0ct0pu5
/
ladybird


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381
							/*
 * Copyright (c) 2020, Andreas Kling <kling@serenityos.org>
 * Copyright (c) 2021, Max Wipfli <mail@maxwipfli.ch>
 * Copyright (c) 2022, Thomas Keppler <serenity@tkeppler.de>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include <AK/Base64.h>
#include <AK/Debug.h>
#include <AK/LexicalPath.h>
#include <AK/MemoryStream.h>
#include <AK/QuickSort.h>
#include <AK/StringBuilder.h>
#include <AK/URL.h>
#include <LibCore/DateTime.h>
#include <LibCore/DeprecatedFile.h>
#include <LibCore/DirIterator.h>
#include <LibCore/File.h>
#include <LibCore/MappedFile.h>
#include <LibCore/MimeData.h>
#include <LibFileSystem/FileSystem.h>
#include <LibHTTP/HttpRequest.h>
#include <LibHTTP/HttpResponse.h>
#include <WebServer/Client.h>
#include <WebServer/Configuration.h>
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>

namespace WebServer {

Client::Client(NonnullOwnPtr<Core::BufferedTCPSocket> socket, Core::Object* parent)
    : Core::Object(parent)
    , m_socket(move(socket))
{
}

void Client::die()
{
    m_socket->close();
    deferred_invoke([this] { remove_from_parent(); });
}

void Client::start()
{
    m_socket->on_ready_to_read = [this] {
        if (auto result = on_ready_to_read(); result.is_error()) {
            result.error().visit(
                [](AK::Error const& error) {
                    warnln("Internal error: {}", error);
                },
                [](HTTP::HttpRequest::ParseError const& error) {
                    warnln("HTTP request parsing error: {}", HTTP::HttpRequest::parse_error_to_string(error));
                });

            die();
        }
    };
}

ErrorOr<void, Client::WrappedError> Client::on_ready_to_read()
{
    // FIXME: Mostly copied from LibWeb/WebDriver/Client.cpp. As noted there, this should be move the LibHTTP and made spec compliant.
    auto buffer = TRY(ByteBuffer::create_uninitialized(m_socket->buffer_size()));

    for (;;) {
        if (!TRY(m_socket->can_read_without_blocking()))
            break;

        auto data = TRY(m_socket->read_some(buffer));
        TRY(m_remaining_request.try_append(StringView { data }));

        if (m_socket->is_eof())
            break;
    }

    if (m_remaining_request.is_empty())
        return {};

    auto request = TRY(m_remaining_request.to_byte_buffer());
    dbgln_if(WEBSERVER_DEBUG, "Got raw request: '{}'", DeprecatedString::copy(request));

    auto maybe_parsed_request = HTTP::HttpRequest::from_raw_request(TRY(m_remaining_request.to_byte_buffer()));
    if (maybe_parsed_request.is_error()) {
        if (maybe_parsed_request.error() == HTTP::HttpRequest::ParseError::RequestIncomplete) {
            // If request is not complete we need to wait for more data to arrive
            return {};
        }
        return maybe_parsed_request.error();
    }

    m_remaining_request.clear();

    TRY(handle_request(maybe_parsed_request.value()));

    return {};
}

ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
{
    auto resource_decoded = URL::percent_decode(request.resource());

    if constexpr (WEBSERVER_DEBUG) {
        dbgln("Got HTTP request: {} {}", request.method_name(), request.resource());
        for (auto& header : request.headers()) {
            dbgln("    {} => {}", header.name, header.value);
        }
    }

    if (request.method() != HTTP::HttpRequest::Method::GET) {
        TRY(send_error_response(501, request));
        return false;
    }

    // Check for credentials if they are required
    if (Configuration::the().credentials().has_value()) {
        bool has_authenticated = verify_credentials(request.headers());
        if (!has_authenticated) {
            auto const basic_auth_header = TRY("WWW-Authenticate: Basic realm=\"WebServer\", charset=\"UTF-8\""_string);
            Vector<String> headers {};
            TRY(headers.try_append(basic_auth_header));
            TRY(send_error_response(401, request, move(headers)));
            return false;
        }
    }

    auto requested_path = TRY(String::from_deprecated_string(LexicalPath::join("/"sv, resource_decoded).string()));
    dbgln_if(WEBSERVER_DEBUG, "Canonical requested path: '{}'", requested_path);

    auto real_path = TRY(String::formatted("{}{}", Configuration::the().document_root_path(), requested_path));

    if (FileSystem::is_directory(real_path.bytes_as_string_view())) {
        if (!resource_decoded.ends_with('/')) {
            TRY(send_redirect(TRY(String::formatted("{}/", requested_path)), request));
            return true;
        }

        auto index_html_path = TRY(String::formatted("{}/index.html", real_path));
        if (!FileSystem::exists(index_html_path)) {
            TRY(handle_directory_listing(requested_path, real_path, request));
            return true;
        }
        real_path = index_html_path;
    }

    auto file = Core::DeprecatedFile::construct(real_path.bytes_as_string_view());
    if (!file->open(Core::OpenMode::ReadOnly)) {
        TRY(send_error_response(404, request));
        return false;
    }

    if (file->is_device()) {
        TRY(send_error_response(403, request));
        return false;
    }

    auto stream = TRY(Core::File::open(real_path.bytes_as_string_view(), Core::File::OpenMode::Read));

    auto const info = ContentInfo {
        .type = TRY(String::from_utf8(Core::guess_mime_type_based_on_filename(real_path.bytes_as_string_view()))),
        .length = TRY(FileSystem::size(real_path.bytes_as_string_view()))
    };
    TRY(send_response(*stream, request, move(info)));
    return true;
}

