Mercurial > hg > orthanc
annotate Core/HttpServer/MongooseServer.cpp @ 417:7441037663cd
fix
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 07 May 2013 10:31:32 +0200 |
parents | 1188cb0ddaa5 |
children | b79bf2f4ab2e |
rev | line source |
---|---|
0 | 1 /** |
59 | 2 * Orthanc - A Lightweight, RESTful DICOM Store |
398 | 3 * Copyright (C) 2012-2013 Medical Physics Department, CHU of Liege, |
0 | 4 * Belgium |
5 * | |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU General Public License as | |
8 * published by the Free Software Foundation, either version 3 of the | |
9 * License, or (at your option) any later version. | |
136 | 10 * |
11 * In addition, as a special exception, the copyright holders of this | |
12 * program give permission to link the code of its release with the | |
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it | |
14 * that use the same license as the "OpenSSL" library), and distribute | |
15 * the linked executables. You must obey the GNU General Public License | |
16 * in all respects for all of the code used other than "OpenSSL". If you | |
17 * modify file(s) with this exception, you may extend this exception to | |
18 * your version of the file(s), but you are not obligated to do so. If | |
19 * you do not wish to do so, delete this exception statement from your | |
20 * version. If you delete this exception statement from all source files | |
21 * in the program, then also delete it here. | |
0 | 22 * |
23 * This program is distributed in the hope that it will be useful, but | |
24 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
26 * General Public License for more details. | |
27 * | |
28 * You should have received a copy of the GNU General Public License | |
29 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
30 **/ | |
31 | |
32 | |
33 // http://en.highscore.de/cpp/boost/stringhandling.html | |
34 | |
35 #include "MongooseServer.h" | |
36 | |
37 #include <algorithm> | |
38 #include <string.h> | |
39 #include <boost/lexical_cast.hpp> | |
40 #include <boost/algorithm/string.hpp> | |
41 #include <iostream> | |
42 #include <string.h> | |
43 #include <stdio.h> | |
44 #include <boost/thread.hpp> | |
108 | 45 #include <glog/logging.h> |
0 | 46 |
59 | 47 #include "../OrthancException.h" |
0 | 48 #include "../ChunkedBuffer.h" |
324 | 49 #include "HttpOutput.h" |
0 | 50 #include "mongoose.h" |
51 | |
52 | |
59 | 53 #define ORTHANC_REALM "Orthanc Secure Area" |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
54 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
55 static const long LOCALHOST = (127ll << 24) + 1ll; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
56 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
57 |
59 | 58 namespace Orthanc |
0 | 59 { |
60 static const char multipart[] = "multipart/form-data; boundary="; | |
61 static unsigned int multipartLength = sizeof(multipart) / sizeof(char) - 1; | |
62 | |
63 | |
64 namespace | |
65 { | |
66 // Anonymous namespace to avoid clashes between compilation modules | |
67 class MongooseOutput : public HttpOutput | |
68 { | |
69 private: | |
70 struct mg_connection* connection_; | |
71 | |
72 public: | |
73 MongooseOutput(struct mg_connection* connection) : connection_(connection) | |
74 { | |
75 } | |
76 | |
77 virtual void Send(const void* buffer, size_t length) | |
78 { | |
217 | 79 if (length > 0) |
80 { | |
81 mg_write(connection_, buffer, length); | |
82 } | |
0 | 83 } |
84 }; | |
85 | |
86 | |
87 enum PostDataStatus | |
88 { | |
89 PostDataStatus_Success, | |
90 PostDataStatus_NoLength, | |
91 PostDataStatus_Pending, | |
92 PostDataStatus_Failure | |
93 }; | |
94 } | |
95 | |
96 | |
97 // TODO Move this to external file | |
98 | |
99 | |
100 class ChunkedFile : public ChunkedBuffer | |
101 { | |
102 private: | |
103 std::string filename_; | |
104 | |
105 public: | |
106 ChunkedFile(const std::string& filename) : | |
107 filename_(filename) | |
108 { | |
109 } | |
110 | |
111 const std::string& GetFilename() const | |
112 { | |
113 return filename_; | |
114 } | |
115 }; | |
116 | |
117 | |
118 | |
119 class ChunkStore | |
120 { | |
121 private: | |
122 typedef std::list<ChunkedFile*> Content; | |
123 Content content_; | |
124 unsigned int numPlaces_; | |
125 | |
126 boost::mutex mutex_; | |
127 std::set<std::string> discardedFiles_; | |
128 | |
129 void Clear() | |
130 { | |
131 for (Content::iterator it = content_.begin(); | |
