websocketpp::http::status_code::value FileServer::handlePostRequest(const websocketpp::http::parser::request& aRequest, std::string& output_, StringPairList& headers_, const SessionPtr& aSession) noexcept { const auto& requestPath = aRequest.get_uri(); if (requestPath == "/temp") { if (!aSession || !aSession->getUser()->hasPermission(Access::FILESYSTEM_EDIT)) { output_ = "Not authorized"; return websocketpp::http::status_code::unauthorized; } const auto fileName = Util::toString(Util::rand()); const auto filePath = Util::getTempPath() + fileName; try { File file(filePath, File::WRITE, File::TRUNCATE | File::CREATE, File::BUFFER_SEQUENTIAL); file.write(aRequest.get_body()); } catch (const FileException& e) { output_ = "Failed to write the file: " + e.getError(); return websocketpp::http::status_code::internal_server_error; } { WLock l(cs); tempFiles.emplace(fileName, filePath); } headers_.emplace_back("Location", fileName); return websocketpp::http::status_code::created; } output_ = "Requested resource was not found"; return websocketpp::http::status_code::not_found; }
websocketpp::http::status_code::value ApiRouter::handleHttpRequest(const string& aRequestPath, const websocketpp::http::parser::request& aRequest, json& output_, json& error_, bool aIsSecure, const string& aIp) noexcept { SessionPtr session = nullptr; auto token = aRequest.get_header("Authorization"); if (token != websocketpp::http::empty_header) { session = WebServerManager::getInstance()->getUserManager().getSession(token); } auto& requestBody = aRequest.get_body(); dcdebug("Received HTTP request: %s\n", aRequest.get_body().c_str()); try { ApiRequest apiRequest(aRequestPath, aRequest.get_method(), output_, error_); apiRequest.validate(); apiRequest.parseHttpRequestJson(requestBody); apiRequest.setSession(session); return handleRequest(apiRequest, aIsSecure, nullptr, aIp); } catch (const std::exception& e) { error_ = { "message", "Parsing failed: " + string(e.what()) }; return websocketpp::http::status_code::bad_request; } return websocketpp::http::status_code::ok; }
websocketpp::http::status_code::value FileServer::handleRequest(const websocketpp::http::parser::request& aRequest, string& output_, StringPairList& headers_, const SessionPtr& aSession) noexcept { if (aRequest.get_method() == "GET") { return handleGetRequest(aRequest, output_, headers_, aSession); } else if (aRequest.get_method() == "POST") { return handlePostRequest(aRequest, output_, headers_, aSession); } output_ = "Requested resource was not found"; return websocketpp::http::status_code::not_found; }
string FileServer::parseResourcePath(const string& aResource, const websocketpp::http::parser::request& aRequest, StringPairList& headers_) const { // Serve files only from the resource directory if (aResource.empty() || aResource.find("..") != std::string::npos) { throw RequestException(websocketpp::http::status_code::bad_request, "Invalid resource path"); } auto request = aResource; auto extension = getExtension(request); if (!extension.empty()) { dcassert(extension[0] != '.'); // We have compressed versions only for JS files if (extension == "js" && aRequest.get_header("Accept-Encoding").find("gzip") != string::npos) { request += ".gz"; // The Content-Encoding header will be set only after the file has been read successfully // as gzip encoding shouldn't be used in case of errors... } if (extension != "html" && aResource != "/sw.js") { // File versioning is done with hashes in filenames (except for the index file and service worker) addCacheControlHeader(headers_, 365); } } else { // Forward all requests for non-static files to index // (but try to report API requests or other downloads with an invalid path) if (aRequest.get_header("Accept").find("text/html") == string::npos) { if (aRequest.get_header("Content-Type") == "application/json") { throw RequestException(websocketpp::http::status_code::not_acceptable, "File server won't serve JSON files. Did you mean \"/api" + aResource + "\" instead?"); } throw RequestException(websocketpp::http::status_code::not_found, "Invalid file path (hint: use \"Accept: text/html\" if you want index.html)"); } request = "index.html"; // The main chunk name may change and it's stored in the HTML file addCacheControlHeader(headers_, 0); } // Avoid double separators because of assertions if (!request.empty() && request.front() == '/') { request = request.substr(1); } // For windows Util::replace(request, "/", PATH_SEPARATOR_STR); return resourcePath + request; }
string FileServer::parseResourcePath(const string& aResource, const websocketpp::http::parser::request& aRequest, StringPairList& headers_) const noexcept { auto request = aResource; auto extension = getExtension(request); if (!extension.empty()) { // Strip the dot extension = extension.substr(1); // We have compressed versions only for JS files if (extension == "js" && aRequest.get_header("Accept-Encoding").find("gzip") != string::npos) { request += ".gz"; headers_.emplace_back("Content-Encoding", "gzip"); } } else if (request.find("/build") != 0 && request != "/favicon.ico") { // Forward all requests for non-static files to index request = "/index.html"; } // For windows Util::replace(request, "/", PATH_SEPARATOR_STR); return resourcePath + request; }
websocketpp::http::status_code::value FileServer::handleGetRequest(const websocketpp::http::parser::request& aRequest, string& output_, StringPairList& headers_, const SessionPtr& aSession) noexcept { const auto& requestUrl = aRequest.get_uri(); dcdebug("Requesting file %s\n", requestUrl.c_str()); // Get the disk path string filePath; try { if (requestUrl.length() >= 6 && requestUrl.compare(0, 6, "/view/") == 0) { filePath = parseViewFilePath(requestUrl.substr(6), headers_, aSession); } else { filePath = parseResourcePath(requestUrl, aRequest, headers_); } } catch (const RequestException& e) { output_ = e.what(); return e.getCode(); } auto fileSize = File::getSize(filePath); int64_t startPos = 0, endPos = fileSize - 1; auto partialContent = parsePartialRange(aRequest.get_header("Range"), startPos, endPos); // Read file try { File f(filePath, File::READ, File::OPEN); f.setPos(startPos); output_ = f.read(static_cast<size_t>(endPos) + 1); } catch (const FileException& e) { dcdebug("Failed to serve the file %s: %s\n", filePath.c_str(), e.getError().c_str()); output_ = e.getError(); return websocketpp::http::status_code::not_found; } catch (const std::bad_alloc&) { output_ = "Not enough memory on the server to serve this request"; return websocketpp::http::status_code::internal_server_error; } { const auto ext = Util::getFileExt(filePath); if (ext == ".nfo") { string encoding; // Platform-independent encoding conversion function could be added if there is more use for it #ifdef _WIN32 encoding = "CP.437"; #else encoding = "cp437"; #endif output_ = Text::toUtf8(output_, encoding); } else if (ext == ".gz" && aRequest.get_header("Accept-Encoding").find("gzip") != string::npos) { headers_.emplace_back("Content-Encoding", "gzip"); } } { // Get the mime type (but get it from the original request with gzipped content) auto usingEncoding = find_if(headers_.begin(), headers_.end(), CompareFirst<string, string>("Content-Encoding")) != headers_.end(); auto type = getMimeType(usingEncoding ? requestUrl : filePath); if (type) { headers_.emplace_back("Content-Type", type); } } if (partialContent) { headers_.emplace_back("Content-Range", formatPartialRange(startPos, endPos, fileSize)); headers_.emplace_back("Accept-Ranges", "bytes"); return websocketpp::http::status_code::partial_content; } return websocketpp::http::status_code::ok; }