ErrorOr<void> Client::send_response(Stream& response, HTTP::HttpRequest const& request, ContentInfo content_info)
{
    StringBuilder builder;
    TRY(builder.try_append("HTTP/1.0 200 OK\r\n"sv));
    TRY(builder.try_append("Server: WebServer (SerenityOS)\r\n"sv));
    TRY(builder.try_append("X-Frame-Options: SAMEORIGIN\r\n"sv));
    TRY(builder.try_append("X-Content-Type-Options: nosniff\r\n"sv));
    TRY(builder.try_append("Pragma: no-cache\r\n"sv));
    if (content_info.type == "text/plain")
        TRY(builder.try_appendff("Content-Type: {}; charset=utf-8\r\n", content_info.type));
    else
        TRY(builder.try_appendff("Content-Type: {}\r\n", content_info.type));
    TRY(builder.try_appendff("Content-Length: {}\r\n", content_info.length));
    TRY(builder.try_append("\r\n"sv));

    auto builder_contents = TRY(builder.to_byte_buffer());
    TRY(m_socket->write_until_depleted(builder_contents));
    log_response(200, request);

    char buffer[PAGE_SIZE];
    do {
        auto size = TRY(response.read_some({ buffer, sizeof(buffer) })).size();
        if (response.is_eof() && size == 0)
            break;

        ReadonlyBytes write_buffer { buffer, size };
        while (!write_buffer.is_empty()) {
            auto nwritten = TRY(m_socket->write_some(write_buffer));

            if (nwritten == 0) {
                dbgln("EEEEEE got 0 bytes written!");
            }

            write_buffer = write_buffer.slice(nwritten);
        }
    } while (true);

    auto keep_alive = false;
    if (auto it = request.headers().find_if([](auto& header) { return header.name.equals_ignoring_ascii_case("Connection"sv); }); !it.is_end()) {
        if (it->value.trim_whitespace().equals_ignoring_ascii_case("keep-alive"sv))
            keep_alive = true;
    }
    if (!keep_alive)
        m_socket->close();

    return {};
}

ErrorOr<void> Client::send_redirect(StringView redirect_path, HTTP::HttpRequest const& request)
{
    StringBuilder builder;
    TRY(builder.try_append("HTTP/1.0 301 Moved Permanently\r\n"sv));
    TRY(builder.try_append("Location: "sv));
    TRY(builder.try_append(redirect_path));
    TRY(builder.try_append("\r\n"sv));
    TRY(builder.try_append("\r\n"sv));

    auto builder_contents = TRY(builder.to_byte_buffer());
    TRY(m_socket->write_until_depleted(builder_contents));

    log_response(301, request);
    return {};
}

static DeprecatedString folder_image_data()
{
    static DeprecatedString cache;
    if (cache.is_empty()) {
        auto file = Core::MappedFile::map("/res/icons/16x16/filetype-folder.png"sv).release_value_but_fixme_should_propagate_errors();
        // FIXME: change to TRY() and make method fallible
        cache = MUST(encode_base64(file->bytes())).to_deprecated_string();
    }
    return cache;
}

static DeprecatedString file_image_data()
{
    static DeprecatedString cache;
    if (cache.is_empty()) {
        auto file = Core::MappedFile::map("/res/icons/16x16/filetype-unknown.png"sv).release_value_but_fixme_should_propagate_errors();
        // FIXME: change to TRY() and make method fallible
        cache = MUST(encode_base64(file->bytes())).to_deprecated_string();
    }
    return cache;
}

ErrorOr<void> Client::handle_directory_listing(String const& requested_path, String const& real_path, HTTP::HttpRequest const& request)
{
    StringBuilder builder;

    TRY(builder.try_append("<!DOCTYPE html>\n"sv));
    TRY(builder.try_append("<html>\n"sv));
    TRY(builder.try_append("<head><meta charset=\"utf-8\">\n"sv));
    TRY(builder.try_append("<title>Index of "sv));
    TRY(builder.try_append(escape_html_entities(requested_path)));
    TRY(builder.try_append("</title><style>\n"sv));
    TRY(builder.try_append(".folder { width: 16px; height: 16px; background-image: url('data:image/png;base64,"sv));
    TRY(builder.try_append(folder_image_data()));
    TRY(builder.try_append("'); }\n"sv));
    TRY(builder.try_append(".file { width: 16px; height: 16px; background-image: url('data:image/png;base64,"sv));
    TRY(builder.try_append(file_image_data()));
    TRY(builder.try_append("'); }\n"sv));
    TRY(builder.try_append("</style></head><body>\n"sv));
    TRY(builder.try_append("<h1>Index of "sv));
    TRY(builder.try_append(escape_html_entities(requested_path)));
    TRY(builder.try_append("</h1>\n"sv));
    TRY(builder.try_append("<hr>\n"sv));
    TRY(builder.try_append("<code><table>\n"sv));

