bool CWRequest::ReceiveFromWeb(string* pSessionID, string* pRequestID, bool* pThisIsCookieCheck, bool* pCookieCheckOk, bool* pLongPolling, bool* pKeepAlive, string* pErrorMessage)
{
Clear();
CGI_varlist* query = 0;
CGI_varlist* post = 0;
CGI_varlist* cookie = 0;
string file_upload_template = TempDir() + "cgi-upload-XXXXXX";
query = CGI_get_query(NULL);
post = CGI_get_post(NULL, file_upload_template.c_str());
cookie = CGI_get_cookie(NULL);
if(query != 0)
{
const char *name = 0;
CGI_value *value = 0;
for(name = CGI_first_name(query); name != 0; name = CGI_next_name(query))
{
value = CGI_lookup_all(query, 0);
for(int i = 0; value[i] != 0; i++)
{
string name_value = "";
name_value = name_value + name;
name_value = name_value + "=";
name_value = name_value + value[i];
Query->Add(name_value);
}
}
}
if(post != 0)
{
const char *name = 0;
CGI_value *value = 0;
for(name = CGI_first_name(post); name != 0; name = CGI_next_name(post))
{
value = CGI_lookup_all(post, 0);
for(int i = 0; value[i] != 0; i++)
{
string name_value = "";
name_value = name_value + name;
name_value = name_value + "=";
name_value = name_value + value[i];
Post->Add(name_value);
}
}
}
if(cookie != 0)
{
const char *name = 0;
CGI_value *value = 0;
for(name = CGI_first_name(cookie); name != 0; name = CGI_next_name(cookie))
{
value = CGI_lookup_all(cookie, 0);
for(int i = 0; value[i] != 0; i++)
{
string name_value = "";
name_value = name_value + name;
name_value = name_value + "=";
name_value = name_value + value[i];
Cookie->Add(name_value);
}
}
}
CGI_free_varlist(cookie);
CGI_free_varlist(post);
CGI_free_varlist(query);
// environment variables
Env->SetValue("SERVER_NAME", GetEnv("SERVER_NAME"));
Env->SetValue("SERVER_PORT", GetEnv("SERVER_PORT"));
Env->SetValue("SCRIPT_NAME", GetEnv("SCRIPT_NAME"));
Env->SetValue("REQUEST_METHOD", GetEnv("REQUEST_METHOD"));
Env->SetValue("DOCUMENT_ROOT", GetEnv("DOCUMENT_ROOT"));
Env->SetValue("REMOTE_ADDR", GetEnv("REMOTE_ADDR"));
Env->SetValue("HTTP_USER_AGENT", GetEnv("HTTP_USER_AGENT"));
Env->SetValue("HTTP_REFERER", GetEnv("HTTP_REFERER"));
Env->SetValue("HTTP_COOKIE", GetEnv("HTTP_COOKIE"));
Env->SetValue("CONTENT_TYPE", GetEnv("CONTENT_TYPE"));
Env->SetValue("HTTPS", GetEnv("HTTPS"));
// read and return session_id
string session_id = Cookie->GetValue("session_id");
string request_id = CreateRequestID();
bool this_is_cookie_check = GetValue("cookie_check") == "1" || GetValue("cookie_check") == "true";
DeleteNameValue("cookie_check");
bool cookie_check_ok = Cookie->GetValue("cookie_check_data") == "123";
bool long_polling = GetValue("long_polling") == "1" || GetValue("long_polling") == "true";
bool keep_alive = GetValue("keep_alive") == "1" || GetValue("keep_alive") == "true";
if(pSessionID != NULL) *pSessionID = session_id;
if(pRequestID != NULL) *pRequestID = request_id;
if(pThisIsCookieCheck != NULL) *pThisIsCookieCheck = this_is_cookie_check;
if(pCookieCheckOk != NULL) *pCookieCheckOk = cookie_check_ok;
if(pLongPolling != NULL) *pLongPolling = long_polling;
if(pKeepAlive != NULL) *pKeepAlive = keep_alive;
return true;
}
