SSL_SESSION *uwsgi_ssl_session_get_cb(SSL *ssl, unsigned char *key, int keylen, int *copy) {
uint64_t valsize = 0;
*copy = 0;
uwsgi_rlock(uwsgi.ssl_sessions_cache->lock);
char *value = uwsgi_cache_get2(uwsgi.ssl_sessions_cache, (char *)key, keylen, &valsize);
if (!value) {
uwsgi_rwunlock(uwsgi.ssl_sessions_cache->lock);
if (uwsgi.ssl_verbose) {
uwsgi_log("[uwsgi-ssl] cache miss\n");
}
return NULL;
}
SSL_SESSION *sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&value, valsize);
uwsgi_rwunlock(uwsgi.ssl_sessions_cache->lock);
return sess;
}
int uwsgi_file_serve(struct wsgi_request *wsgi_req, char *document_root, uint16_t document_root_len, char *path_info, uint16_t path_info_len, int is_a_file) {
struct stat st;
char real_filename[PATH_MAX + 1];
size_t real_filename_len = 0;
char *filename = NULL;
size_t filename_len = 0;
struct uwsgi_string_list *index = NULL;
if (!is_a_file) {
filename = uwsgi_concat3n(document_root, document_root_len, "/", 1, path_info, path_info_len);
filename_len = document_root_len + 1 + path_info_len;
}
else {
filename = uwsgi_concat2n(document_root, document_root_len, "", 0);
filename_len = document_root_len;
}
#ifdef UWSGI_DEBUG
uwsgi_log("[uwsgi-fileserve] checking for %s\n", filename);
#endif
if (uwsgi.static_cache_paths) {
uwsgi_rlock(uwsgi.static_cache_paths->lock);
uint64_t item_len;
char *item = uwsgi_cache_get2(uwsgi.static_cache_paths, filename, filename_len, &item_len);
if (item && item_len > 0 && item_len <= PATH_MAX) {
memcpy(real_filename, item, item_len);
real_filename_len = item_len;
uwsgi_rwunlock(uwsgi.static_cache_paths->lock);
goto found;
}
uwsgi_rwunlock(uwsgi.static_cache_paths->lock);
}
if (!realpath(filename, real_filename)) {
#ifdef UWSGI_DEBUG
uwsgi_log("[uwsgi-fileserve] unable to get realpath() of the static file\n");
#endif
free(filename);
return -1;
}
real_filename_len = strlen(real_filename);
if (uwsgi.static_cache_paths) {
uwsgi_wlock(uwsgi.static_cache_paths->lock);
uwsgi_cache_set2(uwsgi.static_cache_paths, filename, filename_len, real_filename, real_filename_len, uwsgi.use_static_cache_paths, UWSGI_CACHE_FLAG_UPDATE);
uwsgi_rwunlock(uwsgi.static_cache_paths->lock);
}
found:
free(filename);
if (uwsgi_starts_with(real_filename, real_filename_len, document_root, document_root_len)) {
struct uwsgi_string_list *safe = uwsgi.static_safe;
while(safe) {
if (!uwsgi_starts_with(real_filename, real_filename_len, safe->value, safe->len)) {
goto safe;
}
safe = safe->next;
}
uwsgi_log("[uwsgi-fileserve] security error: %s is not under %.*s or a safe path\n", real_filename, document_root_len, document_root);
return -1;
}
safe:
if (!uwsgi_static_stat(wsgi_req, real_filename, &real_filename_len, &st, &index)) {
if (index) {
// if we are here the PATH_INFO need to be changed
if (uwsgi_req_append_path_info_with_index(wsgi_req, index->value, index->len)) {
return -1;
}
}
// skip methods other than GET and HEAD
if (uwsgi_strncmp(wsgi_req->method, wsgi_req->method_len, "GET", 3) && uwsgi_strncmp(wsgi_req->method, wsgi_req->method_len, "HEAD", 4)) {
return -1;
}
// check for skippable ext
struct uwsgi_string_list *sse = uwsgi.static_skip_ext;
while (sse) {
if (real_filename_len >= sse->len) {
if (!uwsgi_strncmp(real_filename + (real_filename_len - sse->len), sse->len, sse->value, sse->len)) {
return -1;
}
}
sse = sse->next;
}
#ifdef UWSGI_ROUTING
// before sending the file, we need to check if some rule applies
if (!wsgi_req->is_routing && uwsgi_apply_routes_do(wsgi_req, NULL, 0) == UWSGI_ROUTE_BREAK) {
return 0;
}
wsgi_req->routes_applied = 1;
#endif
return uwsgi_real_file_serve(wsgi_req, real_filename, real_filename_len, &st);
}
return -1;
}
