2 * Copyright (C) 2016-2019 "IoT.bzh"
3 * Author: José Bollo <jose.bollo@iot.bzh>
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
29 #include <microhttpd.h>
30 #include <json-c/json.h>
31 #if !defined(JSON_C_TO_STRING_NOSLASHESCAPE)
32 #define JSON_C_TO_STRING_NOSLASHESCAPE 0
35 #if defined(USE_MAGIC_MIME_TYPE)
39 #include "afb-method.h"
40 #include "afb-msg-json.h"
41 #include "afb-context.h"
44 #include "afb-session.h"
46 #include "afb-token.h"
47 #include "afb-error-text.h"
49 #include "locale-root.h"
51 #define SIZE_RESPONSE_BUFFER 8192
53 static int global_reqids = 0;
55 static char empty_string[] = "";
57 static const char long_key_for_uuid[] = "x-afb-uuid";
58 static const char short_key_for_uuid[] = "uuid";
60 static const char long_key_for_token[] = "x-afb-token";
61 static const char short_key_for_token[] = "token";
63 static const char long_key_for_reqid[] = "x-afb-reqid";
64 static const char short_key_for_reqid[] = "reqid";
66 static const char key_for_bearer[] = "Bearer";
67 static const char key_for_access_token[] = "access_token";
69 static char *cookie_name = NULL;
70 static char *cookie_setter = NULL;
71 static char *tmp_pattern = NULL;
74 * Structure for storing key/values read from POST requests
77 struct hreq_data *next; /* chain to next data */
78 char *key; /* key name */
79 size_t length; /* length of the value (used for appending) */
80 char *value; /* the value (or original filename) */
81 char *path; /* path of the file saved */
84 static struct json_object *req_json(struct afb_xreq *xreq);
85 static struct afb_arg req_get(struct afb_xreq *xreq, const char *name);
86 static void req_reply(struct afb_xreq *xreq, struct json_object *object, const char *error, const char *info);
87 static void req_destroy(struct afb_xreq *xreq);
89 const struct afb_xreq_query_itf afb_hreq_xreq_query_itf = {
96 static struct hreq_data *get_data(struct afb_hreq *hreq, const char *key, int create)
98 struct hreq_data *data = hreq->data;
99 while (data != NULL) {
100 if (!strcasecmp(data->key, key))
105 data = calloc(1, sizeof *data);
107 data->key = strdup(key);
108 if (data->key == NULL) {
112 data->next = hreq->data;
120 /* a valid subpath is a relative path not looking deeper than root using .. */
121 static int validsubpath(const char *subpath)
126 switch (subpath[i++]) {
130 if (subpath[i] == '/') {
134 if (subpath[i++] == '.') {
140 if (subpath[i++] == '/') {
147 while (subpath[i] && subpath[i] != '/')
157 static void afb_hreq_reply_v(struct afb_hreq *hreq, unsigned status, struct MHD_Response *response, va_list args)
162 if (hreq->replied != 0)
165 k = va_arg(args, const char *);
167 v = va_arg(args, const char *);
168 MHD_add_response_header(response, k, v);
169 k = va_arg(args, const char *);
172 v = afb_context_uuid(&hreq->xreq.context);
173 if (v != NULL && asprintf(&cookie, cookie_setter, v) > 0) {
174 MHD_add_response_header(response, MHD_HTTP_HEADER_SET_COOKIE, cookie);
177 MHD_queue_response(hreq->connection, status, response);
178 MHD_destroy_response(response);
181 if (hreq->suspended != 0) {
182 MHD_resume_connection (hreq->connection);
184 afb_hsrv_run(hreq->hsrv);
188 void afb_hreq_reply(struct afb_hreq *hreq, unsigned status, struct MHD_Response *response, ...)
191 va_start(args, response);
192 afb_hreq_reply_v(hreq, status, response, args);
196 void afb_hreq_reply_empty(struct afb_hreq *hreq, unsigned status, ...)
