2 * Copyright (C) 2016 "IoT.bzh"
3 * Author "Fulup Ar Foll"
4 * Author José Bollo <jose.bollo@iot.bzh>
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * Contain all generic part to handle REST/API
21 * https://www.gnu.org/software/libmicrohttpd/tutorial.html [search 'largepost.c']
26 #include "../include/local-def.h"
33 #define AFB_MSG_JTYPE "AJB_reply"
35 #define JSON_CONTENT "application/json"
36 #define FORM_CONTENT "multipart/form-data" /* TODO: replace with MHD_HTTP_POST_ENCODING_MULTIPART_FORMDATA */
38 static json_object *afbJsonType;
40 // Because of POST call multiple time requestApi we need to free POST handle here
41 // Note this method is called from http-svc just before closing session
42 PUBLIC void endPostRequest(AFB_PostHandle * postHandle)
45 if (postHandle->type == AFB_POST_JSON) {
46 // if (verbose) fprintf(stderr, "End PostJson Request UID=%d\n", postHandle->uid);
49 if (postHandle->type == AFB_POST_FORM) {
51 fprintf(stderr, "End PostForm Request UID=%d\n", postHandle->uid);
53 if (postHandle->privatebuf)
54 free(postHandle->privatebuf);
58 // Check of apiurl is declare in this plugin and call it
59 STATIC AFB_error callPluginApi(AFB_request * request, int plugidx, void *context)
61 json_object *jresp, *jcall, *jreqt;
63 AFB_clientCtx *clientCtx = NULL;
64 AFB_plugin *plugin = request->plugins[plugidx];
65 int signals[] = { SIGALRM, SIGSEGV, SIGFPE, 0 };
67 /*---------------------------------------------------------------
68 | Signal handler defined inside CallPluginApi to access Request
69 +---------------------------------------------------------------- */
70 void pluginError(int signum) {
73 // unlock signal to allow a new signal to come
75 sigaddset(&sigset, signum);
76 sigprocmask(SIG_UNBLOCK, &sigset, 0);
78 fprintf(stderr, "Oops: Plugin Api Timeout timeout\n");
79 longjmp(request->checkPluginCall, signum);
82 // If a plugin hold this urlpath call its callback
83 for (idx = 0; plugin->apis[idx].callback != NULL; idx++) {
84 if (!strcmp(plugin->apis[idx].name, request->api)) {
86 // Request was found and at least partially executed
87 jreqt = json_object_new_object();
88 json_object_get(afbJsonType); // increate jsontype reference count
89 json_object_object_add(jreqt, "jtype", afbJsonType);
91 // prepare an object to store calling values
92 jcall = json_object_new_object();
93 json_object_object_add(jcall, "prefix", json_object_new_string(plugin->prefix));
94 json_object_object_add(jcall, "api", json_object_new_string(plugin->apis[idx].name));
96 // save context before calling the API
97 status = setjmp(request->checkPluginCall);
100 // Plugin aborted somewhere during its execution
101 json_object_object_add(jcall, "status", json_object_new_string("abort"));
102 json_object_object_add(jcall, "info", json_object_new_string("Plugin broke during execution"));
103 json_object_object_add(jreqt, "request", jcall);
107 // If timeout protection==0 we are in debug and we do not apply signal protection
108 if (request->config->apiTimeout > 0) {
109 for (sig = 0; signals[sig] != 0; sig++) {
110 if (signal(signals[sig], pluginError) == SIG_ERR) {
111 request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
112 json_object_object_add(jcall, "status", json_object_new_string("fail"));
113 json_object_object_add(jcall, "info", json_object_new_string("Setting Timeout Handler Failed"));
114 json_object_object_add(jreqt, "request", jcall);
118 // Trigger a timer to protect from unacceptable long time execution
119 alarm((unsigned)request->config->apiTimeout);
121 // Out of SessionNone every call get a client context session
122 if (AFB_SESSION_NONE != plugin->apis[idx].session) {
124 // add client context to request
125 clientCtx = ctxClientGet(request, plugidx);
126 if (clientCtx == NULL) {
127 request->errcode = MHD_HTTP_INSUFFICIENT_STORAGE;
128 json_object_object_add(jcall, "status", json_object_new_string("fail"));
129 json_object_object_add(jcall, "info", json_object_new_string("Client Session Context Full !!!"));
130 json_object_object_add(jreqt, "request", jcall);
135 fprintf(stderr, "Plugin=[%s] Api=[%s] Middleware=[%d] Client=[%p] Uuid=[%s] Token=[%s]\n", request->prefix, request->api, plugin->apis[idx].session, clientCtx, clientCtx->uuid, clientCtx->token);
137 switch (plugin->apis[idx].session) {
139 case AFB_SESSION_CREATE:
