You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
yacy_search_server/source/de/anomic/http/httpdFileHandler.java

482 lines
21 KiB

// httpdFileHandler.java
// -----------------------
// (C) by Michael Peter Christen; mc@anomic.de
// first published on http://www.anomic.de
// Frankfurt, Germany, 2004
// last change: 22.06.2004
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
// Using this software in any meaning (reading, learning, copying, compiling,
// running) means that you agree that the Author(s) is (are) not responsible
// for cost, loss of data or any harm that may be caused directly or indirectly
// by usage of this softare or this documentation. The usage of this software
// is on your own risk. The installation and usage (starting/running) of this
// software may allow other people or application to access your computer and
// any attached devices and is highly dependent on the configuration of the
// software which must be done by the user of the software; the author(s) is
// (are) also not responsible for proper configuration and usage of the
// software, even if provoked by documentation provided together with
// the software.
//
// Any changes to this file according to the GPL as documented in the file
// gpl.txt aside this file in the shipment you received can be done to the
// lines that follows this copyright notice here, but changes must not be
// done inside the copyright notive above. A re-distribution must contain
// the intact and unchanged copyright notice.
// Contributions and changes to the program code must be marked as such.
/*
Class documentation:
this class provides a file servlet and CGI interface
for the httpd server.
Whenever this server is addressed to load a local file,
this class searches for the file in the local path as
configured in the setting property 'rootPath'
The servlet loads the file and returns it to the client.
Every file can also act as an template for the built-in
CGI interface. There is no specific path for CGI functions.
CGI functionality is triggered, if for the file to-be-served
'template.html' also a file 'template.class' exists. Then,
the class file is called with the GET/POST properties that
are attached to the http call.
Possible variable hand-over are:
- form method GET
- form method POST, enctype text/plain
- form method POST, enctype multipart/form-data
The class that creates the CGI respond must have at least one
static method of the form
public static java.util.Hashtable respond(java.util.HashMap, serverSwitch)
In the HashMap, the GET/POST variables are handed over.
The return value is a Property object that contains replacement
key/value pairs for the patterns in the template file.
The templates must have the form
either '#['<name>']#' for single attributes, or
'#{'<enumname>'}#' and '#{/'<enumname>'}#' for enumerations of
values '#['<value>']#'.
A single value in repetitions/enumerations in the template has
the property key '_'<enumname><count>'_'<value>
Please see also the example files 'test.html' and 'test.java'
*/
package de.anomic.http;
import java.io.*;
import java.util.*;
import java.text.*;
import java.lang.reflect.*;
import de.anomic.server.*;
public class httpdFileHandler extends httpdAbstractHandler implements httpdHandler {
// class variables
private Properties mimeTable = null;
private serverClassLoader provider = null;
private File htRootPath = null;
private File htDocsPath = null;
private File htTemplatePath = null;
private HashMap templates = null;
private String[] defaultFiles = null;
private serverSwitch switchboard;
private String adminAccountBase64MD5;
public httpdFileHandler(serverSwitch switchboard) {
this.switchboard = switchboard;
if (mimeTable == null) {
// load the mime table
mimeTable = new Properties();
String mimeTablePath = switchboard.getConfig("mimeConfig","");
try {
serverLog.logSystem("HTTPDFiles", "Loading mime mapping file " + mimeTablePath);
mimeTable.load(new FileInputStream(new File(switchboard.getRootPath(), mimeTablePath)));
} catch (Exception e) {
serverLog.logError("HTTPDFiles", "ERROR: path to configuration file or configuration invalid\n" + e);
System.exit(1);
}
}
// create default files array
defaultFiles = switchboard.getConfig("defaultFiles","index.html").split(",");
if (defaultFiles.length == 0) defaultFiles = new String[] {"index.html"};
// create a htRootPath: system pages
if (htRootPath == null) {
htRootPath = new File(switchboard.getRootPath(), switchboard.getConfig("htRootPath","htroot"));
if (!(htRootPath.exists())) htRootPath.mkdir();
}
// create a htDocsPath: user defined pages
if (htDocsPath == null) {
htDocsPath = new File(switchboard.getRootPath(), switchboard.getConfig("htDocsPath", "htdocs"));
if (!(htDocsPath.exists())) htDocsPath.mkdir();
}
// create a htTemplatePath
if (htTemplatePath == null) {
htTemplatePath = new File(switchboard.getRootPath(), switchboard.getConfig("htTemplatePath","htroot/env/templates"));
if (!(htTemplatePath.exists())) htTemplatePath.mkdir();
}
if (templates == null) templates = loadTemplates(htTemplatePath);
// create a class loader
if (provider == null) {
provider = new serverClassLoader(/*this.getClass().getClassLoader()*/);
// debug
/*
