2 * Copyright (C) 2016 "IoT.bzh"
3 * Author "Fulup Ar Foll"
4 * Author José Bollo <jose.bollo@iot.bzh>
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * Contain all generic part to handle REST/API
21 * https://www.gnu.org/software/libmicrohttpd/tutorial.html [search 'largepost.c']
26 #include "../include/local-def.h"
36 #define AFB_MSG_JTYPE "AJB_reply"
38 #define JSON_CONTENT "application/json"
39 #define FORM_CONTENT "multipart/form-data" /* TODO: replace with MHD_HTTP_POST_ENCODING_MULTIPART_FORMDATA */
41 static json_object *afbJsonType;
43 // Because of POST call multiple time requestApi we need to free POST handle here
44 // Note this method is called from http-svc just before closing session
45 PUBLIC void endPostRequest(AFB_PostHandle * postHandle)
48 if (postHandle->type == AFB_POST_JSON) {
49 // if (verbose) fprintf(stderr, "End PostJson Request UID=%d\n", postHandle->uid);
52 if (postHandle->type == AFB_POST_FORM) {
54 fprintf(stderr, "End PostForm Request UID=%d\n", postHandle->uid);
56 if (postHandle->privatebuf)
57 free(postHandle->privatebuf);
61 // Check of apiurl is declare in this plugin and call it
62 static AFB_error doCallPluginApi(AFB_request * request, int apiidx, int verbidx, void *context)
64 enum AFB_sessionE session;
65 json_object *jresp, *jcall, *jreqt;
66 AFB_clientCtx *clientCtx = NULL;
68 // Request was found and at least partially executed
69 jreqt = json_object_new_object();
70 json_object_get(afbJsonType); // increate jsontype reference count
71 json_object_object_add(jreqt, "jtype", afbJsonType);
73 // prepare an object to store calling values
74 jcall = json_object_new_object();
75 json_object_object_add(jcall, "prefix", json_object_new_string(request->prefix));
76 json_object_object_add(jcall, "api", json_object_new_string(request->method));
78 // Out of SessionNone every call get a client context session
79 session = afb_apis_get(apiidx, verbidx)->session;
80 if (AFB_SESSION_NONE != session) {
82 // add client context to request
83 clientCtx = ctxClientGet(request);
84 if (clientCtx == NULL) {
85 request->errcode = MHD_HTTP_INSUFFICIENT_STORAGE;
86 json_object_object_add(jcall, "status", json_object_new_string("fail"));
87 json_object_object_add(jcall, "info", json_object_new_string("Client Session Context Full !!!"));
88 json_object_object_add(jreqt, "request", jcall);
91 request->context = clientCtx->contexts[apiidx];
92 request->uuid = clientCtx->uuid;
95 fprintf(stderr, "Plugin=[%s] Api=[%s] Middleware=[%d] Client=[%p] Uuid=[%s] Token=[%s]\n", request->prefix, request->method, session, clientCtx, clientCtx->uuid, clientCtx->token);
99 case AFB_SESSION_CREATE:
100 if (clientCtx->token[0] != '\0' && request->config->token[0] != '\0') {
101 request->errcode = MHD_HTTP_UNAUTHORIZED;
102 json_object_object_add(jcall, "status", json_object_new_string("exist"));
103 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Session already exist"));
104 json_object_object_add(jreqt, "request", jcall);
108 if (AFB_SUCCESS != ctxTokenCreate(clientCtx, request)) {
109 request->errcode = MHD_HTTP_UNAUTHORIZED;
110 json_object_object_add(jcall, "status", json_object_new_string("fail"));
111 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Invalid Initial Token"));
112 json_object_object_add(jreqt, "request", jcall);
115 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
116 json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
117 json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
121 case AFB_SESSION_RENEW:
122 if (AFB_SUCCESS != ctxTokenRefresh(clientCtx, request)) {
123 request->errcode = MHD_HTTP_UNAUTHORIZED;
124 json_object_object_add(jcall, "status", json_object_new_string("fail"));
125 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_REFRESH Broken Exchange Token Chain"));
126 json_object_object_add(jreqt, "request", jcall);
129 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
130 json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
131 json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
135 case AFB_SESSION_CLOSE:
136 if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
137 request->errcode = MHD_HTTP_UNAUTHORIZED;
138 json_object_object_add(jcall, "status", json_object_new_string("empty"));
