X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=d3e4b2869ff7fe5846df37160f7d5a3f5e4ce055;hb=66df642416e00b7f5a84e14c001ce03dfd1930ea;hp=4b7f13729900b6dd09f45aaf05d700600ede19f6;hpb=7518a87e619085f9622d268dd7130726b5947dea;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index 4b7f137..d3e4b28 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -8,48 +8,48 @@ #include #include +#include #include "common.h" #include "sensor.h" +#include "actuator.h" #include "control.h" #include "options.h" +#include "image.h" +#include "pin_test.h" +#include "login.h" -/**The time period (in seconds) before the control key expires @ */ +/**The time period (in seconds) before the control key expires */ #define CONTROL_TIMEOUT 180 -/**Contextual information related to FCGI requests*/ -struct FCGIContext { - /**The time of last valid user access possessing the control key*/ - time_t control_timestamp; - char control_key[41]; - char control_ip[16]; - /**The name of the current module**/ - const char *current_module; - /**For debugging purposes?**/ - int response_number; -}; + /** - * Identifies current version info. Useful for testing that the API is running. - * TODO - Consider adding info about available sensors and actuators (eg capabilities)? + * Identifies build information and the current API version to the user. + * Also useful for testing that the API is running and identifying the + * sensors and actuators present. + * @param context The context to work in + * @param params User specified paramters: [actuators, sensors] */ static void IdentifyHandler(FCGIContext *context, char *params) { - bool identSensors = false, identActuators = false; - const char *key, *value; + bool ident_sensors = false, ident_actuators = false; + bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING")); int i; - while ((params = FCGI_KeyPair(params, &key, &value))) { - if (!strcmp(key, "sensors")) { - identSensors = !identSensors; - } else if (!strcmp(key, "actuators")) { - identActuators = !identActuators; - } - } + FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, + {"actuators", &ident_actuators, FCGI_BOOL_T}}; + if (!FCGI_ParseRequest(context, params, values, 2)) + return; FCGI_BeginJSON(context, STATUS_OK); FCGI_JSONPair("description", "MCTX3420 Server API (2013)"); FCGI_JSONPair("build_date", __DATE__ " " __TIME__); - if (identSensors) { + FCGI_JSONLong("api_version", API_VERSION); + FCGI_JSONBool("logged_in", has_control); + FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : ""); + + //Sensor and actuator information + if (ident_sensors) { FCGI_JSONKey("sensors"); FCGI_JSONValue("{\n\t\t"); for (i = 0; i < NUMSENSORS; i++) { @@ -60,7 +60,7 @@ static void IdentifyHandler(FCGIContext *context, char *params) { } FCGI_JSONValue("\n\t}"); } - if (identActuators) { + if (ident_actuators) { FCGI_JSONKey("actuators"); FCGI_JSONValue("{\n\t\t"); for (i = 0; i < NUMACTUATORS; i++) { @@ -79,15 +79,16 @@ static void IdentifyHandler(FCGIContext *context, char *params) { * the system at any one time. The key can be forcibly generated, revoking * any previous control keys. To be used in conjunction with HTTP * basic authentication. - * This function will generate a JSON response that indicates success/failure. * @param context The context to work in * @param force Whether to force key generation or not. - */ -void FCGI_BeginControl(FCGIContext *context, bool force) { + * @return true on success, false otherwise (eg someone else already in control) + */ +bool FCGI_LockControl(FCGIContext *context, bool force) { time_t now = time(NULL); bool expired = now - context->control_timestamp > CONTROL_TIMEOUT; - - if (force || !*(context->control_key) || expired) { + + if (force || !