Mercurial > hg > orthanc
annotate Core/HttpServer/MongooseServer.cpp @ 2070:7e6afa0beaf6
samples: improved handling of special characters in paths
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 14 Jul 2016 09:05:22 +0200 |
parents | fabf7820d1f1 |
children | 15ae532af70e |
rev | line source |
---|---|
0 | 1 /** |
59 | 2 * Orthanc - A Lightweight, RESTful DICOM Store |
1900 | 3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics |
1288
6e7e5ed91c2d
upgrade to year 2015
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1213
diff
changeset
|
4 * Department, University Hospital of Liege, Belgium |
0 | 5 * |
6 * This program is free software: you can redistribute it and/or | |
7 * modify it under the terms of the GNU General Public License as | |
8 * published by the Free Software Foundation, either version 3 of the | |
9 * License, or (at your option) any later version. | |
136 | 10 * |
11 * In addition, as a special exception, the copyright holders of this | |
12 * program give permission to link the code of its release with the | |
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it | |
14 * that use the same license as the "OpenSSL" library), and distribute | |
15 * the linked executables. You must obey the GNU General Public License | |
16 * in all respects for all of the code used other than "OpenSSL". If you | |
17 * modify file(s) with this exception, you may extend this exception to | |
18 * your version of the file(s), but you are not obligated to do so. If | |
19 * you do not wish to do so, delete this exception statement from your | |
20 * version. If you delete this exception statement from all source files | |
21 * in the program, then also delete it here. | |
0 | 22 * |
23 * This program is distributed in the hope that it will be useful, but | |
24 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
26 * General Public License for more details. | |
27 * | |
28 * You should have received a copy of the GNU General Public License | |
29 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
30 **/ | |
31 | |
32 | |
33 // http://en.highscore.de/cpp/boost/stringhandling.html | |
34 | |
824
a811bdf8b8eb
precompiled headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
809
diff
changeset
|
35 #include "../PrecompiledHeaders.h" |
0 | 36 #include "MongooseServer.h" |
37 | |
1486
f967bdf8534e
refactoring to Logging.h
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
38 #include "../Logging.h" |
f967bdf8534e
refactoring to Logging.h
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
39 #include "../ChunkedBuffer.h" |
f967bdf8534e
refactoring to Logging.h
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
40 #include "HttpToolbox.h" |
f967bdf8534e
refactoring to Logging.h
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
41 #include "mongoose.h" |
f967bdf8534e
refactoring to Logging.h
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
42 |
0 | 43 #include <algorithm> |
44 #include <string.h> | |
45 #include <boost/lexical_cast.hpp> | |
46 #include <boost/algorithm/string.hpp> | |
47 #include <iostream> | |
48 #include <string.h> | |
49 #include <stdio.h> | |
50 #include <boost/thread.hpp> | |
51 | |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
52 #if ORTHANC_SSL_ENABLED == 1 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
53 #include <openssl/opensslv.h> |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
54 #endif |
0 | 55 |
59 | 56 #define ORTHANC_REALM "Orthanc Secure Area" |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
57 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
58 static const long LOCALHOST = (127ll << 24) + 1ll; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
59 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
60 |
59 | 61 namespace Orthanc |
0 | 62 { |
63 static const char multipart[] = "multipart/form-data; boundary="; | |
64 static unsigned int multipartLength = sizeof(multipart) / sizeof(char) - 1; | |
65 | |
66 | |
67 namespace | |
68 { | |
69 // Anonymous namespace to avoid clashes between compilation modules | |
911 | 70 class MongooseOutputStream : public IHttpOutputStream |
0 | 71 { |
72 private: | |
73 struct mg_connection* connection_; | |
74 | |
911 | 75 public: |
76 MongooseOutputStream(struct mg_connection* connection) : connection_(connection) | |
77 { | |
78 } | |
79 | |
909 | 80 virtual void Send(bool isHeader, const void* buffer, size_t length) |
0 | 81 { |
217 | 82 if (length > 0) |
83 { | |
1430
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
84 int status = mg_write(connection_, buffer, length); |
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
85 if (status != static_cast<int>(length)) |
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
86 { |
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
87 // status == 0 when the connection has been closed, -1 on error |
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
88 throw OrthancException(ErrorCode_NetworkProtocol); |
ad94a3583b07
Plugins can send answers as multipart messages
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1363
diff
changeset
|
89 } |
217 | 90 } |
0 | 91 } |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
92 |
911 | 93 virtual void OnHttpStatusReceived(HttpStatus status) |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
94 { |
911 | 95 // Ignore this |
908
e078ea944089
refactoring HttpOutput
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
901
diff
changeset
|
96 } |
0 | 97 }; |
98 | |
99 | |
100 enum PostDataStatus | |
101 { | |
102 PostDataStatus_Success, | |
103 PostDataStatus_NoLength, | |
104 PostDataStatus_Pending, | |
105 PostDataStatus_Failure | |
106 }; | |
107 } | |
108 | |
109 | |
110 // TODO Move this to external file | |
111 | |
112 | |
113 class ChunkedFile : public ChunkedBuffer | |
114 { | |
115 private: | |
116 std::string filename_; | |
117 | |
118 public: | |
119 ChunkedFile(const std::string& filename) : | |
120 filename_(filename) | |
121 { | |
122 } | |
123 | |
124 const std::string& GetFilename() const | |
125 { | |
126 return filename_; | |
127 } | |
128 }; | |
129 | |
130 | |
131 | |
132 class ChunkStore | |
133 { | |
134 private: | |
135 typedef std::list<ChunkedFile*> Content; | |
136 Content content_; | |
137 unsigned int numPlaces_; | |
138 | |
139 boost::mutex mutex_; | |
140 std::set<std::string> discardedFiles_; | |
141 | |
142 void Clear() | |
143 { | |
144 for (Content::iterator it = content_.begin(); | |