199 va_start(args, status);
200 afb_hreq_reply_v(hreq, status, MHD_create_response_from_buffer(0, NULL, MHD_RESPMEM_PERSISTENT), args);
204 void afb_hreq_reply_static(struct afb_hreq *hreq, unsigned status, size_t size, const char *buffer, ...)
207 va_start(args, buffer);
208 afb_hreq_reply_v(hreq, status, MHD_create_response_from_buffer((unsigned)size, (char*)buffer, MHD_RESPMEM_PERSISTENT), args);
212 void afb_hreq_reply_copy(struct afb_hreq *hreq, unsigned status, size_t size, const char *buffer, ...)
215 va_start(args, buffer);
216 afb_hreq_reply_v(hreq, status, MHD_create_response_from_buffer((unsigned)size, (char*)buffer, MHD_RESPMEM_MUST_COPY), args);
220 void afb_hreq_reply_free(struct afb_hreq *hreq, unsigned status, size_t size, char *buffer, ...)
223 va_start(args, buffer);
224 afb_hreq_reply_v(hreq, status, MHD_create_response_from_buffer((unsigned)size, buffer, MHD_RESPMEM_MUST_FREE), args);
228 #if defined(USE_MAGIC_MIME_TYPE)
230 #if !defined(MAGIC_DB)
231 #define MAGIC_DB "/usr/share/misc/magic.mgc"
234 static magic_t lazy_libmagic()
237 static magic_t result = NULL;
241 /* MAGIC_MIME tells magic to return a mime of the file,
242 but you can specify different things */
243 INFO("Loading mimetype default magic database");
244 result = magic_open(MAGIC_MIME_TYPE);
245 if (result == NULL) {
246 ERROR("unable to initialize magic library");
248 /* Warning: should not use NULL for DB
249 [libmagic bug wont pass efence check] */
250 else if (magic_load(result, MAGIC_DB) != 0) {
251 ERROR("cannot load magic database: %s", magic_error(result));
260 static const char *magic_mimetype_fd(int fd)
262 magic_t lib = lazy_libmagic();
263 return lib ? magic_descriptor(lib, fd) : NULL;
268 static const char *mimetype_fd_name(int fd, const char *filename)
270 const char *result = NULL;
272 #if defined(INFER_EXTENSION)
274 * Set some well-known extensions
275 * Note that it is mandatory for example for css files in order to provide
276 * right mimetype that must be text/css (otherwise chrome browser will not
277 * load correctly css file) while libmagic returns text/plain.
279 const char *extension = strrchr(filename, '.');
281 static const char *const known[][2] = {
282 /* keep it sorted for dichotomic search */
283 { ".css", "text/css" },
284 { ".gif", "image/gif" },
285 { ".html", "text/html" },
286 { ".htm", "text/html" },
287 { ".ico", "image/x-icon"},
288 { ".jpeg", "image/jpeg" },
289 { ".jpg", "image/jpeg" },
290 { ".js", "text/javascript" },
291 { ".json", "application/json" },
292 { ".mp3", "audio/mpeg" },
293 { ".png", "image/png" },
294 { ".svg", "image/svg+xml" },
295 { ".ttf", "application/x-font-ttf"},
296 { ".txt", "text/plain" },
297 { ".wav", "audio/x-wav" },
298 { ".xht", "application/xhtml+xml" },
299 { ".xhtml", "application/xhtml+xml" },
300 { ".xml", "application/xml" }
302 int i, c, l = 0, u = sizeof known / sizeof *known;
305 c = strcasecmp(extension, known[i][0]);
307 result = known[i][1];
317 #if defined(USE_MAGIC_MIME_TYPE)
319 result = magic_mimetype_fd(fd);
324 static void req_destroy(struct afb_xreq *xreq)
326 struct afb_hreq *hreq = CONTAINER_OF_XREQ(struct afb_hreq, xreq);