    Core::DirIterator dt(real_path.bytes_as_string_view());
    Vector<DeprecatedString> names;
    while (dt.has_next())
        TRY(names.try_append(dt.next_path()));
    quick_sort(names);

    for (auto& name : names) {
        StringBuilder path_builder;
        TRY(path_builder.try_append(real_path));
        TRY(path_builder.try_append('/'));
        // NOTE: In the root directory of the webserver, ".." should be equal to ".", since we don't want
        //       the user to see e.g. the size of the parent directory (and it isn't unveiled, so stat fails).
        if (requested_path == "/" && name == "..")
            TRY(path_builder.try_append("."sv));
        else
            TRY(path_builder.try_append(name));

        struct stat st;
        memset(&st, 0, sizeof(st));
        int rc = stat(path_builder.to_deprecated_string().characters(), &st);
        if (rc < 0) {
            perror("stat");
        }

        bool is_directory = S_ISDIR(st.st_mode);

        TRY(builder.try_append("<tr>"sv));
        TRY(builder.try_appendff("<td><div class=\"{}\"></div></td>", is_directory ? "folder" : "file"));
        TRY(builder.try_append("<td><a href=\"./"sv));
        TRY(builder.try_append(URL::percent_encode(name)));
        // NOTE: For directories, we append a slash so we don't always hit the redirect case,
        //       which adds a slash anyways.
        if (is_directory)
            TRY(builder.try_append('/'));
        TRY(builder.try_append("\">"sv));
        TRY(builder.try_append(escape_html_entities(name)));
        TRY(builder.try_append("</a></td><td>&nbsp;</td>"sv));

        TRY(builder.try_appendff("<td>{:10}</td><td>&nbsp;</td>", st.st_size));
        TRY(builder.try_append("<td>"sv));
        TRY(builder.try_append(TRY(Core::DateTime::from_timestamp(st.st_mtime).to_string())));
        TRY(builder.try_append("</td>"sv));
        TRY(builder.try_append("</tr>\n"sv));
    }

    TRY(builder.try_append("</table></code>\n"sv));
    TRY(builder.try_append("<hr>\n"sv));
    TRY(builder.try_append("<i>Generated by WebServer (SerenityOS)</i>\n"sv));
    TRY(builder.try_append("</body>\n"sv));
    TRY(builder.try_append("</html>\n"sv));

    auto response = builder.to_deprecated_string();
    FixedMemoryStream stream { response.bytes() };
    return send_response(stream, request, { .type = TRY("text/html"_string), .length = response.length() });
}

ErrorOr<void> Client::send_error_response(unsigned code, HTTP::HttpRequest const& request, Vector<String> const& headers)
{
    auto reason_phrase = HTTP::HttpResponse::reason_phrase_for_code(code);

    StringBuilder content_builder;
    TRY(content_builder.try_append("<!DOCTYPE html><html><body><h1>"sv));
    TRY(content_builder.try_appendff("{} ", code));
    TRY(content_builder.try_append(reason_phrase));
    TRY(content_builder.try_append("</h1></body></html>"sv));

    StringBuilder header_builder;
    TRY(header_builder.try_appendff("HTTP/1.0 {} ", code));
    TRY(header_builder.try_append(reason_phrase));
    TRY(header_builder.try_append("\r\n"sv));

    for (auto& header : headers) {
        TRY(header_builder.try_append(header));
        TRY(header_builder.try_append("\r\n"sv));
    }
    TRY(header_builder.try_append("Content-Type: text/html; charset=UTF-8\r\n"sv));
    TRY(header_builder.try_appendff("Content-Length: {}\r\n", content_builder.length()));
    TRY(header_builder.try_append("\r\n"sv));
    TRY(m_socket->write_until_depleted(TRY(header_builder.to_byte_buffer())));
    TRY(m_socket->write_until_depleted(TRY(content_builder.to_byte_buffer())));

    log_response(code, request);
    return {};
}

void Client::log_response(unsigned code, HTTP::HttpRequest const& request)
{
    outln("{} :: {:03d} :: {} {}", Core::DateTime::now().to_deprecated_string(), code, request.method_name(), request.url().serialize().substring(1));
}

bool Client::verify_credentials(Vector<HTTP::HttpRequest::Header> const& headers)
{
    VERIFY(Configuration::the().credentials().has_value());
    auto& configured_credentials = Configuration::the().credentials().value();
    for (auto& header : headers) {
        if (header.name.equals_ignoring_ascii_case("Authorization"sv)) {
            auto provided_credentials = HTTP::HttpRequest::parse_http_basic_authentication_header(header.value);
            if (provided_credentials.has_value() && configured_credentials.username == provided_credentials->username && configured_credentials.password == provided_credentials->password)
                return true;
        }
    }
    return false;
}

}