656 | 145 it != content_.end(); ++it) |
0 | 146 { |
147 delete *it; | |
148 } | |
149 } | |
150 | |
151 Content::iterator Find(const std::string& filename) | |
152 { | |
153 for (Content::iterator it = content_.begin(); | |
656 | 154 it != content_.end(); ++it) |
0 | 155 { |
156 if ((*it)->GetFilename() == filename) | |
157 { | |
158 return it; | |
159 } | |
160 } | |
161 | |
162 return content_.end(); | |
163 } | |
164 | |
165 void Remove(const std::string& filename) | |
166 { | |
167 Content::iterator it = Find(filename); | |
168 if (it != content_.end()) | |
169 { | |
170 delete *it; | |
171 content_.erase(it); | |
172 } | |
173 } | |
174 | |
175 public: | |
176 ChunkStore() | |
177 { | |
178 numPlaces_ = 10; | |
179 } | |
180 | |
181 ~ChunkStore() | |
182 { | |
183 Clear(); | |
184 } | |
185 | |
186 PostDataStatus Store(std::string& completed, | |
187 const char* chunkData, | |
188 size_t chunkSize, | |
189 const std::string& filename, | |
190 size_t filesize) | |
191 { | |
192 boost::mutex::scoped_lock lock(mutex_); | |
193 | |
194 std::set<std::string>::iterator wasDiscarded = discardedFiles_.find(filename); | |
195 if (wasDiscarded != discardedFiles_.end()) | |
196 { | |
197 discardedFiles_.erase(wasDiscarded); | |
198 return PostDataStatus_Failure; | |
199 } | |
200 | |
201 ChunkedFile* f; | |
202 Content::iterator it = Find(filename); | |
203 if (it == content_.end()) | |
204 { | |
205 f = new ChunkedFile(filename); | |
206 | |
207 // Make some room | |
208 if (content_.size() >= numPlaces_) | |
209 { | |
210 discardedFiles_.insert(content_.front()->GetFilename()); | |
211 delete content_.front(); | |
212 content_.pop_front(); | |
213 } | |
214 | |
215 content_.push_back(f); | |
216 } | |
217 else | |
218 { | |
219 f = *it; | |
220 } | |
221 | |
222 f->AddChunk(chunkData, chunkSize); | |
223 | |
224 if (f->GetNumBytes() > filesize) | |
225 { | |
226 Remove(filename); | |
227 } | |
228 else if (f->GetNumBytes() == filesize) | |
229 { | |
230 f->Flatten(completed); | |
231 Remove(filename); | |
232 return PostDataStatus_Success; | |
233 } | |
234 | |
235 return PostDataStatus_Pending; | |
236 } | |
237 | |
238 /*void Print() | |
239 { | |
240 boost::mutex::scoped_lock lock(mutex_); | |
241 | |
242 printf("ChunkStore status:\n"); | |
243 for (Content::const_iterator i = content_.begin(); | |
244 i != content_.end(); i++) | |
245 { | |
246 printf(" [%s]: %d\n", (*i)->GetFilename().c_str(), (*i)->GetNumBytes()); | |
247 } | |
248 printf("-----\n"); | |
249 }*/ | |
250 }; | |
251 | |
252 | |
253 struct MongooseServer::PImpl | |
254 { | |
255 struct mg_context *context_; | |
256 ChunkStore chunkStore_; | |
257 }; | |
258 | |
259 | |
260 ChunkStore& MongooseServer::GetChunkStore() | |
261 { | |
262 return pimpl_->chunkStore_; | |
263 } | |
264 | |
265 | |
266 | |
416 | 267 static PostDataStatus ReadBody(std::string& postData, |
268 struct mg_connection *connection, | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
269 const IHttpHandler::Arguments& headers) |
0 | 270 { |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
271 IHttpHandler::Arguments::const_iterator cs = headers.find("content-length"); |
0 | 272 if (cs == headers.end()) |
273 { | |
274 return PostDataStatus_NoLength; | |
275 } | |
276 | |
277 int length; | |
278 try | |
279 { | |
280 length = boost::lexical_cast<int>(cs->second); | |
281 } | |
282 catch (boost::bad_lexical_cast) | |
283 { | |
284 return PostDataStatus_NoLength; | |
285 } | |
286 | |
287 if (length < 0) | |
288 { | |
289 length = 0; | |
290 } | |
291 | |
292 postData.resize(length); | |
293 | |
294 size_t pos = 0; | |
295 while (length > 0) | |
296 { | |
297 int r = mg_read(connection, &postData[pos], length); | |
298 if (r <= 0) | |
299 { | |
300 return PostDataStatus_Failure; | |
301 } | |
418
b79bf2f4ab2e
execution of lua through REST
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
417
diff
changeset
|
302 |
8 | 303 assert(r <= length); |
0 | 304 length -= r; |
305 pos += r; | |
306 } | |
307 | |
308 return PostDataStatus_Success; | |
309 } | |
310 | |
311 | |
312 | |
313 static PostDataStatus ParseMultipartPost(std::string &completedFile, | |
314 struct mg_connection *connection, | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
315 const IHttpHandler::Arguments& headers, |
0 | 316 const std::string& contentType, |
317 ChunkStore& chunkStore) | |
318 { | |
319 std::string boundary = "--" + contentType.substr(multipartLength); | |
320 | |
321 std::string postData; | |
416 | 322 PostDataStatus status = ReadBody(postData, connection, headers); |
0 | 323 |
324 if (status != PostDataStatus_Success) | |
325 { | |
326 return status; | |
327 } | |
328 | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
329 /*for (IHttpHandler::Arguments::const_iterator i = headers.begin(); i != headers.end(); i++) |
0 | 330 { |
331 std::cout << "Header [" << i->first << "] = " << i->second << "\n"; | |
332 } | |
333 printf("CHUNK\n");*/ | |
334 | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
335 typedef IHttpHandler::Arguments::const_iterator ArgumentIterator; |
0 | 336 |
337 ArgumentIterator requestedWith = headers.find("x-requested-with"); | |
338 ArgumentIterator fileName = headers.find("x-file-name"); | |
339 ArgumentIterator fileSizeStr = headers.find("x-file-size"); | |
340 | |
338
3a3b3ba8c1e0
fix for uploads through internet explorer 7
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
333
diff
changeset
|
341 if (requestedWith != headers.end() && |
0 | 342 requestedWith->second != "XMLHttpRequest") |
343 { | |
344 return PostDataStatus_Failure; | |
345 } | |
346 | |
347 size_t fileSize = 0; | |
348 if (fileSizeStr != headers.end()) | |
349 { | |
350 try | |
351 { | |
352 fileSize = boost::lexical_cast<size_t>(fileSizeStr->second); | |
353 } | |
354 catch (boost::bad_lexical_cast) | |
355 { | |
356 return PostDataStatus_Failure; | |
357 } | |
358 } | |
359 | |
360 typedef boost::find_iterator<std::string::iterator> FindIterator; | |
10 | 361 typedef boost::iterator_range<char*> Range; |
0 | 362 |
363 //chunkStore.Print(); | |
364 | |
365 try | |
366 { | |
367 FindIterator last; | |
368 for (FindIterator it = | |
369 make_find_iterator(postData, boost::first_finder(boundary)); | |
370 it!=FindIterator(); | |
371 ++it) | |
372 { | |
373 if (last != FindIterator()) | |
374 { | |
10 | 375 Range part(&last->back(), &it->front()); |
0 | 376 Range content = boost::find_first(part, "\r\n\r\n"); |