139 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CLOSE Not a Valid Access Token"));
140 json_object_object_add(jreqt, "request", jcall);
143 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
147 case AFB_SESSION_CHECK:
149 // default action is check
150 if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
151 request->errcode = MHD_HTTP_UNAUTHORIZED;
152 json_object_object_add(jcall, "status", json_object_new_string("fail"));
153 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CHECK Invalid Active Token"));
154 json_object_object_add(jreqt, "request", jcall);
160 // Effectively CALL PLUGIN API with a subset of the context
161 jresp = afb_apis_get(apiidx, verbidx)->callback(request, context);
163 // Store context in case it was updated by plugins
164 if (request->context != NULL)
165 clientCtx->contexts[apiidx] = request->context;
167 // handle intermediary Post Iterates out of band
168 if ((jresp == NULL) && (request->errcode == MHD_HTTP_OK))
171 // Session close is done after the API call so API can still use session in closing API
172 if (AFB_SESSION_CLOSE == session)
173 ctxTokenReset(clientCtx, request);
175 // API should return NULL of a valid Json Object
177 json_object_object_add(jcall, "status", json_object_new_string("null"));
178 json_object_object_add(jreqt, "request", jcall);
179 request->errcode = MHD_HTTP_NO_RESPONSE;
182 json_object_object_add(jcall, "status", json_object_new_string("processed"));
183 json_object_object_add(jreqt, "request", jcall);
184 json_object_object_add(jreqt, "response", jresp);
188 request->jresp = jreqt;
192 // Check of apiurl is declare in this plugin and call it
193 extern __thread sigjmp_buf *error_handler;
194 static AFB_error callPluginApi(AFB_request * request, int apiidx, int verbidx, void *context)
198 json_object *jcall, *jreqt;
201 // save context before calling the API
202 status = setjmp(jmpbuf);
205 // Request was found and at least partially executed
206 jreqt = json_object_new_object();
207 json_object_get(afbJsonType); // increate jsontype reference count
208 json_object_object_add(jreqt, "jtype", afbJsonType);
210 // prepare an object to store calling values
211 jcall = json_object_new_object();
212 json_object_object_add(jcall, "prefix", json_object_new_string(request->prefix));
213 json_object_object_add(jcall, "api", json_object_new_string(request->method));
215 // Plugin aborted somewhere during its execution
216 json_object_object_add(jcall, "status", json_object_new_string("abort"));
217 json_object_object_add(jcall, "info", json_object_new_string("Plugin broke during execution"));
218 json_object_object_add(jreqt, "request", jcall);
219 request->jresp = jreqt;
224 // Trigger a timer to protect from unacceptable long time execution
225 if (request->config->apiTimeout > 0)
226 alarm((unsigned)request->config->apiTimeout);
228 error_handler = &jmpbuf;
229 doCallPluginApi(request, apiidx, verbidx, context);
230 error_handler = NULL;
232 // cancel timeout and plugin signal handle before next call
240 STATIC AFB_error findAndCallApi(AFB_request * request, void *context)
245 if (!request->method || !request->prefix)
248 /* get the plugin if any */
249 apiidx = afb_apis_get_apiidx(request->prefix, 0);
251 request->jresp = jsonNewMessage(AFB_FATAL, "No Plugin=[%s] Url=%s", request->prefix, request->url);
252 request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
256 /* get the verb if any */
257 verbidx = afb_apis_get_verbidx(apiidx, request->method);
259 request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->method, request->prefix, request->url);
260 request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
264 /* Search for a plugin with this urlpath */
265 status = callPluginApi(request, apiidx, verbidx, context);
267 /* plugin callback did not return a valid Json Object */
268 if (status == AFB_FAIL) {
269 request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->method, request->prefix, request->url);
270 request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
273 // Everything look OK
277 // This CB is call for every item with a form post it reformat iterator values
278 // and callback Plugin API for each Item within PostForm.
