2016-03-21 09:40:10 +01:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
|
|
|
|
/*
|
2023-10-30 22:58:54 +01:00
|
|
|
* Copyright the Collabora Online contributors.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
2023-11-09 19:23:00 +01:00
|
|
|
*
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2016-03-21 09:40:10 +01:00
|
|
|
*/
|
|
|
|
|
2020-04-18 10:39:50 +02:00
|
|
|
#pragma once
|
2016-03-21 09:40:10 +01:00
|
|
|
|
|
|
|
#include <string>
|
2023-08-08 14:21:06 +02:00
|
|
|
#include <unordered_map>
|
2023-10-22 11:57:32 +02:00
|
|
|
|
|
|
|
#include <HttpRequest.hpp>
|
|
|
|
#include <Socket.hpp>
|
2024-05-04 20:40:33 +02:00
|
|
|
#include <COOLWSD.hpp>
|
2016-03-21 09:40:10 +01:00
|
|
|
|
2020-05-12 17:19:41 +02:00
|
|
|
class RequestDetails;
|
2023-08-06 15:55:14 +02:00
|
|
|
|
2024-03-15 12:23:24 +01:00
|
|
|
namespace Poco
|
|
|
|
{
|
|
|
|
namespace Net
|
|
|
|
{
|
|
|
|
class HTTPRequest;
|
|
|
|
class HTTPResponse;
|
|
|
|
class HTTPBasicCredentials;
|
|
|
|
} // namespace Net
|
|
|
|
|
|
|
|
} // namespace Poco
|
|
|
|
|
2023-08-06 15:55:14 +02:00
|
|
|
/// Represents a file that is preprocessed for variable
|
|
|
|
/// expansion/replacement before serving.
|
|
|
|
class PreProcessedFile
|
|
|
|
{
|
|
|
|
friend class FileServeTests;
|
|
|
|
|
|
|
|
public:
|
2023-08-08 14:20:44 +02:00
|
|
|
enum class SegmentType : char
|
|
|
|
{
|
|
|
|
Data,
|
|
|
|
Variable,
|
|
|
|
CommentedVariable
|
|
|
|
};
|
|
|
|
|
2023-08-06 15:55:14 +02:00
|
|
|
PreProcessedFile(std::string filename, const std::string& data);
|
|
|
|
|
|
|
|
const std::string& filename() const { return _filename; }
|
|
|
|
std::size_t size() const { return _size; }
|
|
|
|
|
2023-08-08 14:21:06 +02:00
|
|
|
/// Substitute variables per the given map.
|
|
|
|
std::string substitute(const std::unordered_map<std::string, std::string>& values);
|
|
|
|
|
2023-08-06 15:55:14 +02:00
|
|
|
private:
|
|
|
|
const std::string _filename; //< Filename on disk, with extension.
|
|
|
|
const std::size_t _size; //< Number of bytes in original file.
|
|
|
|
/// The segments of the file in <IsVariable, Data> pairs.
|
2023-08-08 14:20:44 +02:00
|
|
|
std::vector<std::pair<SegmentType, std::string>> _segments;
|
2023-08-06 15:55:14 +02:00
|
|
|
};
|
|
|
|
|
2023-08-08 14:20:44 +02:00
|
|
|
inline std::ostream& operator<<(std::ostream& os, const PreProcessedFile::SegmentType type)
|
|
|
|
{
|
|
|
|
switch (type)
|
|
|
|
{
|
|
|
|
case PreProcessedFile::SegmentType::Data:
|
|
|
|
os << "Data";
|
|
|
|
break;
|
|
|
|
case PreProcessedFile::SegmentType::Variable:
|
|
|
|
os << "Variable";
|
|
|
|
break;
|
|
|
|
case PreProcessedFile::SegmentType::CommentedVariable:
|
|
|
|
os << "CommentedVariable";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return os;
|
|
|
|
}
|
|
|
|
|
2016-08-14 06:01:13 +02:00
|
|
|
/// Handles file requests over HTTP(S).
|
2017-02-27 14:28:04 +01:00
|
|
|
class FileServerRequestHandler
|
2016-03-21 09:40:10 +01:00
|
|
|
{
|
2024-01-13 23:34:04 +01:00
|
|
|
public:
|
|
|
|
/// The WOPI URL and authentication details,
|
|
|
|
/// as extracted from the cool.html file-serving request.
