-
Notifications
You must be signed in to change notification settings - Fork 1
/
cgi.cpp
358 lines (317 loc) · 10.9 KB
/
cgi.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
#include <cstdio>
#ifdef _WIN32
#include <process.h>
#else
#include <unistd.h>
extern char **environ;
#endif
#include <cstdlib>
#include <fcgio.h>
#include "database.h"
#include "insults.h"
#include "template.h"
static bool startswith(const std::string &str, const std::string &prefix)
{
return str.compare(0, prefix.length(), prefix) == 0;
}
static int base16_decode(char e)
{
if(e >= '0' && e <= '9')
return (unsigned char)(e - '0');
else if(e >= 'a' && e <= 'f')
return (unsigned char)(e - 'a' + 10);
else if(e >= 'A' && e <= 'F')
return (unsigned char)(e - 'A' + 10);
else
return -1;
}
class URLValidator {
private:
unsigned char m_Table[256];
public:
static const char *const ALLOWED_CHARS;
URLValidator();
bool operator()(const std::string &url);
} valid_url;
const char *const URLValidator::ALLOWED_CHARS =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789"
"-._~:/?#[]@!$&'()*+,;="
"%";
URLValidator::URLValidator()
{
for(size_t i = 0; i <= 255; ++i)
m_Table[i] = 0;
for(const char *c = ALLOWED_CHARS; *c != 0; ++c)
m_Table[(size_t)(unsigned char)*c] = 1;
}
bool URLValidator::operator()(const std::string &url)
{
if(!startswith(url, "http:https://") && !startswith(url, "https://") &&
!startswith(url, "ftp:https://"))
return false;
for(size_t i = 0; i < url.size(); ++i)
{
const unsigned char c = url[i];
if(!m_Table[(size_t)c])
return false;
}
return true;
}
static std::string get_var(const std::string &formdata,
const std::string &var)
{
std::string buffer;
enum EState { VARNAME, VALUE, WRONGVALUE };
EState state = VARNAME;
for(size_t i = 0; i < formdata.size(); ++i)
{
switch(state)
{
case VARNAME:
if(formdata[i] == '=')
{
if(buffer == var)
state = VALUE;
else
state = WRONGVALUE;
buffer = "";
}
else
buffer += formdata[i];
break;
case VALUE:
if(formdata[i] == '&')
return buffer;
else if(formdata[i] == '+')
buffer += ' ';
else if(formdata[i] == '%')
{
if(i + 2 >= formdata.size())
{
buffer += formdata.substr(i);
i = formdata.size();
}
else
{
int char1 = base16_decode(formdata[i+1]);
int char2 = base16_decode(formdata[i+2]);
if(char1 < 0 || char2 < 0)
buffer += formdata.substr(i, 3);
else
buffer += (char)((char1 << 4) | char2);
i += 2;
}
}
else
buffer += formdata[i];
break;
case WRONGVALUE:
if(formdata[i] == '&')
state = VARNAME;
break;
}
}
if(state == VALUE)
return buffer;
return "";
}
// Maximum number of bytes allowed to be read from stdin
static const unsigned long REQ_IN_MAX = 10000;
static std::string get_req(FCGX_Request *request,
std::istream &req_in, std::ostream &req_err)
{
char *clenstr = FCGX_GetParam("CONTENT_LENGTH", request->envp);
unsigned long clen = REQ_IN_MAX;
std::string content;
if(clenstr)
{
clen = std::strtol(clenstr, &clenstr, 10);
if(*clenstr)
{
req_err << "can't parse \"CONTENT_LENGTH="
<< FCGX_GetParam("CONTENT_LENGTH", request->envp)
<< "\"\n";
clen = REQ_IN_MAX;
}
// *always* put a cap on the amount of data that will be read
else if(clen > REQ_IN_MAX)
clen = REQ_IN_MAX;
content.resize(clen);
req_in.read(&content[0], clen);
clen = req_in.gcount();
}
else
{
// *never* read req_in when CONTENT_LENGTH is missing or unparsable
clen = 0;
}
// Chew up any remaining req_in - this shouldn't be necessary
// but is because mod_fastcgi doesn't handle it correctly.
