-rw-r--r-- | src/Makefile.am | 4 | ||||
-rw-r--r-- | src/cgi_gateway.cc | 4 | ||||
-rw-r--r-- | src/cookies.cc | 242 | ||||
-rw-r--r-- | src/headers.cc | 40 | ||||
-rw-r--r-- | src/util.cc | 53 |
5 files changed, 342 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 12bb1f8..2d462c8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,13 +8,15 @@ INCLUDES = -I${top_srcdir}/include -I${top_srcdir} AM_CXXFLAGS = ${KONFORKA_CFLAGS} LDADD = ${KONFORKA_LIBS} libkingate_la_SOURCES = \ cgi_gateway.cc \ cgi_interface.cc \ - util.cc + util.cc \ + cookies.cc \ + headers.cc libkingate_la_LDFLAGS = -version-info 2:0:0 libkingate_fcgi_la_SOURCES = \ fastcgi.cc libkingate_fcgi_la_LDFLAGS = -version-info 1:0:0 diff --git a/src/cgi_gateway.cc b/src/cgi_gateway.cc index 30410f2..ab48f78 100644 --- a/src/cgi_gateway.cc +++ b/src/cgi_gateway.cc @@ -24,12 +24,16 @@ namespace kingate { string qs(tmp,cl); delete tmp; parse_query(qs,post); } b_parsed_content = true; } + // Parse cookies + try { + cookies.parse_cookies(get_meta("HTTP_COOKIE")); + }catch(exception_notfound& enf) { } } bool cgi_gateway::has_GET(const string& n) const { return get.find(n) != get.end(); } const string& cgi_gateway::get_GET(const string& n) const { diff --git a/src/cookies.cc b/src/cookies.cc new file mode 100644 index 0000000..40a0c8b --- a/dev/null +++ b/src/cookies.cc @@ -0,0 +1,242 @@ +#include "kingate/cookies.h" +#include "kingate/util.h" +#include "kingate/exception.h" + +namespace kingate { + + /* + * RFC 2109: + * av-pairs = av-pair *(";" av-pair) + * av-pair = attr ["=" value] ; optional value + * attr = token + * value = word + * word = token | quoted-string + */ + + /* RFC 2109: + * + * The origin server effectively ends a session by sending the client a + * Set-Cookie header with Max-Age=0. + * + * An origin server may include multiple Set-Cookie headers in a response. + * Note that an intervening gateway could fold multiple such headers into a + * single header. + * + * + * set-cookie = "Set-Cookie:" cookies + * cookies = 1#cookie + * cookie = NAME "=" VALUE *(";" cookie-av) + * NAME = attr + * VALUE = value + * cookie-av = "Comment" "=" value + * | "Domain" "=" value + * | "Max-Age" "=" value + * | "Path" "=" value + * | "Secure" + * | "Version" "=" 1*DIGIT + * + * + * The origin server should send the following additional HTTP/1.1 + * response headers, depending on circumstances: + * + * * To suppress caching of the Set-Cookie header: Cache-control: no- + * cache="set-cookie". + * + * and one of the following: + * + * * To suppress caching of a private document in shared caches: Cache- + * control: private. + * + * * To allow caching of a document and require that it be validated + * before returning it to the client: Cache-control: must-revalidate. + * + * * To allow caching of a document, but to require that proxy caches + * (not user agent caches) validate it before returning it to the + * client: Cache-control: proxy-revalidate. + * + * * To allow caching of a document and request that it be validated + * before returning it to the client (by "pre-expiring" it): + * Cache-control: max-age=0. Not all caches will revalidate the + * document in every case. + * + * HTTP/1.1 servers must send Expires: old-date (where old-date is a + * date long in the past) on responses containing Set-Cookie response + * headers unless they know for certain (by out of band means) that + * there are no downsteam HTTP/1.0 proxies. HTTP/1.1 servers may send + * other Cache-Control directives that permit caching by HTTP/1.1 + * proxies in addition to the Expires: old-date directive; the Cache- + * Control directive will override the Expires: old-date for HTTP/1.1 + * proxies. + * + */ + + void cookie::_set_string(const string& p,const string& v) { + (*this)[p]=v; + } + + void cookie::set_comment(const string& c) { + _set_string("comment",c); + } + void cookie::set_domain(const string& d) { + _set_string("domain",d); + } + void cookie::set_max_age(const string& ma) { + _set_string("max-age",ma); + } + void cookie::set_path(const string& p) { + _set_string("path",p); + } + void cookie::set_secure(bool s) { + if(s) + _set_string("secure",""); + else + erase("secure"); + } + + void cookie::set_expires(const string& e) { + (*this)["expires"] = e; + } + + const string& cookie::_get_string(const string& s) const { + const_iterator i = find(s); + if(i==end()) + throw exception_notfound(CODEPOINT,"No parameter set"); + return i->second; + } + + const string& cookie::get_comment() const { + return _get_string("comment"); + } + const string& cookie::get_domain() const { + return _get_string("domain"); + } + const string& cookie::get_max_age() const { + return _get_string("max-age"); + } + const string& cookie::get_path() const { + return _get_string("path"); + } + bool cookie::get_secure() const { + return find("secure")!=end(); + } + + const string& cookie::get_expires() const { + return _get_string("expires"); + } + + bool cookie::has_comment() const { + return find("comment")!=end(); + } + bool cookie::has_domain() const { + return find("domain")!