327 struct hreq_data *data;
329 if (hreq->postform != NULL)
330 MHD_destroy_post_processor(hreq->postform);
331 if (hreq->tokener != NULL)
332 json_tokener_free(hreq->tokener);
334 for (data = hreq->data; data; data = hreq->data) {
335 hreq->data = data->next;
344 afb_context_disconnect(&hreq->xreq.context);
345 json_object_put(hreq->json);
346 free((char*)hreq->xreq.request.called_api);
347 free((char*)hreq->xreq.request.called_verb);
348 afb_cred_unref(hreq->xreq.cred);
352 void afb_hreq_addref(struct afb_hreq *hreq)
354 afb_xreq_unhooked_addref(&hreq->xreq);
357 void afb_hreq_unref(struct afb_hreq *hreq)
360 hreq->xreq.replied = 1;
361 afb_xreq_unhooked_unref(&hreq->xreq);
365 * Removes the 'prefix' of 'length' from the tail of 'hreq'
366 * if and only if the prefix exists and is terminated by a leading
369 int afb_hreq_unprefix(struct afb_hreq *hreq, const char *prefix, size_t length)
371 /* check the prefix ? */
372 if (length > hreq->lentail || (hreq->tail[length] && hreq->tail[length] != '/')
373 || strncasecmp(prefix, hreq->tail, length))
376 /* removes successives / */
377 while (length < hreq->lentail && hreq->tail[length + 1] == '/')
380 /* update the tail */
381 hreq->lentail -= length;
382 hreq->tail += length;
386 int afb_hreq_valid_tail(struct afb_hreq *hreq)
388 return validsubpath(hreq->tail);
391 void afb_hreq_reply_error(struct afb_hreq *hreq, unsigned int status)
393 afb_hreq_reply_empty(hreq, status, NULL);
396 int afb_hreq_redirect_to_ending_slash_if_needed(struct afb_hreq *hreq)
400 if (hreq->url[hreq->lenurl - 1] == '/')
403 /* the redirect is needed for reliability of relative path */
404 tourl = alloca(hreq->lenurl + 2);
405 memcpy(tourl, hreq->url, hreq->lenurl);
406 tourl[hreq->lenurl] = '/';
407 tourl[hreq->lenurl + 1] = 0;
408 afb_hreq_redirect_to(hreq, tourl, 1);
412 int afb_hreq_reply_file_if_exist(struct afb_hreq *hreq, int dirfd, const char *filename)
418 char etag[1 + 2 * 8];
420 struct MHD_Response *response;
421 const char *mimetype;
423 /* Opens the file or directory */
425 fd = openat(dirfd, filename, O_RDONLY);
429 afb_hreq_reply_error(hreq, MHD_HTTP_FORBIDDEN);
435 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
440 /* Retrieves file's status */
441 if (fstat(fd, &st) != 0) {
443 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
447 /* serve directory */
448 if (S_ISDIR(st.st_mode)) {
449 rc = afb_hreq_redirect_to_ending_slash_if_needed(hreq);
451 static const char *indexes[] = { "index.html", NULL };
453 while (indexes[i] != NULL) {
454 if (faccessat(fd, indexes[i], R_OK, 0) == 0) {
455 rc = afb_hreq_reply_file_if_exist(hreq, fd, indexes[i]);
465 /* Don't serve special files */
466 if (!S_ISREG(st.st_mode)) {
468 afb_hreq_reply_error(hreq, MHD_HTTP_FORBIDDEN);
472 /* Check the method */
473 if ((hreq->method & (afb_method_get | afb_method_head)) == 0) {
475 afb_hreq_reply_error(hreq, MHD_HTTP_METHOD_NOT_ALLOWED);
479 /* computes the etag */
480 sprintf(etag, "%08X%08X", ((int)(st.st_mtim.tv_sec) ^ (int)(st.st_mtim.tv_nsec)), (int)(st.st_size));
482 /* checks the etag */
483 inm = MHD_lookup_connection_value(hreq->connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_IF_NONE_MATCH);