// ignore() doesn't set the eof bit in some versions of glibc++
// so use gcount() instead of eof()...
do
req_in.ignore(1024);
while(req_in.gcount() == 1024);
return content;
}
int main()
{
const char *db_path = getenv("DATABASE_PATH");
if(!db_path || db_path[0] == 0)
return 1;
std::string tpl_path;
{
const char *tpl_path_ = getenv("TEMPLATES_PATH");
if(!tpl_path_ || tpl_path_[0] == 0)
return 1;
tpl_path = tpl_path_;
}
Template index(tpl_path + "/index.html");
Template error(tpl_path + "/error.html");
Template created(tpl_path + "/created.html");
Insults insults;
Generator gen(insults.CHOICES);
Database db(db_path, gen);
FCGX_Request request;
FCGX_Init();
FCGX_InitRequest(&request, 0, 0);
while(FCGX_Accept_r(&request) == 0)
{
// Note that the default bufsize (0) will cause the use of iostream
// methods that require positioning (such as peek(), seek(),
// unget() and putback()) to fail (in favour of more efficient IO).
fcgi_streambuf in_fcgi_streambuf(request.in);
fcgi_streambuf out_fcgi_streambuf(request.out);
fcgi_streambuf err_fcgi_streambuf(request.err);
std::istream req_in(&in_fcgi_streambuf);
std::ostream req_out(&out_fcgi_streambuf);
std::ostream req_err(&err_fcgi_streambuf);
// Although FastCGI supports writing before reading,
// many http clients (browsers) don't support it (so
// the connection deadlocks until a timeout expires!).
std::string content = get_req(&request, req_in, req_err);
// Gets method and path from environment
std::string method, uri, host, remote_addr;
{
const char *const *envp = request.envp;
for(; *envp; ++envp)
{
if(startswith(*envp, "REQUEST_URI="))
uri = (*envp) + 12;
else if(startswith(*envp, "REQUEST_METHOD="))
method = (*envp) + 15;
else if(startswith(*envp, "HTTP_HOST="))
host = (*envp) + 10;
else if(startswith(*envp, "REMOTE_ADDR="))
remote_addr = (*envp) + 12;
}
}
if(startswith(host, "localhost") ||
startswith(host, "127.") ||
startswith(host, "www.clique-salope.ovh") ||
startswith(host, "clique-salope.ovh"))
{
if(method == "GET" && uri == "/")
{
req_out << "Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
index.render(req_out);
}
else if(method == "POST" && uri == "/")
{
std::string their_url = get_var(content, "url");
if(their_url.empty() || !valid_url(their_url))
{
req_out << "Status: 404 Not Found\r\n"
"Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
error.render(req_out, {
"message",
"T'as oubli\xC3\xA9 l'URL, face de pet ?"});
}
else
{
Key new_key = db.nextState();
std::string our_url = insults.generate(new_key);
db.storeURL(our_url, their_url, remote_addr);
req_out << "Status: 303 See Other\r\n"
"Server: insurlt\r\n"
"Location: /created?" << new_key << "\r\n"
"Content-type: text/plain\r\n"
"\r\n"
"http:https://" << our_url << "/\n";
}
}
else if(startswith(uri, "/created?"))
{
char *endptr;
Key key = std::strtol(uri.c_str() + 9, &endptr, 10);
if(*endptr)
{
req_out << "Status: 404 Not Found\r\n"
"Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
error.render(req_out, {
"message",
"Il manque un num\xC3\xA9ro, b\xC3\xA2tard"});
}
else
{
std::string our_url = insults.generate(key);
req_out << "Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
created.render(req_out, {
"url", ("http:https://" + our_url + "/").c_str()});
}
}
else
{
req_out << "Status: 404 Not Found\r\n"
"Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
error.render(req_out, {
"message",
"Il n'y a rien ici. T'es perdu, grosse merde ?"});
}
}
else
{
std::string our_url = host;
size_t end = our_url.find_first_of(":/");
if(end != std::string::npos)
our_url = our_url.substr(0, end);
std::string their_url = db.resolveURL(our_url, true);
if(their_url.empty())
{
req_out << "Status: 404 Not Found\r\n"
"Server: insurlt\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n";
error.render(req_out, {
"message",
"Il n'y a rien ici. T'es perdu, grosse merde ?"});
}
else
{
req_out << "Status: 301 Moved Permanently\r\n"
"Server: insurlt\r\n"
"Location: " << their_url << "\r\n"
"Content-type: text/plain\r\n"
"\r\n"
<< their_url << "\n";
}
}
// If the output streambufs had non-zero bufsizes and
// were constructed outside of the accept loop (i.e.
// their destructor won't be called here), they would
// have to be flushed here.
}
return 0;
}