Mercurial > blahgd > experimental

view static.c @ 1046:36c1bd8ea8db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
static: use filename from uri_info instead of from the client The uri_info filename does *not* have the prefix. This didn't matter when blahgd was hosted at / URI prefix, but makes a big difference with other prefixes (e.g., /blahg/). Signed-off-by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
author Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
date Thu, 13 Aug 2020 10:55:04 -0400
parents e719679a8439
children 1b24215e4f1e
line wrap: on
line source

/*
 * Copyright (c) 2015-2020 Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include <jeffpc/error.h>

#include "static.h"
#include "utils.h"

/* must include trailing '/' */
#define URI_PREFIX	"/"

struct uri_info {
	const char *uri;
	const char *content_type;	/* required for URI_STATIC */
	enum uri_type type;
};

static const struct uri_info safe_uris[] = {
	{ "",			NULL,		URI_DYNAMIC, },
	{ "bug.png",		"image/png",	URI_STATIC,  },
	{ "favicon.ico",	"image/png",	URI_STATIC,  },
	{ "style.css",		"text/css",	URI_STATIC,  },
	{ "wiki.png",		"image/png",	URI_STATIC,  },
};

static const struct uri_info *get_uri_info(const char *path)
{
	int i;

	if (!path)
		return NULL;

	if (hasdotdot(path))
		return NULL;

	/* all URIs must start with the proper prefix */
	if (strncmp(URI_PREFIX, path, strlen(URI_PREFIX)))
		return NULL;

	/* strip the prefix from the uri */
	path += strlen(URI_PREFIX);

	for (i = 0; i < ARRAY_LEN(safe_uris); i++) {
		if (!strcmp(safe_uris[i].uri, path))
			return &safe_uris[i];
	}

	return NULL;
}

enum uri_type get_uri_type(struct str *path)
{
	const struct uri_info *info;

	info = get_uri_info(str_cstr(path));

	str_putref(path);

	return info ? info->type : URI_BAD;
}

int blahg_static(struct req *req)
{
	char path[FILENAME_MAX];
	const struct uri_info *info;
	struct str *uri_str;
	const char *uri;

	uri_str = nvl_lookup_str(req->scgi->request.headers, SCGI_DOCUMENT_URI);
	ASSERT(!IS_ERR(uri_str));

	uri = str_cstr(uri_str);

	info = get_uri_info(uri);
	ASSERT(info);

	snprintf(path, sizeof(path), "%s/static/%s", str_cstr(config.theme_dir),
		 info->uri);

	str_putref(uri_str);

	/*
	 * We assume that the URI (minus the URI prefix) is relative to the
	 * theme's static subdir.  Since we have a whitelist of allowed
	 * URIs, we are safe from file system traversal issues.
	 */
	req->scgi->response.body = read_file_len(path,
						 &req->scgi->response.bodylen);

	if (IS_ERR(req->scgi->response.body))
		return R404(req, NULL);

	req_head(req, "Content-Type", info->content_type);

	return 0;
}