foo

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I5182f7c95750244f0b6af2241b80e7e6bfc61324

Author: caolanm

common/Unit.hpp

@@ -203,16 +203,16 @@ class UnitBase
 
     /// Custom response to a http request.
     virtual bool handleHttpRequest(const Poco::Net::HTTPRequest& /*request*/,
-                                   Poco::MemoryInputStream& /*message*/,
-                                   std::shared_ptr<StreamSocket>& /*socket*/)
+                                   std::istream& /*message*/,
+                                   const std::shared_ptr<StreamSocket>& /*socket*/)
     {
         return false;
     }
 
     virtual std::map<std::string, std::string>
         parallelizeCheckInfo(const Poco::Net::HTTPRequest& /*request*/,
-                             Poco::MemoryInputStream& /*message*/,
-                             std::shared_ptr<StreamSocket>& /*socket*/)
+                             std::istream& /*message*/,
+                             const std::shared_ptr<StreamSocket>& /*socket*/)
     {
         return {};
     }

net/Socket.hpp

@@ -1556,7 +1556,7 @@ class StreamSocket : public Socket,
     /// returns true if we did any re-sizing/movement of _inBuffer.
     bool compactChunks(MessageMap& map);
 
-    ssize_t readHeader(const char* clientName, Poco::MemoryInputStream& message,
+    ssize_t readHeader(const char* clientName, std::istream& message,
                        Poco::Net::HTTPRequest& request,
                        std::chrono::duration<float, std::milli> delayMs);
 

wsd/ClientRequestDispatcher.cpp

@@ -664,7 +664,6 @@ void launchAsyncCheckFileInfo(
     }
 }
 
-
 void ClientRequestDispatcher::handleIncomingMessage(SocketDisposition& disposition)
 {
     std::shared_ptr<StreamSocket> socket = _socket.lock();
@@ -1112,6 +1111,291 @@ void ClientRequestDispatcher::handleIncomingMessage(SocketDisposition& dispositi
 #endif // MOBILEAPP
 }
 
