4ff2cb8f98c5a1cc73ee5ab6219ee39743ce8d68
[project/luci.git] / libs / web / luasrc / http / protocol.lua
1 --[[
2
3 HTTP protocol implementation for LuCI
4 (c) 2008 Freifunk Leipzig / Jo-Philipp Wich <xm@leipzig.freifunk.net>
5
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
9
10 http://www.apache.org/licenses/LICENSE-2.0
11
12 $Id$
13
14 ]]--
15
16 module("luci.http.protocol", package.seeall)
17
18 require("luci.util")
19
20
21 HTTP_MAX_CONTENT = 1048576 -- 1 MB
22 HTTP_DEFAULT_CTYPE = "text/html" -- default content type
23 HTTP_DEFAULT_VERSION = "1.0" -- HTTP default version
24
25
26 -- Decode an urlencoded string.
27 -- Returns the decoded value.
28 function urldecode( str )
29
30 local function __chrdec( hex )
31 return string.char( tonumber( hex, 16 ) )
32 end
33
34 if type(str) == "string" then
35 str = str:gsub( "+", " " ):gsub( "%%([a-fA-F0-9][a-fA-F0-9])", __chrdec )
36 end
37
38 return str
39 end
40
41
42 -- Extract and split urlencoded data pairs, separated bei either "&" or ";" from given url.
43 -- Returns a table value with urldecoded values.
44 function urldecode_params( url )
45
46 local params = { }
47
48 if url:find("?") then
49 url = url:gsub( "^.+%?([^?]+)", "%1" )
50 end
51
52 for i, pair in ipairs(luci.util.split( url, "[&;]+", nil, true )) do
53
54 -- find key and value
55 local key = urldecode( pair:match("^([^=]+)") )
56 local val = urldecode( pair:match("^[^=]+=(.+)$") )
57
58 -- store
59 if type(key) == "string" and key:len() > 0 then
60 if type(val) ~= "string" then val = "" end
61
62 if not params[key] then
63 params[key] = val
64 elseif type(params[key]) ~= "table" then
65 params[key] = { params[key], val }
66 else
67 table.insert( params[key], val )
68 end
69 end
70 end
71
72 return params
73 end
74
75
76 -- Encode given string in urlencoded format.
77 -- Returns the encoded string.
78 function urlencode( str )
79
80 local function __chrenc( chr )
81 return string.format(
82 "%%%02x", string.byte( chr )
83 )
84 end
85
86 if type(str) == "string" then
87 str = str:gsub(
88 "([^a-zA-Z0-9$_%-%.+!*'(),])",
89 __chrenc
90 )
91 end
92
93 return str
94 end
95
96
97 -- Encode given table to urlencoded string.
98 -- Returns the encoded string.
99 function urlencode_params( tbl )
100 local enc = ""
101
102 for k, v in pairs(tbl) do
103 enc = enc .. ( enc and "&" or "" ) ..
104 urlencode(k) .. "=" ..
105 urlencode(v)
106 end
107
108 return enc
109 end
110
111
112 -- Decode MIME encoded data.
113 -- Returns a table with decoded values.
114 function mimedecode( data, boundary, filecb )
115
116 local params = { }
117
118 -- create a line reader
119 local reader = _linereader( data )
120
121 -- state variables
122 local in_part = false
123 local in_file = false
124 local in_fbeg = false
125 local in_size = true
126
127 local filename
128 local buffer
129 local field
130 local clen = 0
131
132
133 -- try to read all mime parts
134 for line in reader do
135
136 -- update content length
137 clen = clen + line:len()
138
139 if clen >= HTTP_MAX_CONTENT then
140 in_size = false
141 end
142
143 -- when no boundary is given, try to find it
144 if not boundary then
145 boundary = line:match("^%-%-([^\r\n]+)\r?\n$")
146 end
147
148 -- Got a valid boundary line or reached max allowed size.
149 if ( boundary and line:sub(1,2) == "--" and line:len() > #boundary + 2 and
150 line:sub( 3, 2 + #boundary ) == boundary ) or not in_size
151 then
152 -- Flush the data of the previous mime part.
153 -- When field and/or buffer are set to nil we should discard
154 -- the previous section entirely due to format violations.
155 if type(field) == "string" and field:len() > 0 and
156 type(buffer) == "string"
157 then
158 -- According to the rfc the \r\n preceeding a boundary
159 -- is assumed to be part of the boundary itself.
160 -- Since we are reading line by line here, this crlf
161 -- is part of the last line of our section content,
162 -- so strip it before storing the buffer.
163 buffer = buffer:gsub("\r?\n$","")
164
165 -- If we're in a file part and a file callback has been provided
166 -- then do a final call and send eof.