|
|
|
|
class ResourceAccessDetails
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
ResourceAccessDetails() = default;
|
|
|
|
|
2024-03-14 15:58:36 +01:00
|
|
|
ResourceAccessDetails(std::string wopiSrc, std::string accessToken, std::string permission)
|
2024-01-13 23:34:04 +01:00
|
|
|
: _wopiSrc(std::move(wopiSrc))
|
|
|
|
, _accessToken(std::move(accessToken))
|
2024-03-14 15:58:36 +01:00
|
|
|
, _permission(std::move(permission))
|
2024-01-13 23:34:04 +01:00
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
bool isValid() const { return !_wopiSrc.empty() && !_accessToken.empty(); }
|
|
|
|
|
|
|
|
const std::string wopiSrc() const { return _wopiSrc; }
|
|
|
|
const std::string accessToken() const { return _accessToken; }
|
2024-03-14 15:58:36 +01:00
|
|
|
const std::string permission() const { return _permission; }
|
2024-01-13 23:34:04 +01:00
|
|
|
|
|
|
|
private:
|
|
|
|
std::string _wopiSrc;
|
|
|
|
std::string _accessToken;
|
2024-03-14 15:58:36 +01:00
|
|
|
std::string _permission;
|
2024-01-13 23:34:04 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
private:
|
2023-08-06 12:50:19 +02:00
|
|
|
friend class FileServeTests; // for unit testing
|
2020-06-03 18:46:42 +02:00
|
|
|
|
2023-11-27 13:57:06 +01:00
|
|
|
static std::string getRequestPathname(const Poco::Net::HTTPRequest& request,
|
|
|
|
const RequestDetails& requestDetails);
|
2016-04-06 20:14:03 +02:00
|
|
|
|
2024-01-13 23:34:04 +01:00
|
|
|
static ResourceAccessDetails preprocessFile(const Poco::Net::HTTPRequest& request,
|
2024-03-18 11:03:17 +01:00
|
|
|
http::Response& httpResponse,
|
2024-01-13 23:34:04 +01:00
|
|
|
const RequestDetails& requestDetails,
|
|
|
|
Poco::MemoryInputStream& message,
|
|
|
|
const std::shared_ptr<StreamSocket>& socket);
|
2022-03-30 17:43:55 +02:00
|
|
|
static void preprocessWelcomeFile(const Poco::Net::HTTPRequest& request,
|
2024-03-18 11:03:17 +01:00
|
|
|
http::Response& httpResponse,
|
|
|
|
const RequestDetails& requestDetails,
|
2022-03-30 17:43:55 +02:00
|
|
|
Poco::MemoryInputStream& message,
|
|
|
|
const std::shared_ptr<StreamSocket>& socket);
|
2020-05-12 17:19:41 +02:00
|
|
|
static void preprocessAdminFile(const Poco::Net::HTTPRequest& request,
|
2024-03-18 11:03:17 +01:00
|
|
|
http::Response& httpResponse,
|
|
|
|
const RequestDetails& requestDetails,
|
2020-05-12 17:19:41 +02:00
|
|
|
const std::shared_ptr<StreamSocket>& socket);
|
2020-06-03 18:46:42 +02:00
|
|
|
|
2022-01-27 10:33:08 +01:00
|
|
|
/// Construct a JSON to be accepted by the cool.html from a list like
|
2020-06-03 18:46:42 +02:00
|
|
|
/// UIMode=classic;TextRuler=true;PresentationStatusbar=false
|
|
|
|
/// that is passed as "ui_defaults" hidden input during the iframe setup.
|
2020-12-07 09:02:06 +01:00
|
|
|
/// Also returns the UIMode from uiDefaults in uiMode output param
|
2023-10-30 23:35:17 +01:00
|
|
|
/// and SavedUIState as a stringified boolean (default "true")
|
|
|
|
static std::string uiDefaultsToJSON(const std::string& uiDefaults, std::string& uiMode, std::string& uiTheme, std::string& savedUIState);
|
2020-06-03 18:46:42 +02:00
|
|
|
|
2022-10-10 17:21:27 +02:00
|
|
|
static std::string checkFileInfoToJSON(const std::string& checkfileFileInfo);
|
|
|
|
|
2020-10-22 13:08:11 +02:00
|
|
|
static std::string cssVarsToStyle(const std::string& cssVars);
|
|
|
|
|
2016-07-19 19:14:32 +02:00
|
|
|
public:
|
2023-08-06 11:06:22 +02:00
|
|
|
FileServerRequestHandler(const std::string& root);
|
|
|
|
~FileServerRequestHandler();
|
|
|
|
|
2024-03-15 11:56:05 +01:00
|
|
|
/// Evaluate if the cookie exists and returns it when it does.
