1 -- Copyright 2008 Freifunk Leipzig / Jo-Philipp Wich <jow@openwrt.org>
2 -- Licensed to the public under the Apache License 2.0.
4 -- This class contains several functions useful for http message- and content
5 -- decoding and to retrive form data from raw http messages.
6 module("luci.http.protocol", package.seeall)
8 local ltn12 = require("luci.ltn12")
10 HTTP_MAX_CONTENT = 1024*8 -- 8 kB maximum content size
12 -- the "+" sign to " " - and return the decoded string.
13 function urldecode( str, no_plus )
15 local function __chrdec( hex )
16 return string.char( tonumber( hex, 16 ) )
19 if type(str) == "string" then
21 str = str:gsub( "+", " " )
24 str = str:gsub( "%%([a-fA-F0-9][a-fA-F0-9])", __chrdec )
30 -- from given url or string. Returns a table with urldecoded values.
31 -- Simple parameters are stored as string values associated with the parameter
32 -- name within the table. Parameters with multiple values are stored as array
33 -- containing the corresponding values.
34 function urldecode_params( url, tbl )
36 local params = tbl or { }
39 url = url:gsub( "^.+%?([^?]+)", "%1" )
42 for pair in url:gmatch( "[^&;]+" ) do
45 local key = urldecode( pair:match("^([^=]+)") )
46 local val = urldecode( pair:match("^[^=]+=(.+)$") )
49 if type(key) == "string" and key:len() > 0 then
50 if type(val) ~= "string" then val = "" end
52 if not params[key] then
54 elseif type(params[key]) ~= "table" then
55 params[key] = { params[key], val }
57 table.insert( params[key], val )
65 function urlencode( str )
67 local function __chrenc( chr )
69 "%%%02x", string.byte( chr )
73 if type(str) == "string" then
75 "([^a-zA-Z0-9$_%-%.%~])",
83 -- separated by "&". Tables are encoded as parameters with multiple values by
84 -- repeating the parameter name with each value.
85 function urlencode_params( tbl )
88 for k, v in pairs(tbl) do
89 if type(v) == "table" then
90 for i, v2 in ipairs(v) do
91 enc = enc .. ( #enc > 0 and "&" or "" ) ..
92 urlencode(k) .. "=" .. urlencode(v2)
95 enc = enc .. ( #enc > 0 and "&" or "" ) ..
96 urlencode(k) .. "=" .. urlencode(v)
103 -- (Internal function)
104 -- Initialize given parameter and coerce string into table when the parameter
106 local function __initval( tbl, key )
107 if tbl[key] == nil then
109 elseif type(tbl[key]) == "string" then
110 tbl[key] = { tbl[key], "" }
112 table.insert( tbl[key], "" )
116 -- (Internal function)
117 -- Initialize given file parameter.
118 local function __initfileval( tbl, key, filename, fd )
119 if tbl[key] == nil then
120 tbl[key] = { file=filename, fd=fd, name=key, "" }
122 table.insert( tbl[key], "" )
126 -- (Internal function)
127 -- Append given data to given parameter, either by extending the string value
128 -- or by appending it to the last string in the parameter's value table.
129 local function __appendval( tbl, key, chunk )
130 if type(tbl[key]) == "table" then
131 tbl[key][#tbl[key]] = tbl[key][#tbl[key]] .. chunk
133 tbl[key] = tbl[key] .. chunk
137 -- (Internal function)
138 -- Finish the value of given parameter, either by transforming the string value
139 -- or - in the case of multi value parameters - the last element in the
140 -- associated values table.
141 local function __finishval( tbl, key, handler )
143 if type(tbl[key]) == "table" then
144 tbl[key][#tbl[key]] = handler( tbl[key][#tbl[key]] )
146 tbl[key] = handler( tbl[key] )
152 -- Table of our process states
153 local process_states = { }
155 -- Extract "magic", the first line of a http message.
156 -- Extracts the message type ("get", "post" or "response"), the requested uri
157 -- or the status code if the line descripes a http response.
158 process_states['magic'] = function( msg, chunk, err )
161 -- ignore empty lines before request
167 local method, uri, http_ver = chunk:match("^([A-Z]+) ([^ ]+) HTTP/([01]%.[019])$")
173 msg.request_method = method:lower()
174 msg.request_uri = uri
175 msg.http_version = tonumber( http_ver )
178 -- We're done, next state is header parsing
179 return true, function( chunk )
180 return process_states['headers']( msg, chunk )
186 local http_ver, code, message = chunk:match("^HTTP/([01]%.[019]) ([0-9]+) ([^\r\n]+)$")
191 msg.type = "response"
192 msg.status_code = code
193 msg.status_message = message
194 msg.http_version = tonumber( http_ver )
197 -- We're done, next state is header parsing
198 return true, function( chunk )
199 return process_states['headers']( msg, chunk )
206 return nil, "Invalid HTTP message magic"
210 -- Extract headers from given string.
