-rw-r--r-- | include/Makefile.am | 4 | ||||
-rw-r--r-- | include/kingate/cgi_gateway.h | 5 | ||||
-rw-r--r-- | include/kingate/cookies.h | 300 | ||||
-rw-r--r-- | include/kingate/headers.h | 94 | ||||
-rw-r--r-- | include/kingate/util.h | 13 | ||||
-rw-r--r-- | src/Makefile.am | 4 | ||||
-rw-r--r-- | src/cgi_gateway.cc | 4 | ||||
-rw-r--r-- | src/cookies.cc | 242 | ||||
-rw-r--r-- | src/headers.cc | 40 | ||||
-rw-r--r-- | src/util.cc | 53 |
10 files changed, 757 insertions, 2 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index e0b778b..ee5cd51 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,7 +1,9 @@ nobase_include_HEADERS = \ kingate/cgi_gateway.h \ kingate/cgi_interface.h \ kingate/fastcgi.h \ kingate/exception.h \ kingate/util.h \ - kingate/plaincgi.h + kingate/plaincgi.h \ + kingate/cookies.h \ + kingate/headers.h diff --git a/include/kingate/cgi_gateway.h b/include/kingate/cgi_gateway.h index a5c4056..f20d72b 100644 --- a/include/kingate/cgi_gateway.h +++ b/include/kingate/cgi_gateway.h @@ -1,11 +1,12 @@ #ifndef __KINGATE_CGI_GATEWAY_H #define __KINGATE_CGI_GATEWAY_H #include <map> #include "kingate/cgi_interface.h" +#include "kingate/cookies.h" #ifndef __deprecated #if ( __GNUC__ == 3 && __GNUC_MINOR__ > 0 ) || __GNUC__ > 3 #define __deprecated __attribute__((deprecated)) #else #define __deprecated @@ -39,12 +40,16 @@ namespace kingate { params_t get; /** * The POST-passed parameters. */ params_t post; /** + * Cookies passed. + */ + cookies_t cookies; + /** * Was the stdin content parsed? */ bool b_parsed_content; /** * @param ci the interface to use. diff --git a/include/kingate/cookies.h b/include/kingate/cookies.h new file mode 100644 index 0000000..83ef0c6 --- a/dev/null +++ b/include/kingate/cookies.h @@ -0,0 +1,300 @@ +#ifndef __KINGATE_COOKIES_H +#define __KINGATE_COOKIES_H + +#include <string> +#include <map> +#include <ostream> + +/** + * @file + * @brief cookies-related classes. + */ + +namespace kingate { + using namespace std; + + /** + * Class, holding the cookie with parameters. + */ + class cookie : public map<string,string> { + public: + /** + * Cookie name. + */ + string name; + /** + * Cookie value. + */ + string value; + + cookie() { } + /** + * @param n cookie name. + * @param v cookie value. + */ + cookie(const string& n,const string& v) + : name(n), value(v) { } + + /** + * set cookie parameter. + * @param p parameter name. + * @param v parameter value. + * @see _get_string() + */ + void _set_string(const string& p,const string& v); + + /** + * @param n cookie name. + * @see get_name() + */ + void set_name(const string& n) { name = n; } + /** + * @param v cookie value. + * @see set_value() + */ + void set_value(const string& v) { value = v; } + /** + * @param c coomment. + * @see get_comment() + * @see has_comment() + * @see unset_comment() + */ + void set_comment(const string& c); + /** + * @param d domain. + * @see get_domain() + * @see has_domain() + * @see unset_domain() + */ + void set_domain(const string& d); + /** + * @param ma max-age. + * @see get_max_age() + * @see has_max_age() + * @see unset_max_age() + */ + void set_max_age(const string& ma); + /** + * @param p path. + * @see get_path() + * @see has_path() + * @see unset_path() + */ + void set_path(const string& p); + /** + * set cookie security. + * @param s true if secure. + * @see get_secure() + * @see is_secure() + */ + void set_secure(bool s); + + /** + * @param e expiration time. + * @see get_expires() + * @see has_expires() + * @see unset_expires() + */ + void set_expires(const string& e); + + /** + * get cookie parameter. + * @param p parameter name. + * @return parameter value. + * @see _set_string() + */ + const string& _get_string(const string& p) const; + + /** + * @return cookie name. + * @see set_name() + */ + const string& get_name() const { return name; } + /** + * @return cookie value. + * @see set_value() + */ + const string& get_value() const { return value; } + /** + * @return cookie comment. + * @see set_comment() + * @see has_comment() + * @see unset_comment() + */ + const string& get_comment() const; + /** + * @return cookie domain. + * @see set_domain() + * @see has_domain() + * @see