279 STATIC int doPostIterate(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *mimetype, const char *encoding, const char *data, uint64_t offset, size_t size)
285 // retrieve API request from Post iterator handle
286 AFB_PostHandle *postHandle = (AFB_PostHandle *) cls;
287 AFB_request *request = (AFB_request *) postHandle->privatebuf;
288 AFB_PostRequest postRequest;
291 fprintf(stderr, "postHandle key=%s filename=%s len=%zu mime=%s\n", key, filename, size, mimetype);
293 // Create and Item value for Plugin API
296 item.filename = filename;
297 item.mimetype = mimetype;
298 item.encoding = encoding;
301 item.offset = offset;
303 // Reformat Request to make it somehow similar to GET/PostJson case
304 postRequest.data = (char *)postHandle;
305 postRequest.len = size;
306 postRequest.type = AFB_POST_FORM;;
307 request->post = &postRequest;
309 // effectively call plugin API
310 status = findAndCallApi(request, &item);
311 // when returning no processing of postform stop
312 if (status != AFB_SUCCESS)
315 // let's allow iterator to move to next item
319 STATIC void freeRequest(AFB_request * request)
322 free(request->prefix);
323 free(request->method);
327 STATIC AFB_request *createRequest(struct MHD_Connection *connection, AFB_session * session, const char *url)
330 AFB_request *request;
332 // Start with a clean request
333 request = calloc(1, sizeof(AFB_request));
334 char *urlcpy1, *urlcpy2;
335 char *baseapi, *baseurl;
337 // Extract plugin urlpath from request and make two copy because strsep overload copy
338 urlcpy1 = urlcpy2 = strdup(url);
339 baseurl = strsep(&urlcpy2, "/");
340 if (baseurl == NULL) {
341 request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call url=[%s]", url);
342 request->errcode = MHD_HTTP_BAD_REQUEST;
345 // let's compute URL and call API
346 baseapi = strsep(&urlcpy2, "/");
347 if (baseapi == NULL) {
348 request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call plugin=[%s] url=[%s]", baseurl, url);
349 request->errcode = MHD_HTTP_BAD_REQUEST;
352 // build request structure
353 request->connection = connection;
354 request->config = session->config;
356 request->prefix = strdup(baseurl);
357 request->method = strdup(baseapi);
378 static int doRestApiPost(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
381 static int postcount = 0; // static counter to debug POST protocol
382 json_object *errMessage;
384 struct MHD_Response *webResponse;
385 const char *serialized;
386 AFB_request *request = NULL;
387 AFB_PostHandle *postHandle;
388 AFB_PostRequest postRequest;
391 // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);
393 // if post data may come in multiple calls
394 const char *encoding, *param;
396 postHandle = *con_cls;
398 // This is the initial post event let's create form post structure POST data come in multiple events
399 if (postHandle == NULL) {
401 // allocate application POST processor handle to zero
402 postHandle = calloc(1, sizeof(AFB_PostHandle));
403 postHandle->uid = postcount++; // build a UID for DEBUG
404 *con_cls = postHandle; // update context with posthandle
406 // Let make sure we have the right encoding and a valid length
407 encoding = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_TYPE);
409 // We are facing an empty post let's process it as a get
410 if (encoding == NULL) {
411 postHandle->type = AFB_POST_EMPTY;
414 // Form post is handle through a PostProcessor and call API once per form key
415 if (strcasestr(encoding, FORM_CONTENT) != NULL) {
417 fprintf(stderr, "Create doPostIterate[uid=%d posthandle=%p]\n", postHandle->uid, postHandle);
419 request = createRequest(connection, session, url);
420 if (request->jresp != NULL)
422 postHandle->type = AFB_POST_FORM;
423 postHandle->privatebuf = (void *)request;
424 postHandle->pp = MHD_create_post_processor(connection, MAX_POST_SIZE, &doPostIterate, postHandle);
426 if (NULL == postHandle->pp) {
427 fprintf(stderr, "OOPS: Internal error fail to allocate MHD_create_post_processor\n");
433 // POST json is store into a buffer and present in one piece to API
434 if (strcasestr(encoding, JSON_CONTENT) != NULL) {
436 param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
438 sscanf(param, "%i", &contentlen);
440 // Because PostJson are build in RAM size is constrained
441 if (contentlen > MAX_POST_SIZE) {
442 errMessage = jsonNewMessage(AFB_FATAL, "Post Date to big %d > %d", contentlen, MAX_POST_SIZE);
445 // Size is OK, let's allocate a buffer to hold post data
446 postHandle->type = AFB_POST_JSON;
447 postHandle->privatebuf = malloc((unsigned)contentlen + 1); // allocate memory for full POST data + 1 for '\0' enf of string
449 // if (verbose) fprintf(stderr, "Create PostJson[uid=%d] Size=%d\n", postHandle->uid, contentlen);
453 // We only support Json and Form Post format
454 errMessage = jsonNewMessage(AFB_FATAL, "Post Date wrong type encoding=%s != %s", encoding, JSON_CONTENT);
459 // This time we receive partial/all Post data. Note that even if we get all POST data. We should nevertheless
460 // return MHD_YES and not process the request directly. Otherwise Libmicrohttpd is unhappy and fails with
461 // 'Internal application error, closing connection'.
