/* * Copyright (C) 2016 "IoT.bzh" * Author "Fulup Ar Foll" * Author José Bollo * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Contain all generic part to handle REST/API * * https://www.gnu.org/software/libmicrohttpd/tutorial.html [search 'largepost.c'] */ #define _GNU_SOURCE #include "../include/local-def.h" #include #include #include #include #define AFB_MSG_JTYPE "AJB_reply" #define JSON_CONTENT "application/json" #define FORM_CONTENT "multipart/form-data" /* TODO: replace with MHD_HTTP_POST_ENCODING_MULTIPART_FORMDATA */ static json_object *afbJsonType; // Because of POST call multiple time requestApi we need to free POST handle here // Note this method is called from http-svc just before closing session PUBLIC void endPostRequest(AFB_PostHandle * postHandle) { if (postHandle->type == AFB_POST_JSON) { // if (verbose) fprintf(stderr, "End PostJson Request UID=%d\n", postHandle->uid); } if (postHandle->type == AFB_POST_FORM) { if (verbose) fprintf(stderr, "End PostForm Request UID=%d\n", postHandle->uid); } if (postHandle->privatebuf) free(postHandle->privatebuf); free(postHandle); } // Check of apiurl is declare in this plugin and call it STATIC AFB_error callPluginApi(AFB_request * request, int plugidx, void *context) { json_object *jresp, *jcall, *jreqt; int idx, status, sig; AFB_clientCtx *clientCtx = NULL; AFB_plugin *plugin = request->plugins[plugidx]; int signals[] = { SIGALRM, SIGSEGV, SIGFPE, 0 }; /*--------------------------------------------------------------- | Signal handler defined inside CallPluginApi to access Request +---------------------------------------------------------------- */ void pluginError(int signum) { sigset_t sigset; // unlock signal to allow a new signal to come sigemptyset(&sigset); sigaddset(&sigset, signum); sigprocmask(SIG_UNBLOCK, &sigset, 0); fprintf(stderr, "Oops: Plugin Api Timeout timeout\n"); longjmp(request->checkPluginCall, signum); } // If a plugin hold this urlpath call its callback for (idx = 0; plugin->apis[idx].callback != NULL; idx++) { if (!strcmp(plugin->apis[idx].name, request->api)) { // Request was found and at least partially executed jreqt = json_object_new_object(); json_object_get(afbJsonType); // increate jsontype reference count json_object_object_add(jreqt, "jtype", afbJsonType); // prepare an object to store calling values jcall = json_object_new_object(); json_object_object_add(jcall, "prefix", json_object_new_string(plugin->prefix)); json_object_object_add(jcall, "api", json_object_new_string(plugin->apis[idx].name)); // save context before calling the API status = setjmp(request->checkPluginCall); if (status != 0) { // Plugin aborted somewhere during its execution json_object_object_add(jcall, "status", json_object_new_string("abort")); json_object_object_add(jcall, "info", json_object_new_string("Plugin broke during execution")); json_object_object_add(jreqt, "request", jcall); } else { // If timeout protection==0 we are in debug and we do not apply signal protection if (request->config->apiTimeout > 0) { for (sig = 0; signals[sig] != 0; sig++) { if (signal(signals[sig], pluginError) == SIG_ERR) { request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY; json_object_object_add(jcall, "status", json_object_new_string("fail")); json_object_object_add(jcall, "info", json_object_new_string("Setting Timeout Handler Failed")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } } // Trigger a timer to protect from unacceptable long time execution alarm((unsigned)request->config->apiTimeout); } // Out of SessionNone every call get a client context session if (AFB_SESSION_NONE != plugin->apis[idx].session) { // add client context to request clientCtx = ctxClientGet(request, plugidx); if (clientCtx == NULL) { request->errcode = MHD_HTTP_INSUFFICIENT_STORAGE; json_object_object_add(jcall, "status", json_object_new_string("fail")); json_object_object_add(jcall, "info", json_object_new_string("Client Session Context Full !!!")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; }; if (verbose) fprintf(stderr, "Plugin=[%s] Api=[%s] Middleware=[%d] Client=[%p] Uuid=[%s] Token=[%s]\n", request->prefix, request->api, plugin->apis[idx].session, clientCtx, clientCtx->uuid, clientCtx->token); switch (plugin->apis[idx].session) { case AFB_SESSION_CREATE: if (clientCtx->token[0] != '\0' && request->config->token[0] != '\0') { request->errcode = MHD_HTTP_UNAUTHORIZED; json_object_object_add(jcall, "status", json_object_new_string("exist")); json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Session already exist")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } if (AFB_SUCCESS != ctxTokenCreate(clientCtx, request)) { request->errcode = MHD_HTTP_UNAUTHORIZED; json_object_object_add(jcall, "status", json_object_new_string("fail")); json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CREATE Invalid Initial Token")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } else { json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid)); json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token)); json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout)); } break; case AFB_SESSION_RENEW: if (AFB_SUCCESS != ctxTokenRefresh(clientCtx, request)) { request->errcode = MHD_HTTP_UNAUTHORIZED; json_object_object_add(jcall, "status", json_object_new_string("fail")); json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_REFRESH Broken Exchange Token Chain")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } else { json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid)); json_object_object_add(jcall, "token", json_object_new_string(clientCtx->token)); json_object_object_add(jcall, "timeout", json_object_new_int(request->config->cntxTimeout)); } break; case AFB_SESSION_CLOSE: if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) { request->errcode = MHD_HTTP_UNAUTHORIZED; json_object_object_add(jcall, "status", json_object_new_string("empty")); json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CLOSE Not a Valid Access Token")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } else { json_object_object_add(jcall, "uuid", json_object_new_string(clientCtx->uuid)); } break; case AFB_SESSION_CHECK: default: // default action is check if (AFB_SUCCESS != ctxTokenCheck(clientCtx, request)) { request->errcode = MHD_HTTP_UNAUTHORIZED; json_object_object_add(jcall, "status", json_object_new_string("fail")); json_object_object_add(jcall, "info", json_object_new_string("AFB_SESSION_CHECK Invalid Active Token")); json_object_object_add(jreqt, "request", jcall); goto ExitOnDone; } break; } } // Effectively CALL PLUGIN API with a subset of the context jresp = plugin->apis[idx].callback(request, context); // Store context in case it was updated by plugins if (request->context != NULL) clientCtx->contexts[plugidx] = request->context; // handle intermediary Post Iterates out of band if ((jresp == NULL) && (request->errcode == MHD_HTTP_OK)) return (AFB_SUCCESS); // Session close is done after the API call so API can still use session in closing API if (AFB_SESSION_CLOSE == plugin->apis[idx].session) ctxTokenReset(clientCtx, request); // API should return NULL of a valid Json Object if (jresp == NULL) { json_object_object_add(jcall, "status", json_object_new_string("null")); json_object_object_add(jreqt, "request", jcall); request->errcode = MHD_HTTP_NO_RESPONSE; } else { json_object_object_add(jcall, "status", json_object_new_string("processed")); json_object_object_add(jreqt, "request", jcall); json_object_object_add(jreqt, "response", jresp); } // cancel timeout and plugin signal handle before next call if (request->config->apiTimeout > 0) { alarm(0); for (sig = 0; signals[sig] != 0; sig++) { signal(signals[sig], SIG_DFL); } } } goto ExitOnDone; } } return (AFB_FAIL); ExitOnDone: request->jresp = jreqt; return (AFB_DONE); } STATIC AFB_error findAndCallApi(AFB_request * request, void *context) { int idx; AFB_error status; if (!request->api || !request->prefix) return (AFB_FAIL); // Search for a plugin with this urlpath for (idx = 0; request->plugins[idx] != NULL; idx++) { if (!strcmp(request->plugins[idx]->prefix, request->prefix)) { status = callPluginApi(request, idx, context); break; } } // No plugin was found if (request->plugins[idx] == NULL) { request->jresp = jsonNewMessage(AFB_FATAL, "No Plugin=[%s] Url=%s", request->prefix, request->url); goto ExitOnError; } // plugin callback did not return a valid Json Object if (status == AFB_FAIL) { request->jresp = jsonNewMessage(AFB_FATAL, "No API=[%s] for Plugin=[%s] url=[%s]", request->api, request->prefix, request->url); goto ExitOnError; } // Everything look OK return (status); ExitOnError: request->errcode = MHD_HTTP_UNPROCESSABLE_ENTITY; return (AFB_FAIL); } // This CB is call for every item with a form post it reformat iterator values // and callback Plugin API for each Item within PostForm. STATIC int doPostIterate(void *cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *mimetype, const char *encoding, const char *data, uint64_t offset, size_t size) { AFB_error status; AFB_PostItem item; // retrieve API request from Post iterator handle AFB_PostHandle *postHandle = (AFB_PostHandle *) cls; AFB_request *request = (AFB_request *) postHandle->privatebuf; AFB_PostRequest postRequest; if (verbose) fprintf(stderr, "postHandle key=%s filename=%s len=%zu mime=%s\n", key, filename, size, mimetype); // Create and Item value for Plugin API item.kind = kind; item.key = key; item.filename = filename; item.mimetype = mimetype; item.encoding = encoding; item.len = size; item.data = data; item.offset = offset; // Reformat Request to make it somehow similar to GET/PostJson case postRequest.data = (char *)postHandle; postRequest.len = size; postRequest.type = AFB_POST_FORM;; request->post = &postRequest; // effectively