unset_domain() + */ + const string& get_domain() const; + /** + * @return cookie max-age. + * @see set_max_age() + * @see has_max_age() + * @see unset_max_age() + */ + const string& get_max_age() const; + /** + * @return cookie path. + * @see set_path() + * @see has_path() + * @see unset_path() + */ + const string& get_path() const; + /** + * @return cookie security. + * @see is_secure() + * @see set_secure() + */ + bool get_secure() const; + /** + * @return cookie security. + * @see get_secure() + * @see set_secure() + */ + bool is_secure() const { return get_secure(); } + + /** + * @return cookie expiration time. + * @see set_expires() + * @see has_expires() + * @see unset_expires() + */ + const string& get_expires() const; + + /** + * @return true if cookie has comment. + * @see set_comment() + * @see get_comment() + * @see unset_comment() + */ + bool has_comment() const; + /** + * @return true if cookie has domain. + * @see set_domain() + * @see get_domain() + * @see unset_domain() + */ + bool has_domain() const; + /** + * @return true if cookie has max-age. + * @see set_max_age() + * @see get_max_age() + * @see unset_max_age() + */ + bool has_max_age() const; + /** + * @return true if cookie has path. + * @see set_path() + * @see get_path() + * @see unset_path() + */ + bool has_path() const; + + /** + * @return true if cookie has expiration time. + * @see set_expires() + * @see get_expires() + * @see unset_expires() + */ + bool has_expires() const; + + /** + * rid cookie of comment. + * @see set_comment() + * @see get_comment() + * @see has_comment() + */ + void unset_comment(); + /** + * rid cookie of domain. + * @see set_domain() + * @see get_domain() + * @see has_domain() + */ + void unset_domain(); + /** + * rid cookie of max-age. + * @see set_max_age() + * @see get_max_age() + * @see has_max_age() + */ + void unset_max_age(); + /** + * rid cookie of path. + * @see set_path() + * @see get_path() + * @see has_path() + */ + void unset_path(); + + /** + * rid cookie of expiration time. + * @see set_expires() + * @see get_expires() + * @see has_expires() + */ + void unset_expires(); + + /** + * render the 'Set-Cookie' HTTP header according to RFC2109. + * Absolutely useless, only works with lynx. + * @return the rendered header content. + */ + string set_cookie_header_rfc2109() const; + /** + * render the 'Set-Cookie' header according to the early vague + * netscape specs and common practice. + * @return the rendered header content. + */ + string set_cookie_header() const; + }; + + /** + * Cookies container class. + */ + class cookies_t : public map<string,cookie> { + public: + + cookies_t() { } + /** + * @param s 'Cookie:' HTTP header contents to parse. + */ + cookies_t(const string& s) { parse_cookies(s); } + + /** + * @param c cookie to set. + */ + void set_cookie(const cookie& c) { (*this)[c.get_name()]=c; } + /** + * @param n cookie name to remove. + */ + void unset_cookie(const key_type& n) { erase(n); } + /** + * @param n cookie name. + * @return true if exists. + */ + bool has_cookie(const key_type& n) const; + /** + * Return the named cookie if one exists. + * @param n cookie name. + * @return const reference to cookie object. + */ + const cookie& get_cookie(const key_type& n) const; + /** + * Return the named cookie if one exists. + * @param n cookie name. + * @return reference to cookie object. + */ + cookie& get_cookie(const key_type& n); + + /** + * @param s HTTP 'Cookie' header content. + */ + void parse_cookies(const string& s); + }; +} + +#endif /* __KINGATE_COOKIES_H */ diff --git a/include/kingate/headers.h b/include/kingate/headers.h new file mode 100644 index 0000000..fb37fec --- a/dev/null +++ b/include/kingate/headers.h @@ -0,0 +1,94 @@ +#ifndef __KINGATE_HEADERS_H +#define __KINGATE_HEADERS_H + +#include <string> +#include <map> +#include <ostream> + +/** + * @file + * @brief the headers -- HTTP headers container class. + */ + +namespace kingate { + using namespace std; + + /** + * The container class for HTTP headers. + */ + class headers : public multimap<string,string> { + public: + + /** + * Reference header if one exists. + * @param k the header. + * @return reference