132 it != content_.end(); it++) | |
133 { | |
134 delete *it; | |
135 } | |
136 } | |
137 | |
138 Content::iterator Find(const std::string& filename) | |
139 { | |
140 for (Content::iterator it = content_.begin(); | |
141 it != content_.end(); it++) | |
142 { | |
143 if ((*it)->GetFilename() == filename) | |
144 { | |
145 return it; | |
146 } | |
147 } | |
148 | |
149 return content_.end(); | |
150 } | |
151 | |
152 void Remove(const std::string& filename) | |
153 { | |
154 Content::iterator it = Find(filename); | |
155 if (it != content_.end()) | |
156 { | |
157 delete *it; | |
158 content_.erase(it); | |
159 } | |
160 } | |
161 | |
162 public: | |
163 ChunkStore() | |
164 { | |
165 numPlaces_ = 10; | |
166 } | |
167 | |
168 ~ChunkStore() | |
169 { | |
170 Clear(); | |
171 } | |
172 | |
173 PostDataStatus Store(std::string& completed, | |
174 const char* chunkData, | |
175 size_t chunkSize, | |
176 const std::string& filename, | |
177 size_t filesize) | |
178 { | |
179 boost::mutex::scoped_lock lock(mutex_); | |
180 | |
181 std::set<std::string>::iterator wasDiscarded = discardedFiles_.find(filename); | |
182 if (wasDiscarded != discardedFiles_.end()) | |
183 { | |
184 discardedFiles_.erase(wasDiscarded); | |
185 return PostDataStatus_Failure; | |
186 } | |
187 | |
188 ChunkedFile* f; | |
189 Content::iterator it = Find(filename); | |
190 if (it == content_.end()) | |
191 { | |
192 f = new ChunkedFile(filename); | |
193 | |
194 // Make some room | |
195 if (content_.size() >= numPlaces_) | |
196 { | |
197 discardedFiles_.insert(content_.front()->GetFilename()); | |
198 delete content_.front(); | |
199 content_.pop_front(); | |
200 } | |
201 | |
202 content_.push_back(f); | |
203 } | |
204 else | |
205 { | |
206 f = *it; | |
207 } | |
208 | |
209 f->AddChunk(chunkData, chunkSize); | |
210 | |
211 if (f->GetNumBytes() > filesize) | |
212 { | |
213 Remove(filename); | |
214 } | |
215 else if (f->GetNumBytes() == filesize) | |
216 { | |
217 f->Flatten(completed); | |
218 Remove(filename); | |
219 return PostDataStatus_Success; | |
220 } | |
221 | |
222 return PostDataStatus_Pending; | |
223 } | |
224 | |
225 /*void Print() | |
226 { | |
227 boost::mutex::scoped_lock lock(mutex_); | |
228 | |
229 printf("ChunkStore status:\n"); | |
230 for (Content::const_iterator i = content_.begin(); | |
231 i != content_.end(); i++) | |
232 { | |
233 printf(" [%s]: %d\n", (*i)->GetFilename().c_str(), (*i)->GetNumBytes()); | |
234 } | |
235 printf("-----\n"); | |
236 }*/ | |
237 }; | |
238 | |
239 | |
240 struct MongooseServer::PImpl | |
241 { | |
242 struct mg_context *context_; | |
243 ChunkStore chunkStore_; | |
244 }; | |
245 | |
246 | |
247 ChunkStore& MongooseServer::GetChunkStore() | |
248 { | |
249 return pimpl_->chunkStore_; | |
250 } | |
251 | |
252 | |
253 | |
254 HttpHandler* MongooseServer::FindHandler(const UriComponents& forUri) const | |
255 { | |
256 for (Handlers::const_iterator it = | |
257 handlers_.begin(); it != handlers_.end(); it++) | |
258 { | |
259 if ((*it)->IsServedUri(forUri)) | |
260 { | |
261 return *it; | |
262 } | |
263 } | |
264 | |
265 return NULL; | |
266 } | |
267 | |
268 | |
269 | |
270 | |
416 | 271 static PostDataStatus ReadBody(std::string& postData, |
272 struct mg_connection *connection, | |
273 const HttpHandler::Arguments& headers) | |
0 | 274 { |
275 HttpHandler::Arguments::const_iterator cs = headers.find("content-length"); | |
276 if (cs == headers.end()) | |
277 { | |
278 return PostDataStatus_NoLength; | |
279 } | |
280 | |
281 int length; | |
282 try | |
283 { | |
284 length = boost::lexical_cast<int>(cs->second); | |
285 } | |
286 catch (boost::bad_lexical_cast) | |
287 { | |
288 return PostDataStatus_NoLength; | |
289 } | |
290 | |
291 if (length < 0) | |
292 { | |
293 length = 0; | |
294 } | |
295 | |
296 postData.resize(length); | |
297 | |
298 size_t pos = 0; | |
299 while (length > 0) | |
300 { | |
301 int r = mg_read(connection, &postData[pos], length); | |
302 if (r <= 0) | |
303 { | |
304 return PostDataStatus_Failure; | |
305 } | |
8 | 306 assert(r <= length); |
0 | 307 length -= r; |
308 pos += r; | |
309 } | |
310 | |
311 return PostDataStatus_Success; | |
312 } | |
313 | |
314 | |
315 | |
316 static PostDataStatus ParseMultipartPost(std::string &completedFile, | |
317 struct mg_connection *connection, | |
318 const HttpHandler::Arguments& headers, | |