int main(int argc, char **argv)
{
CGI_varlist *varlist; const char *name; CGI_value *value; int i,j,iter,portflag = 0; cJSON *json; long offset;
char urlbuf[512],namebuf[512],postbuf[65536],*retstr,*delim,*url = 0;
setenv("CONTENT_TYPE", "application/x-www-form-urlencoded", 1);
json = cJSON_CreateObject();
for (i=j=0; argv[0][i]!=0; i++)
if ( argv[0][i] == '/' || argv[0][i] == '\\' )
j = i+1;
strcpy(namebuf,&argv[0][j]);
offset = strlen(namebuf) - 4;
if ( offset > 0 && strcmp(".exe",namebuf + offset) == 0 )
namebuf[offset] = 0;
if ( strcmp(namebuf,"api") != 0 )
cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
if ( strcmp("nxt",namebuf) == 0 )
url = "http://127.0.0.1:7876/nxt";
else if ( strcmp("nxts",namebuf) == 0 )
url = "https://127.0.0.1:7876/nxt";
else if ( strcmp("port",namebuf) == 0 )
url = "http://127.0.0.1", portflag = 1;
else if ( strcmp("ports",namebuf) == 0 )
url = "https://127.0.0.1", portflag = 1;
if ( url != 0 )
postbuf[0] = 0, delim = "";
for (iter=0; iter<2; iter++)
{
if ( (varlist= ((iter==0) ? CGI_get_post(0,0) : CGI_get_query(0))) != 0 )
{
for (name=CGI_first_name(varlist); name!=0; name=CGI_next_name(varlist))
{
value = CGI_lookup_all(varlist,0);
for (i=0; value[i]!=0; i++)
{
//fprintf(stderr,"%s [%d] = %s\r\n", name, i, value[i]);
if ( i == 0 )
{
if ( url == 0 )
cJSON_AddItemToObject(json,name,cJSON_CreateString(value[i]));
else
{
if ( portflag != 0 && strncmp(name,"port",strlen("port")) == 0 )
sprintf(urlbuf,"%s:%s",url,value[i]), url = urlbuf, portflag = 0;
else sprintf(postbuf + strlen(postbuf),"%s%s=%s",delim,name,value[i]), delim = "&";
}
}
}
}
}
CGI_free_varlist(varlist);
}
fputs("Access-Control-Allow-Origin: null\r\n",stdout);
fputs("Access-Control-Allow-Headers: Authorization, Content-Type\r\n",stdout);
fputs("Access-Control-Allow-Credentials: true\r\n",stdout);
fputs("Access-Control-Allow-Methods: GET, POST, OPTIONS\r\n",stdout);
fputs("Content-type: text/plain\r\n",stdout);
if ( url != 0 )
{
fprintf(stderr,"url.(%s) (%s)\n",url,postbuf);
if ( (retstr= issue_POST(url,postbuf)) != 0 )
{
//fprintf(stderr,"%s",retstr);
printf("Content-Length: %ld\r\n\r\n",strlen(retstr)+2);
printf("%s\r\n",retstr);
free(retstr);
} else printf("{\"error\":\"null return from issue_NXTPOST\"}\r\n");
}
else
{
process_json(json);
}
free_json(json);
return 0;
}
int main(int argc, char **argv)
{
void portable_OS_init();
CGI_varlist *varlist; const char *name; char namebuf[512],postbuf[65536],*remoteaddr,*str=0,*retstr,*delim,*url = 0;
int i,j,iter,localaccess=0,doneflag=0,portflag = 0; cJSON *json; long offset; CGI_value *value; struct destbuf urlbuf;
portable_OS_init();
setenv("CONTENT_TYPE", "application/x-www-form-urlencoded", 1);
json = cJSON_CreateObject();
if ( (remoteaddr= getenv("REMOTE_ADDR")) == 0 || strncmp("127.0.0.1",remoteaddr,strlen("127.0.0.1")) == 0 )
remoteaddr = 0,localaccess = 1;
else cJSON_AddItemToObject(json,"remoteaddr",cJSON_CreateString(remoteaddr));
for (i=j=0; argv[0][i]!=0; i++)
if ( argv[0][i] == '/' || argv[0][i] == '\\' )
j = i+1;
strcpy(namebuf,&argv[0][j]);
offset = strlen(namebuf) - 4;