484 if (inm && 0 == strcmp(inm, etag)) {
485 /* etag ok, return NOT MODIFIED */
487 DEBUG("Not Modified: [%s]", filename);
488 response = MHD_create_response_from_buffer(0, empty_string, MHD_RESPMEM_PERSISTENT);
489 status = MHD_HTTP_NOT_MODIFIED;
492 if (st.st_size != (off_t) (size_t) st.st_size) {
494 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
498 /* create the response */
499 response = MHD_create_response_from_fd((size_t) st.st_size, fd);
500 status = MHD_HTTP_OK;
503 mimetype = mimetype_fd_name(fd, filename);
504 if (mimetype != NULL)
505 MHD_add_response_header(response, MHD_HTTP_HEADER_CONTENT_TYPE, mimetype);
508 /* fills the value and send */
509 afb_hreq_reply(hreq, status, response,
510 MHD_HTTP_HEADER_CACHE_CONTROL, hreq->cacheTimeout,
511 MHD_HTTP_HEADER_ETAG, etag,
516 int afb_hreq_reply_file(struct afb_hreq *hreq, int dirfd, const char *filename)
518 int rc = afb_hreq_reply_file_if_exist(hreq, dirfd, filename);
520 afb_hreq_reply_error(hreq, MHD_HTTP_NOT_FOUND);
524 int afb_hreq_reply_locale_file_if_exist(struct afb_hreq *hreq, struct locale_search *search, const char *filename)
530 char etag[1 + 2 * 8];
532 struct MHD_Response *response;
533 const char *mimetype;
535 /* Opens the file or directory */
536 fd = locale_search_open(search, filename[0] ? filename : ".", O_RDONLY);
540 afb_hreq_reply_error(hreq, MHD_HTTP_FORBIDDEN);
544 /* Retrieves file's status */
545 if (fstat(fd, &st) != 0) {
547 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
551 /* serve directory */
552 if (S_ISDIR(st.st_mode)) {
553 rc = afb_hreq_redirect_to_ending_slash_if_needed(hreq);
555 static const char *indexes[] = { "index.html", NULL };
557 size_t length = strlen(filename);
558 char *extname = alloca(length + 30); /* 30 is enough to old data of indexes */
559 memcpy(extname, filename, length);
560 if (length && extname[length - 1] != '/')
561 extname[length++] = '/';
562 while (rc == 0 && indexes[i] != NULL) {
563 strcpy(extname + length, indexes[i++]);
564 rc = afb_hreq_reply_locale_file_if_exist(hreq, search, extname);
571 /* Don't serve special files */
572 if (!S_ISREG(st.st_mode)) {
574 afb_hreq_reply_error(hreq, MHD_HTTP_FORBIDDEN);
578 /* Check the method */
579 if ((hreq->method & (afb_method_get | afb_method_head)) == 0) {
581 afb_hreq_reply_error(hreq, MHD_HTTP_METHOD_NOT_ALLOWED);
585 /* computes the etag */
586 sprintf(etag, "%08X%08X", ((int)(st.st_mtim.tv_sec) ^ (int)(st.st_mtim.tv_nsec)), (int)(st.st_size));
588 /* checks the etag */
589 inm = MHD_lookup_connection_value(hreq->connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_IF_NONE_MATCH);
590 if (inm && 0 == strcmp(inm, etag)) {
591 /* etag ok, return NOT MODIFIED */
593 DEBUG("Not Modified: [%s]", filename);
594 response = MHD_create_response_from_buffer(0, empty_string, MHD_RESPMEM_PERSISTENT);
595 status = MHD_HTTP_NOT_MODIFIED;
598 if (st.st_size != (off_t) (size_t) st.st_size) {
600 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
604 /* create the response */
605 response = MHD_create_response_from_fd((size_t) st.st_size, fd);
606 status = MHD_HTTP_OK;
609 mimetype = mimetype_fd_name(fd, filename);
