import std/options
import std/os
import std/posix
import std/strutils
import io/dynstream
import io/posixstream
import io/stdio
import loader/connecterror
import loader/headers
import loader/loaderhandle
import loader/request
import types/formdata
import types/url
import utils/twtstr
proc putMappedURL(url: URL) =
putEnv("MAPPED_URI_SCHEME", url.scheme)
putEnv("MAPPED_URI_USERNAME", url.username)
putEnv("MAPPED_URI_PASSWORD", url.password)
putEnv("MAPPED_URI_HOST", url.hostname)
putEnv("MAPPED_URI_PORT", url.port)
putEnv("MAPPED_URI_PATH", url.path.serialize())
putEnv("MAPPED_URI_QUERY", url.query.get(""))
proc setupEnv(cmd, scriptName, pathInfo, requestURI, myDir: string;
request: Request; contentLen: int; prevURL: URL;
insecureSSLNoVerify: bool) =
let url = request.url
putEnv("SCRIPT_NAME", scriptName)
putEnv("SCRIPT_FILENAME", cmd)
putEnv("REQUEST_URI", requestURI)
putEnv("REQUEST_METHOD", $request.httpMethod)
var headers = ""
for k, v in request.headers:
headers &= k & ": " & v & "\r\n"
putEnv("REQUEST_HEADERS", headers)
if prevURL != nil:
putMappedURL(prevURL)
if pathInfo != "":
putEnv("PATH_INFO", pathInfo)
if url.query.isSome:
putEnv("QUERY_STRING", url.query.get)
if request.httpMethod == hmPost:
if request.multipart.isSome:
putEnv("CONTENT_TYPE", request.multipart.get.getContentType())
else:
putEnv("CONTENT_TYPE", request.headers.getOrDefault("Content-Type", ""))
putEnv("CONTENT_LENGTH", $contentLen)
if "Cookie" in request.headers:
putEnv("HTTP_COOKIE", request.headers["Cookie"])
if request.referrer != nil:
putEnv("HTTP_REFERER", $request.referrer)
if request.proxy != nil:
putEnv("ALL_PROXY", $request.proxy)
if insecureSSLNoVerify:
putEnv("CHA_INSECURE_SSL_NO_VERIFY", "1")
setCurrentDir(myDir)
type ControlResult = enum
crDone, crContinue, crError
proc handleFirstLine(handle: LoaderHandle; line: string; headers: Headers;
status: var uint16): ControlResult =
let k = line.until(':')
if k.len == line.len:
# invalid
handle.sendResult(ERROR_CGI_MALFORMED_HEADER)
return crError
let v = line.substr(k.len + 1).strip()
if k.equalsIgnoreCase("Status"):
handle.sendResult(0) # success
status = parseUInt16(v, allowSign = false).get(0)
return crContinue
if k.equalsIgnoreCase("Cha-Control"):
if v.startsWithIgnoreCase("Connected"):
handle.sendResult(0) # success
return crContinue
elif v.startsWithIgnoreCase("ConnectionError"):
let errs = v.split(' ')
if errs.len <= 1:
handle.sendResult(ERROR_CGI_INVALID_CHA_CONTROL)
else:
let fb = int32(ERROR_CGI_INVALID_CHA_CONTROL)
let code = int(parseInt32(errs[1]).get(fb))
var message = ""
if errs.len > 2:
message &= errs[2]
for i in 3 ..< errs.len:
message &= ' '
message &= errs[i]
handle.sendResult(code, message)
return crError
elif v.startsWithIgnoreCase("ControlDone"):
return crDone
handle.sendResult(ERROR_CGI_INVALID_CHA_CONTROL)
return crError
handle.sendResult(0) # success
headers.add(k, v)
return crDone
proc handleControlLine(handle: LoaderHandle; line: string; headers: Headers;
status: var uint16): ControlResult =
let k = line.until(':')
if k.len == line.len:
# invalid
return crError
let v = line.substr(k.len + 1).strip()
if k.equalsIgnoreCase("Status"):
status = parseUInt16(v, allowSign = false).get(0)
return crContinue
if k.equalsIgnoreCase("Cha-Control"):
if v.startsWithIgnoreCase("ControlDone"):
return crDone
return crError
headers.add(k, v)
return crDone
# returns false if transfer was interrupted
proc handleLine(handle: LoaderHandle; line: string; headers: Headers) =
let k = line.until(':')
if k.len == line.len:
# invalid
return
let v = line.substr(k.len + 1).strip()
headers.add(k, v)
proc loadCGI*(handle: LoaderHandle; request: Request; cgiDir: seq[string];
prevURL: URL; insecureSSLNoVerify: bool) =
if cgiDir.len == 0:
handle.sendResult(ERROR_NO_CGI_DIR)
return
var path = percentDecode(request.url.pathname)
if path.startsWith("/cgi-bin/"):
path.delete(0 .. "/cgi-bin/".high)
elif path.startsWith("/$LIB/"):
path.delete(0 .. "/$LIB/".high)
if path == "" or request.url.hostname != "":
handle.sendResult(ERROR_INVALID_CGI_PATH)
return
var basename: string
var pathInfo: string
var cmd: string
var scriptName: string
var requestURI: string
var myDir: string
if path[0] == '/':
for dir in cgiDir:
if path.startsWith(dir):
basename = path.substr(dir.len).until('/')
pathInfo = path.substr(dir.len + basename.len)
cmd = dir / basename
if not fileExists(cmd):
continue
myDir = dir
scriptName = path.substr(0, dir.len + basename.len)
requestURI = cmd / pathInfo & request.url.search
break
if cmd == "":
handle.sendResult(ERROR_INVALID_CGI_PATH)
return
else:
basename = path.until('/')
pathInfo = path.substr(basename.len)
scriptName = "/cgi-bin/" & basename
requestURI = "/cgi-bin/" & path & request.url.search
for dir in cgiDir:
cmd = dir / basename
if fileExists(cmd):
myDir = dir
break
if not fileExists(cmd):
handle.sendResult(ERROR_CGI_FILE_NOT_FOUND)
return
if basename in ["", ".", ".."] or basename.startsWith("~"):
handle.sendResult(ERROR_INVALID_CGI_PATH)
return
var pipefd: array[0..1, cint] # child -> parent
if pipe(pipefd) == -1:
handle.sendResult(ERROR_FAIL_SETUP_CGI)