Package[] ps = ((cachedClassLoader) provider).packages();
for (int i = 0; i < ps.length; i++) System.out.println("PACKAGE IN PROVIDER: " + ps[i].toString());
*/
}
adminAccountBase64MD5 = null;
serverLog.logSystem("HTTPDFileHandler", "File Handler Initialized");
}
private void respondHeader(OutputStream out, int retcode,
String conttype, long contlength,
Date moddate, Date expires,
String cookie) throws IOException {
try {
out.write(("HTTP/1.1 " + retcode + " OK\r\n").getBytes());
out.write(("Server: AnomicHTTPD (www.anomic.de)\r\n").getBytes());
out.write(("Date: " + httpc.dateString(httpc.nowDate()) + "\r\n").getBytes());
if (expires != null) out.write(("Expires: " + httpc.dateString(expires) + "\r\n").getBytes());
out.write(("Content-type: " + conttype /* "image/gif", "text/html" */ + "\r\n").getBytes());
out.write(("Last-modified: " + httpc.dateString(moddate) + "\r\n").getBytes());
out.write(("Content-length: " + contlength +"\r\n").getBytes());
out.write(("Pragma: no-cache\r\n").getBytes());
// out.write(("Accept-ranges: bytes\r\n").getBytes());
if (cookie != null) out.write(("Set-Cookie: " + cookie + "\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
} catch (Exception e) {
// any interruption may be caused be network error or because the user has closed
// the windows during transmission. We simply pass it as IOException
throw new IOException(e.getMessage());
}
}
private void textMessage(OutputStream out, int retcode, String body) throws IOException {
respondHeader(out, retcode, "text/plain", body.length(), httpc.nowDate(), null, null);
out.write(body.getBytes());
out.flush();
}
public void doGet(Properties conProp, httpHeader requestHeader, OutputStream response) throws IOException {
doResponse(conProp, requestHeader, response, null);
}
public void doHead(Properties conProp, httpHeader requestHeader, OutputStream response) throws IOException {
doResponse(conProp, requestHeader, response, null);
}
public void doPost(Properties conProp, httpHeader requestHeader, OutputStream response, PushbackInputStream body) throws IOException {
doResponse(conProp, requestHeader, response, body);
}
public void doResponse(Properties conProp, httpHeader requestHeader, OutputStream out, PushbackInputStream body) throws IOException {
String userAgent = (String) requestHeader.get("USER-AGENT");
if (userAgent == null) userAgent = "";
userAgent = userAgent.trim().toLowerCase();
//userAgent = "portalmmm n400i"; // debug
//boolean iMode = (userAgent.startsWith("portalmmm"));
//if (iMode) System.out.println("DETECTED IMODE");
//System.out.println("HTTPD-REQUEST FROM CLIENT: " + userAgent); // DEBUG
// prepare response
String method = conProp.getProperty("METHOD");
String path = conProp.getProperty("PATH");
String argsString = conProp.getProperty("ARGS"); // is null if no args were given
// check hack attacks in path
if (path.indexOf("..") >= 0) {
out.write(("HTTP/1.0 403 bad path\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
return;
}
// check permission/granted access
if ((path.endsWith("_p.html")) &&
((adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", "")).length() != 0)) {
// authentication required
String auth = (String) requestHeader.get("Authorization");
if (auth == null) {
// no authorization given in response. Ask for that
out.write(("HTTP/1.1 401 log-in required\r\n").getBytes());
out.write(("WWW-Authenticate: Basic realm=\"admin log-in\"\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
return;
} else if (!(adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(auth.trim().substring(6))))) {
// a wrong authentication was given. Ask again
serverLog.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + conProp.getProperty("CLIENTIP", "unknown-IP") + "'");
try {Thread.currentThread().sleep(3000);} catch (InterruptedException e) {} // add a delay to make brute-force harder
out.write(("HTTP/1.1 401 log-in required\r\n").getBytes());
out.write(("WWW-Authenticate: Basic realm=\"admin log-in\"\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
return;
}
}
// parse arguments
serverObjects args = new serverObjects();
int argc;
if (argsString == null) {
// no args here, maybe a POST with multipart extension
int length;
//System.out.println("HEADER: " + requestHeader.toString()); // DEBUG
if ((method.equals("POST")) &&
(requestHeader.containsKey("CONTENT-LENGTH"))) {
// if its a POST, it can be either multipart or as args in the body
length = Integer.parseInt((String) requestHeader.get("CONTENT-LENGTH"));
if ((requestHeader.containsKey("CONTENT-TYPE")) &&
(((String) requestHeader.get("CONTENT-TYPE")).toLowerCase().startsWith("multipart"))) {
// parse multipart
HashMap files = httpd.parseMultipart(requestHeader, args, body, length);
// integrate these files into the args
if (files != null) {
Iterator fit = files.entrySet().iterator();
Map.Entry entry;
while (fit.hasNext()) {
entry = (Map.Entry) fit.next();
args.put(((String) entry.getKey()) + "$file", entry.getValue());
}
}
argc = Integer.parseInt((String) requestHeader.get("ARGC"));
} else {
// parse args in body
argc = httpd.parseArgs(args, body, length);
}
} else {
// no args
argsString = null;
args = null;
argc = 0;
}
} else {
// simple args in URL (stuff after the "?")