462 if (*upload_data_size) {
464 if (postHandle->type == AFB_POST_FORM) {
465 // if (verbose) fprintf(stderr, "Processing PostForm[uid=%d]\n", postHandle->uid);
466 MHD_post_process(postHandle->pp, upload_data, *upload_data_size);
468 // Process JsonPost request when buffer is completed let's call API
469 if (postHandle->type == AFB_POST_JSON) {
470 // if (verbose) fprintf(stderr, "Updating PostJson[uid=%d]\n", postHandle->uid);
471 memcpy(&postHandle->privatebuf[postHandle->len], upload_data, *upload_data_size);
472 postHandle->len = postHandle->len + *upload_data_size;
475 *upload_data_size = 0;
478 } else { // we have finish with Post reception let's finish the work
480 // Create a request structure to finalise the request
481 request = createRequest(connection, session, url);
482 if (request->jresp != NULL) {
483 errMessage = request->jresp;
486 postRequest.type = postHandle->type;
488 // Postform add application context handle to request
489 if (postHandle->type == AFB_POST_FORM) {
490 postRequest.data = (char *)postHandle;
491 request->post = &postRequest;
494 if (postHandle->type == AFB_POST_JSON) {
495 // if (verbose) fprintf(stderr, "Processing PostJson[uid=%d]\n", postHandle->uid);
497 param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
499 sscanf(param, "%i", &contentlen);
501 // At this level we're may verify that we got everything and process DATA
502 if (postHandle->len != contentlen) {
503 errMessage = jsonNewMessage(AFB_FATAL, "Post Data Incomplete UID=%d Len %d != %d", postHandle->uid, contentlen, postHandle->len);
506 // Before processing data, make sure buffer string is properly ended
507 postHandle->privatebuf[postHandle->len] = '\0';
508 postRequest.data = postHandle->privatebuf;
509 request->post = &postRequest;
511 // if (verbose) fprintf(stderr, "Close Post[%d] Buffer=%s\n", postHandle->uid, request->post->data);
516 // Request is ready let's call API without any extra handle
517 status = findAndCallApi(request, NULL);
519 serialized = json_object_to_json_string(request->jresp);
520 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
522 // client did not pass token on URI let's use cookies
523 if ((!request->restfull) && (request->context != NULL)) {
525 snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
526 MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
528 // if requested add an error status
529 if (request->errcode != 0)
530 ret = MHD_queue_response(connection, request->errcode, webResponse);
532 MHD_queue_response(connection, MHD_HTTP_OK, webResponse);
534 MHD_destroy_response(webResponse);
535 json_object_put(request->jresp); // decrease reference rqtcount to free the json object
536 freeRequest(request);
540 freeRequest(request);
541 serialized = json_object_to_json_string(errMessage);
542 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
543 MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse);
544 MHD_destroy_response(webResponse);
545 json_object_put(errMessage); // decrease reference rqtcount to free the json object
568 static int doRestApiGet(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
571 struct MHD_Response *webResponse;
572 const char *serialized;
573 AFB_request *request = NULL;
576 // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);
578 // if post data may come in multiple calls
579 // this is a get we only need a request
580 request = createRequest(connection, session, url);
582 // Request is ready let's call API without any extra handle
583 status = findAndCallApi(request, NULL);
585 serialized = json_object_to_json_string(request->jresp);
586 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
588 // client did not pass token on URI let's use cookies
589 if ((!request->restfull) && (request->context != NULL)) {
591 snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
592 MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
594 // if requested add an error status
595 if (request->errcode != 0)
596 ret = MHD_queue_response(connection, request->errcode, webResponse);
598 MHD_queue_response(connection, MHD_HTTP_OK, webResponse);
600 MHD_destroy_response(webResponse);
601 json_object_put(request->jresp); // decrease reference rqtcount to free the json object
602 freeRequest(request);
606 int doRestApi(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
610 if (afbJsonType == NULL)
611 afbJsonType = json_object_new_string (AFB_MSG_JTYPE);
613 if (0 == strcmp(method, MHD_HTTP_METHOD_POST)) {
614 rc = doRestApiPost(connection, session, url, method, upload_data, upload_data_size, con_cls);
616 rc = doRestApiGet(connection, session, url, method, upload_data, upload_data_size, con_cls);