211 process_states['headers'] = function( msg, chunk )
215 -- Look for a valid header format
216 local hdr, val = chunk:match( "^([A-Za-z][A-Za-z0-9%-_]+): +(.+)$" )
218 if type(hdr) == "string" and hdr:len() > 0 and
219 type(val) == "string" and val:len() > 0
221 msg.headers[hdr] = val
223 -- Valid header line, proceed
226 elseif #chunk == 0 then
227 -- Empty line, we won't accept data anymore
231 return nil, "Invalid HTTP header received"
234 return nil, "Unexpected EOF"
239 -- data line by line with the trailing \r\n stripped of.
240 function header_source( sock )
241 return ltn12.source.simplify( function()
243 local chunk, err, part = sock:receive("*l")
247 if err ~= "timeout" then
249 and "Line exceeds maximum allowed length"
256 elseif chunk ~= nil then
259 chunk = chunk:gsub("\r$","")
266 -- Content-Type. Stores all extracted data associated with its parameter name
267 -- in the params table within the given message object. Multiple parameter
268 -- values are stored as tables, ordinary ones as strings.
269 -- If an optional file callback function is given then it is feeded with the
270 -- file contents chunk by chunk and only the extracted file name is stored
271 -- within the params table. The callback function will be called subsequently
272 -- with three arguments:
273 -- o Table containing decoded (name, file) and raw (headers) mime header data
274 -- o String value containing a chunk of the file data
275 -- o Boolean which indicates wheather the current chunk is the last one (eof)
276 function mimedecode_message_body( src, msg, filecb )
278 if msg and msg.env.CONTENT_TYPE then
279 msg.mime_boundary = msg.env.CONTENT_TYPE:match("^multipart/form%-data; boundary=(.+)$")
282 if not msg.mime_boundary then
283 return nil, "Invalid Content-Type found"
293 local function parse_headers( chunk, field )
297 chunk, stat = chunk:gsub(
298 "^([A-Z][A-Za-z0-9%-_]+): +([^\r\n]+)\r\n",
306 chunk, stat = chunk:gsub("^\r\n","")
310 if field.headers["Content-Disposition"] then
311 if field.headers["Content-Disposition"]:match("^form%-data; ") then
312 field.name = field.headers["Content-Disposition"]:match('name="(.-)"')
313 field.file = field.headers["Content-Disposition"]:match('filename="(.+)"$')
317 if not field.headers["Content-Type"] then
318 field.headers["Content-Type"] = "text/plain"
321 if field.name and field.file and filecb then
322 __initval( msg.params, field.name )
323 __appendval( msg.params, field.name, field.file )
326 elseif field.name and field.file then
327 local nxf = require "nixio"
328 local fd = nxf.mkstemp(field.name)
329 __initfileval ( msg.params, field.name, field.file, fd )
331 store = function(hdr, buf, eof)
338 store = function( hdr, buf, eof )
339 __appendval( msg.params, field.name, buf )
342 elseif field.name then
343 __initval( msg.params, field.name )
345 store = function( hdr, buf, eof )
346 __appendval( msg.params, field.name, buf )
358 local function snk( chunk )
360 tlen = tlen + ( chunk and #chunk or 0 )
362 if msg.env.CONTENT_LENGTH and tlen > tonumber(msg.env.CONTENT_LENGTH) + 2 then
363 return nil, "Message body size exceeds Content-Length"
366 if chunk and not lchunk then
367 lchunk = "\r\n" .. chunk
370 local data = lchunk .. ( chunk or "" )
371 local spos, epos, found
374 spos, epos = data:find( "\r\n--" .. msg.mime_boundary .. "\r\n", 1, true )
377 spos, epos = data:find( "\r\n--" .. msg.mime_boundary .. "--\r\n", 1, true )
382 local predata = data:sub( 1, spos - 1 )
385 predata, eof = parse_headers( predata, field )
388 return nil, "Invalid MIME section header"
389 elseif not field.name then
390 return nil, "Invalid Content-Disposition header"
395 store( field, predata, true )
399 field = { headers = { } }
400 found = found or true
402 data, eof = parse_headers( data:sub( epos + 1, #data ), field )
408 -- We found at least some boundary. Save
409 -- the unparsed remaining data for the
411 lchunk, data = data, nil
413 -- There was a complete chunk without a boundary. Parse it as headers or
414 -- append it as data, depending on our current state.