319 const std::string& contentType, | |
320 ChunkStore& chunkStore) | |
321 { | |
322 std::string boundary = "--" + contentType.substr(multipartLength); | |
323 | |
324 std::string postData; | |
416 | 325 PostDataStatus status = ReadBody(postData, connection, headers); |
0 | 326 |
327 if (status != PostDataStatus_Success) | |
328 { | |
329 return status; | |
330 } | |
331 | |
332 /*for (HttpHandler::Arguments::const_iterator i = headers.begin(); i != headers.end(); i++) | |
333 { | |
334 std::cout << "Header [" << i->first << "] = " << i->second << "\n"; | |
335 } | |
336 printf("CHUNK\n");*/ | |
337 | |
338 typedef HttpHandler::Arguments::const_iterator ArgumentIterator; | |
339 | |
340 ArgumentIterator requestedWith = headers.find("x-requested-with"); | |
341 ArgumentIterator fileName = headers.find("x-file-name"); | |
342 ArgumentIterator fileSizeStr = headers.find("x-file-size"); | |
343 | |
338
3a3b3ba8c1e0
fix for uploads through internet explorer 7
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
333
diff
changeset
|
344 if (requestedWith != headers.end() && |
0 | 345 requestedWith->second != "XMLHttpRequest") |
346 { | |
347 return PostDataStatus_Failure; | |
348 } | |
349 | |
350 size_t fileSize = 0; | |
351 if (fileSizeStr != headers.end()) | |
352 { | |
353 try | |
354 { | |
355 fileSize = boost::lexical_cast<size_t>(fileSizeStr->second); | |
356 } | |
357 catch (boost::bad_lexical_cast) | |
358 { | |
359 return PostDataStatus_Failure; | |
360 } | |
361 } | |
362 | |
363 typedef boost::find_iterator<std::string::iterator> FindIterator; | |
10 | 364 typedef boost::iterator_range<char*> Range; |
0 | 365 |
366 //chunkStore.Print(); | |
367 | |
368 try | |
369 { | |
370 FindIterator last; | |
371 for (FindIterator it = | |
372 make_find_iterator(postData, boost::first_finder(boundary)); | |
373 it!=FindIterator(); | |
374 ++it) | |
375 { | |
376 if (last != FindIterator()) | |
377 { | |
10 | 378 Range part(&last->back(), &it->front()); |
0 | 379 Range content = boost::find_first(part, "\r\n\r\n"); |
345 | 380 if (/*content != Range()*/!content.empty()) |
0 | 381 { |
382 Range c(&content.back() + 1, &it->front() - 2); | |
383 size_t chunkSize = c.size(); | |
384 | |
385 if (chunkSize > 0) | |
386 { | |
387 const char* chunkData = &c.front(); | |
388 | |
389 if (fileName == headers.end()) | |
390 { | |
391 // This file is stored in a single chunk | |
392 completedFile.resize(chunkSize); | |
393 if (chunkSize > 0) | |
394 { | |
395 memcpy(&completedFile[0], chunkData, chunkSize); | |
396 } | |
397 return PostDataStatus_Success; | |
398 } | |
399 else | |
400 { | |
401 return chunkStore.Store(completedFile, chunkData, chunkSize, fileName->second, fileSize); | |
402 } | |
403 } | |
10 | 404 } |
0 | 405 } |
406 | |
407 last = it; | |
408 } | |
409 } | |
410 catch (std::length_error) | |
411 { | |
412 return PostDataStatus_Failure; | |
413 } | |
414 | |
415 return PostDataStatus_Pending; | |
416 } | |
417 | |
418 | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
419 static void SendUnauthorized(HttpOutput& output) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
420 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
421 std::string s = "HTTP/1.1 401 Unauthorized\r\n" |
59 | 422 "WWW-Authenticate: Basic realm=\"" ORTHANC_REALM "\"" |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
423 "\r\n\r\n"; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
424 output.Send(&s[0], s.size()); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
425 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
426 |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
427 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
428 static bool Authorize(const MongooseServer& that, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
429 const HttpHandler::Arguments& headers, |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
430 HttpOutput& output) |
23 | 431 { |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
432 bool granted = false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
433 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
434 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
435 if (auth != headers.end()) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
436 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
437 std::string s = auth->second; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