call plugin API status = findAndCallApi(request, &item); // when returning no processing of postform stop if (status != AFB_SUCCESS) return MHD_NO; // let's allow iterator to move to next item return MHD_YES; } STATIC void freeRequest(AFB_request * request) { free(request->prefix); free(request->api); free(request); } STATIC AFB_request *createRequest(struct MHD_Connection *connection, AFB_session * session, const char *url) { AFB_request *request; // Start with a clean request request = calloc(1, sizeof(AFB_request)); char *urlcpy1, *urlcpy2; char *baseapi, *baseurl; // Extract plugin urlpath from request and make two copy because strsep overload copy urlcpy1 = urlcpy2 = strdup(url); baseurl = strsep(&urlcpy2, "/"); if (baseurl == NULL) { request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call url=[%s]", url); request->errcode = MHD_HTTP_BAD_REQUEST; goto Done; } // let's compute URL and call API baseapi = strsep(&urlcpy2, "/"); if (baseapi == NULL) { request->jresp = jsonNewMessage(AFB_FATAL, "Invalid API call plugin=[%s] url=[%s]", baseurl, url); request->errcode = MHD_HTTP_BAD_REQUEST; goto Done; } // build request structure request->connection = connection; request->config = session->config; request->url = url; request->prefix = strdup(baseurl); request->api = strdup(baseapi); request->plugins = session->plugins; // note request->handle is fed with request->context in ctxClientGet Done: free(urlcpy1); return (request); } static int doRestApiPost(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls) { static int postcount = 0; // static counter to debug POST protocol json_object *errMessage; AFB_error status; struct MHD_Response *webResponse; const char *serialized; AFB_request *request = NULL; AFB_PostHandle *postHandle; AFB_PostRequest postRequest; int ret; // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls); // if post data may come in multiple calls const char *encoding, *param; int contentlen = -1; postHandle = *con_cls; // This is the initial post event let's create form post structure POST data come in multiple events if (postHandle == NULL) { // allocate application POST processor handle to zero postHandle = calloc(1, sizeof(AFB_PostHandle)); postHandle->uid = postcount++; // build a UID for DEBUG *con_cls = postHandle; // update context with posthandle // Let make sure we have the right encoding and a valid length encoding = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_TYPE); // We are facing an empty post let's process it as a get if (encoding == NULL) { postHandle->type = AFB_POST_EMPTY; return MHD_YES; } // Form post is handle through a PostProcessor and call API once per form key if (strcasestr(encoding, FORM_CONTENT) != NULL) { if (verbose) fprintf(stderr, "Create doPostIterate[uid=%d posthandle=%p]\n", postHandle->uid, postHandle); request = createRequest(connection, session, url); if (request->jresp != NULL) goto ProcessApiCall; postHandle->type = AFB_POST_FORM; postHandle->privatebuf = (void *)request; postHandle->pp = MHD_create_post_processor(connection, MAX_POST_SIZE, &doPostIterate, postHandle); if (NULL == postHandle->pp) { fprintf(stderr, "OOPS: Internal error fail to allocate MHD_create_post_processor\n"); free(postHandle); return MHD_NO; } return MHD_YES; } // POST json is store into a buffer and present in one piece to API if (strcasestr(encoding, JSON_CONTENT) != NULL) { param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH); if (param) sscanf(param, "%i", &contentlen); // Because PostJson are build in RAM size is constrained if (contentlen > MAX_POST_SIZE) { errMessage = jsonNewMessage(AFB_FATAL, "Post Date to big %d > %d", contentlen, MAX_POST_SIZE); goto ExitOnError; } // Size is OK, let's allocate a buffer to hold post data postHandle->type = AFB_POST_JSON; postHandle->privatebuf = malloc((unsigned)contentlen + 1); // allocate memory for full POST data + 1 for '\0' enf of string // if (verbose) fprintf(stderr, "Create PostJson[uid=%d] Size=%d\n", postHandle->uid, contentlen); return MHD_YES; } else { // We only support Json and Form Post format errMessage = jsonNewMessage(AFB_FATAL, "Post Date wrong type encoding=%s != %s", encoding, JSON_CONTENT); goto ExitOnError; } } // This time we receive partial/all Post data. Note that even if we get all POST data. We should nevertheless // return MHD_YES and not process the request directly. Otherwise Libmicrohttpd is unhappy and fails with // 'Internal application error, closing connection'. if (*upload_data_size) { if (postHandle->type == AFB_POST_FORM) { // if (verbose) fprintf(stderr, "Processing PostForm[uid=%d]\n", postHandle->uid); MHD_post_process(postHandle->pp, upload_data, *upload_data_size); } // Process JsonPost request when buffer is completed let's call API if (postHandle->type == AFB_POST_JSON) { // if (verbose) fprintf(stderr, "Updating