if ( offset > 0 && strcmp(".exe",namebuf + offset) == 0 )
namebuf[offset] = 0;
if ( offset > 0 && strcmp(".cgi",namebuf + offset) == 0 )
namebuf[offset] = 0;
if ( strcmp(namebuf,"init") == 0 || strcmp(namebuf,"") == 0 || strcmp(namebuf,"index.cgi") == 0 )
{
// "http://178.63.60.131/init/?requestType=status&coin=VRC"
//"http://78.47.115.250:7777/public?plugin=relay&method=busdata&servicename=MGW&serviceNXT=8119557380101451968&destplugin=MGW&submethod=status&coin=BTC"
if ( strcmp(namebuf,"api") != 0 )
cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
cJSON_AddItemToObject(json,"plugin",cJSON_CreateString("relay"));
cJSON_AddItemToObject(json,"method",cJSON_CreateString("busdata"));
cJSON_AddItemToObject(json,"servicename",cJSON_CreateString("MGW"));
cJSON_AddItemToObject(json,"serviceNXT",cJSON_CreateString("8119557380101451968"));
cJSON_AddItemToObject(json,"destplugin",cJSON_CreateString("MGW"));
if ( jstr(json,"requestType") != 0 )
cJSON_AddItemToObject(json,"submethod",cJSON_CreateString(jstr(json,"requestType")));
}
if ( strcmp("nxt",namebuf) == 0 )
{
if ( setnxturl(&urlbuf) != 0 )
url = urlbuf.buf;
else url = "http://127.0.0.1:7876/nxt";
}
else if ( strcmp("nxts",namebuf) == 0 )
url = "https://127.0.0.1:7876/nxt";
else if ( strcmp("port",namebuf) == 0 )
url = "http://127.0.0.1", portflag = 1;
else if ( strcmp("ports",namebuf) == 0 )
url = "https://127.0.0.1", portflag = 1;
fprintf(stderr,"namebuf.(%s)\n",namebuf);
if ( url != 0 )
postbuf[0] = 0, delim = "";
for (iter=0; iter<3; iter++)
{
if ( (varlist= ((iter==0) ? CGI_get_post(0,0) : ((iter==1) ? CGI_get_query(0) : CGI_get_cookie(0)))) != 0 )
{
for (name=CGI_first_name(varlist); name!=0&&doneflag==0; name=CGI_next_name(varlist))
{
value = CGI_lookup_all(varlist,0);
for (i=0; value[i]!=0; i++)
{
fprintf(stderr,"iter.%d %s [%d] = %s\r\n",iter,name,i,value[i]);
if ( i == 0 )
{
if ( url == 0 )
{
if ( strcmp(name,"stringified") == 0 || strcmp(namebuf,"stringified") == 0 )
{
char *unstringify(char *str);
cJSON *obj;
if ( (obj= cJSON_Parse(name)) == 0 )
{
str = malloc(strlen(value[i])+1);
strcpy(str,value[i]);
unstringify(str);
printf("unstringify (%s) -> (%s)\n",value[i],str);
obj= cJSON_Parse(str);
}
if ( obj != 0 )
{
//unstringified ((null)) -> ({"stringified":{"method":"orderbook","baseid":"12071612744977229797","relid":"5527630","maxdepth":"1"},"agent":"InstantDEX"})
free_json(json);
if ( jobj(obj,"stringified") != 0 )
json = cJSON_Duplicate(jobj(obj,"stringified"),1), free_json(obj);
else json = obj;
cJSON_AddItemToObject(json,"agent",cJSON_CreateString("InstantDEX"));
if ( remoteaddr != 0 && remoteaddr[0] != 0 )
cJSON_AddItemToObject(json,"remoteaddr",cJSON_CreateString(remoteaddr));
fprintf(stderr,"unstringified (%s) -> (%s)\n",str!=0?str:"",jprint(json,0));
if ( str != 0 )
free(str);
doneflag = 1;
break;
}
}
cJSON_AddItemToObject(json,name,cJSON_CreateString(value[i]));
}
else
{
if ( portflag != 0 && strncmp(name,"port",strlen("port")) == 0 )
sprintf(urlbuf.buf,"%s:%s",url,value[i]), url = urlbuf.buf, portflag = 0;
else sprintf(postbuf + strlen(postbuf),"%s%s=%s",delim,name,value[i]), delim = "&";