345 | 377 if (/*content != Range()*/!content.empty()) |
0 | 378 { |
379 Range c(&content.back() + 1, &it->front() - 2); | |
380 size_t chunkSize = c.size(); | |
381 | |
382 if (chunkSize > 0) | |
383 { | |
384 const char* chunkData = &c.front(); | |
385 | |
386 if (fileName == headers.end()) | |
387 { | |
388 // This file is stored in a single chunk | |
389 completedFile.resize(chunkSize); | |
390 if (chunkSize > 0) | |
391 { | |
392 memcpy(&completedFile[0], chunkData, chunkSize); | |
393 } | |
394 return PostDataStatus_Success; | |
395 } | |
396 else | |
397 { | |
398 return chunkStore.Store(completedFile, chunkData, chunkSize, fileName->second, fileSize); | |
399 } | |
400 } | |
10 | 401 } |
0 | 402 } |
403 | |
404 last = it; | |
405 } | |
406 } | |
407 catch (std::length_error) | |
408 { | |
409 return PostDataStatus_Failure; | |
410 } | |
411 | |
412 return PostDataStatus_Pending; | |
413 } | |
414 | |
415 | |
1202
476a17cfdf42
Fix crash when bad HTTP credentials are provided
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1122
diff
changeset
|
416 static bool IsAccessGranted(const MongooseServer& that, |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
417 const IHttpHandler::Arguments& headers) |
23 | 418 { |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
419 bool granted = false; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
420 |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
421 IHttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
422 if (auth != headers.end()) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
423 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
424 std::string s = auth->second; |
1213 | 425 if (s.size() > 6 && |
426 s.substr(0, 6) == "Basic ") | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
427 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
428 std::string b64 = s.substr(6); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
429 granted = that.IsValidBasicHttpAuthentication(b64); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
430 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
431 } |
23 | 432 |
1202
476a17cfdf42
Fix crash when bad HTTP credentials are provided
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1122
diff
changeset
|
433 return granted; |
23 | 434 } |
435 | |
436 | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
437 static std::string GetAuthenticatedUsername(const IHttpHandler::Arguments& headers) |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
438 { |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
439 IHttpHandler::Arguments::const_iterator auth = headers.find("authorization"); |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
440 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
441 if (auth == headers.end()) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
442 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
443 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
444 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
445 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
446 std::string s = auth->second; |
1213 | 447 if (s.size() <= 6 || |
448 s.substr(0, 6) != "Basic ") | |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
449 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
450 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
451 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
452 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
453 std::string b64 = s.substr(6); |
809
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
454 std::string decoded; |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
455 Toolbox::DecodeBase64(decoded, b64); |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
456 size_t semicolons = decoded.find(':'); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
457 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
458 if (semicolons == std::string::npos) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
459 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
460 // Bad-formatted request |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
461 return ""; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
462 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
463 else |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
464 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
465 return decoded.substr(0, semicolons); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
466 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
467 } |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
468 |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
469 |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
470 static bool ExtractMethod(HttpMethod& method, |
414 | 471 const struct mg_request_info *request, |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
472 const IHttpHandler::Arguments& headers, |
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
473 const IHttpHandler::GetArguments& argumentsGET) |
414 | 474 { |
475 std::string overriden; | |
476 | |
477 // Check whether some PUT/DELETE faking is done | |
478 | |
479 // 1. Faking with Google's approach | |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
480 IHttpHandler::Arguments::const_iterator methodOverride = |
414 | 481 headers.find("x-http-method-override"); |
482 | |
483 if (methodOverride != headers.end()) | |
484 { | |
485 overriden = methodOverride->second; | |
486 } | |
487 else if (!strcmp(request->request_method, "GET")) | |
488 { | |
489 // 2. Faking with Ruby on Rail's approach | |
490 // GET /my/resource?_method=delete <=> DELETE /my/resource | |
1363
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
491 for (size_t i = 0; i < argumentsGET.size(); i++) |
414 | 492 { |
1363
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
493 if (argumentsGET[i].first == "_method") |
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
494 { |
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
495 overriden = argumentsGET[i].second; |
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
496 break; |
feaf2840917c
Plugins now receive duplicated GET arguments in their REST callbacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1288
diff
changeset
|
497 } |
414 | 498 } |
499 } | |
500 | |
501 if (overriden.size() > 0) | |
502 { | |
503 // A faking has been done within this request | |
504 Toolbox::ToUpperCase(overriden); | |