438 if (s.substr(0, 6) == "Basic ") |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
439 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
440 std::string b64 = s.substr(6); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
441 granted = that.IsValidBasicHttpAuthentication(b64); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
442 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
443 } |
23 | 444 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
445 if (!granted) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
446 { |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
447 SendUnauthorized(output); |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
448 return false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
449 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
450 else |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
451 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
452 return true; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
453 } |
23 | 454 } |
455 | |
456 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
457 static std::string GetAuthenticatedUsername(const HttpHandler::Arguments& headers) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
458 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
459 HttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
460 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
461 if (auth == headers.end()) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
462 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
463 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
464 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
465 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
466 std::string s = auth->second; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
467 if (s.substr(0, 6) != "Basic ") |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
468 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
469 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
470 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
471 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
472 std::string b64 = s.substr(6); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
473 std::string decoded = Toolbox::DecodeBase64(b64); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
474 size_t semicolons = decoded.find(':'); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
475 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
476 if (semicolons == std::string::npos) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
477 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
478 // Bad-formatted request |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
479 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
480 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
481 else |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
482 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
483 return decoded.substr(0, semicolons); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
484 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
485 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
486 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
487 |
414 | 488 static bool ExtractMethod(Orthanc_HttpMethod& method, |
489 const struct mg_request_info *request, | |
490 const HttpHandler::Arguments& headers, | |
491 const HttpHandler::Arguments& argumentsGET) | |
492 { | |
493 std::string overriden; | |
494 | |
495 // Check whether some PUT/DELETE faking is done | |
496 | |
497 // 1. Faking with Google's approach | |
498 HttpHandler::Arguments::const_iterator methodOverride = | |
499 headers.find("x-http-method-override"); | |
500 | |
501 if (methodOverride != headers.end()) | |
502 { | |
503 overriden = methodOverride->second; | |
504 } | |
505 else if (!strcmp(request->request_method, "GET")) | |
506 { | |
507 // 2. Faking with Ruby on Rail's approach | |
508 // GET /my/resource?_method=delete <=> DELETE /my/resource | |
509 methodOverride = argumentsGET.find("_method"); | |
510 if (methodOverride != argumentsGET.end()) | |
511 { | |
512 overriden = methodOverride->second; | |
513 } | |
514 } | |
515 | |
516 if (overriden.size() > 0) | |
517 { | |
518 // A faking has been done within this request | |
519 Toolbox::ToUpperCase(overriden); | |
520 | |
416 | 521 LOG(INFO) << "HTTP method faking has been detected for " << overriden; |
