X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=b7a3e6b1409c1022b8bbf05fe84c46152bcd5983;hb=01d1e74d5b4cefd75d9ff4a5a2a404a71a225712;hp=d6e8079ee3e861212c28f45fb80e697c9a8921ad;hpb=82a411cede82ee10a9d29dc08ca01949576ede24;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index d6e8079..b7a3e6b 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -1,6 +1,6 @@ /** * @file fastcgi.c - * @purpose Runs the FCGI request loop to handle web interface requests. + * @brief Runs the FCGI request loop to handle web interface requests. * * fcgi_stdio.h must be included before all else so the stdio function * redirection works ok. @@ -8,34 +8,92 @@ #include #include -#include "fastcgi.h" +#include + #include "common.h" #include "sensor.h" -#include "log.h" -#include +#include "actuator.h" +#include "control.h" +#include "options.h" +#include "image.h" -static void LoginHandler(void *data, char *params) { - static char loginkey[41] = {0}, ip[256]; - static time_t timestamp = 0; - const char *key, *value; - int force = 0, end = 0; +/**The time period (in seconds) before the control key expires */ +#define CONTROL_TIMEOUT 180 - while ((params = FCGI_KeyPair(params, &key, &value))) { - if (!strcmp(key, "force")) - force = !force; - else if (!strcmp(key, "end")) - end = !end; - } +/**Contextual information related to FCGI requests*/ +struct FCGIContext { + /**The time of last valid user access possessing the control key*/ + time_t control_timestamp; + char control_key[41]; + char control_ip[16]; + /**The name of the current module**/ + const char *current_module; + /**For debugging purposes?**/ + int response_number; +}; - if (end) { - *loginkey = 0; - FCGI_BeginJSON(200, "login"); - FCGI_EndJSON(); +/** + * Identifies build information and the current API version to the user. + * Also useful for testing that the API is running and identifying the + * sensors and actuators present. + * @param context The context to work in + * @param params User specified paramters: [actuators, sensors] + */ +static void IdentifyHandler(FCGIContext *context, char *params) { + bool ident_sensors = false, ident_actuators = false; + + int i; + + FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, + {"actuators", &ident_actuators, FCGI_BOOL_T}}; + if (!FCGI_ParseRequest(context, params, values, 2)) return; + + FCGI_BeginJSON(context, STATUS_OK); + FCGI_JSONPair("description", "MCTX3420 Server API (2013)"); + FCGI_JSONPair("build_date", __DATE__ " " __TIME__); + FCGI_JSONLong("api_version", API_VERSION); + + //Sensor and actuator information + if (ident_sensors) { + FCGI_JSONKey("sensors"); + FCGI_JSONValue("{\n\t\t"); + for (i = 0; i < NUMSENSORS; i++) { + if (i > 0) { + FCGI_JSONValue(",\n\t\t"); + } + FCGI_JSONValue("\"%d\" : \"%s\"", i, g_sensor_names[i]); + } + FCGI_JSONValue("\n\t}"); + } + if (ident_actuators) { + FCGI_JSONKey("actuators"); + FCGI_JSONValue("{\n\t\t"); + for (i = 0; i < NUMACTUATORS; i++) { + if (i > 0) { + FCGI_JSONValue(",\n\t\t"); + } + FCGI_JSONValue("\"%d\" : \"%s\"", i, g_actuator_names[i]); + } + FCGI_JSONValue("\n\t}"); } + FCGI_EndJSON(); +} +/** + * Gives the user a key that determines who has control over + * the system at any one time. The key can be forcibly generated, revoking + * any previous control keys. To be used in conjunction with HTTP + * basic authentication. + * This function will generate a JSON response that indicates success/failure. + * @param context The context to work in + * @param force Whether to force key generation or not. + */ +void FCGI_LockControl(FCGIContext *context, bool force) { time_t now = time(NULL); - if (force || !