505 | |
416 | 506 LOG(INFO) << "HTTP method faking has been detected for " << overriden; |
507 | |
414 | 508 if (overriden == "PUT") |
509 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
510 method = HttpMethod_Put; |
416 | 511 return true; |
414 | 512 } |
513 else if (overriden == "DELETE") | |
514 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
515 method = HttpMethod_Delete; |
416 | 516 return true; |
414 | 517 } |
518 else | |
519 { | |
520 return false; | |
521 } | |
522 } | |
523 | |
524 // No PUT/DELETE faking was present | |
525 if (!strcmp(request->request_method, "GET")) | |
526 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
527 method = HttpMethod_Get; |
414 | 528 } |
529 else if (!strcmp(request->request_method, "POST")) | |
530 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
531 method = HttpMethod_Post; |
414 | 532 } |
533 else if (!strcmp(request->request_method, "DELETE")) | |
534 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
535 method = HttpMethod_Delete; |
414 | 536 } |
537 else if (!strcmp(request->request_method, "PUT")) | |
538 { | |
473
c9a5d72f8481
changing the namespace of HTTP enumerations
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
418
diff
changeset
|
539 method = HttpMethod_Put; |
414 | 540 } |
541 else | |
542 { | |
543 return false; | |
544 } | |
545 | |
546 return true; | |
547 } | |
548 | |
549 | |
1517 | 550 static void ConfigureHttpCompression(HttpOutput& output, |
551 const IHttpHandler::Arguments& headers) | |
552 { | |
553 // Look if the client wishes HTTP compression | |
554 // https://en.wikipedia.org/wiki/HTTP_compression | |
555 IHttpHandler::Arguments::const_iterator it = headers.find("accept-encoding"); | |
556 if (it != headers.end()) | |
557 { | |
558 std::vector<std::string> encodings; | |
559 Toolbox::TokenizeString(encodings, it->second, ','); | |
560 | |
561 for (size_t i = 0; i < encodings.size(); i++) | |
562 { | |
563 std::string s = Toolbox::StripSpaces(encodings[i]); | |
564 | |
565 if (s == "deflate") | |
566 { | |
567 output.SetDeflateAllowed(true); | |
568 } | |
569 else if (s == "gzip") | |
570 { | |
571 output.SetGzipAllowed(true); | |
572 } | |
573 } | |
574 } | |
575 } | |
576 | |
577 | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
578 static void InternalCallback(struct mg_connection *connection, |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
579 const struct mg_request_info *request) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
580 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
581 MongooseServer* that = reinterpret_cast<MongooseServer*>(request->user_data); |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
582 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
583 MongooseOutputStream stream(connection); |
1115
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
584 HttpOutput output(stream, that->IsKeepAliveEnabled()); |
0 | 585 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
586 // Check remote calls |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
587 if (!that->IsRemoteAccessAllowed() && |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
588 request->remote_ip != LOCALHOST) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
589 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
590 output.SendUnauthorized(ORTHANC_REALM); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
591 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
592 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
593 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
594 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
595 // Extract the HTTP headers |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
596 IHttpHandler::Arguments headers; |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
597 for (int i = 0; i < request->num_headers; i++) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
598 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
599 std::string name = request->http_headers[i].name; |
1977
ad95331c526a
trace log of http headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1963
diff
changeset
|
600 std::string value = request->http_headers[i].value; |
ad95331c526a
trace log of http headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1963
diff
changeset
|
601 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
602 std::transform(name.begin(), name.end(), name.begin(), ::tolower); |
1977
ad95331c526a
trace log of http headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1963
diff
changeset
|
603 headers.insert(std::make_pair(name, value)); |
ad95331c526a
trace log of http headers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1963
diff
changeset
|
604 VLOG(1) << "HTTP header: [" << name << "]: [" << value << "]"; |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
605 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
606 |
1517 | 607 if (that->IsHttpCompressionEnabled()) |
608 { | |
609 ConfigureHttpCompression(output, headers); | |
610 } | |
611 | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
612 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
613 // Extract the GET arguments |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
614 IHttpHandler::GetArguments argumentsGET; |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
615 if (!strcmp(request->request_method, "GET")) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
616 { |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
617 HttpToolbox::ParseGetArguments(argumentsGET, request->query_string); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
618 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
619 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
620 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
621 // Compute the HTTP method, taking method faking into consideration |
1122
1d60316c3618
simplifications in FileStorage
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1115
diff
changeset
|
622 HttpMethod method = HttpMethod_Get; |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
623 if (!ExtractMethod(method, request, headers, argumentsGET)) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
624 { |
1113
ba5c0908600c
Refactoring of HttpOutput ("Content-Length" header is now always sent)
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1112
diff
changeset
|
625 output.SendStatus(HttpStatus_400_BadRequest); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