522 | |
414 | 523 if (overriden == "PUT") |
524 { | |
525 method = Orthanc_HttpMethod_Put; | |
416 | 526 return true; |
414 | 527 } |
528 else if (overriden == "DELETE") | |
529 { | |
530 method = Orthanc_HttpMethod_Delete; | |
416 | 531 return true; |
414 | 532 } |
533 else | |
534 { | |
535 return false; | |
536 } | |
537 } | |
538 | |
539 // No PUT/DELETE faking was present | |
540 if (!strcmp(request->request_method, "GET")) | |
541 { | |
542 method = Orthanc_HttpMethod_Get; | |
543 } | |
544 else if (!strcmp(request->request_method, "POST")) | |
545 { | |
546 method = Orthanc_HttpMethod_Post; | |
547 } | |
548 else if (!strcmp(request->request_method, "DELETE")) | |
549 { | |
550 method = Orthanc_HttpMethod_Delete; | |
551 } | |
552 else if (!strcmp(request->request_method, "PUT")) | |
553 { | |
554 method = Orthanc_HttpMethod_Put; | |
555 } | |
556 else | |
557 { | |
558 return false; | |
559 } | |
560 | |
561 return true; | |
562 } | |
563 | |
564 | |
0 | 565 |
566 static void* Callback(enum mg_event event, | |
567 struct mg_connection *connection, | |
568 const struct mg_request_info *request) | |
569 { | |
570 if (event == MG_NEW_REQUEST) | |
571 { | |
572 MongooseServer* that = (MongooseServer*) (request->user_data); | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
573 MongooseOutput output(connection); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
574 |
414 | 575 // Check remote calls |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
576 if (!that->IsRemoteAccessAllowed() && |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
577 request->remote_ip != LOCALHOST) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
578 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
579 SendUnauthorized(output); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
580 return (void*) ""; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
581 } |
0 | 582 |
583 | |
414 | 584 // Extract the HTTP headers |
585 HttpHandler::Arguments headers; | |
0 | 586 for (int i = 0; i < request->num_headers; i++) |
587 { | |
588 std::string name = request->http_headers[i].name; | |
589 std::transform(name.begin(), name.end(), name.begin(), ::tolower); | |
590 headers.insert(std::make_pair(name, request->http_headers[i].value)); | |
591 } | |
592 | |
414 | 593 |
594 // Extract the GET arguments | |
595 HttpHandler::Arguments argumentsGET; | |
596 if (!strcmp(request->request_method, "GET")) | |
597 { | |
598 HttpHandler::ParseGetQuery(argumentsGET, request->query_string); | |
599 } | |
600 | |
601 | |
602 // Compute the HTTP method, taking method faking into consideration | |
603 Orthanc_HttpMethod method; | |
604 if (!ExtractMethod(method, request, headers, argumentsGET)) | |
605 { | |
416 | 606 output.SendHeader(Orthanc_HttpStatus_400_BadRequest); |
414 | 607 return (void*) ""; |
608 } | |
609 | |
610 | |
23 | 611 // Authenticate this connection |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
612 if (that->IsAuthenticationEnabled() && |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
613 !Authorize(*that, headers, output)) |
23 | 614 { |
615 return (void*) ""; | |
616 } | |
617 | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
618 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
619 // Apply the filter, if it is installed |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
620 const IIncomingHttpRequestFilter *filter = that->GetIncomingHttpRequestFilter(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
621 if (filter != NULL) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
622 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
623 std::string username = GetAuthenticatedUsername(headers); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
624 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
625 char remoteIp[24]; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
626 sprintf(remoteIp, "%d.%d.%d.%d", |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
627 reinterpret_cast<const uint8_t*>(&request->remote_ip) [3], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
628 reinterpret_cast<const uint8_t*>(&request->remote_ip) [2], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
629 reinterpret_cast<const uint8_t*>(&request->remote_ip) [1], |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
630 reinterpret_cast<const uint8_t*>(&request->remote_ip) [0]); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