140 if (clientCtx->token[0] != '\0' && request->config->token[0] != '\0') {
141 request->errcode = MHD_HTTP_UNAUTHORIZED;
142 json_object_object_add(jcall, "status", json_object_new_string("exist"));
143 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Session already exist"));
144 json_object_object_add(jreqt, "request", jcall);
148 if (AFB_SUCCESS != ctxTokenCreate(clientCtx, request)) {
149 request->errcode = MHD_HTTP_UNAUTHORIZED;
150 json_object_object_add(jcall, "status", json_object_new_string("fail"));
151 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Invalid Initial Token"));
152 json_object_object_add(jreqt, "request", jcall);
155 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
156 json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
157 json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
161 case AFB_SESSION_RENEW:
162 if (AFB_SUCCESS != ctxTokenRefresh(clientCtx, request)) {
163 request->errcode = MHD_HTTP_UNAUTHORIZED;
164 json_object_object_add(jcall, "status", json_object_new_string("fail"));
165 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_REFRESH Broken Exchange Token Chain"));
166 json_object_object_add(jreqt, "request", jcall);
169 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
170 json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token));
171 json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout));
175 case AFB_SESSION_CLOSE:
176 if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
177 request->errcode = MHD_HTTP_UNAUTHORIZED;
178 json_object_object_add(jcall, "status", json_object_new_string("empty"));
179 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CLOSE Not a Valid Access Token"));
180 json_object_object_add(jreqt, "request", jcall);
183 json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid));
187 case AFB_SESSION_CHECK:
189 // default action is check
190 if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) {
191 request->errcode = MHD_HTTP_UNAUTHORIZED;
192 json_object_object_add(jcall, "status", json_object_new_string("fail"));
193 json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CHECK Invalid Active Token"));
194 json_object_object_add(jreqt, "request", jcall);
200 // Effectively CALL PLUGIN API with a subset of the context
201 jresp = plugin->apis[idx].callback(request, context);
203 // Store context in case it was updated by plugins
204 if (request->context != NULL)
205 clientCtx->contexts[plugidx] = request->context;
207 // handle intermediary Post Iterates out of band
209 && (request->errcode == MHD_HTTP_OK))
210 return (AFB_SUCCESS);
212 // Session close is done after the API call so API can still use session in closing API
213 if (AFB_SESSION_CLOSE == plugin->apis[idx].session)
214 ctxTokenReset(clientCtx, request);
216 // API should return NULL of a valid Json Object
218 json_object_object_add(jcall, "status", json_object_new_string("null"));
219 json_object_object_add(jreqt, "request", jcall);
220 request->errcode = MHD_HTTP_NO_RESPONSE;
223 json_object_object_add(jcall, "status", json_object_new_string("processed"));
224 json_object_object_add(jreqt, "request", jcall);
225 json_object_object_add(jreqt, "response", jresp);
227 // cancel timeout and plugin signal handle before next call
228 if (request->config->apiTimeout > 0) {
230 for (sig = 0; signals[sig] != 0; sig++) {
231 signal(signals[sig], SIG_DFL);
241 request->jresp = jreqt;
245 STATIC AFB_error findAndCallApi(AFB_request * request, void *context)
250 if (!request->api || !request->prefix)
253 // Search for a plugin with this urlpath
254 for (idx = 0; request->plugins[idx] != NULL; idx++) {
255 if (!strcmp(request->plugins[idx]->prefix, request->prefix)) {
256 status = callPluginApi(request, idx, context);
260 // No plugin was found
261 if (request->plugins[idx] == NULL) {
262 request->jresp = jsonNewMessage(AFB_FATAL, "No Plugin=[%s] Url=%s", request->prefix, request->url);
265 // plugin callback did not return a valid Json Object
266 if (status == AFB_FAIL) {
267 request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->api, request->prefix, request->url);
270 // Everything look OK
274 request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY;
278 // This CB is call for every item with a form post it reformat iterator values
279 // and callback Plugin API for each Item within PostForm.
