant as binary
 		return "application/octet-stream";