167 if in_file and type(filecb) == "function" then
168 filecb( field, filename, buffer, true )
169 params[field] = filename
170
171 -- Store buffer.
172 else
173 params[field] = buffer
174 end
175 end
176
177 -- Reset vars
178 buffer = ""
179 filename = nil
180 field = nil
181 in_file = false
182
183 -- Abort here if we reached maximum allowed size
184 if not in_size then break end
185
186 -- Do we got the last boundary?
187 if line:len() > #boundary + 4 and
188 line:sub( #boundary + 2, #boundary + 4 ) == "--"
189 then
190 -- No more processing
191 in_part = false
192
193 -- It's a middle boundary
194 else
195
196 -- Read headers
197 local hlen, headers = extract_headers( reader )
198
199 -- Check for valid headers
200 if headers['Content-Disposition'] then
201
202 -- Got no content type header, assume content-type "text/plain"
203 if not headers['Content-Type'] then
204 headers['Content-Type'] = 'text/plain'
205 end
206
207 -- Find field name
208 local hdrvals = luci.util.split(
209 headers['Content-Disposition'], '; '
210 )
211
212 -- Valid form data part?
213 if hdrvals[1] == "form-data" and hdrvals[2]:match("^name=") then
214
215 -- Store field identifier
216 field = hdrvals[2]:match('^name="(.+)"$')
217
218 -- Do we got a file upload field?
219 if #hdrvals == 3 and hdrvals[3]:match("^filename=") then
220 in_file = true
221 if_fbeg = true
222 filename = hdrvals[3]:match('^filename="(.+)"$')
223 end
224
225 -- Entering next part processing
226 in_part = true
227 end
228 end
229 end
230
231 -- Processing content
232 elseif in_part then
233
234 -- XXX: Would be really good to switch from line based to
235 -- buffered reading here.
236
237
238 -- If we're in a file part and a file callback has been provided
239 -- then call the callback and reset the buffer.
240 if in_file and type(filecb) == "function" then
241
242 -- If we're not processing the first chunk, then call
243 if not in_fbeg then
244 filecb( field, filename, buffer, false )
245 buffer = ""
246
247 -- Clear in_fbeg flag after first run
248 else
249 in_fbeg = false
250 end
251 end
252
253 -- Append date to buffer
254 buffer = buffer .. line
255 end
256 end
257
258 return params
259 end
260
261
262 -- Extract "magic", the first line of a http message.
263 -- Returns the message type ("get", "post" or "response"), the requested uri
264 -- if it is a valid http request or the status code if the line descripes a
265 -- http response. For requests the third parameter is nil, for responses it
266 -- contains the human readable status description.
267 function extract_magic( reader )
268
269 for line in reader do
270 -- Is it a request?
271 local method, uri = line:match("^([A-Z]+) ([^ ]+) HTTP/[01]%.[019]\r?\n$")
272
273 -- Yup, it is
274 if method then
275 return method:lower(), uri, nil
276
277 -- Is it a response?
278 else
279 local code, message = line:match("^HTTP/[01]%.[019] ([0-9]+) ([^\r\n]+)\r?\n$")
280
281 -- Is a response
282 if code then
283 return "response", code + 0, message
284
285 -- Can't handle it
286 else
287 return nil
288 end
289 end
290 end
291 end
292
293
294 -- Extract headers from given string.
295 -- Returns a table of extracted headers and the remainder of the parsed data.
296 function extract_headers( reader, tbl )
297
298 local headers = tbl or { }
299 local count = 0
300
301 -- Iterate line by line
302 for line in reader do
303
304 -- Look for a valid header format
305 local hdr, val = line:match( "^([A-Z][A-Za-z0-9%-_]+): +([^\r\n]+)\r?\n$" )
306
307 if type(hdr) == "string" and hdr:len() > 0 and
308 type(val) == "string" and val:len() > 0
309 then
310 count = count + line:len()
311 headers[hdr] = val
312
313 elseif line:match("^\r?\n$") then
314
315 return count + line:len(), headers
316
317 else
318 -- junk data, don't add length
319 return count, headers
320 end
321 end
322
323 return count, headers
324 end
325
326
327 -- Parse a http message
328 function parse_message( data, filecb )
329
330 local reader = _linereader( data )
331 local message = parse_message_header( reader )
332
333 if message then
334 parse_message_body( reader, message, filecb )
335 end
336
337 return message
338 end
339
340
341 -- Parse a http message header
342 function parse_message_header( data )
343
344 -- Create a line reader
345 local reader = _linereader( data )
346 local message = { }
347
348 -- Try to extract magic
349 local method, arg1, arg2 = extract_magic( reader )
350
351 -- Does it looks like a valid message?