280 STATIC int doPostIterate(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *mimetype, const char *encoding, const char *data, uint64_t offset, size_t size)
286 // retrieve API request from Post iterator handle
287 AFB_PostHandle *postHandle = (AFB_PostHandle *) cls;
288 AFB_request *request = (AFB_request *) postHandle->privatebuf;
289 AFB_PostRequest postRequest;
292 fprintf(stderr, "postHandle key=%s filename=%s len=%zu mime=%s\n", key, filename, size, mimetype);
294 // Create and Item value for Plugin API
297 item.filename = filename;
298 item.mimetype = mimetype;
299 item.encoding = encoding;
302 item.offset = offset;
304 // Reformat Request to make it somehow similar to GET/PostJson case
305 postRequest.data = (char *)postHandle;
306 postRequest.len = size;
307 postRequest.type = AFB_POST_FORM;;
308 request->post = &postRequest;
310 // effectively call plugin API
311 status = findAndCallApi(request, &item);
312 // when returning no processing of postform stop
313 if (status != AFB_SUCCESS)
316 // let's allow iterator to move to next item
320 STATIC void freeRequest(AFB_request * request)
323 free(request->prefix);
328 STATIC AFB_request *createRequest(struct MHD_Connection *connection, AFB_session * session, const char *url)
331 AFB_request *request;
333 // Start with a clean request
334 request = calloc(1, sizeof(AFB_request));
335 char *urlcpy1, *urlcpy2;
336 char *baseapi, *baseurl;
338 // Extract plugin urlpath from request and make two copy because strsep overload copy
339 urlcpy1 = urlcpy2 = strdup(url);
340 baseurl = strsep(&urlcpy2, "/");
341 if (baseurl == NULL) {
342 request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call url=[%s]", url);
343 request->errcode = MHD_HTTP_BAD_REQUEST;
346 // let's compute URL and call API
347 baseapi = strsep(&urlcpy2, "/");
348 if (baseapi == NULL) {
349 request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call plugin=[%s] url=[%s]", baseurl, url);
350 request->errcode = MHD_HTTP_BAD_REQUEST;
353 // build request structure
354 request->connection = connection;
355 request->config = session->config;
357 request->prefix = strdup(baseurl);
358 request->api = strdup(baseapi);
359 request->plugins = session->plugins;
360 // note request->handle is fed with request->context in ctxClientGet
381 static int doRestApiPost(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
384 static int postcount = 0; // static counter to debug POST protocol
385 json_object *errMessage;
387 struct MHD_Response *webResponse;
388 const char *serialized;
389 AFB_request *request = NULL;
390 AFB_PostHandle *postHandle;
391 AFB_PostRequest postRequest;
394 // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);
396 // if post data may come in multiple calls
397 const char *encoding, *param;
399 postHandle = *con_cls;
401 // This is the initial post event let's create form post structure POST data come in multiple events
402 if (postHandle == NULL) {
404 // allocate application POST processor handle to zero
405 postHandle = calloc(1, sizeof(AFB_PostHandle));
406 postHandle->uid = postcount++; // build a UID for DEBUG
407 *con_cls = postHandle; // update context with posthandle
409 // Let make sure we have the right encoding and a valid length
410 encoding = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_TYPE);
412 // We are facing an empty post let's process it as a get
413 if (encoding == NULL) {
414 postHandle->type = AFB_POST_EMPTY;
417 // Form post is handle through a PostProcessor and call API once per form key
418 if (strcasestr(encoding, FORM_CONTENT) != NULL) {
420 fprintf(stderr, "Create doPostIterate[uid=%d posthandle=%p]\n", postHandle->uid, postHandle);
422 request = createRequest(connection, session, url);
423 if (request->jresp != NULL)
425 postHandle->type = AFB_POST_FORM;
426 postHandle->privatebuf = (void *)request;
427 postHandle->pp = MHD_create_post_processor(connection, MAX_POST_SIZE, &doPostIterate, postHandle);
429 if (NULL == postHandle->pp) {
430 fprintf(stderr, "OOPS: Internal error fail to allocate MHD_create_post_processor\n");
436 // POST json is store into a buffer and present in one piece to API
437 if (strcasestr(encoding, JSON_CONTENT) != NULL) {
439 param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
441 sscanf(param, "%i", &contentlen);
443 // Because PostJson are build in RAM size is constrained
444 if (contentlen > MAX_POST_SIZE) {
445 errMessage = jsonNewMessage(AFB_FATAL, "Post Date to big %d > %d", contentlen, MAX_POST_SIZE);
448 // Size is OK, let's allocate a buffer to hold post data
449 postHandle->type = AFB_POST_JSON;
450 postHandle->privatebuf = malloc((unsigned)contentlen + 1); // allocate memory for full POST data + 1 for '\0' enf of string
452 // if (verbose) fprintf(stderr, "Create PostJson[uid=%d] Size=%d\n", postHandle->uid, contentlen);
456 // We only support Json and Form Post format
457 errMessage = jsonNewMessage(AFB_FATAL, "Post Date wrong type encoding=%s != %s", encoding, JSON_CONTENT);
461 // This time we receive partial/all Post data. Note that even if we get all POST data. We should nevertheless
462 // return MHD_YES and not process the request directly. Otherwise Libmicrohttpd is unhappy and fails with
463 // 'Internal application error, closing connection'.