*loginkey || (now - timestamp > 180)) { + bool expired = now - context->control_timestamp > CONTROL_TIMEOUT; + + if (force || !*(context->control_key) || expired) { SHA_CTX sha1ctx; unsigned char sha1[20]; int i = rand(); @@ -45,97 +103,53 @@ static void LoginHandler(void *data, char *params) { SHA1_Update(&sha1ctx, &i, sizeof(i)); SHA1_Final(sha1, &sha1ctx); - timestamp = now; + context->control_timestamp = now; for (i = 0; i < 20; i++) - sprintf(loginkey+i*2, "%02x", sha1[i]); - sprintf(ip, "%s", getenv("REMOTE_ADDR")); - FCGI_BeginJSON(200, "login"); - FCGI_BuildJSON("key", loginkey); - FCGI_EndJSON(); + sprintf(context->control_key + i * 2, "%02x", sha1[i]); + snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR")); + FCGI_BeginJSON(context, STATUS_OK); + FCGI_JSONPair("key", context->control_key); + FCGI_EndJSON(); } else { char buf[128]; - strftime(buf, 128, "%H:%M:%S %d-%m-%Y",localtime(×tamp)); - FCGI_BeginJSON(401, "login"); - FCGI_BuildJSON("description", "Already logged in"); - FCGI_BuildJSON("user", ip); - FCGI_BuildJSON("time", buf); + strftime(buf, 128, "%H:%M:%S %d-%m-%Y", + localtime(&(context->control_timestamp))); + FCGI_BeginJSON(context, STATUS_UNAUTHORIZED); + FCGI_JSONPair("description", "Another user already has control"); + FCGI_JSONPair("current_user", context->control_ip); + FCGI_JSONPair("when", buf); FCGI_EndJSON(); } } /** - * Handle a request to the sensor module - * @param data - Data to pass to module (?) - * @param params - Parameters passed + * Given an FCGIContext, determines if the current user (as specified by + * the key) has control or not. If validated, the context control_timestamp is + * updated. + * @param context The context to work in + * @param key The control key to be validated. + * @return TRUE if authorized, FALSE if not. */ -static void SensorHandler(void * data, char * params) -{ - static DataPoint buffer[SENSOR_QUERYBUFSIZ]; - StatusCodes status = STATUS_OK; - const char * key; const char * value; - - int sensor_id = SENSOR_NONE; - - while ((params = FCGI_KeyPair(params, &key, &value)) != NULL) - { - Log(LOGDEBUG, "Got key=%s and value=%s", key, value); - if (strcmp(key, "id") == 0) - { - if (sensor_id != SENSOR_NONE) - { - Log(LOGERR, "Only one sensor id should be specified"); - status = STATUS_BADREQUEST; - break; - } - //TODO: Use human readable sensor identifier string for API? - sensor_id = atoi(value); - if (sensor_id == 0 && strcmp(value, "0") != 0) - { - Log(LOGERR, "Sensor id not an integer; %s", value); - status = STATUS_BADREQUEST; - break; - } - } - else - { - Log(LOGERR, "Unknown key \"%s\" (value = %s)", key, value); - status = STATUS_BADREQUEST; - break; - } +bool FCGI_HasControl(FCGIContext *context, const char *key) { + time_t now = time(NULL); + int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT && + key != NULL && !strcmp(context->control_key, key); + if (result) { + context->control_timestamp = now; //Update the control_timestamp } + return result; +} - if (sensor_id == SENSOR_NONE) - { - Log(LOGERR, "No sensor id specified"); - status = STATUS_BADREQUEST; - } - else if (sensor_id >= NUMSENSORS || sensor_id < 0) - { - Log(LOGERR, "Invalid sensor id %d", sensor_id); - status = STATUS_BADREQUEST; - } - FCGI_BeginJSON(status, "sensor"); - - if (status != STATUS_BADREQUEST) - { - FCGI_BuildJSON(key, value); // should spit back sensor ID - //Log(LOGDEBUG, "Call Sensor_Query..."); - int amount_read = Sensor_Query(&(g_sensors[sensor_id]), buffer, SENSOR_QUERYBUFSIZ); - //Log(LOGDEBUG, "Read %d DataPoints", amount_read); - //Log(LOGDEBUG, "Produce JSON response"); - printf(",\r\n\t\"data\" : ["); - for (int i = 0; i < amount_read; ++i) - { - printf("[%f,%f]", buffer[i].time, buffer[i].value); - if (i+1 < amount_read) - printf(","); - } - printf("]"); - //Log(LOGDEBUG, "Done producing JSON response"); - } - FCGI_EndJSON(); - +/** + * Revokes the current control key, if present. + * @param context The context to work in + */ +void FCGI_ReleaseControl(FCGIContext *context) { + *(context->control_key) = 0; + FCGI_BeginJSON(context, STATUS_OK); + FCGI_EndJSON(); + return; } /** @@ -178,37 +192,161 @@ char *FCGI_KeyPair(char *in, const char **key, const char **value) } /** - * Begins a response to the client in JSON format. - * @param status_code The HTTP status code to be returned. - * @param module The name of the module that initiated the response. + * Aids in parsing request parameters. + * Input: The expected keys along with their type and whether or not + * they're required. + * @param context The context to work in + * @param params The parameter string to be parsed + * @param values An array of FCGIValue's that specify expected keys + * @param count The number of elements in 'values'. + * @return true If the parameter string was parsed successfully, false otherwise. + * Modes of failure include: Invalid a parsing error on the value, + * an unknown key is specified, + * a key/value pair is specified more than once, or + * not all required keys were present. + * If this function returns false, it is guaranteed that FCGI_RejectJSON + * has already been called with the appropriate description message. */ -void FCGI_BeginJSON(StatusCodes status_code, const char *module) +bool FCGI_ParseRequest(FCGIContext *context, char *params, FCGIValue values[], size_t count) { - switch (status_code) { - case STATUS_OK: - break; - case STATUS_UNAUTHORIZED: - printf("Status: 401 Unauthorized\r\n"); - break; - default: - printf("Status: 400 Bad Request\r\n"); + const char *key, *value; + char buf[BUFSIZ], *ptr; + size_t i; + + while ((params = FCGI_KeyPair(params, &key, &value))) { + for (i = 0; i < count; i++) { + if (!strcmp(key, values[i].key)) { + FCGIValue *val = &values[i]; + + if (FCGI_RECEIVED(val->flags)) { + snprintf(buf, BUFSIZ, "Value already specified for '%s'.", key); + FCGI_RejectJSON(context, buf); + return false; + } + val->flags |= FCGI_PARAM_RECEIVED; + + switch(FCGI_TYPE(val->flags)) { + case FCGI_BOOL_T: + *((bool*) val->value) = true; + break; + case FCGI_INT_T: case FCGI_LONG_T: { + long parsed = strtol(value, &ptr, 10); + if (!*value || *ptr) { + snprintf(buf, BUFSIZ, "Expected int for '%s' but got '%s'", key, value); + FCGI_RejectJSON(context, buf); + return false; + } + + if (FCGI_TYPE(val->flags) == FCGI_INT_T) + *((int*) val->value) = (int) parsed; + else + *((long*) val->value) = parsed; + } break; + case FCGI_DOUBLE_T: + *((double*) val->value) = strtod(value, &ptr); + if (!*value || *ptr) { + snprintf(buf, BUFSIZ, "Expected float for '%s' but got '%s'", key, value); + FCGI_RejectJSON(context, buf); + return false; + } + break; + case FCGI_STRING_T: + *((const char**) val->value) = value; + break; + default: + Fatal("Invalid type %d given", FCGI_TYPE(val->flags)); + } + break; //No need to search any more + } + } //End for loop + if (i == count) { + snprintf(buf, BUFSIZ, "Unknown key '%s' specified", key); + FCGI_RejectJSON(context, buf); + return false; + } } + + //Check that required parameters are received + for (i = 0; i < count; i++) { + if (FCGI_IS_REQUIRED(values[i].flags) && !FCGI_RECEIVED(values[i].flags)) { + snprintf(buf, BUFSIZ, "Key '%s' required, but was not given.", values[i].key); + FCGI_RejectJSON(context, buf); + return false; + } + } + return true; +} + +/** + * Begins