+ClientRequestDispatcher::MessageResult ClientRequestDispatcher::handleMessage(Poco::Net::HTTPRequest& request,
+                                                                              std::istream& message,
+                                                                              SocketDisposition& disposition,
+                                                                              const std::shared_ptr<StreamSocket>& socket,
+                                                                              ssize_t headerSize)
+{
+    const bool closeConnection = !request.getKeepAlive(); // HTTP/1.1: closeConnection true w/ "Connection: close" only!
+    LOG_DBG("Handling request: " << request.getURI() << ", closeConnection " << closeConnection);
+
+    // denotes whether the request has been served synchronously
+    bool servedSync = false;
+
+    try
+    {
+        // update the read cursor - headers are not altered by chunks.
+        message.seekg(headerSize, std::ios::beg);
+
+        // re-write ServiceRoot and cache.
+        RequestDetails requestDetails(request, COOLWSD::ServiceRoot);
+        // LOG_TRC("Request details " << requestDetails.toString());
+
+        //fprintf(stderr, "size of message is %ld for %s\n", socket->getInBuffer().size(), requestDetails.toString().c_str());
+
+        // Config & security ...
+        if (requestDetails.isProxy())
+        {
+            if (!COOLWSD::IsProxyPrefixEnabled)
+                throw BadRequestException(
+                    "ProxyPrefix present but net.proxy_prefix is not enabled");
+
+            if (!socket->isLocal())
+                throw BadRequestException("ProxyPrefix request from non-local socket");
+        }
+
+        CleanupRequestVettingStations();
+
+        // Routing
+        const bool isUnitTesting = UnitWSD::isUnitTesting();
+        bool handledByUnitTesting = false;
+        if (isUnitTesting)
+        {
+            LOG_DBG("Unit-Test: handleHttpRequest: " << request.getURI());
+            handledByUnitTesting = UnitWSD::get().handleHttpRequest(request, message, socket);
+            if (!handledByUnitTesting)
+            {
+                LOG_DBG("Unit-Test: parallelizeCheckInfo: " << request.getURI());
+                auto mapAccessDetails = UnitWSD::get().parallelizeCheckInfo(request, message, socket);
+                if (!mapAccessDetails.empty())
+                {
+                    LOG_DBG("Unit-Test: launchAsyncCheckFileInfo: " << request.getURI());
+                    auto accessDetails = FileServerRequestHandler::ResourceAccessDetails(
+                        mapAccessDetails.at("wopiSrc"),
+                        mapAccessDetails.at("accessToken"),
+                        mapAccessDetails.at("permission"),
+                        mapAccessDetails.at("configid"));
+                    launchAsyncCheckFileInfo(_id, accessDetails, RequestVettingStations,
+                                             RvsHighWatermark);
+                }
+            }
+        }
+
+        if (handledByUnitTesting)
+        {
+            // Unit testing, nothing to do here
+        }
+        else if (requestDetails.equals(RequestDetails::Field::Type, "browser") ||
+                 requestDetails.equals(RequestDetails::Field::Type, "wopi"))
+        {
+            // File server
+            assert(socket && "Must have a valid socket");
+            constexpr auto ProxyRemote = "/remote/";
+            constexpr auto ProxyRemoteLen = sizeof(ProxyRemote) - 1;
+            constexpr auto ProxyRemoteStatic = "/remote/static/";
+            const auto uri = requestDetails.getURI();
+            const auto pos = uri.find(ProxyRemoteStatic);
+            if (pos != std::string::npos)
+            {
+                if (uri.ends_with("lokit-extra-img.svg"))
+                {
+                    std::string proxyRatingServer =
+                        !isUnitTesting ? ProxyRequestHandler::getProxyRatingServer()
+                                       : UnitWSD::get().getProxyRatingServer();
+                    ProxyRequestHandler::handleRequest(uri.substr(pos + ProxyRemoteLen), socket,
+                                                       proxyRatingServer);
+                    servedSync = true;
+                }
+#if ENABLE_FEATURE_LOCK
+                else
+                {
+                    const Poco::URI unlockImageUri =
+                        CommandControl::LockManager::getUnlockImageUri();
+                    if (!unlockImageUri.empty())
+                    {
+                        const std::string& serverUri =
+                            unlockImageUri.getScheme() + "://" + unlockImageUri.getAuthority();
+                        ProxyRequestHandler::handleRequest(
+                            uri.substr(pos + sizeof("/remote/static") - 1), socket, serverUri);
+                        servedSync = true;
+                    }
+                }
+#endif
+                if (!servedSync)
+                    HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+            }
+            else
+            {
+                FileServerRequestHandler::ResourceAccessDetails accessDetails;
+                servedSync = COOLWSD::FileRequestHandler->handleRequest(
+                    request, requestDetails, message, socket, accessDetails);
+                if (accessDetails.isValid())
+                {
+                    LOG_ASSERT_MSG(
+                        Uri::decode(requestDetails.getField(RequestDetails::Field::WOPISrc)) ==
+                            Uri::decode(accessDetails.wopiSrc()),
+                        "Expected identical WOPISrc in the request as in cool.html");
+
+                    launchAsyncCheckFileInfo(_id, accessDetails, RequestVettingStations,
+                                             RvsHighWatermark);
+                }
+            }
+        }
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(1, "adminws"))
+        {
+            // Admin connections
+            LOG_INF("Admin request: " << request.getURI());
+            const ServerURL cnxDetails(requestDetails);
+            if (AdminSocketHandler::handleInitialRequest(_socket, request, cnxDetails.getWebServerUrl()))
+            {
+                // Hand the socket over to the Admin poll.
+                disposition.setTransfer(Admin::instance(),
+                                        [](const std::shared_ptr<Socket>& /*moveSocket*/) {});
+            }
+            else
+                HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+        }
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(1, "getMetrics"))
+        {
+            if (!COOLWSD::AdminEnabled)
+                throw Poco::FileAccessDeniedException("Admin console disabled");
+
+            // See metrics.txt
+            std::shared_ptr<http::Response> response =
+                std::make_shared<http::Response>(http::StatusCode::OK);
+
+            try
+            {
+                /* WARNING: security point, we may skip authentication */
+                bool skipAuthentication = ConfigUtil::getConfigValue<bool>(
+                    "security.enable_metrics_unauthenticated", false);