626 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
627 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
628 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
629 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
630 // Authenticate this connection |
1202
476a17cfdf42
Fix crash when bad HTTP credentials are provided
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1122
diff
changeset
|
631 if (that->IsAuthenticationEnabled() && !IsAccessGranted(*that, headers)) |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
632 { |
1113
ba5c0908600c
Refactoring of HttpOutput ("Content-Length" header is now always sent)
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1112
diff
changeset
|
633 output.SendUnauthorized(ORTHANC_REALM); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
634 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
635 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
636 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
637 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
638 // Apply the filter, if it is installed |
1571
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
639 char remoteIp[24]; |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
640 sprintf(remoteIp, "%d.%d.%d.%d", |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
641 reinterpret_cast<const uint8_t*>(&request->remote_ip) [3], |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
642 reinterpret_cast<const uint8_t*>(&request->remote_ip) [2], |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
643 reinterpret_cast<const uint8_t*>(&request->remote_ip) [1], |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
644 reinterpret_cast<const uint8_t*>(&request->remote_ip) [0]); |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
645 |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
646 std::string username = GetAuthenticatedUsername(headers); |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
647 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
648 const IIncomingHttpRequestFilter *filter = that->GetIncomingHttpRequestFilter(); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
649 if (filter != NULL) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
650 { |
1959
45c4387a379c
Access to the HTTP headers in the "IncomingHttpRequestFilter()" callback
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1900
diff
changeset
|
651 if (!filter->IsAllowed(method, request->uri, remoteIp, username.c_str(), headers)) |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
652 { |
1963
af0c90ae0915
Use 403 Forbidden status if the incoming HTTP request is disallowed
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1959
diff
changeset
|
653 //output.SendUnauthorized(ORTHANC_REALM); |
af0c90ae0915
Use 403 Forbidden status if the incoming HTTP request is disallowed
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1959
diff
changeset
|
654 output.SendStatus(HttpStatus_403_Forbidden); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
655 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
656 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
657 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
658 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
659 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
660 // Extract the body of the request for PUT and POST |
1446
8dc80ba768aa
refactoring: IHttpHandler does not use std::string to hold the request body
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
661 |
8dc80ba768aa
refactoring: IHttpHandler does not use std::string to hold the request body
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
662 // TODO Avoid unneccessary memcopy of the body |
8dc80ba768aa
refactoring: IHttpHandler does not use std::string to hold the request body
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
663 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
664 std::string body; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
665 if (method == HttpMethod_Post || |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
666 method == HttpMethod_Put) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
667 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
668 PostDataStatus status; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
669 |
1441
f3672356c121
refactoring: IHttpHandler and HttpToolbox
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1438
diff
changeset
|
670 IHttpHandler::Arguments::const_iterator ct = headers.find("content-type"); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
671 if (ct == headers.end()) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
672 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
673 // No content-type specified. Assume no multi-part content occurs at this point. |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
674 status = ReadBody(body, connection, headers); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
675 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
676 else |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
677 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
678 std::string contentType = ct->second; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
679 if (contentType.size() >= multipartLength && |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
680 !memcmp(contentType.c_str(), multipart, multipartLength)) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
681 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
682 status = ParseMultipartPost(body, connection, headers, contentType, that->GetChunkStore()); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
683 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
684 else |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
685 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
686 status = ReadBody(body, connection, headers); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
687 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
688 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
689 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
690 switch (status) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
691 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
692 case PostDataStatus_NoLength: |
1113
ba5c0908600c
Refactoring of HttpOutput ("Content-Length" header is now always sent)