a response to the client in JSON format. + * @param context The context to work in. + * @param status_code The status code to be returned. + */ +void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code) +{ printf("Content-type: application/json; charset=utf-8\r\n\r\n"); printf("{\r\n"); - printf("\t\"module\" : \"%s\"", module); + printf("\t\"module\" : \"%s\"", context->current_module); + FCGI_JSONLong("status", status_code); + //Time and running statistics + struct timeval now; + gettimeofday(&now, NULL); + FCGI_JSONDouble("start_time", TIMEVAL_TO_DOUBLE(g_options.start_time)); + FCGI_JSONDouble("current_time", TIMEVAL_TO_DOUBLE(now)); + FCGI_JSONDouble("running_time", TIMEVAL_DIFF(now, g_options.start_time)); } /** * Adds a key/value pair to a JSON response. The response must have already - * been initiated by FCGI_BeginJSON. Note that characters are not escaped. + * been initiated by FCGI_BeginJSON. Special characters are not escaped. * @param key The key of the JSON entry - * ¶m value The value associated with the key. + * @param value The value associated with the key. */ -void FCGI_BuildJSON(const char *key, const char *value) +void FCGI_JSONPair(const char *key, const char *value) { printf(",\r\n\t\"%s\" : \"%s\"", key, value); } +/** + * Similar to FCGI_JSONPair except for signed integer values. + * @param key The key of the JSON entry + * @param value The value associated with the key + */ +void FCGI_JSONLong(const char *key, long value) +{ + printf(",\r\n\t\"%s\" : %ld", key, value); +} + +/** + * Similar to FCGI_JsonPair except for floating point values. + * @param key The key of the JSON entry + * @param value The value associated with the key + */ +void FCGI_JSONDouble(const char *key, double value) +{ + printf(",\r\n\t\"%s\" : %f", key, value); +} + +/** + * Similar to FCGI_JsonPair except for boolean values. + * @param key The key of the JSON entry + * @param value The value associated with the key + */ +void FCGI_JSONBool(const char *key, bool value) +{ + printf(",\r\n\t\"%s\" : %s", key, value ? "true" : "false"); +} + +/** + * Begins a JSON entry by writing the key. To be used in conjunction + * with FCGI_JsonValue. + * @param key The key of the JSON entry + */ +void FCGI_JSONKey(const char *key) +{ + printf(",\r\n\t\"%s\" : ", key); +} + /** * Ends a JSON response that was initiated by FCGI_BeginJSON. */ @@ -217,17 +355,103 @@ void FCGI_EndJSON() printf("\r\n}\r\n"); } +/** + * To be used when the input parameters are rejected. The return data + * will also have debugging information provided. + * @param context The context to work in + * @param status The status the return data should have. + * @param description A short description of why the input was rejected. + */ +void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *description) +{ + if (description == NULL) + description = "Unknown"; + + Log(LOGINFO, "%s: Rejected query with: %d: %s", context->current_module, status, description); + FCGI_BeginJSON(context, status); + FCGI_JSONPair("description", description); + FCGI_JSONLong("responsenumber", context->response_number); + //FCGI_JSONPair("params", getenv("QUERY_STRING")); + FCGI_JSONPair("host", getenv("SERVER_HOSTNAME")); + FCGI_JSONPair("user", getenv("REMOTE_USER")); + FCGI_JSONPair("ip", getenv("REMOTE_ADDR")); + FCGI_EndJSON(); +} + +/** + * Generates a response to the client as described by the format parameter and + * extra arguments (exactly like printf). To be used when none of the other + * predefined functions will work exactly as needed. Extra care should be taken + * to ensure the correctness of the output. + * @param format