|
|
|
|
static bool isAdminLoggedIn(const Poco::Net::HTTPRequest& request, std::string& jwtToken);
|
|
|
|
|
2017-04-10 11:34:51 +02:00
|
|
|
/// Evaluate if the cookie exists, and if not, ask for the credentials.
|
2023-10-22 23:23:41 +02:00
|
|
|
static bool isAdminLoggedIn(const Poco::Net::HTTPRequest& request, http::Response& response);
|
2016-04-16 18:26:26 +02:00
|
|
|
|
2024-03-15 12:46:06 +01:00
|
|
|
/// Authenticate the admin.
|
|
|
|
static bool authenticateAdmin(const Poco::Net::HTTPBasicCredentials& credentials,
|
2024-03-17 12:45:30 +01:00
|
|
|
http::Response& response, std::string& jwtToken);
|
2024-03-15 12:46:06 +01:00
|
|
|
|
2020-05-12 17:19:41 +02:00
|
|
|
static void handleRequest(const Poco::Net::HTTPRequest& request,
|
2024-01-13 23:34:04 +01:00
|
|
|
const RequestDetails& requestDetails,
|
2020-05-12 17:19:41 +02:00
|
|
|
Poco::MemoryInputStream& message,
|
2024-01-13 23:34:04 +01:00
|
|
|
const std::shared_ptr<StreamSocket>& socket,
|
|
|
|
ResourceAccessDetails& accessDetails);
|
2017-04-26 15:50:00 +02:00
|
|
|
|
2020-04-14 19:50:04 +02:00
|
|
|
static void readDirToHash(const std::string &basePath, const std::string &path, const std::string &prefix = std::string());
|
2017-04-26 15:50:00 +02:00
|
|
|
|
2017-04-27 15:14:31 +02:00
|
|
|
static const std::string *getCompressedFile(const std::string &path);
|
2017-04-26 15:50:00 +02:00
|
|
|
|
2017-04-27 15:14:31 +02:00
|
|
|
static const std::string *getUncompressedFile(const std::string &path);
|
2017-04-26 15:50:00 +02:00
|
|
|
|
2024-05-04 20:40:33 +02:00
|
|
|
/// If configured and necessary, sets the HSTS headers.
|
|
|
|
static void hstsHeaders([[maybe_unused]] http::Response& response)
|
|
|
|
{
|
|
|
|
// HSTS hardening. Disabled in debug builds.
|
|
|
|
#if !ENABLE_DEBUG
|
|
|
|
if (COOLWSD::isSSLEnabled() || COOLWSD::isSSLTermination())
|
|
|
|
{
|
|
|
|
if (COOLWSD::getConfigValue<bool>("ssl.sts.enabled", false))
|
|
|
|
{
|
|
|
|
static const auto maxAge =
|
|
|
|
COOLWSD::getConfigValue<int>("ssl.sts.max_age", 31536000); // Default 1 year.
|
|
|
|
response.add("Strict-Transport-Security",
|
|
|
|
"max-age=" + std::to_string(maxAge) + "; includeSubDomains");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2017-04-26 15:50:00 +02:00
|
|
|
private:
|
2018-07-23 14:37:34 +02:00
|
|
|
static std::map<std::string, std::pair<std::string, std::string>> FileHash;
|
2023-10-22 11:57:32 +02:00
|
|
|
static void sendError(http::StatusCode errorCode, const Poco::Net::HTTPRequest& request,
|
|
|
|
const std::shared_ptr<StreamSocket>& socket,
|
|
|
|
const std::string& shortMessage, const std::string& longMessage,
|
|
|
|
const std::string& extraHeader = std::string());
|
2016-03-21 09:40:10 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|