to the content. + */ + const mapped_type& operator[](const key_type& k) const { + return get_header(k); + } + /** + * Reference header, creating one if needed. + * @param k the header. + * @return reference to the content. + */ + mapped_type& operator[](const key_type& k) { + return get_header(k); + } + + /** + * Set HTTP header. Remove all existent occurences of headers with + * this name. + * @param h header name. + * @param c header content. + */ + void set_header(const key_type& h,const mapped_type& c); + /** + * Add HTTP header. + * @param h header name. + * @param c header content. + */ + void add_header(const key_type& h,const mapped_type& c); + /** + * Remove named header. + * @param h header name. + */ + void unset_header(const key_type& h); + /** + * Return const reference to the existing header. + * @param h header name. + * @return reference to header content. + */ + const mapped_type& get_header(const key_type& h) const; + /** + * Return reference to the header, creating one if needed. + * @param h header name. + * @return reference to the content. + */ + mapped_type& get_header(const key_type& h); + /** + * Return the range of headers with a certain name. + * @param h header name. + * @return pair of const iterators with the beginning and the end + * of range. + */ + pair<const_iterator,const_iterator> get_headers(const key_type& h) const; + /** + * Return the range of headers with a certain name. + * @param h header name. + * @return pair of iterators with the beginning and the end + * of range. + */ + pair<iterator,iterator> get_headers(const key_type& h); + /** + * Inquire whether the named header exists. + * @param h header name. + * @return true if exists. + */ + bool has_header(const key_type& h) const; + + }; + +} + +#endif /* __KINGATE_HEADERS_H */ diff --git a/include/kingate/util.h b/include/kingate/util.h index 6024ccf..3fd96f6 100644 --- a/include/kingate/util.h +++ b/include/kingate/util.h @@ -25,12 +25,25 @@ namespace kingate { * @param str the URL-encoded string. * @return the decoded string. */ string url_decode(const string& str); /** + * Quote string for use in HTTP header. + * @param str the string to quote. + * @return the quoted string. + */ + string http_quoted_string(const string& str); + /** + * Quote string for use in HTTP header if necessary. + * @param str the string to quote. + * @return the quoted string or token left as is. + */ + string http_quote(const string& str); + + /** * deprecated alias to url_encode. * @see url_encode */ inline string __deprecated url_escape(const string& str) { return url_encode(str); } diff --git a/src/Makefile.am b/src/Makefile.am index 12bb1f8..2d462c8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,13 +8,15 @@ INCLUDES = -I${top_srcdir}/include -I${top_srcdir} AM_CXXFLAGS = ${KONFORKA_CFLAGS} LDADD = ${KONFORKA_LIBS} libkingate_la_SOURCES = \ cgi_gateway.cc \ cgi_interface.cc \ - util.cc + util.cc \ + cookies.cc \ + headers.cc libkingate_la_LDFLAGS = -version-info 2:0:0 libkingate_fcgi_la_SOURCES = \ fastcgi.cc libkingate_fcgi_la_LDFLAGS = -version-info 1:0:0 diff --git a/src/cgi_gateway.cc b/src/cgi_gateway.cc index 30410f2..ab48f78 100644 --- a/src/cgi_gateway.cc +++ b/src/cgi_gateway.cc @@ -24,12 +24,16 @@ namespace kingate { string qs(tmp,cl); delete tmp; parse_query(qs,post); } b_parsed_content = true; } + // Parse cookies + try { + cookies.parse_cookies(get_meta("HTTP_COOKIE")); + }catch(exception_notfound& enf) { } } bool cgi_gateway::has_GET(const string& n) const { return get.find(n) != get.end(); } const string& cgi_gateway::get_GET(const string& n) const { diff --git a/src/cookies.cc b/src/cookies.cc new file mode 100644 index 0000000..40a0c8b --- a/dev/null +++ b/src/cookies.cc @@ -0,0 +1,242 @@ +#include "kingate/cookies.h" +#include "kingate/util.h" +#include "kingate/exception.h" + +namespace kingate { + + /* + * RFC 2109: + * av-pairs = av-pair *(";" av-pair) + * av-pair = attr ["=" value] ; optional value + * attr = token + * value = word + * word = token | quoted-string + */ + + /* RFC 2109: + * + * The origin server effectively ends a session by sending the client a + * Set-Cookie header with Max-Age=0. + * + * An