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1112
diff
changeset
|
693 output.SendStatus(HttpStatus_411_LengthRequired); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
694 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
695 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
696 case PostDataStatus_Failure: |
1113
ba5c0908600c
Refactoring of HttpOutput ("Content-Length" header is now always sent)
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1112
diff
changeset
|
697 output.SendStatus(HttpStatus_400_BadRequest); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
698 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
699 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
700 case PostDataStatus_Pending: |
1521 | 701 output.AnswerEmpty(); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
702 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
703 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
704 default: |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
705 break; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
706 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
707 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
708 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
709 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
710 // Decompose the URI into its components |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
711 UriComponents uri; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
712 try |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
713 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
714 Toolbox::SplitUriComponents(uri, request->uri); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
715 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
716 catch (OrthancException) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
717 { |
1113
ba5c0908600c
Refactoring of HttpOutput ("Content-Length" header is now always sent)
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1112
diff
changeset
|
718 output.SendStatus(HttpStatus_400_BadRequest); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
719 return; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
720 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
721 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
722 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
723 LOG(INFO) << EnumerationToString(method) << " " << Toolbox::FlattenUri(uri); |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
724 |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
725 |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
726 try |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
727 { |
1569 | 728 bool found = false; |
729 | |
730 try | |
1570 | 731 { |
732 if (that->HasHandler()) | |
733 { | |
1823
0ef4e6e66b56
"Origin" metadata for the instances
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1674
diff
changeset
|
734 found = that->GetHandler().Handle(output, RequestOrigin_RestApi, remoteIp, username.c_str(), |
1571
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1570
diff
changeset
|
735 method, uri, headers, argumentsGET, body.c_str(), body.size()); |
1570 | 736 } |
737 } | |
1569 | 738 catch (boost::bad_lexical_cast&) |
1570 | 739 { |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
740 throw OrthancException(ErrorCode_BadParameterType); |
1570 | 741 } |
1569 | 742 catch (std::runtime_error&) |
1570 | 743 { |
744 // Presumably an error while parsing the JSON body | |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
745 throw OrthancException(ErrorCode_BadRequest); |
1570 | 746 } |
1569 | 747 |
748 if (!found) | |
1570 | 749 { |
750 throw OrthancException(ErrorCode_UnknownResource); | |
751 } | |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
752 } |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
753 catch (OrthancException& e) |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
754 { |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
755 // Using this candidate handler results in an exception |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
756 try |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
757 { |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
758 if (that->GetExceptionFormatter() == NULL) |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
759 { |
1649
8040d56cb0b3
New function "OrthancPluginRegisterErrorCode()" to declare custom error codes
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1645
diff
changeset
|
760 LOG(ERROR) << "Exception in the HTTP handler: " << e.What(); |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
761 output.SendStatus(e.GetHttpStatus()); |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
762 } |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
763 else |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
764 { |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
765 that->GetExceptionFormatter()->Format(output, e, method, request->uri); |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
766 } |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
767 } |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
768 catch (OrthancException&) |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
769 { |
1569 | 770 // An exception here reflects the fact that the status code |
771 // was already set by the HTTP handler. | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
772 } |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
773 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
774 return; |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
775 } |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
776 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
777 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
778 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
779 #if MONGOOSE_USE_CALLBACKS == 0 |
0 | 780 static void* Callback(enum mg_event event, |
781 struct mg_connection *connection, | |
782 const struct mg_request_info *request) | |
783 { | |
784 if (event == MG_NEW_REQUEST) | |
785 { | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
786 InternalCallback(connection, request); |
0 | 787 |
788 // Mark as processed | |
789 return (void*) ""; | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
790 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
791 else |
0 | 792 { |
793 return NULL; | |
794 } | |
795 } | |
796 | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