610 if (mimetype != NULL)
611 MHD_add_response_header(response, MHD_HTTP_HEADER_CONTENT_TYPE, mimetype);
614 /* fills the value and send */
615 afb_hreq_reply(hreq, status, response,
616 MHD_HTTP_HEADER_CACHE_CONTROL, hreq->cacheTimeout,
617 MHD_HTTP_HEADER_ETAG, etag,
622 int afb_hreq_reply_locale_file(struct afb_hreq *hreq, struct locale_search *search, const char *filename)
624 int rc = afb_hreq_reply_locale_file_if_exist(hreq, search, filename);
626 afb_hreq_reply_error(hreq, MHD_HTTP_NOT_FOUND);
637 static void _mkq_add_(struct _mkq_ *mkq, char value)
639 char *text = mkq->text;
641 if (mkq->length == mkq->alloc) {
643 text = realloc(text, mkq->alloc);
651 text[mkq->length++] = value;
655 static void _mkq_add_hex_(struct _mkq_ *mkq, char value)
657 _mkq_add_(mkq, (char)(value < 10 ? value + '0' : value + 'A' - 10));
660 static void _mkq_add_esc_(struct _mkq_ *mkq, char value)
663 _mkq_add_hex_(mkq, (char)((value >> 4) & 15));
664 _mkq_add_hex_(mkq, (char)(value & 15));
667 static void _mkq_add_char_(struct _mkq_ *mkq, char value)
669 if (value <= ' ' || value >= 127)
670 _mkq_add_esc_(mkq, value);
676 _mkq_add_esc_(mkq, value);
679 _mkq_add_(mkq, value);
683 static void _mkq_append_(struct _mkq_ *mkq, const char *value)
686 _mkq_add_char_(mkq, *value++);
689 static int _mkquery_(struct _mkq_ *mkq, enum MHD_ValueKind kind, const char *key, const char *value)
691 _mkq_add_(mkq, mkq->count++ ? '&' : '?');
692 _mkq_append_(mkq, key);
695 _mkq_append_(mkq, value);
700 static char *url_with_query(struct afb_hreq *hreq, const char *url)
705 mkq.length = strlen(url);
706 mkq.alloc = mkq.length + 1000;
707 mkq.text = malloc(mkq.alloc);
708 if (mkq.text != NULL) {
709 strcpy(mkq.text, url);
710 MHD_get_connection_values(hreq->connection, MHD_GET_ARGUMENT_KIND, (void*)_mkquery_, &mkq);
716 void afb_hreq_redirect_to(struct afb_hreq *hreq, const char *url, int add_query_part)
721 wqp = add_query_part ? url_with_query(hreq, url) : NULL;
723 afb_hreq_reply_static(hreq, MHD_HTTP_MOVED_PERMANENTLY, 0, NULL,
724 MHD_HTTP_HEADER_LOCATION, to, NULL);
725 DEBUG("redirect from [%s] to [%s]", hreq->url, url);
729 const char *afb_hreq_get_cookie(struct afb_hreq *hreq, const char *name)
731 return MHD_lookup_connection_value(hreq->connection, MHD_COOKIE_KIND, name);
734 const char *afb_hreq_get_argument(struct afb_hreq *hreq, const char *name)
736 struct hreq_data *data = get_data(hreq, name, 0);
737 return data ? data->value : MHD_lookup_connection_value(hreq->connection, MHD_GET_ARGUMENT_KIND, name);
740 const char *afb_hreq_get_header(struct afb_hreq *hreq, const char *name)
742 return MHD_lookup_connection_value(hreq->connection, MHD_HEADER_KIND, name);
745 const char *afb_hreq_get_authorization_bearer(struct afb_hreq *hreq)
747 const char *value = afb_hreq_get_header(hreq, MHD_HTTP_HEADER_AUTHORIZATION);
749 if (strncasecmp(value, key_for_bearer, sizeof key_for_bearer - 1) == 0) {
750 value += sizeof key_for_bearer - 1;
751 if (isblank(*value++)) {
752 while (isblank(*value))
762 int afb_hreq_post_add(struct afb_hreq *hreq, const char *key, const char *data, size_t size)
765 struct hreq_data *hdat = get_data(hreq, key, 1);