631 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
632 if (!filter->IsAllowed(method, request->uri, remoteIp, username.c_str())) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
633 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
634 SendUnauthorized(output); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
635 return (void*) ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
636 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
637 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
638 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
639 |
414 | 640 // Extract the body of the request for PUT and POST |
641 std::string body; | |
642 if (method == Orthanc_HttpMethod_Post || | |
643 method == Orthanc_HttpMethod_Put) | |
0 | 644 { |
416 | 645 PostDataStatus status; |
646 | |
0 | 647 HttpHandler::Arguments::const_iterator ct = headers.find("content-type"); |
648 if (ct == headers.end()) | |
649 { | |
416 | 650 // No content-type specified. Assume no multi-part content occurs at this point. |
651 status = ReadBody(body, connection, headers); | |
0 | 652 } |
653 else | |
654 { | |
416 | 655 std::string contentType = ct->second; |
656 if (contentType.size() >= multipartLength && | |
657 !memcmp(contentType.c_str(), multipart, multipartLength)) | |
658 { | |
659 status = ParseMultipartPost(body, connection, headers, contentType, that->GetChunkStore()); | |
660 } | |
661 else | |
662 { | |
663 status = ReadBody(body, connection, headers); | |
664 } | |
0 | 665 } |
666 | |
667 switch (status) | |
668 { | |
416 | 669 case PostDataStatus_NoLength: |
670 output.SendHeader(Orthanc_HttpStatus_411_LengthRequired); | |
671 return (void*) ""; | |
0 | 672 |
416 | 673 case PostDataStatus_Failure: |
674 output.SendHeader(Orthanc_HttpStatus_400_BadRequest); | |
675 return (void*) ""; | |
0 | 676 |
416 | 677 case PostDataStatus_Pending: |
678 output.AnswerBufferWithContentType(NULL, 0, ""); | |
679 return (void*) ""; | |
0 | 680 |
416 | 681 default: |
682 break; | |
0 | 683 } |
684 } | |
685 | |
414 | 686 |
687 // Call the proper handler for this URI | |
0 | 688 UriComponents uri; |
415 | 689 try |
690 { | |
691 Toolbox::SplitUriComponents(uri, request->uri); | |
692 } | |
693 catch (OrthancException) | |
694 { | |
695 output.SendHeader(Orthanc_HttpStatus_400_BadRequest); | |
696 return (void*) ""; | |
697 } | |
698 | |
0 | 699 |
700 HttpHandler* handler = that->FindHandler(uri); | |
701 if (handler) | |
702 { | |
703 try | |
704 { | |
416 | 705 LOG(INFO) << Orthanc_HttpMethod_ToString(method) << " " << Toolbox::FlattenUri(uri); |
414 | 706 handler->Handle(output, method, uri, headers, argumentsGET, body); |
0 | 707 } |
59 | 708 catch (OrthancException& e) |
0 | 709 { |
108 | 710 LOG(ERROR) << "MongooseServer Exception [" << e.What() << "]"; |
59 | 711 output.SendHeader(Orthanc_HttpStatus_500_InternalServerError); |
0 | 712 } |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
713 catch (boost::bad_lexical_cast&) |
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
714 { |
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
715 LOG(ERROR) << "MongooseServer Exception: Bad lexical cast"; |
333 | 716 output.SendHeader(Orthanc_HttpStatus_400_BadRequest); |
717 } | |
718 catch (std::runtime_error&) | |
719 { | |
720 LOG(ERROR) << "MongooseServer Exception: Presumably a bad JSON request"; | |
721 output.SendHeader(Orthanc_HttpStatus_400_BadRequest); | |
327
4564e908bba9
handling of bad lexical casts in http server
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
324
diff
changeset
|
722 } |
0 | 723 } |
724 else | |
725 { | |
59 | 726 output.SendHeader(Orthanc_HttpStatus_404_NotFound); |
0 | 727 } |
728 | |
729 // Mark as processed | |
730 return (void*) ""; | |
731 } | |
732 else | |
733 { | |
734 return NULL; | |
735 } | |
736 } | |
737 | |
738 | |
739 bool MongooseServer::IsRunning() const | |
740 { | |
741 return (pimpl_->context_ != NULL); | |
742 } | |
743 | |
744 | |
745 MongooseServer::MongooseServer() : pimpl_(new PImpl) | |
746 { | |
747 pimpl_->context_ = NULL; | |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
748 remoteAllowed_ = false; |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
749 authentication_ = false; |
23 | 750 ssl_ = false; |
0 | 751 port_ = 8000; |
417 | 752 filter_ = NULL; |
0 | 753 } |
754 | |
755 | |
756 MongooseServer::~MongooseServer() | |
