-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstatic.c
108 lines (83 loc) · 2.83 KB
/
static.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/*
* Copyright (c) 2015-2019 Josef 'Jeff' Sipek <[email protected]>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <jeffpc/error.h>
#include "static.h"
#include "utils.h"
struct uri_info {
const char *uri;
const char *content_type; /* required for URI_STATIC */
enum uri_type type;
};
static const struct uri_info safe_uris[] = {
{ "/", NULL, URI_DYNAMIC, },
{ "/bug.png", "image/png", URI_STATIC, },
{ "/favicon.ico", "image/png", URI_STATIC, },
{ "/style.css", "text/css", URI_STATIC, },
{ "/wiki.png", "image/png", URI_STATIC, },
{ NULL, NULL, URI_BAD, },
};
static const struct uri_info *get_uri_info(const char *path)
{
int i;
if (!path)
return NULL;
if (hasdotdot(path))
return NULL;
for (i = 0; safe_uris[i].uri; i++) {
if (!strcmp(safe_uris[i].uri, path))
return &safe_uris[i];
}
return NULL;
}
enum uri_type get_uri_type(struct str *path)
{
const struct uri_info *info;
info = get_uri_info(str_cstr(path));
str_putref(path);
return info ? info->type : URI_BAD;
}
int blahg_static(struct req *req)
{
char path[FILENAME_MAX];
const struct uri_info *info;
struct str *uri_str;
const char *uri;
uri_str = nvl_lookup_str(req->scgi->request.headers, SCGI_DOCUMENT_URI);
ASSERT(!IS_ERR(uri_str));
uri = str_cstr(uri_str);
info = get_uri_info(uri);
ASSERT(info);
/* SCGI_DOCUMENT_URI comes with a leading /, remove it. */
uri++;
snprintf(path, sizeof(path), "%s/%s", str_cstr(config.web_dir), uri);
str_putref(uri_str);
/*
* We assume that the URI is relative to the web dir. Since we
* have a whitelist of allowed URIs, whe should be safe here.
*/
req->scgi->response.body = read_file_len(path,
&req->scgi->response.bodylen);
if (IS_ERR(req->scgi->response.body))
return R404(req, NULL);
req_head(req, "Content-Type", info->content_type);
return 0;
}