416 lchunk, eof = parse_headers( data, field )
419 -- We're inside data, so append the data. Note that we only append
420 -- lchunk, not all of data, since there is a chance that chunk
421 -- contains half a boundary. Assuming that each chunk is at least the
422 -- boundary in size, this should prevent problems
423 store( field, lchunk, false )
424 lchunk, chunk = chunk, nil
432 return ltn12.pump.all( src, snk )
435 -- Content-Type. Stores all extracted data associated with its parameter name
436 -- in the params table within the given message object. Multiple parameter
437 -- values are stored as tables, ordinary ones as strings.
438 function urldecode_message_body( src, msg )
443 local function snk( chunk )
445 tlen = tlen + ( chunk and #chunk or 0 )
447 if msg.env.CONTENT_LENGTH and tlen > tonumber(msg.env.CONTENT_LENGTH) + 2 then
448 return nil, "Message body size exceeds Content-Length"
449 elseif tlen > HTTP_MAX_CONTENT then
450 return nil, "Message body size exceeds maximum allowed length"
453 if not lchunk and chunk then
457 local data = lchunk .. ( chunk or "&" )
461 spos, epos = data:find("^.-[;&]")
464 local pair = data:sub( spos, epos - 1 )
465 local key = pair:match("^(.-)=")
466 local val = pair:match("=([^%s]*)%s*$")
468 if key and #key > 0 then
469 __initval( msg.params, key )
470 __appendval( msg.params, key, val )
471 __finishval( msg.params, key, urldecode )
474 data = data:sub( epos + 1, #data )
484 return ltn12.pump.all( src, snk )
487 -- version, message headers and resulting CGI environment variables from the
488 -- given ltn12 source.
489 function parse_message_header( src )
494 local sink = ltn12.sink.simplify(
496 return process_states['magic']( msg, chunk )
500 -- Pump input data...
504 ok, err = ltn12.pump.step( src, sink )
507 if not ok and err then
513 -- Process get parameters
514 if ( msg.request_method == "get" or msg.request_method == "post" ) and
515 msg.request_uri:match("?")
517 msg.params = urldecode_params( msg.request_uri )
522 -- Populate common environment variables
524 CONTENT_LENGTH = msg.headers['Content-Length'];
525 CONTENT_TYPE = msg.headers['Content-Type'] or msg.headers['Content-type'];
526 REQUEST_METHOD = msg.request_method:upper();
527 REQUEST_URI = msg.request_uri;
528 SCRIPT_NAME = msg.request_uri:gsub("?.+$","");
529 SCRIPT_FILENAME = ""; -- XXX implement me
530 SERVER_PROTOCOL = "HTTP/" .. string.format("%.1f", msg.http_version);
531 QUERY_STRING = msg.request_uri:match("?")
532 and msg.request_uri:gsub("^.+?","") or ""
535 -- Populate HTTP_* environment variables
536 for i, hdr in ipairs( {
547 local var = 'HTTP_' .. hdr:upper():gsub("%-","_")
548 local val = msg.headers[hdr]
558 -- This function will examine the Content-Type within the given message object
559 -- to select the appropriate content decoder.
560 -- Currently the application/x-www-urlencoded and application/form-data
561 -- mime types are supported. If the encountered content encoding can't be
562 -- handled then the whole message body will be stored unaltered as "content"
563 -- property within the given message object.
564 function parse_message_body( src, msg, filecb )
565 -- Is it multipart/mime ?
566 if msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE and
567 msg.env.CONTENT_TYPE:match("^multipart/form%-data")
570 return mimedecode_message_body( src, msg, filecb )
572 -- Is it application/x-www-form-urlencoded ?
573 elseif msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE and
574 msg.env.CONTENT_TYPE:match("^application/x%-www%-form%-urlencoded")
576 return urldecode_message_body( src, msg, filecb )
579 -- Unhandled encoding
580 -- If a file callback is given then feed it chunk by chunk, else
581 -- store whole buffer in message.content
586 -- If we have a file callback then feed it
587 if type(filecb) == "function" then
590 encoding = msg.env.CONTENT_TYPE
592 sink = function( chunk )
594 return filecb(meta, chunk, false)
596 return filecb(meta, nil, true)
599 -- ... else append to .content
602 msg.content_length = 0
604 sink = function( chunk )
606 if ( msg.content_length + #chunk ) <= HTTP_MAX_CONTENT then
607 msg.content = msg.content .. chunk
608 msg.content_length = msg.content_length + #chunk
611 return nil, "POST data exceeds maximum allowed length"
620 local ok, err = ltn12.pump.step( src, sink )
622 if not ok and err then
624 elseif not ok then -- eof
635 [206] = "Partial Content",
636 [301] = "Moved Permanently",
638 [304] = "Not Modified",
639 [400] = "Bad Request",
642 [405] = "Method Not Allowed",
643 [408] = "Request Time-out",
644 [411] = "Length Required",
645 [412] = "Precondition Failed",
646 [416] = "Requested range not satisfiable",
647 [500] = "Internal Server Error",
648 [503] = "Server Unavailable",