}
}
}
}
}
CGI_free_varlist(varlist);
}
if ( localaccess == 0 )
fputs("Access-Control-Allow-Origin: *\r\n",stdout);
else fputs("Access-Control-Allow-Origin: null\r\n",stdout);
fputs("Access-Control-Allow-Credentials: true\r\n",stdout);
fputs("Access-Control-Allow-Headers: Authorization, Content-Type\r\n",stdout);
fputs("Access-Control-Allow-Methods: GET, POST, OPTIONS\r\n",stdout);
fputs("Cache-Control: no-cache, no-store, must-revalidate\r\n",stdout);
fputs("Content-type: text/plain\r\n",stdout);
if ( url != 0 )
{
fprintf(stderr,"url.(%s) (%s)\n",url,postbuf);
if ( (retstr= issue_POST(url,postbuf)) != 0 )
{
//fprintf(stderr,"%s",retstr);
printf("Content-Length: %ld\r\n\r\n",strlen(retstr)+2);
printf("%s\r\n",retstr);
free(retstr);
} else printf("{\"error\":\"null return from issue_NXTPOST\"}\r\n");
}
else
{
if ( jobj(json,"agent") == 0 && strcmp(namebuf,"api") != 0 )
cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
fprintf(stderr,"PROCESS.(%s)\n",jprint(json,0));
process_json(json,remoteaddr,localaccess);
}
free_json(json);
return 0;
}
int main(int argc, char **argv)
{
CGI_varlist *vl;
int tlen = strlen(TMP_PATH);
FILE *log;
const char *name, *dir;
char prefix[BUFSIZ] = UPL_PATH, dst[BUFSIZ], srv[BUFSIZ],
*p = getenv("SCRIPT_NAME");
umask(umask((mode_t)0)|S_IWUSR|S_IWGRP|S_IWOTH|S_IXUSR|S_IXGRP|S_IXOTH);
printf("Content-type: text/plain\r\n\r\n");
if(p != NULL) /* The CGI-reported basename must be the target server */
{
char genbuf[BUFSIZ];
if(strlcpy(dst, p, BUFSIZ) >= BUFSIZ) return 1; /* These are self- */
if((p = strrchr(dst, '/')) != NULL) p++; else p = dst;
if(strlcpy(genbuf, p, BUFSIZ) >= BUFSIZ) return 1; /* inflicted errors */
if(strlcpy(srv, p, BUFSIZ) >= BUFSIZ) return 1; /* that users should*/
if((p = strchr(genbuf, '.')) != NULL) *p = '\0';
if((p = strchr(srv, '.')) != NULL) *p = '\0';
if(strlcat(prefix, genbuf, BUFSIZ) >= BUFSIZ ||
strlcat(prefix, "-", BUFSIZ) >= BUFSIZ) return 1; /* not normally see */
} else { e("config error"); return 1; }
if((log = fopen(LOG_PATH, "a")) == NULL) { e("log error"); return 1; }
if((vl = CGI_get_all(TMP_PATH"-XXXXXX")) == 0 ) { e("nodata"); return 1; }
/*All files received--force to disk: sync && echo 3 > /proc/sys/vm/drop_caches*/
sync(); /* Suggest to disk */
if((dir = CGI_lookup(vl, "dir")))
{
FILE *dirs = fopen(DIR_PATH, "r"); /* SMB server permitted directories */
char genbuf[BUFSIZ], f = 1;
if(!dirs) { e("no dir"); return 1; }
while(fgets(genbuf, BUFSIZ, dirs))
{ /* Remove the fgets-included newline */
if((p = strrchr(genbuf, '\n')) != NULL) *p = '\0';
if(!strcmp(genbuf, dir)) { f = 0; break; }
}
fclose(dirs);
if(f) { e("no dir"); return 1; }
}
else { e("no dir"); return 1; }
printf("%s\n", dir);
for(name = CGI_first_name(vl); name != 0; name = CGI_next_name(vl))
{
int i;
CGI_value *val;
if(!(val = CGI_lookup_all(vl, 0))) continue;
for(i = 0; val[i]; i++)
{
struct stat junk_buf; /* Does filename match TMP_PATH, and exist? */
if(!strncmp(val[i], TMP_PATH, tlen) && !stat(val[i], &junk_buf))
{ /* RFC-1867 files come in name pairs, and the index must be advanced. */