766 if (hdat->path != NULL) {
769 p = realloc(hdat->value, hdat->length + size + 1);
774 memcpy(&hdat->value[hdat->length], data, size);
775 hdat->length += size;
776 hdat->value[hdat->length] = 0;
780 int afb_hreq_init_download_path(const char *directory)
786 if (access(directory, R_OK|W_OK)) {
787 /* no read/write access */
790 if (stat(directory, &st)) {
794 if (!S_ISDIR(st.st_mode)) {
795 /* not a directory */
799 n = strlen(directory);
800 while(n > 1 && directory[n-1] == '/') n--;
803 /* can't allocate memory */
807 memcpy(p, directory, n);
821 static int opentempfile(char **path)
826 fname = strdup(tmp_pattern ? : "XXXXXX"); /* TODO improve the path */
830 fd = mkostemp(fname, O_CLOEXEC|O_WRONLY);
838 int afb_hreq_post_add_file(struct afb_hreq *hreq, const char *key, const char *file, const char *data, size_t size)
842 struct hreq_data *hdat = get_data(hreq, key, 1);
844 if (hdat->value == NULL) {
845 hdat->value = strdup(file);
846 if (hdat->value == NULL)
848 fd = opentempfile(&hdat->path);
849 } else if (strcmp(hdat->value, file) || hdat->path == NULL) {
852 fd = open(hdat->path, O_WRONLY|O_APPEND);
857 sz = write(fd, data, size);
859 hdat->length += (size_t)sz;
862 } else if (errno != EINTR)
869 static struct afb_arg req_get(struct afb_xreq *xreq, const char *name)
872 struct afb_hreq *hreq = CONTAINER_OF_XREQ(struct afb_hreq, xreq);
873 struct hreq_data *hdat = get_data(hreq, name, 0);
875 return (struct afb_arg){
877 .value = hdat->value,
881 value = MHD_lookup_connection_value(hreq->connection, MHD_GET_ARGUMENT_KIND, name);
882 return (struct afb_arg){
883 .name = value == NULL ? NULL : name,
889 static int _iterargs_(struct json_object *obj, enum MHD_ValueKind kind, const char *key, const char *value)
891 json_object_object_add(obj, key, value ? json_object_new_string(value) : NULL);
895 static struct json_object *req_json(struct afb_xreq *xreq)
897 struct hreq_data *hdat;
898 struct json_object *obj, *val;
899 struct afb_hreq *hreq = CONTAINER_OF_XREQ(struct afb_hreq, xreq);
903 hreq->json = obj = json_object_new_object();
906 MHD_get_connection_values (hreq->connection, MHD_GET_ARGUMENT_KIND, (void*)_iterargs_, obj);
907 for (hdat = hreq->data ; hdat ; hdat = hdat->next) {
908 if (hdat->path == NULL)
909 val = hdat->value ? json_object_new_string(hdat->value) : NULL;
911 val = json_object_new_object();
914 json_object_object_add(val, "file", json_object_new_string(hdat->value));
915 json_object_object_add(val, "path", json_object_new_string(hdat->path));
918 json_object_object_add(obj, hdat->key, val);
925 static inline const char *get_json_string(json_object *obj)
927 return json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE);
929 static ssize_t send_json_cb(json_object *obj, uint64_t pos, char *buf, size_t max)
931 ssize_t len = stpncpy(buf, get_json_string(obj)+pos, max) - buf;
932 return len ? : (ssize_t)MHD_CONTENT_READER_END_OF_STREAM;
935 static void req_reply(struct afb_xreq *xreq, struct json_object *object, const char *error, const char *info)
937 struct afb_hreq *hreq = CONTAINER_OF_XREQ(struct afb_hreq, xreq);
938 struct json_object *sub, *reply;
940 struct MHD_Response *response;