argc = httpd.parseArgs(args, argsString);
}
//if (args != null) System.out.println("***ARGS=" + args.toString()); // DEBUG
// check for cross site scripting - attacks in request arguments
if (argc > 0) {
// check all values for occurrences of script values
Enumeration e = args.elements(); // enumeration of values
Object val;
while (e.hasMoreElements()) {
val = e.nextElement();
if ((val != null) && (val instanceof String) && (((String) val).indexOf("<script") >= 0)) {
// deny request
out.write(("HTTP/1.0 403 bad post values\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
return;
}
}
}
// we are finished with parsing
// the result of value hand-over is in args and argc
if (path.length() == 0) {
textMessage(out, 400, "Bad Request\r\n");
out.flush();
return;
}
Date filedate;
long filelength;
File rc = null;
try {
// locate the file
if (!(path.startsWith("/"))) {
// attach leading slash
path = "/" + path;
}
// find defaults
File file = null;
String testpath = path;
if (path.endsWith("/")) {
// attach default file name
for (int i = 0; i < defaultFiles.length; i++) {
testpath = path + defaultFiles[i];
file = new File(htRootPath, testpath);
if (!(file.exists())) file = new File(htDocsPath, testpath);
if (file.exists()) {path = testpath; break;}
}
} else {
file = new File(htRootPath, path);
if (!(file.exists())) file = new File(htDocsPath, path);
}
/*
if ((iMode) && (path.endsWith(".html"))) {
file = new File(htRootPath, path.substring(0, path.length() - 4) + "ihtml");
if (!(file.exists())) file = new File(htDocsPath, path.substring(0, path.length() - 4) + "ihtml");
if (!(file.exists())) file = new File(htRootPath, path);
if (!(file.exists())) file = new File(htDocsPath, path);
//System.out.println("IMODE PATH = " + file.toString());
}
*/
if ((file.exists()) && (file.canRead())) {
// we have found a file that can be written to the client
// if this file uses templates, then we use the template
// re-write - method to create an result
serverObjects tp = new serverObjects();
filedate = new Date(file.lastModified());
String mimeType = mimeTable.getProperty(conProp.getProperty("EXT",""),"text/html");
byte[] result;
if (path.endsWith("html") || path.endsWith("xml") || path.endsWith("rss") || path.endsWith("csv")) {
rc = rewriteClassFile(file);
if (rc != null) {
// CGI-class: call the class to create a property for rewriting
try {
requestHeader.put("CLIENTIP", conProp.getProperty("CLIENTIP"));
requestHeader.put("PATH", path);
// in case that there are no args given, args = null or empty hashmap
tp = (serverObjects) rewriteMethod(rc).invoke(null, new Object[] {requestHeader, args, switchboard});
// if no args given , then tp will be an empty Hashtable object (not null)
if (tp == null) tp = new serverObjects();
// check if the servlets requests authentification
if (tp.containsKey("AUTHENTICATE")) {
String account = tp.get("AUTHENTICATE", "");
out.write(("HTTP/1.1 401 log-in required\r\n").getBytes());
out.write(("WWW-Authenticate: Basic realm=\"" + account + "\"\r\n").getBytes());
out.write(("\r\n").getBytes());
out.flush();
return;
}
// add the application version to every rewrite table
tp.put("version", switchboard.getConfig("version", ""));
tp.put("uptime", ((System.currentTimeMillis() - Long.parseLong(switchboard.getConfig("startupTime","0"))) / 1000) / 60); // uptime in minutes
//System.out.println("respond props: " + ((tp == null) ? "null" : tp.toString())); // debug
} catch (InvocationTargetException e) {
System.out.println("INTERNAL ERROR: " + e.toString() + ":" +
e.getMessage() +
" target exception at " + rc + ": " +
e.getTargetException().toString() + ":" +
e.getTargetException().getMessage());
e.printStackTrace();
rc = null;
}
filedate = new Date(System.currentTimeMillis());
}
// read templates
tp.putAll(templates);