FILE *goodfile;
const char *z;
time_t epoch = time(NULL);
struct tm *now = localtime(&epoch);
int j = i++; /* Now, val[j] == tmp_name, val[i] == user's sent name. */
strftime(dst, BUFSIZ, "%y/%m/%d %H:%M:%S", now);
fprintf(log, "%s %s %s", dst, getenv("REMOTE_ADDR"), val[i]);
if((z = strrchr(val[i], '/')) != NULL) z++; else z = val[i];
if((p = strrchr(z, '\\')) != NULL) z = p + 1; /* IE sends full path. */
if(strlcpy(dst, prefix, BUFSIZ) >= BUFSIZ ||
strlcat(dst, z, BUFSIZ) >= BUFSIZ) /* Skip if basename oversized. */
{
e("error\n");
fprintf(log, " _FLEN-RETAINED_ %s\n", val[j]);
continue;
}
if(link(val[j], dst) && /* On link failure, try to keep this data. */
(strlcat(dst, val[j] + tlen, BUFSIZ) >= BUFSIZ || /* new filename */
link(val[j], dst))) /* mkstemp suffix appended */
{
printf("name_error\t%s\n", val[i]);
fprintf(log, " _LINK-RETAINED_ %s\n", val[j]);
continue;
} else fprintf(log, " _RENAMED_ %s", dst);
if(unlink(val[j]))
{
printf("tmp_error\t%s\n", val[i]); /* This is not a fatal error */
fprintf(log, " _UNLINK-RETAINED_ %s", val[j]);
}
fprintf(log,"\n");
if((goodfile = fopen(dst, "r")))
{
SHA256_CTX ctx;
uchar buf[BUFSIZ];
char cmd[BUFSIZ], dirbuf[BUFSIZ];
/* Report the sha256sum--at least client can verify this leg of the trip */
sha256_init(&ctx);
while((j = fread(buf, 1, BUFSIZ, goodfile))) sha256_update(&ctx, buf, j);
sha256_final(&ctx, buf);
fclose(goodfile);
for(j = 0; j < 32; j++) printf("%02x", buf[j]);
printf("\t%s\n", val[i]);
/* Build the smbclient command line - add -e for encryption if desired */
if(strlcpy(cmd, "smbclient -mSMB3 -A/usr/local/etc/.", BUFSIZ) >= BUFSIZ ||
strlcat(cmd, srv, BUFSIZ) >= BUFSIZ ||/*Note:smbclient didn't get*/
strlcat(cmd, ".auth '//", BUFSIZ) >= BUFSIZ ||/* SMB3 until Samba v4.1*/
strlcat(cmd, srv, BUFSIZ) >= BUFSIZ) { E(); continue; }
if(*dir != '/' && strlcat(cmd, "/", BUFSIZ) >= BUFSIZ) { E(); continue; }
if( strlcpy(dirbuf, dir, BUFSIZ) >= BUFSIZ) { E(); continue; }
if((p = strchr(dirbuf + 1, '/')) != NULL)
{ /* Pull the share name off, then cd to subdir */
*p = '\0';
if(strlcat(cmd, dirbuf, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "' -c 'cd \"", BUFSIZ) >= BUFSIZ ||
strlcat(cmd, p + 1, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "\"; ", BUFSIZ) >= BUFSIZ) { E(); continue; }
} /* smbclient doesn't cd properly if this isn't done */
else
{ /* No subdir, so put directly */
if(strlcat(cmd, dir, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "' -c '", BUFSIZ) >= BUFSIZ) { E(); continue; }
}
if(strlcat(cmd, "put \"", BUFSIZ) >= BUFSIZ ||
strlcat(cmd, dst, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "\" \"", BUFSIZ) >= BUFSIZ ||
strlcat(cmd, z, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "\"; dir \"", BUFSIZ) >= BUFSIZ ||
strlcat(cmd, z, BUFSIZ) >= BUFSIZ ||
strlcat(cmd, "\"' 2>&1", BUFSIZ) >= BUFSIZ) { E(); continue; }
fprintf(log, "%s\n", cmd);
if((goodfile = popen(cmd, "r"))) /* Run the SMB transfer */
{
while(fgets(cmd, BUFSIZ, goodfile)) printf("%s", cmd);
pclose(goodfile);
}
}
}
}
}
CGI_free_varlist(vl);
fclose(log);
fflush(NULL);
return 0;
}