797 #elif MONGOOSE_USE_CALLBACKS == 1 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
798 static int Callback(struct mg_connection *connection) |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
799 { |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
800 struct mg_request_info *request = mg_get_request_info(connection); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
801 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
802 InternalCallback(connection, request); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
803 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
804 return 1; // Do not let Mongoose handle the request by itself |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
805 } |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
806 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
807 #else |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
808 #error Please set MONGOOSE_USE_CALLBACKS |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
809 #endif |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
810 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
811 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
812 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
813 |
0 | 814 |
815 bool MongooseServer::IsRunning() const | |
816 { | |
817 return (pimpl_->context_ != NULL); | |
818 } | |
819 | |
820 | |
821 MongooseServer::MongooseServer() : pimpl_(new PImpl) | |
822 { | |
823 pimpl_->context_ = NULL; | |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
824 handler_ = NULL; |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
825 remoteAllowed_ = false; |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
826 authentication_ = false; |
23 | 827 ssl_ = false; |
0 | 828 port_ = 8000; |
417 | 829 filter_ = NULL; |
1115
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
830 keepAlive_ = false; |
1517 | 831 httpCompression_ = true; |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
832 exceptionFormatter_ = NULL; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
833 |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
834 #if ORTHANC_SSL_ENABLED == 1 |
749 | 835 // Check for the Heartbleed exploit |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
836 // https://en.wikipedia.org/wiki/OpenSSL#Heartbleed_bug |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
837 if (OPENSSL_VERSION_NUMBER < 0x1000107fL /* openssl-1.0.1g */ && |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
838 OPENSSL_VERSION_NUMBER >= 0x1000100fL /* openssl-1.0.1 */) |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
839 { |
749 | 840 LOG(WARNING) << "This version of OpenSSL is vulnerable to the Heartbleed exploit"; |
748
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
841 } |
de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
689
diff
changeset
|
842 #endif |
0 | 843 } |
844 | |
845 | |
846 MongooseServer::~MongooseServer() | |
847 { | |
848 Stop(); | |
849 } | |
850 | |
851 | |
128 | 852 void MongooseServer::SetPortNumber(uint16_t port) |
0 | 853 { |
854 Stop(); | |
855 port_ = port; | |
856 } | |
857 | |
858 void MongooseServer::Start() | |
859 { | |
860 if (!IsRunning()) | |
861 { | |
862 std::string port = boost::lexical_cast<std::string>(port_); | |
863 | |
23 | 864 if (ssl_) |
865 { | |
866 port += "s"; | |
867 } | |
868 | |
0 | 869 const char *options[] = { |
1110
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
870 // Set the TCP port for the HTTP server |
0 | 871 "listening_ports", port.c_str(), |
1110
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
872 |
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
873 // Optimization reported by Chris Hafey |
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
874 // https://groups.google.com/d/msg/orthanc-users/CKueKX0pJ9E/_UCbl8T-VjIJ |
1115
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
875 "enable_keep_alive", (keepAlive_ ? "yes" : "no"), |
1110
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
876 |
becde5351e47
preparing to update mongoose
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1100
diff
changeset
|
877 // Set the SSL certificate, if any. This must be the last option. |
23 | 878 ssl_ ? "ssl_certificate" : NULL, |
879 certificate_.c_str(), | |
0 | 880 NULL |
881 }; | |
882 | |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
883 #if MONGOOSE_USE_CALLBACKS == 0 |
0 | 884 pimpl_->context_ = mg_start(&Callback, this, options); |
1112
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
885 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
886 #elif MONGOOSE_USE_CALLBACKS == 1 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
887 struct mg_callbacks callbacks; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
888 memset(&callbacks, 0, sizeof(callbacks)); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
889 callbacks.begin_request = Callback; |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
890 pimpl_->context_ = mg_start(&callbacks, this, options); |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
891 |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
892 #else |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
893 #error Please set MONGOOSE_USE_CALLBACKS |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
894 #endif |
a119f9ae3640
upgrade to Mongoose 3.8
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1110
diff
changeset
|
895 |
0 | 896 if (!pimpl_->context_) |
897 { | |
1582
bd1889029cbb
encoding of exceptions
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1575
diff
changeset
|
898 throw OrthancException(ErrorCode_HttpPortInUse); |
0 | 899 } |
900 } | |
901 } | |
902 | |
903 void MongooseServer::Stop() | |
904 { | |
905 if (IsRunning()) | |
906 { | |
907 mg_stop(pimpl_->context_); | |
908 pimpl_->context_ = NULL; | |
909 } | |
910 } | |
911 | |
912 | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
913 void MongooseServer::ClearUsers() |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
914 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
915 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
916 registeredUsers_.clear(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
917 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
918 |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
919 |
23 | 920 void MongooseServer::RegisterUser(const char* username, |
921 const char* password) | |