The format string + * @param ... Any extra arguments as required by the format string. + */ +void FCGI_PrintRaw(const char *format, ...) +{ + va_list list; + va_start(list, format); + vprintf(format, list); + va_end(list); +} + + +/** + * Write binary data + * See fwrite + */ +void FCGI_WriteBinary(void * data, size_t size, size_t num_elem) +{ + Log(LOGDEBUG,"Writing!"); + fwrite(data, size, num_elem, stdout); +} + +/** + * Escapes a string so it can be used safely. + * Currently escapes to ensure the validity for use as a JSON string + * Does not support unicode specifiers in the form of \uXXXX. + * @param buf The string to be escaped + * @return The escaped string (return value == buf) + */ +char *FCGI_EscapeText(char *buf) +{ + int length, i; + length = strlen(buf); + + //Escape special characters. Must count down to escape properly + for (i = length - 1; i >= 0; i--) { + if (buf[i] < 0x20) { //Control characters + buf[i] = ' '; + } else if (buf[i] == '"') { + if (i-1 >= 0 && buf[i-1] == '\\') + i--; + else + buf[i] = '\''; + } else if (buf[i] == '\\') { + if (i-1 >= 0 && buf[i-1] == '\'') + i--; + else + buf[i] = ' '; + } + } + return buf; +} + /** * Main FCGI request loop that receives/responds to client requests. - * @param data A data field to be passed to the selected module handler. + * @param data Reserved. + * @returns NULL (void* required for consistency with pthreads, although at the moment this runs in the main thread anyway) + * TODO: Get this to exit with the rest of the program! */ -void FCGI_RequestLoop (void * data) +void * FCGI_RequestLoop (void *data) { - int count = 0; - while (FCGI_Accept() >= 0) { + FCGIContext context = {0}; + + Log(LOGDEBUG, "First request..."); + while (FCGI_Accept() >= 0) { + Log(LOGDEBUG, "Got request #%d", context.response_number); ModuleHandler module_handler = NULL; char module[BUFSIZ], params[BUFSIZ]; - + //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); @@ -236,32 +460,38 @@ void FCGI_RequestLoop (void * data) size_t lastchar = strlen(module) - 1; if (lastchar > 0 && module[lastchar] == '/') module[lastchar] = 0; - - if (!strcmp("sensors", module)) { - module_handler = SensorHandler; - } else if (!strcmp("login", module)) { - module_handler = LoginHandler; + //Escape all special characters + FCGI_EscapeText(params); + + //Default to the 'identify' module if none specified + if (!*module) + strcpy(module, "identify"); + + if (!strcmp("identify", module)) { + module_handler = IdentifyHandler; + } else if (!strcmp("control", module)) { + module_handler = Control_Handler; + } else if (!strcmp("sensors", module)) { + module_handler = Sensor_Handler; } else if (!strcmp("actuators", module)) { - + module_handler = Actuator_Handler; + } else if (!strcmp("image", module)) { + module_handler = Image_Handler; } + context.current_module = module; if (module_handler) { - module_handler(data, params); + module_handler(&context, params); } else { - char buf[BUFSIZ]; - - FCGI_BeginJSON(400, module); - FCGI_BuildJSON("description", "400 Invalid response"); - snprintf(buf, BUFSIZ, "%d", count); - FCGI_BuildJSON("request-number", buf); - FCGI_BuildJSON("params", params); - FCGI_BuildJSON("host", getenv("SERVER_HOSTNAME")); - FCGI_BuildJSON("user", getenv("REMOTE_USER")); - FCGI_BuildJSON("userip", getenv("REMOTE_ADDR")); - FCGI_EndJSON(); + FCGI_RejectJSON(&context, "Unhandled module"); } + context.response_number++; - count++; + Log(LOGDEBUG, "Waiting for request #%d", context.response_number); } + + Log(LOGDEBUG, "Thread exiting."); + // NOTE: Don't call pthread_exit, because this runs in the main thread. Just return. + return NULL; }