352 if method then
353
354 message.request_method = method
355 message.status_code = arg2 and arg1 or 200
356 message.status_message = arg2 or nil
357 message.request_uri = arg2 and nil or arg1
358
359 if method == "response" then
360 message.type = "response"
361 else
362 message.type = "request"
363 end
364
365 -- Parse headers?
366 local hlen, hdrs = extract_headers( reader )
367
368 -- Valid headers?
369 if hlen > 2 and type(hdrs) == "table" then
370
371 message.headers = hdrs
372
373 -- Get content
374 local clen = ( hdrs['Content-Length'] or HTTP_MAX_CONTENT ) + 0
375
376 -- Process get parameters
377 if ( method == "get" or method == "post" ) and
378 message.request_uri:match("?")
379 then
380 message.params = urldecode_params( message.request_uri )
381 else
382 message.params = { }
383 end
384
385 -- Populate common environment variables
386 message.env = {
387 CONTENT_LENGTH = hdrs['Content-Length'];
388 CONTENT_TYPE = hdrs['Content-Type'];
389 REQUEST_METHOD = message.request_method;
390 REQUEST_URI = message.request_uri;
391 SCRIPT_NAME = message.request_uri:gsub("?.+$","");
392 SCRIPT_FILENAME = "" -- XXX implement me
393 }
394
395 -- Populate HTTP_* environment variables
396 for i, hdr in ipairs( {
397 'Accept',
398 'Accept-Charset',
399 'Accept-Encoding',
400 'Accept-Language',
401 'Connection',
402 'Cookie',
403 'Host',
404 'Referer',
405 'User-Agent',
406 } ) do
407 local var = 'HTTP_' .. hdr:upper():gsub("%-","_")
408 local val = hdrs[hdr]
409
410 message.env[var] = val
411 end
412
413
414 return message
415 end
416 end
417 end
418
419
420 -- Parse a http message body
421 function parse_message_body( reader, message, filecb )
422
423 if type(message) == "table" then
424
425 local hdrs = message.headers
426
427 -- Process post method
428 if message.request_method == "post" and hdrs['Content-Type'] then
429
430 -- Is it multipart/form-data ?
431 if hdrs['Content-Type']:match("^multipart/form%-data") then
432 for k, v in pairs( mimedecode(
433 reader,
434 hdrs['Content-Type']:match("boundary=(.+)"),
435 filecb
436 ) ) do
437 message.params[k] = v
438 end
439
440 -- Is it x-www-urlencoded?
441 elseif hdrs['Content-Type'] == 'application/x-www-urlencoded' then
442
443 -- XXX: readline isn't the best solution here
444 for chunk in reader do
445 for k, v in pairs( urldecode_params( chunk ) ) do
446 message.params[k] = v
447 end
448
449 -- XXX: unreliable (undefined line length)
450 if clen + chunk:len() >= HTTP_MAX_CONTENT then
451 break
452 end
453
454 clen = clen + chunk:len()
455 end
456
457 -- Unhandled encoding
458 -- If a file callback is given then feed it line by line, else
459 -- store whole buffer in message.content
460 else
461
462 for chunk in reader do
463
464 -- We have a callback, feed it.
465 if type(filecb) == "function" then
466
467 filecb( "_post", nil, chunk, false )
468
469 -- Append to .content buffer.
470 else
471 message.content =
472 type(message.content) == "string"
473 and message.content .. chunk
474 or chunk
475 end
476
477 -- XXX: unreliable
478 if clen + chunk:len() >= HTTP_MAX_CONTENT then
479 break
480 end
481
482 clen = clen + chunk:len()
483 end
484
485 -- Send eof to callback
486 if type(filecb) == "function" then
487 filecb( "_post", nil, "", true )
488 end
489 end
490 end
491 end
492 end
493
494
495 function _linereader( obj )
496
497 -- object is string
498 if type(obj) == "string" then
499
500 return obj:gmatch( "[^\r\n]*\r?\n" )
501
502 -- object is a function
503 elseif type(obj) == "function" then
504
505 return obj
506
507 -- object is a table and implements a readline() function
508 elseif type(obj) == "table" and type(obj.readline) == "function" then
509
510 return obj.readline
511
512 -- object is a table and has a lines property
513 elseif type(obj) == "table" and obj.lines then
514
515 -- decide wheather to use "lines" as function or table
516 local _lns = ( type(obj.lines) == "function" ) and obj.lines() or obj.lines
517 local _pos = 1
518
519 return function()
520 if _pos <= #_lns then
521 _pos = _pos + 1
522 return _lns[_pos]
523 end
524 end
525
526 -- no usable data type
527 else
528
529 -- dummy iterator
530 return function()
531 return nil
532 end
533 end
534 end