942 /* create the reply */
943 reply = afb_msg_json_reply(object, error, info, &xreq->context);
945 /* append the req id on need */
946 reqid = afb_hreq_get_argument(hreq, long_key_for_reqid);
948 reqid = afb_hreq_get_argument(hreq, short_key_for_reqid);
949 if (reqid != NULL && json_object_object_get_ex(reply, "request", &sub))
950 json_object_object_add(sub, "reqid", json_object_new_string(reqid));
952 response = MHD_create_response_from_callback(
953 (uint64_t)strlen(get_json_string(reply)),
954 SIZE_RESPONSE_BUFFER,
957 (void*)json_object_put);
959 /* handle authorisation feedback */
960 if (error == afb_error_text_invalid_token)
961 afb_hreq_reply(hreq, MHD_HTTP_UNAUTHORIZED, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"invalid_token\"", NULL);
962 else if (error == afb_error_text_insufficient_scope)
963 afb_hreq_reply(hreq, MHD_HTTP_FORBIDDEN, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"insufficient_scope\"", NULL);
965 afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
968 void afb_hreq_call(struct afb_hreq *hreq, struct afb_apiset *apiset, const char *api, size_t lenapi, const char *verb, size_t lenverb)
970 hreq->xreq.request.called_api = strndup(api, lenapi);
971 hreq->xreq.request.called_verb = strndup(verb, lenverb);
972 if (hreq->xreq.request.called_api == NULL || hreq->xreq.request.called_verb == NULL) {
973 ERROR("Out of memory");
974 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
975 } else if (afb_hreq_init_context(hreq) < 0) {
976 afb_hreq_reply_error(hreq, MHD_HTTP_INTERNAL_SERVER_ERROR);
978 afb_xreq_unhooked_addref(&hreq->xreq);
979 afb_xreq_process(&hreq->xreq, apiset);
983 int afb_hreq_init_context(struct afb_hreq *hreq)
987 struct afb_token *tok;
989 if (hreq->xreq.context.session != NULL)
992 /* get the uuid of the session */
993 uuid = afb_hreq_get_header(hreq, long_key_for_uuid);
995 uuid = afb_hreq_get_argument(hreq, long_key_for_uuid);
997 uuid = afb_hreq_get_cookie(hreq, cookie_name);
999 uuid = afb_hreq_get_argument(hreq, short_key_for_uuid);
1003 /* get the authorisation token */
1004 token = afb_hreq_get_authorization_bearer(hreq);
1005 if (token == NULL) {
1006 token = afb_hreq_get_argument(hreq, key_for_access_token);
1007 if (token == NULL) {
1008 token = afb_hreq_get_header(hreq, long_key_for_token);
1009 if (token == NULL) {
1010 token = afb_hreq_get_argument(hreq, long_key_for_token);
1012 token = afb_hreq_get_argument(hreq, short_key_for_token);
1018 afb_token_get(&tok, token);
1020 return afb_context_connect(&hreq->xreq.context, uuid, tok);
1023 int afb_hreq_init_cookie(int port, const char *path, int maxage)
1028 free(cookie_setter);
1030 cookie_setter = NULL;
1032 path = path ? : "/";
1033 rc = asprintf(&cookie_name, "%s-%d", long_key_for_uuid, port);
1036 rc = asprintf(&cookie_setter, "%s=%%s; Path=%s; Max-Age=%d; HttpOnly",
1037 cookie_name, path, maxage);
1043 struct afb_xreq *afb_hreq_to_xreq(struct afb_hreq *hreq)
1048 struct afb_hreq *afb_hreq_create()
1050 struct afb_hreq *hreq = calloc(1, sizeof *hreq);
1052 /* init the request */
1053 afb_xreq_init(&hreq->xreq, &afb_hreq_xreq_query_itf);
1054 hreq->reqid = ++global_reqids;