/* * Copyright 2023, Vincent Douillet * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * 3. Neither the name of the copyright holder nor the names of its contributors * may be used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include "browse.h" #include "cgi.h" #include "http.h" #include "template.h" #include "upload.h" #include "url.h" /* * upload url = r->pname / UPLOAD_URL / file->path */ size_t build_upload_url(const struct kreq * r, struct file * file) { char action_url[PATH_MAX]; size_t action_url_len; if (!file->is_dir) return 0; action_url_len = url_build(action_url, PATH_MAX, r->pname, UPLOAD_URL, file->path, NULL); if (action_url_len == 0 || action_url_len >= PATH_MAX) { kutil_warn(r, NULL, "upload: action URL overflow: %s", action_url); return 0; } file->action_url = strndup(action_url, action_url_len); if (file->action_url == NULL) { kutil_warn(r, NULL, "upload: unable to allocate file url buffer: %s", action_url); return 0; } return action_url_len; } /* * data required in the template functions */ struct template_data { struct kreq *r; struct khtmlreq *html; struct file *f; }; static const char *const header_template_keys[] = {"path", "submit_url"}; static int header_template_callback(size_t index, void *arg) { struct kreq *r; struct khtmlreq *html; struct template_data *data; if (arg == NULL) { kutil_warn(NULL, NULL, "Invalid data for upload header template"); return 0; } data = arg; r = data->r; html = data->html; switch (index) { case 0: /* path */ K_OK(khtml_puts(html, data->f->path), r); break; case 1: /* submit_url */ K_OK(khtml_puts(html, data->f->action_url), r); break; default: kutil_warnx(r, NULL, "Invalid key index for upload header template: %zd", index); return 0; } return 1; } /* * GET request, we print upload form */ void upload_get(struct kreq * r, struct http_ret * ret, struct file * file) { struct khtmlreq html; struct ktemplate template; struct page_template *tmpl; struct template_data data; tmpl = NULL; /* action url is form submit url */ if (build_upload_url(r, file) == 0) { *ret = (struct http_ret) { KHTTP_500, "upload: Can't build upload url" }; goto end; } /* read template */ tmpl = page_template_new(UPLOAD_URL); if (tmpl == NULL) { *ret = (struct http_ret) { KHTTP_500, "upload: Unable to read template" }; goto end; } /* print upload form */ http_open(r, KHTTP_200, r->mime); K_OK(khttp_puts(r, tmpl->header), r); K_OK(khtml_open(&html, r, 0), r); template.key = header_template_keys; template.keysz = 2; template.cb = header_template_callback; template.arg = &data; data.r = r; data.html = &html; data.f = file; K_OK(khttp_template_buf(r, &template, tmpl->page_header, strlen(tmpl->page_header)), r); K_OK(khttp_puts(r, tmpl->page_footer), r); K_OK(khttp_puts(r, tmpl->footer), r); K_OK(khtml_close(&html), r); end: page_template_free(tmpl); } /* * POST request, we handle upload form */ void upload_post(struct kreq * r, struct http_ret * ret, struct file * f) { char path[PATH_MAX]; FILE *to_write; size_t path_len, i; /* prepare action url for return redirection in case of success */ if (build_browse_url(r, f) == 0) { *ret = (struct http_ret) { KHTTP_500, "upload: can't build return url" }; return; } /* * data should have been validated prior to handling the request, so * here we should have an array of fields named "file", each field * corresponding to one uploaded file */ for (i = 0; i < r->fieldsz; i++) { struct kpair *upl = &(r->fields[i]); path_len = file_get_data_path(f, path, PATH_MAX, upl->file); if (path_len == 0 || path_len >= PATH_MAX) { *ret = (struct http_ret) { KHTTP_500, "upload: can't build file path" }; return; } to_write = fopen(path, "wb"); if (to_write == NULL) { *ret = (struct http_ret) { KHTTP_500, "upload: can't open file for writing" }; return; } if (fwrite(upl->val, sizeof(char), upl->valsz, to_write) != upl->valsz) { *ret = (struct http_ret) { KHTTP_500, "upload: error while writing file" }; return; } if (fclose(to_write) != 0) { *ret = (struct http_ret) { KHTTP_500, "upload: error while closing file" }; return; } } /* on success, redirect to the directory where new files were created */ khttp_head(r, kresps[KRESP_LOCATION], "%s", f->action_url); http_open(r, KHTTP_303, r->mime); *ret = (struct http_ret) { KHTTP_303, "" }; } struct http_ret upload(struct kreq * r) { struct file *file; struct http_ret ret; file = NULL; ret = (struct http_ret) { KHTTP_200, "" }; /* build file corresponding to request (ie. upload) path */ file = file_new(r->path); if (file == NULL) { ret = (struct http_ret) { KHTTP_404, "upload: Unable to build data file" }; goto end; } /* print form or handle submission according to HTTP method */ if (r->method == KMETHOD_POST) upload_post(r, &ret, file); else upload_get(r, &ret, file); end: file_free(file); return ret; }