return
# Pipe the request body as stdin for POST.
var pipefd_read: array[0..1, cint] # parent -> child
let needsPipe = request.body.isSome or request.multipart.isSome
if needsPipe:
if pipe(pipefd_read) == -1:
handle.sendResult(ERROR_FAIL_SETUP_CGI)
return
var contentLen = 0
if request.body.isSome:
contentLen = request.body.get.len
elif request.multipart.isSome:
contentLen = request.multipart.get.calcLength()
stdout.flushFile()
stderr.flushFile()
let pid = fork()
if pid == -1:
handle.sendResult(ERROR_FAIL_SETUP_CGI)
elif pid == 0:
discard close(pipefd[0]) # close read
discard dup2(pipefd[1], 1) # dup stdout
if needsPipe:
discard close(pipefd_read[1]) # close write
if pipefd_read[0] != 0:
discard dup2(pipefd_read[0], 0) # dup stdin
discard close(pipefd_read[0])
else:
closeStdin()
# we leave stderr open, so it can be seen in the browser console
setupEnv(cmd, scriptName, pathInfo, requestURI, myDir, request, contentLen,
prevURL, insecureSSLNoVerify)
# reset SIGCHLD to the default handler. this is useful if the child process
# expects SIGCHLD to be untouched. (e.g. git dies a horrible death with
# SIGCHLD as SIG_IGN)
signal(SIGCHLD, SIG_DFL)
discard execl(cstring(cmd), cstring(basename), nil)
let code = int(ERROR_FAILED_TO_EXECUTE_CGI_SCRIPT)
stdout.write("Cha-Control: ConnectionError " & $code & " " &
($strerror(errno)).deleteChars({'\n', '\r'}))
quit(1)
else:
discard close(pipefd[1]) # close write
if needsPipe:
discard close(pipefd_read[0]) # close read
let ps = newPosixStream(pipefd_read[1])
if request.body.isSome:
ps.write(request.body.get)
elif request.multipart.isSome:
let multipart = request.multipart.get
for entry in multipart.entries:
ps.writeEntry(entry, multipart.boundary)
ps.writeEnd(multipart.boundary)
ps.sclose()
handle.parser = HeaderParser(headers: newHeaders())
handle.istream = newPosixStream(pipefd[0])
proc killHandle(handle: LoaderHandle) =
if handle.parser.state != hpsBeforeLines:
# not an ideal solution, but better than silently eating malformed
# headers
handle.output.ostream.setBlocking(true)
handle.sendStatus(500)
handle.sendHeaders(newHeaders())
const msg = "Error: malformed header in CGI script"
discard handle.output.ostream.sendData(msg)
handle.parser = nil
proc parseHeaders0(handle: LoaderHandle; buffer: LoaderBuffer): int =
let parser = handle.parser
var s = parser.lineBuffer
let L = if buffer == nil: 1 else: buffer.len
for i in 0 ..< L:
template die =
handle.killHandle()
return -1
let c = if buffer != nil:
char(buffer.page[i])
else:
'\n'
if parser.crSeen and c != '\n':
die
parser.crSeen = false
if c == '\r':
parser.crSeen = true
elif c == '\n':
if s == "":
if parser.state == hpsBeforeLines:
# body comes immediately, so we haven't had a chance to send result
# yet.
handle.sendResult(0)
handle.sendStatus(parser.status)
handle.sendHeaders(parser.headers)
handle.parser = nil
return i + 1 # +1 to skip \n
case parser.state
of hpsBeforeLines:
case handle.handleFirstLine(s, parser.headers, parser.status)
of crDone: parser.state = hpsControlDone
of crContinue: parser.state = hpsAfterFirstLine
of crError: die
of hpsAfterFirstLine:
case handle.handleControlLine(s, parser.headers, parser.status)
of crDone: parser.state = hpsControlDone
of crContinue: discard
of crError: die
of hpsControlDone:
handle.handleLine(s, parser.headers)
s = ""
else:
s &= c
if s != "":
parser.lineBuffer = s
return L
proc parseHeaders*(handle: LoaderHandle; buffer: LoaderBuffer): int =
try:
return handle.parseHeaders0(buffer)
except ErrorBrokenPipe:
handle.parser = nil
return -1
proc finishParse*(handle: LoaderHandle) =
discard handle.parseHeaders(nil)