*(context->control_key) || expired) + { SHA_CTX sha1ctx; unsigned char sha1[20]; int i = rand(); @@ -101,19 +102,9 @@ void FCGI_BeginControl(FCGIContext *context, bool force) { for (i = 0; i < 20; i++) sprintf(context->control_key + i * 2, "%02x", sha1[i]); snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR")); - FCGI_BeginJSON(context, STATUS_OK); - FCGI_JSONPair("key", context->control_key); - FCGI_EndJSON(); - } else { - char buf[128]; - strftime(buf, 128, "%H:%M:%S %d-%m-%Y", - localtime(&(context->control_timestamp))); - FCGI_BeginJSON(context, STATUS_UNAUTHORIZED); - FCGI_JSONPair("description", "Another user already has control"); - FCGI_JSONPair("current_user", context->control_ip); - FCGI_JSONPair("when", buf); - FCGI_EndJSON(); + return true; } + return false; } /** @@ -127,7 +118,8 @@ void FCGI_BeginControl(FCGIContext *context, bool force) { bool FCGI_HasControl(FCGIContext *context, const char *key) { time_t now = time(NULL); int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT && - key != NULL && !strcmp(context->control_key, key); + key != NULL && context->control_key[0] != '\0' && + !strcmp(context->control_key, key); if (result) { context->control_timestamp = now; //Update the control_timestamp } @@ -139,10 +131,8 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) { * Revokes the current control key, if present. * @param context The context to work in */ -void FCGI_EndControl(FCGIContext *context) { +void FCGI_ReleaseControl(FCGIContext *context) { *(context->control_key) = 0; - FCGI_BeginJSON(context, STATUS_OK); - FCGI_EndJSON(); return; } @@ -185,6 +175,101 @@ char *FCGI_KeyPair(char *in, const char **key, const char **value) return ptr; } +/** + * Aids in parsing request parameters. + * Input: The expected keys along with their type and whether or not + * they're required. + * @param context The context to work in + * @param params The parameter string to be parsed + * @param values An array of FCGIValue's that specify expected keys + * @param count The number of elements in 'values'. + * @return true If the parameter string was parsed successfully, false otherwise. + * Modes of failure include: Invalid a parsing error on the value, + * an unknown key is specified, + * a key/value pair is specified more than once, or + * not all required keys were present. + * If this function returns false, it is guaranteed that FCGI_RejectJSON + * has already been called with the appropriate description message. + */ +bool FCGI_ParseRequest(FCGIContext *context, char *params, FCGIValue values[], size_t count) +{ + const char *key, *value; + char buf[BUFSIZ], *ptr; + size_t i; + + while ((params = FCGI_KeyPair(params, &key, &value))) { + for (i = 0; i < count; i++) { + if (!strcmp(key, values[i].key)) { + FCGIValue *val = &values[i]; + + if (FCGI_RECEIVED(val->flags)) { + snprintf(buf, BUFSIZ, "Value already specified for '%s'.", key); + FCGI_RejectJSON(context, buf); + return false; + } + val->flags |= FCGI_PARAM_RECEIVED; + + switch(FCGI_TYPE(val->flags)) { + case FCGI_BOOL_T: + if (!*value) //No value: Default true + *((bool*) val->value) = true; + else { + *((bool*) val->value) = !!(strtol(value, &ptr, 10)); + if (*ptr) { + snprintf(buf, BUFSIZ, "Expected bool for '%s' but got '%s'", key, value); + FCGI_RejectJSON(context, buf); + return false; + } + } + break; + case FCGI_INT_T: case FCGI_LONG_T: { + long parsed = strtol(value, &ptr, 10); + if (!*value || *ptr) { + snprintf(buf, BUFSIZ, "Expected int for '%s' but got '%s'", key, value); + FCGI_RejectJSON(context, buf); + return false; + } + + if (FCGI_TYPE(val->flags) == FCGI_INT_T) + *((int*) val->value) = (int) parsed; + else + *((long*) val->value) = parsed; + } break; + case FCGI_DOUBLE_T: + *((double*) val->value) = strtod(value, &ptr); + if (!