464 if (*upload_data_size) {
466 if (postHandle->type == AFB_POST_FORM) {
467 // if (verbose) fprintf(stderr, "Processing PostForm[uid=%d]\n", postHandle->uid);
468 MHD_post_process(postHandle->pp, upload_data, *upload_data_size);
470 // Process JsonPost request when buffer is completed let's call API
471 if (postHandle->type == AFB_POST_JSON) {
472 // if (verbose) fprintf(stderr, "Updating PostJson[uid=%d]\n", postHandle->uid);
473 memcpy(&postHandle->privatebuf[postHandle->len], upload_data, *upload_data_size);
474 postHandle->len = postHandle->len + *upload_data_size;
477 *upload_data_size = 0;
480 } else { // we have finish with Post reception let's finish the work
482 // Create a request structure to finalise the request
483 request = createRequest(connection, session, url);
484 if (request->jresp != NULL) {
485 errMessage = request->jresp;
488 postRequest.type = postHandle->type;
490 // Postform add application context handle to request
491 if (postHandle->type == AFB_POST_FORM) {
492 postRequest.data = (char *)postHandle;
493 request->post = &postRequest;
496 if (postHandle->type == AFB_POST_JSON) {
497 // if (verbose) fprintf(stderr, "Processing PostJson[uid=%d]\n", postHandle->uid);
499 param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH);
501 sscanf(param, "%i", &contentlen);
503 // At this level we're may verify that we got everything and process DATA
504 if (postHandle->len != contentlen) {
505 errMessage = jsonNewMessage(AFB_FATAL, "Post Data Incomplete UID=%d Len %d != %d", postHandle->uid, contentlen, postHandle->len);
508 // Before processing data, make sure buffer string is properly ended
509 postHandle->privatebuf[postHandle->len] = '\0';
510 postRequest.data = postHandle->privatebuf;
511 request->post = &postRequest;
513 // if (verbose) fprintf(stderr, "Close Post[%d] Buffer=%s\n", postHandle->uid, request->post->data);
518 // Request is ready let's call API without any extra handle
519 status = findAndCallApi(request, NULL);
521 serialized = json_object_to_json_string(request->jresp);
522 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
524 // client did not pass token on URI let's use cookies
525 if ((!request->restfull) && (request->context != NULL)) {
527 snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
528 MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
530 // if requested add an error status
531 if (request->errcode != 0)
532 ret = MHD_queue_response(connection, request->errcode, webResponse);
534 MHD_queue_response(connection, MHD_HTTP_OK, webResponse);
536 MHD_destroy_response(webResponse);
537 json_object_put(request->jresp); // decrease reference rqtcount to free the json object
538 freeRequest(request);
542 freeRequest(request);
543 serialized = json_object_to_json_string(errMessage);
544 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
545 MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse);
546 MHD_destroy_response(webResponse);
547 json_object_put(errMessage); // decrease reference rqtcount to free the json object
570 static int doRestApiGet(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
573 static int postcount = 0; // static counter to debug POST protocol
574 json_object *errMessage;
576 struct MHD_Response *webResponse;
577 const char *serialized;
578 AFB_request *request = NULL;
579 AFB_PostHandle *postHandle;
580 AFB_PostRequest postRequest;
583 // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls);
585 // if post data may come in multiple calls
586 // this is a get we only need a request
587 request = createRequest(connection, session, url);
590 // Request is ready let's call API without any extra handle
591 status = findAndCallApi(request, NULL);
593 serialized = json_object_to_json_string(request->jresp);
594 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
596 // client did not pass token on URI let's use cookies
597 if ((!request->restfull) && (request->context != NULL)) {
599 snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout);
600 MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
602 // if requested add an error status
603 if (request->errcode != 0)
604 ret = MHD_queue_response(connection, request->errcode, webResponse);
606 MHD_queue_response(connection, MHD_HTTP_OK, webResponse);
608 MHD_destroy_response(webResponse);
609 json_object_put(request->jresp); // decrease reference rqtcount to free the json object
610 freeRequest(request);
614 freeRequest(request);
615 serialized = json_object_to_json_string(errMessage);
616 webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY);
617 MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse);
618 MHD_destroy_response(webResponse);
619 json_object_put(errMessage); // decrease reference rqtcount to free the json object
623 int doRestApi(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls)
627 if (0 == strcmp(method, MHD_HTTP_METHOD_POST)) {
628 rc = doRestApiPost(connection, session, url, method, upload_data, upload_data_size, con_cls);
630 rc = doRestApiGet(connection, session, url, method, upload_data, upload_data_size, con_cls);