origin server may include multiple Set-Cookie headers in a response. + * Note that an intervening gateway could fold multiple such headers into a + * single header. + * + * + * set-cookie = "Set-Cookie:" cookies + * cookies = 1#cookie + * cookie = NAME "=" VALUE *(";" cookie-av) + * NAME = attr + * VALUE = value + * cookie-av = "Comment" "=" value + * | "Domain" "=" value + * | "Max-Age" "=" value + * | "Path" "=" value + * | "Secure" + * | "Version" "=" 1*DIGIT + * + * + * The origin server should send the following additional HTTP/1.1 + * response headers, depending on circumstances: + * + * * To suppress caching of the Set-Cookie header: Cache-control: no- + * cache="set-cookie". + * + * and one of the following: + * + * * To suppress caching of a private document in shared caches: Cache- + * control: private. + * + * * To allow caching of a document and require that it be validated + * before returning it to the client: Cache-control: must-revalidate. + * + * * To allow caching of a document, but to require that proxy caches + * (not user agent caches) validate it before returning it to the + * client: Cache-control: proxy-revalidate. + * + * * To allow caching of a document and request that it be validated + * before returning it to the client (by "pre-expiring" it): + * Cache-control: max-age=0. Not all caches will revalidate the + * document in every case. + * + * HTTP/1.1 servers must send Expires: old-date (where old-date is a + * date long in the past) on responses containing Set-Cookie response + * headers unless they know for certain (by out of band means) that + * there are no downsteam HTTP/1.0 proxies. HTTP/1.1 servers may send + * other Cache-Control directives that permit caching by HTTP/1.1 + * proxies in addition to the Expires: old-date directive; the Cache- + * Control directive will override the Expires: old-date for HTTP/1.1 + * proxies. + * + */ + + void cookie::_set_string(const string& p,const string& v) { + (*this)[p]=v; + } + + void cookie::set_comment(const string& c) { + _set_string("comment",c); + } + void cookie::set_domain(const string& d) { + _set_string("domain",d); + } + void cookie::set_max_age(const string& ma) { + _set_string("max-age",ma); + } + void cookie::set_path(const string& p) { + _set_string("path",p); + } + void cookie::set_secure(bool s) { + if(s) + _set_string("secure",""); + else + erase("secure"); + } + + void cookie::set_expires(const string& e) { + (*this)["expires"] = e; + } + + const string& cookie::_get_string(const string& s) const { + const_iterator i = find(s); + if(i==end()) + throw exception_notfound(CODEPOINT,"No parameter set"); + return i->second; + } + + const string& cookie::get_comment() const { + return _get_string("comment"); + } + const string& cookie::get_domain() const { + return _get_string("domain"); + } + const string& cookie::get_max_age() const { + return _get_string("max-age"); + } + const string& cookie::get_path() const { + return _get_string("path"); + } + bool cookie::get_secure() const { + return find("secure")!=end(); + } + + const string& cookie::get_expires() const { + return _get_string("expires"); + } + + bool cookie::has_comment() const { + return find("comment")!=end(); + } + bool cookie::has_domain() const { + return find("domain")!=end(); + } + bool cookie::has_max_age() const { + return find("max-age")!=end(); + } + bool cookie::has_path() const { + return find("path")!=end(); + } + + bool cookie::has_expires() const { + return find("expires")!=end(); + } + + void cookie::unset_comment() { + erase("comment"); + } + void cookie::unset_domain() { + erase("domain"); + } + void cookie::unset_max_age() { + erase("max-age"); + } + void cookie::unset_path() { + erase("path"); + } + + void cookie::unset_expires() { + erase("expires"); + } + + string cookie::set_cookie_header_rfc2109() const { + string rv = name + "=" + http_quoted_string(value); + for(const_iterator i=begin();i!=end();++i) { + if(i->first=="secure") { + rv += "; secure"; + }else{ + rv += "; "+i->first+"="+http_quote(i->second); + } + } + rv += "; Version=1"; + return rv; + } + + string cookie::set_cookie_header() const { + string rv = name + "=" + value; + for(const_iterator i=begin();i!