922 { | |
923 Stop(); | |
24 | 924 |
925 std::string tag = std::string(username) + ":" + std::string(password); | |
809
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
926 std::string encoded; |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
927 Toolbox::EncodeBase64(encoded, tag); |
8ce2f69436ca
do not return strings with base64
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
749
diff
changeset
|
928 registeredUsers_.insert(encoded); |
23 | 929 } |
930 | |
931 void MongooseServer::SetSslEnabled(bool enabled) | |
932 { | |
933 Stop(); | |
934 | |
59 | 935 #if ORTHANC_SSL_ENABLED == 0 |
23 | 936 if (enabled) |
937 { | |
1674
4fc502d469f4
fix build if SSL is disabled
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1649
diff
changeset
|
938 throw OrthancException(ErrorCode_SslDisabled); |
23 | 939 } |
940 else | |
941 { | |
942 ssl_ = false; | |
943 } | |
944 #else | |
945 ssl_ = enabled; | |
946 #endif | |
947 } | |
948 | |
1115
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
949 |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
950 void MongooseServer::SetKeepAliveEnabled(bool enabled) |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
951 { |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
952 Stop(); |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
953 keepAlive_ = enabled; |
2069
fabf7820d1f1
New configuration options: "DicomScuTimeout" and "DicomScpTimeout" + validation of non-negative options
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1977
diff
changeset
|
954 LOG(INFO) << "HTTP keep alive is " << (enabled ? "enabled" : "disabled"); |
1115
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
955 } |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
956 |
da56a7916e8a
Experimental "KeepAlive" configuration option to enable HTTP Keep-Alive
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1113
diff
changeset
|
957 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
958 void MongooseServer::SetAuthenticationEnabled(bool enabled) |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
959 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
960 Stop(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
961 authentication_ = enabled; |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
962 } |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
963 |
23 | 964 void MongooseServer::SetSslCertificate(const char* path) |
965 { | |
966 Stop(); | |
967 certificate_ = path; | |
968 } | |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
969 |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
970 void MongooseServer::SetRemoteAccessAllowed(bool allowed) |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
971 { |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
972 Stop(); |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
973 remoteAllowed_ = allowed; |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
974 } |
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
975 |
1517 | 976 void MongooseServer::SetHttpCompressionEnabled(bool enabled) |
977 { | |
978 Stop(); | |
979 httpCompression_ = enabled; | |
1518 | 980 LOG(WARNING) << "HTTP compression is " << (enabled ? "enabled" : "disabled"); |
1517 | 981 } |
1592
d73124f6b439
configuration option HttpDescribeErrors
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1582
diff
changeset
|
982 |
409
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
983 void MongooseServer::SetIncomingHttpRequestFilter(IIncomingHttpRequestFilter& filter) |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
984 { |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
985 Stop(); |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
986 filter_ = &filter; |
63f707278fc8
lua filtering of incoming http requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
398
diff
changeset
|
987 } |
34
96e57b863dd9
option to disallow remote access
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
25
diff
changeset
|
988 |
1645
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
989 |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
990 void MongooseServer::SetHttpExceptionFormatter(IHttpExceptionFormatter& formatter) |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
991 { |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
992 Stop(); |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
993 exceptionFormatter_ = &formatter; |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
994 } |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
995 |
1558b3226b18
IHttpExceptionFormatter
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1644
diff
changeset
|
996 |
25
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
997 bool MongooseServer::IsValidBasicHttpAuthentication(const std::string& basic) const |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
998 { |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
999 return registeredUsers_.find(basic) != registeredUsers_.end(); |
dd1489098265
basic http authentication
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
24
diff
changeset
|
1000 } |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1001 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1002 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1003 void MongooseServer::Register(IHttpHandler& handler) |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1004 { |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1005 Stop(); |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1006 handler_ = &handler; |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1007 } |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1008 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1009 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1010 IHttpHandler& MongooseServer::GetHandler() const |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1011 { |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1012 if (handler_ == NULL) |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1013 { |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1014 throw OrthancException(ErrorCode_InternalError); |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1015 } |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1016 |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1017 return *handler_; |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1441
diff
changeset
|
1018 } |
0 | 1019 } |