757 { | |
758 Stop(); | |
759 ClearHandlers(); | |
760 } | |
761 | |
762 | |
128 | 763 void MongooseServer::SetPortNumber(uint16_t port) |
0 | 764 { |
765 Stop(); | |
766 port_ = port; | |
767 } | |
768 | |
769 void MongooseServer::Start() | |
770 { | |
771 if (!IsRunning()) | |
772 { | |
773 std::string port = boost::lexical_cast<std::string>(port_); | |
774 | |
23 | 775 if (ssl_) |
776 { | |
777 port += "s"; | |
778 } | |
779 | |
0 | 780 const char *options[] = { |
781 "listening_ports", port.c_str(), | |
23 | 782 ssl_ ? "ssl_certificate" : NULL, |
783 certificate_.c_str(), | |
0 | 784 NULL |
785 }; | |
786 | |
787 pimpl_->context_ = mg_start(&Callback, this, options); | |
788 if (!pimpl_->context_) | |
789 { | |
59 | 790 throw OrthancException("Unable to launch the Mongoose server"); |
0 | 791 } |
792 } | |
793 } | |
794 | |
795 void MongooseServer::Stop() | |
796 { | |
797 if (IsRunning()) | |
798 { | |
799 mg_stop(pimpl_->context_); | |
800 pimpl_->context_ = NULL; | |
801 } | |
802 } | |
803 | |
804 | |
805 void MongooseServer::RegisterHandler(HttpHandler* handler) | |
806 { | |
807 Stop(); | |
808 | |
809 handlers_.push_back(handler); | |
810 } | |
811 | |
812 | |
813 void MongooseServer::ClearHandlers() | |
814 { | |
815 Stop(); | |
816 | |
817 for (Handlers::iterator it = | |
818 handlers_.begin(); it != handlers_.end(); it++) | |
819 { | |
820 delete *it; | |
821 } | |
822 } | |
823 | |
23 | 824 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
825 void MongooseServer::ClearUsers() |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
826 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
827 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
828 registeredUsers_.clear(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
829 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
830 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
831 |
23 | 832 void MongooseServer::RegisterUser(const char* username, |
833 const char* password) | |
834 { | |
835 Stop(); | |
24 | 836 |
837 std::string tag = std::string(username) + ":" + std::string(password); | |
838 registeredUsers_.insert(Toolbox::EncodeBase64(tag)); | |
23 | 839 } |
840 | |
841 void MongooseServer::SetSslEnabled(bool enabled) | |
842 { | |
843 Stop(); | |
844 | |
59 | 845 #if ORTHANC_SSL_ENABLED == 0 |
23 | 846 if (enabled) |
847 { | |
59 | 848 throw OrthancException("Orthanc has been built without SSL support"); |
23 | 849 } |
850 else | |
851 { | |
852 ssl_ = false; | |
853 } | |
854 #else | |
855 ssl_ = enabled; | |
856 #endif | |
857 } | |
858 | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
859 void MongooseServer::SetAuthenticationEnabled(bool enabled) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
860 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
861 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
862 authentication_ = enabled; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
863 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
864 |
23 | 865 void MongooseServer::SetSslCertificate(const char* path) |
866 { | |
867 Stop(); | |
868 certificate_ = path; | |
869 } | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
870 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
871 void MongooseServer::SetRemoteAccessAllowed(bool allowed) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
872 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
873 Stop(); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
874 remoteAllowed_ = allowed; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
875 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
876 |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
877 void MongooseServer::SetIncomingHttpRequestFilter(IIncomingHttpRequestFilter& filter) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
878 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
879 Stop(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
880 filter_ = &filter; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
881 } |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
882 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
883 bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
884 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
885 return registeredUsers_.find(basic) != registeredUsers_.end(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
886 } |
0 | 887 } |