PostJson[uid=%d]\n", postHandle->uid); memcpy(&postHandle->privatebuf[postHandle->len], upload_data, *upload_data_size); postHandle->len = postHandle->len + *upload_data_size; } *upload_data_size = 0; return MHD_YES; } else { // we have finish with Post reception let's finish the work // Create a request structure to finalise the request request = createRequest(connection, session, url); if (request->jresp != NULL) { errMessage = request->jresp; goto ExitOnError; } postRequest.type = postHandle->type; // Postform add application context handle to request if (postHandle->type == AFB_POST_FORM) { postRequest.data = (char *)postHandle; request->post = &postRequest; } if (postHandle->type == AFB_POST_JSON) { // if (verbose) fprintf(stderr, "Processing PostJson[uid=%d]\n", postHandle->uid); param = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH); if (param) sscanf(param, "%i", &contentlen); // At this level we're may verify that we got everything and process DATA if (postHandle->len != contentlen) { errMessage = jsonNewMessage(AFB_FATAL, "Post Data Incomplete UID=%d Len %d != %d", postHandle->uid, contentlen, postHandle->len); goto ExitOnError; } // Before processing data, make sure buffer string is properly ended postHandle->privatebuf[postHandle->len] = '\0'; postRequest.data = postHandle->privatebuf; request->post = &postRequest; // if (verbose) fprintf(stderr, "Close Post[%d] Buffer=%s\n", postHandle->uid, request->post->data); } } ProcessApiCall: // Request is ready let's call API without any extra handle status = findAndCallApi(request, NULL); serialized = json_object_to_json_string(request->jresp); webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY); // client did not pass token on URI let's use cookies if ((!request->restfull) && (request->context != NULL)) { char cookie[256]; snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout); MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie); } // if requested add an error status if (request->errcode != 0) ret = MHD_queue_response(connection, request->errcode, webResponse); else MHD_queue_response(connection, MHD_HTTP_OK, webResponse); MHD_destroy_response(webResponse); json_object_put(request->jresp); // decrease reference rqtcount to free the json object freeRequest(request); return MHD_YES; ExitOnError: freeRequest(request); serialized = json_object_to_json_string(errMessage); webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY); MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse); MHD_destroy_response(webResponse); json_object_put(errMessage); // decrease reference rqtcount to free the json object return MHD_YES; } static int doRestApiGet(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls) { static int postcount = 0; // static counter to debug POST protocol json_object *errMessage; AFB_error status; struct MHD_Response *webResponse; const char *serialized; AFB_request *request = NULL; AFB_PostHandle *postHandle; AFB_PostRequest postRequest; int ret; // fprintf (stderr, "doRestAPI method=%s posthandle=%p\n", method, con_cls); // if post data may come in multiple calls // this is a get we only need a request request = createRequest(connection, session, url); ProcessApiCall: // Request is ready let's call API without any extra handle status = findAndCallApi(request, NULL); serialized = json_object_to_json_string(request->jresp); webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY); // client did not pass token on URI let's use cookies if ((!request->restfull) && (request->context != NULL)) { char cookie[256]; snprintf(cookie, sizeof(cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi, request->config->cntxTimeout); MHD_add_response_header(webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie); } // if requested add an error status if (request->errcode != 0) ret = MHD_queue_response(connection, request->errcode, webResponse); else MHD_queue_response(connection, MHD_HTTP_OK, webResponse); MHD_destroy_response(webResponse); json_object_put(request->jresp); // decrease reference rqtcount to free the json object freeRequest(request); return MHD_YES; ExitOnError: freeRequest(request); serialized = json_object_to_json_string(errMessage); webResponse = MHD_create_response_from_buffer(strlen(serialized), (void *)serialized, MHD_RESPMEM_MUST_COPY); MHD_queue_response(connection, MHD_HTTP_BAD_REQUEST, webResponse); MHD_destroy_response(webResponse); json_object_put(errMessage); // decrease reference rqtcount to free the json object return MHD_YES; } int doRestApi(struct MHD_Connection *connection, AFB_session * session, const char *url, const char *method, const char *upload_data, size_t * upload_data_size, void **con_cls) { int rc; if (0 == strcmp(method, MHD_HTTP_METHOD_POST)) { rc = doRestApiPost(connection, session, url, method, upload_data, upload_data_size, con_cls); } else { rc = doRestApiGet(connection, session, url, method, upload_data, upload_data_size, con_cls); } return rc; }