*value || *ptr) { + snprintf(buf, BUFSIZ, "Expected float for '%s' but got '%s'", key, value); + FCGI_RejectJSON(context, buf); + return false; + } + break; + case FCGI_STRING_T: + *((const char**) val->value) = value; + break; + default: + Fatal("Invalid type %d given", FCGI_TYPE(val->flags)); + } + break; //No need to search any more + } + } //End for loop + if (i == count) { + snprintf(buf, BUFSIZ, "Unknown key '%s' specified", key); + FCGI_RejectJSON(context, buf); + return false; + } + } + + //Check that required parameters are received + for (i = 0; i < count; i++) { + if (FCGI_IS_REQUIRED(values[i].flags) && !FCGI_RECEIVED(values[i].flags)) { + snprintf(buf, BUFSIZ, "Key '%s' required, but was not given.", values[i].key); + FCGI_RejectJSON(context, buf); + return false; + } + } + return true; +} + /** * Begins a response to the client in JSON format. * @param context The context to work in. @@ -196,21 +281,37 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code) printf("{\r\n"); printf("\t\"module\" : \"%s\"", context->current_module); FCGI_JSONLong("status", status_code); - - // Jeremy: Should we include a timestamp in the JSON; something like this? - double start_time = g_options.start_time.tv_sec + 1e-6*(g_options.start_time.tv_usec); + //Time and running statistics struct timeval now; gettimeofday(&now, NULL); - double current_time = now.tv_sec + 1e-6*(now.tv_usec); - FCGI_JSONDouble("start_time", start_time); - FCGI_JSONDouble("current_time", current_time); - FCGI_JSONDouble("running_time", current_time - start_time); - + FCGI_JSONDouble("start_time", TIMEVAL_TO_DOUBLE(g_options.start_time)); + FCGI_JSONDouble("current_time", TIMEVAL_TO_DOUBLE(now)); + FCGI_JSONDouble("running_time", TIMEVAL_DIFF(now, g_options.start_time)); + FCGI_JSONPair("control_state", Control_GetModeName()); +} + +/** + * Generic accept response in JSON format. + * @param context The context to work in + * @param description A short description. + * @param cookie Optional. If given, the cookie field is set to that value. + */ +void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie) +{ + printf("Content-type: application/json; charset=utf-8\r\n"); + if (cookie) { + printf("Set-Cookie: %s\r\n", cookie); + } + printf("\r\n{\r\n"); + printf("\t\"module\" : \"%s\"", context->current_module); + FCGI_JSONLong("status", STATUS_OK); + FCGI_JSONPair("description", description); + FCGI_EndJSON(); } /** * Adds a key/value pair to a JSON response. The response must have already - * been initiated by FCGI_BeginJSON. Note that characters are not escaped. + * been initiated by FCGI_BeginJSON. Special characters are not escaped. * @param key The key of the JSON entry * @param value The value associated with the key. */ @@ -267,16 +368,6 @@ void FCGI_EndJSON() printf("\r\n}\r\n"); } -/** - * To be used when the input parameters are invalid. The return data will - * have a status of STATUS_ERROR, along with other debugging information. - * @param context The context to work in - */ -void FCGI_RejectJSON(FCGIContext *context) -{ - FCGI_RejectJSONEx(context, STATUS_ERROR, "Invalid request"); -} - /** * To be used when the input parameters are rejected. The return data * will also have debugging information provided. @@ -293,7 +384,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des FCGI_BeginJSON(context, status); FCGI_JSONPair("description", description); FCGI_JSONLong("responsenumber", context->response_number); - FCGI_JSONPair("params", getenv("QUERY_STRING")); + //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff FCGI_JSONPair("host", getenv("SERVER_HOSTNAME")); FCGI_JSONPair("user", getenv("REMOTE_USER")); FCGI_JSONPair("ip", getenv("REMOTE_ADDR")); @@ -316,6 +407,48 @@ void FCGI_PrintRaw(const char *format, ...) va_end(list); } + +/** + * Write binary data + * See fwrite + */ +void FCGI_WriteBinary(void * data, size_t size, size_t num_elem) +{ + Log(LOGDEBUG,"Writing!"); + fwrite(data, size, num_elem, stdout); +} + +/** + * Escapes a string so it can be used safely. + * Currently escapes to ensure the validity for use as a JSON string + * Does not support unicode specifiers in the form of \uXXXX. + * @param buf The string to be escaped + * @return The escaped string (return value == buf) + */ +char *FCGI_EscapeText(char *buf) +{ + int length, i; + length = strlen(buf); + + //Escape special characters. Must count down to escape properly + for (i = length - 1; i >= 0; i--) { + if (buf[i] < 0x20) { //Control characters + buf[i] = ' '; + } else if (buf[i] == '"') { + if (i-1 >= 0 && buf[i-1] == '\\') + i--; + else + buf[i] = '\''; + } else if (buf[i] == '\\') { + if (i-1 >= 0 && buf[i-1] == '\'') + i--; + else + buf[i] = ' '; + } + } + return buf; +} + /** * Main FCGI request loop that receives/responds to client requests. * @param data Reserved. @@ -326,55 +459,85 @@ void * FCGI_RequestLoop (void *data) { FCGIContext context = {0}; - Log(LOGDEBUG, "First request..."); - //TODO: The FCGI_Accept here is blocking. - // That means that if another thread terminates the program, this thread - // will not terminate until the next request is made. + Log(LOGDEBUG, "Start loop"); while (FCGI_Accept() >= 0) { - - if (Thread_Runstate() != RUNNING) - { - //TODO: Yeah... deal with this better :P - Log(LOGERR, "FIXME; FCGI gets request after other threads have finished."); - printf("Content-type: text/plain\r\n\r\n+++OUT OF CHEESE ERROR+++\n"); - break; - } - Log(LOGDEBUG, "Got request #%d", context.response_number); ModuleHandler module_handler = NULL; char module[BUFSIZ], params[BUFSIZ]; + //Don't need to copy if we're not modifying string contents + const char *cookie = getenv("COOKIE_STRING"); //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); + + Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params); + Log(LOGDEBUG, "Cookie: %s", cookie); + //Remove trailing slashes (if present) from module query size_t lastchar = strlen(module) - 1; if (lastchar > 0 && module[lastchar] == '/') module[lastchar] = 0; + + //Default to the 'identify' module if none specified + if (!*module) + strcpy(module, "identify"); - if (!*module || !strcmp("identify", module)) { + if (!strcmp("identify", module)) { module_handler = IdentifyHandler; } else if (!strcmp("control", module)) { module_handler = Control_Handler; } else if (!strcmp("sensors", module)) { module_handler = Sensor_Handler; + } else if (!strcmp("actuators", module)) { + module_handler = Actuator_Handler; + } else if (!strcmp("image", module)) { + module_handler = Image_Handler; + } else if (!strcmp("pin", module)) { + module_handler = Pin_Handler; // *Debug only* pin test module + } else if (!strcmp("bind", module)) { + module_handler = Login_Handler; + } else if (!strcmp("unbind", module)) { + module_handler = Logout_Handler; } context.current_module = module; - if (module_handler) { + context.response_number++; + + if (module_handler) + { + if (module_handler != Login_Handler && module_handler != IdentifyHandler) + { + if (cookie[0] == '\0') + { + FCGI_RejectJSON(&context, "Please login."); + continue; + } + + if (!FCGI_HasControl(&context, cookie)) + { + FCGI_RejectJSON(&context, "Invalid control key."); + continue; + } + + //Escape all special characters. + //Don't escape for login (password may have special chars?) + FCGI_EscapeText(params); + } + module_handler(&context, params); - } else { - strncat(module, " (unhandled)", BUFSIZ); - FCGI_RejectJSON(&context); + } + else + { + FCGI_RejectJSON(&context, "Unhandled module"); } - context.response_number++; + - Log(LOGDEBUG, "Waiting for request #%d", context.response_number); + } Log(LOGDEBUG, "Thread exiting."); - Thread_QuitProgram(false); // NOTE: Don't call pthread_exit, because this runs in the main thread. Just return. return NULL; }