=end(); + } + bool cookie::has_max_age() const { + return find("max-age")!=end(); + } + bool cookie::has_path() const { + return find("path")!=end(); + } + + bool cookie::has_expires() const { + return find("expires")!=end(); + } + + void cookie::unset_comment() { + erase("comment"); + } + void cookie::unset_domain() { + erase("domain"); + } + void cookie::unset_max_age() { + erase("max-age"); + } + void cookie::unset_path() { + erase("path"); + } + + void cookie::unset_expires() { + erase("expires"); + } + + string cookie::set_cookie_header_rfc2109() const { + string rv = name + "=" + http_quoted_string(value); + for(const_iterator i=begin();i!=end();++i) { + if(i->first=="secure") { + rv += "; secure"; + }else{ + rv += "; "+i->first+"="+http_quote(i->second); + } + } + rv += "; Version=1"; + return rv; + } + + string cookie::set_cookie_header() const { + string rv = name + "=" + value; + for(const_iterator i=begin();i!=end();++i) { + if(i->first=="secure") { + rv += "; secure"; + }else{ + rv += "; "+i->first+"="+i->second; + } + } + return rv; + } + + bool cookies_t::has_cookie(const key_type& n) const { + return find(n)!=end(); + } + + const cookie& cookies_t::get_cookie(const key_type& n) const { + const_iterator i=find(n); + if(i==end()) + throw exception_notfound(CODEPOINT,"No cookie with such name found"); + return i->second; + } + + cookie& cookies_t::get_cookie(const key_type& n) { + iterator i=find(n); + if(i==end()) + throw exception_notfound(CODEPOINT,"No cookie with such name found"); + return i->second; + } + + void cookies_t::parse_cookies(const string& s) { + string str = s; + while(!str.empty()) { + string::size_type sc = str.find(';'); + string s; + if(sc==string::npos) { + s = str; + str.erase(); + }else{ + s = str.substr(0,sc); + str.erase(0,sc+1); + } + string::size_type nsp=s.find_first_not_of(" \t"); + if((nsp!=string::npos) && nsp) + s.erase(0,nsp); + string::size_type eq=s.find('='); + if(eq==string::npos) + continue; + string n = s.substr(0,eq); + s.erase(0,eq+1); + nsp = n.find_last_not_of(" \t"); + n.erase(nsp+1); + nsp = s.find_first_not_of(" \t"); + string v; + if(nsp!=string::npos) + v = s.substr(nsp); + else + v = s; + nsp = v.find_last_not_of(" \t"); + if(nsp==string::npos) + v.erase(); + else + v.erase(nsp+1); + cookie& c = (*this)[n]; + c.set_name(n); c.set_value(v); + } + } + +} diff --git a/src/headers.cc b/src/headers.cc new file mode 100644 index 0000000..89ac519 --- a/dev/null +++ b/src/headers.cc @@ -0,0 +1,40 @@ +#include "kingate/headers.h" +#include "kingate/exception.h" + +namespace kingate { + + void headers::set_header(const key_type& h,const mapped_type& c) { + erase(h); + insert(value_type(h,c)); + } + void headers::add_header(const key_type& h,const mapped_type& c) { + insert(value_type(h,c)); + } + void headers::unset_header(const key_type& h) { + erase(h); + } + const headers::mapped_type& headers::get_header(const key_type& h) const { + const_iterator i=find(h); + if(i==end()) + throw exception_notfound(CODEPOINT,"No such header"); + return i->second; + } + headers::mapped_type& headers::get_header(const key_type& h) { + // XXX: or should it fail if there's no such thing, unlike operator[]? + iterator i=find(h); + if(i==end()) + i = insert(value_type(h,"")); + return i->second; + } + + pair<headers::const_iterator,headers::const_iterator> headers::get_headers(const key_type& h) const { + return equal_range(h); + } + pair<headers::iterator,headers::iterator> headers::get_headers(const key_type& h) { + return equal_range(h); + } + + bool headers::has_header(const key_type& h) const { + return find(h)!=end(); + } +} diff --git a/src/util.cc b/src/util.cc index 3166e62..48e486a 100644 --- a/src/util.cc +++ b/src/util.cc @@ -47,7 +47,60 @@ namespace kingate { rv.replace(unscrewed,3,1,danger); unscrewed++; } } return rv; } + + /* + * RFC 2616: + * + * separators = "(" | ")" | "<" | ">" | "@" + * | "," | ";" | ":" | "\" | <"> + * | "/" | "[" | "]" | "?" | "=" + * | "{" | "}" | SP | HT + */ + + /* + * RFC 2616: + * + * token = 1*<any CHAR except CTLs or separators> + */ + + static const char *quotible_chars = + "\001\002\003\004\005\006\007\010" + "\011\012\013\014\015\016\017\020" + "\021\022\023\024\025\026\027\030" + "\031\032\033\034\035\036\037\040" + "()<>@,;:\\\"/[]?={}" /* separator chars (except for SP and HT mentioned elsewhere */ + "\177" + ; + + /* + * RFC 2616: + * + * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) + * qdtext = <any TEXT except <">> + * + * The backslash character ("\") MAY be used as a single-character + * quoting mechanism only within quoted-string and comment constructs. + * + * quoted-pair = "\" CHAR + */ + + string http_quoted_string(const string& str) { + string rv = str; + string::size_type sp=0; + for(string::size_type q=rv.find('"');(q=rv.find('"',q))!=string::npos;q+=2) + rv.insert(q,1,'\\'); + rv.insert(0,1,'"'); + rv += '"'; + return rv; + } + + string http_quote(const string& str) { + if(str.find_first_of(quotible_chars)==string::npos) + return str; + return http_quoted_string(str); + } + } |