// rewrite the file
ByteArrayOutputStream o = new ByteArrayOutputStream();
FileInputStream fis = new FileInputStream(file);
httpTemplate.writeTemplate(fis, o, tp, "-UNRESOLVED_PATTERN-".getBytes());
o.close();
result = o.toByteArray();
} else { // no html
// write the file to the client
result = serverFileUtils.read(file);
}
// check mime type again using the result array: these are 'magics'
if (serverByteBuffer.equals(result, 1, "PNG".getBytes())) mimeType = mimeTable.getProperty("png","text/html");
else if (serverByteBuffer.equals(result, 0, "GIF89".getBytes())) mimeType = mimeTable.getProperty("gif","text/html");
else if (serverByteBuffer.equals(result, 6, "JFIF".getBytes())) mimeType = mimeTable.getProperty("jpg","text/html");
//System.out.print("MAGIC:"); for (int i = 0; i < 10; i++) System.out.print(Integer.toHexString((int) result[i]) + ","); System.out.println();
// write the array to the client
respondHeader(out, 200, mimeType, result.length, filedate, null, null);
Thread.currentThread().sleep(200); // this solved the message problem (!!)
serverFileUtils.write(result, out);
} else {
textMessage(out, 404, "404 File not Found\r\n"); // would be a possible vuln to return original the original path
}
} catch (Exception e) {
//textMessage(out, 503, "Exception with query: " + path + "; '" + e.toString() + ":" + e.getMessage() + "'\r\n");
//e.printStackTrace();
System.out.println("ERROR: Exception with query: " + path + "; '" + e.toString() + ":" + e.getMessage() + "'\r\n");
}
out.flush();
if (!(requestHeader.get("Connection", "close").equals("keep-alive"))) {
// wait a little time until everything closes so that clients can read from the streams/sockets
try {Thread.currentThread().sleep(1000);} catch (InterruptedException e) {}
}
}
private static HashMap loadTemplates(File path) {
// reads all templates from a path
// we use only the folder from the given file path
HashMap result = new HashMap();
if (path == null) return result;
if (!(path.isDirectory())) path = path.getParentFile();
if ((path == null) || (!(path.isDirectory()))) return result;
String[] templates = path.list();
int c;
for (int i = 0; i < templates.length; i++) {
if (templates[i].endsWith(".template")) try {
//System.out.println("TEMPLATE " + templates[i].substring(0, templates[i].length() - 9) + ": " + new String(buf, 0, c));
result.put(templates[i].substring(0, templates[i].length() - 9),
new String(serverFileUtils.read(new File(path, templates[i]))));
} catch (Exception e) {}
}
return result;
}
private File rewriteClassFile(File template) {
try {
String f = template.getCanonicalPath();
int p = f.lastIndexOf(".");
if (p < 0) return null;
f = f.substring(0, p) + ".class";
//System.out.println("constructed class path " + f);
File cf = new File(f);
if (cf.exists()) return cf;
return null;
} catch (IOException e) {
return null;
}
}
private Method rewriteMethod(File classFile) {
Method m = null;
// now make a class out of the stream
try {
//System.out.println("**DEBUG** loading class file " + classFile);
Class c = provider.loadClass(classFile);
Class[] params = new Class[] {
Class.forName("de.anomic.http.httpHeader"),
Class.forName("de.anomic.server.serverObjects"),
Class.forName("de.anomic.server.serverSwitch")};
m = c.getMethod("respond", params);
} catch (ClassNotFoundException e) {
System.out.println("INTERNAL ERROR: class " + classFile + " is missing:" + e.getMessage());
} catch (NoSuchMethodException e) {
System.out.println("INTERNAL ERROR: method respond not found in class " + classFile + ": " + e.getMessage());
}
//System.out.println("found method: " + m.toString());
return m;
}
public void doConnect(Properties conProp, httpHeader requestHeader, InputStream clientIn, OutputStream clientOut) {
throw new UnsupportedOperationException();
}
}