+                if (!skipAuthentication)
+                    if (!COOLWSD::FileRequestHandler->isAdminLoggedIn(request, *response))
+                        throw Poco::Net::NotAuthenticatedException("Invalid admin login");
+            }
+            catch (const Poco::Net::NotAuthenticatedException& exc)
+            {
+                //LOG_ERR("FileServerRequestHandler::NotAuthenticated: " << exc.displayText());
+                http::Response httpResponse(http::StatusCode::Unauthorized);
+                httpResponse.set("Content-Type", "text/html charset=UTF-8");
+                httpResponse.set("WWW-authenticate", "Basic realm=\"online\"");
+                socket->sendAndShutdown(httpResponse);
+                socket->ignoreInput();
+                return MessageResult::Ignore;
+            }
+
+            FileServerRequestHandler::hstsHeaders(*response);
+            response->add("Last-Modified", Util::getHttpTimeNow());
+            // Ask UAs to block if they detect any XSS attempt
+            response->add("X-XSS-Protection", "1; mode=block");
+            // No referrer-policy
+            response->add("Referrer-Policy", "no-referrer");
+            response->add("X-Content-Type-Options", "nosniff");
+
+            disposition.setTransfer(Admin::instance(),
+                                    [response=std::move(response)](const std::shared_ptr<Socket>& moveSocket)
+                                    {
+                                        const std::shared_ptr<StreamSocket> streamSocket =
+                                            std::static_pointer_cast<StreamSocket>(moveSocket);
+                                        Admin::instance().sendMetrics(streamSocket, response);
+                                    });
+        }
+        else if (requestDetails.isGetOrHead("/"))
+            servedSync = handleRootRequest(requestDetails, socket);
+
+        else if (requestDetails.isGet("/favicon.ico"))
+            servedSync = handleFaviconRequest(requestDetails, socket);
+
+        else if (requestDetails.equals(0, "hosting"))
+        {
+            if (requestDetails.equals(1, "discovery"))
+                servedSync = handleWopiDiscoveryRequest(requestDetails, socket);
+            else if (requestDetails.equals(1, "capabilities"))
+                servedSync = handleCapabilitiesRequest(request, socket);
+            else if (requestDetails.equals(1, "wopiAccessCheck"))
+                handleWopiAccessCheckRequest(request, message, socket);
+            else
+                HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+        }
+        else if (requestDetails.isGet("/robots.txt"))
+            servedSync = handleRobotsTxtRequest(request, socket);
+
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(1, "media"))
+            servedSync = handleMediaRequest(request, disposition, socket);
+
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(1, "clipboard"))
+        {
+            //              HexUtil::dumpHex(std::cerr, socket->getInBuffer(), "clipboard:\n"); // lots of data ...
+            servedSync = handleClipboardRequest(request, message, disposition, socket);
+        }
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(1, "signature"))
+        {
+            servedSync = handleSignatureRequest(request, socket);
+        }
+
+        else if (requestDetails.isProxy() && requestDetails.equals(2, "ws"))
+            servedSync = handleClientProxyRequest(request, requestDetails, message, disposition);
+        else if (requestDetails.equals(RequestDetails::Field::Type, "cool") &&
+                 requestDetails.equals(2, "ws") && requestDetails.isWebSocket())
+            servedSync = handleClientWsUpgrade(request, requestDetails, disposition, socket);
+
+        else if (!requestDetails.isWebSocket() &&
+                 (requestDetails.equals(RequestDetails::Field::Type, "cool") ||
+                  requestDetails.equals(RequestDetails::Field::Type, "lool")))
+        {
+            // All post requests have url prefix 'cool', except when the prefix
+            // is 'lool' e.g. when integrations use the old /lool/convert-to endpoint
+            servedSync = handlePostRequest(requestDetails, request, message, disposition, socket);
+        }
+        else if (requestDetails.equals(RequestDetails::Field::Type, "wasm"))
+        {
+            if (COOLWSD::WASMState == COOLWSD::WASMActivationState::Disabled)
+            {
+                LOG_ERR(
+                    "WASM document request while WASM is disabled: " << requestDetails.toString());
+
+                // Bad request.
+                HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+                return MessageResult::Ignore;
+            }
+
+            // Tunnel to WASM.
+            _wopiProxy = std::make_unique<WopiProxy>(_id, requestDetails, socket);
+            _wopiProxy->handleRequest(COOLWSD::getWebServerPoll(), disposition);
+        }
+        else
+        {
+            LOG_WRN("Unknown resource: " << requestDetails.toString());
+
+            // Bad request.
+            HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+            return MessageResult::Ignore;
+        }
+    }
+    catch (const BadRequestException& ex)
+    {
+        LOG_ERR('#' << socket->getFD() << " bad request: ["
+                    << COOLProtocol::getAbbreviatedMessage(socket->getInBuffer())
+                    << "]: " << ex.what());
+
+        // Bad request.
+        HttpHelper::sendErrorAndShutdown(http::StatusCode::BadRequest, socket);
+        return MessageResult::Ignore;
+    }
+    catch (const std::exception& exc)
+    {
+        LOG_ERR('#' << socket->getFD() << " Exception while processing incoming request: ["
+                    << COOLProtocol::getAbbreviatedMessage(socket->getInBuffer())
+                    << "]: " << exc.what());
+
+        // Bad request.
+        // NOTE: Check _wsState to choose between HTTP response or WebSocket (app-level) error.
+        http::Response httpResponse(http::StatusCode::BadRequest);
+        httpResponse.set("Content-Length", "0");
+        socket->sendAndShutdown(httpResponse);
+        socket->ignoreInput();
+        return MessageResult::Ignore;
+    }
+
+    return servedSync ? MessageResult::ServedSync : MessageResult::ServedAsync;
+}
+
 #if !MOBILEAPP
 bool ClientRequestDispatcher::handleRootRequest(const RequestDetails& requestDetails,
                                                 const std::shared_ptr<StreamSocket>& socket)

wsd/ClientRequestDispatcher.hpp

@@ -118,6 +118,14 @@ class ClientRequestDispatcher final : public SimpleSocketHandler
 
     void sendResult(const std::shared_ptr<StreamSocket>& socket, CheckStatus result);
 
+    enum MessageResult { ServedAsync, ServedSync, Ignore };
+
+    MessageResult handleMessage(Poco::Net::HTTPRequest& request,
+                                std::istream& message,
+                                SocketDisposition& disposition,
+                                const std::shared_ptr<StreamSocket>& socket,
+                                ssize_t headerSize);
+
 #endif // !MOBILEAPP
 
     /// @return true if request has been handled synchronously and response sent, otherwise false