=end();++i) { + if(i->first=="secure") { + rv += "; secure"; + }else{ + rv += "; "+i->first+"="+i->second; + } + } + return rv; + } + + bool cookies_t::has_cookie(const key_type& n) const { + return find(n)!=end(); + } + + const cookie& cookies_t::get_cookie(const key_type& n) const { + const_iterator i=find(n); + if(i==end()) + throw exception_notfound(CODEPOINT,"No cookie with such name found"); + return i->second; + } + + cookie& cookies_t::get_cookie(const key_type& n) { + iterator i=find(n); + if(i==end()) + throw exception_notfound(CODEPOINT,"No cookie with such name found"); + return i->second; + } + + void cookies_t::parse_cookies(const string& s) { + string str = s; + while(!str.empty()) { + string::size_type sc = str.find(';'); + string s; + if(sc==string::npos) { + s = str; + str.erase(); + }else{ + s = str.substr(0,sc); + str.erase(0,sc+1); + } + string::size_type nsp=s.find_first_not_of(" \t"); + if((nsp!=string::npos) && nsp) + s.erase(0,nsp); + string::size_type eq=s.find('='); + if(eq==string::npos) + continue; + string n = s.substr(0,eq); + s.erase(0,eq+1); + nsp = n.find_last_not_of(" \t"); + n.erase(nsp+1); + nsp = s.find_first_not_of(" \t"); + string v; + if(nsp!=string::npos) + v = s.substr(nsp); + else + v = s; + nsp = v.find_last_not_of(" \t"); + if(nsp==string::npos) + v.erase(); + else + v.erase(nsp+1); + cookie& c = (*this)[n]; + c.set_name(n); c.set_value(v); + } + } + +} diff --git a/src/headers.cc b/src/headers.cc new file mode 100644 index 0000000..89ac519 --- a/dev/null +++ b/src/headers.cc @@ -0,0 +1,40 @@ +#include "kingate/headers.h" +#include "kingate/exception.h" + +namespace kingate { + + void headers::set_header(const key_type& h,const mapped_type& c) { + erase(h); + insert(value_type(h,c)); + } + void headers::add_header(const key_type& h,const mapped_type& c) { + insert(value_type(h,c)); + } + void headers::unset_header(const key_type& h) { + erase(h); + } + const headers::mapped_type& headers::get_header(const key_type& h) const { + const_iterator i=find(h); + if(i==end()) + throw exception_notfound(CODEPOINT,"No such header"); + return i->second; + } + headers::mapped_type& headers::get_header(const key_type& h) { + // XXX: or should it fail if there's no such thing, unlike operator[]? + iterator i=find(h); + if(i==end()) + i = insert(value_type(h,"")); + return i->second; + } + + pair<headers::const_iterator,headers::const_iterator> headers::get_headers(const key_type& h) const { + return equal_range(h); + } + pair<headers::iterator,headers::iterator> headers::get_headers(const key_type& h) { + return equal_range(h); + } + + bool headers::has_header(const key_type& h) const { + return find(h)!=end(); + } +} diff --git a/src/util.cc b/src/util.cc index 3166e62..48e486a 100644 --- a/src/util.cc +++ b/src/util.cc @@ -47,7 +47,60 @@ namespace kingate { rv.replace(unscrewed,3,1,danger); unscrewed++; } } return rv; } + + /* + * RFC 2616: + * + * separators = "(" | ")" | "<" | ">" | "@" + * | "," | ";" | ":" | "\" | <"> + * | "/" | "[" | "]" | "?" | "=" + * | "{" | "}" | SP | HT + */ + + /* + * RFC 2616: + * + * token = 1*<any CHAR except CTLs or separators> + */ + + static const char *quotible_chars = + "\001\002\003\004\005\006\007\010" + "\011\012\013\014\015\016\017\020" + "\021\022\023\024\025\026\027\030" + "\031\032\033\034\035\036\037\040" + "()<>@,;:\\\"/[]?={}" /* separator chars (except for SP and HT mentioned elsewhere */ + "\177" + ; + + /* + * RFC 2616: + * + * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) + * qdtext = <any TEXT except <">> + * + * The backslash character ("\") MAY be used as a single-character + * quoting mechanism only within quoted-string and comment constructs. + * + * quoted-pair = "\" CHAR + */ + + string http_quoted_string(const string& str) { + string rv = str; + string::size_type sp=0; + for(string::size_type q=rv.find('"');(q=rv.find('"',q))!=string::npos;q+=2) + rv.insert(q,1,'\\'); + rv.insert(0,1,'"'); + rv += '"'; + return rv; + } + + string http_quote(const string& str) { + if(str.find_first_of(quotible_chars)==string::npos) + return str; + return http_quoted_string(str); + } + } |