jbe@0: #!/usr/bin/env lua jbe@0: jbe@0: -- module preamble jbe@0: local _G, _M = _ENV, {} jbe@0: _ENV = setmetatable({}, { jbe@0: __index = function(self, key) jbe@0: local value = _M[key]; if value ~= nil then return value end jbe@0: return _G[key] jbe@0: end, jbe@63: __newindex = _M jbe@0: }) jbe@0: jbe@0: -- function that encodes certain HTML entities: jbe@0: -- (not used by the library itself) jbe@0: function encode_html(text) jbe@0: return ( jbe@0: string.gsub( jbe@0: text, '[<>&"]', jbe@0: function(char) jbe@0: if char == '<' then jbe@0: return "<" jbe@0: elseif char == '>' then jbe@0: return ">" jbe@0: elseif char == '&' then jbe@0: return "&" jbe@0: elseif char == '"' then jbe@0: return """ jbe@0: end jbe@0: end jbe@0: ) jbe@0: ) jbe@0: jbe@0: end jbe@0: jbe@0: -- function that encodes special characters for URIs: jbe@0: -- (not used by the library itself) jbe@0: function encode_uri(text) jbe@0: return ( jbe@0: string.gsub(text, "[^0-9A-Za-z_%.~-]", jbe@0: function (char) jbe@0: return string.format("%%%02x", string.byte(char)) jbe@0: end jbe@0: ) jbe@0: ) jbe@0: end jbe@0: jbe@0: -- function undoing URL encoding: jbe@0: do jbe@0: local b0 = string.byte("0") jbe@0: local b9 = string.byte("9") jbe@0: local bA = string.byte("A") jbe@0: local bF = string.byte("F") jbe@0: local ba = string.byte("a") jbe@0: local bf = string.byte("f") jbe@0: function decode_uri(str) jbe@0: return ( jbe@0: string.gsub( jbe@0: string.gsub(str, "%+", " "), jbe@0: "%%([0-9A-Fa-f][0-9A-Fa-f])", jbe@0: function(hex) jbe@0: local n1, n2 = string.byte(hex, 1, 2) jbe@0: if n1 >= b0 and n1 <= b9 then n1 = n1 - b0 jbe@0: elseif n1 >= bA and n1 <= bF then n1 = n1 - bA + 10 jbe@0: elseif n1 >= ba and n1 <= bf then n1 = n1 - ba + 10 jbe@0: else error("Assertion failed") end jbe@0: if n2 >= b0 and n2 <= b9 then n2 = n2 - b0 jbe@0: elseif n2 >= bA and n2 <= bF then n2 = n2 - bA + 10 jbe@0: elseif n2 >= ba and n2 <= bf then n2 = n2 - ba + 10 jbe@0: else error("Assertion failed") end jbe@0: return string.char(n1 * 16 + n2) jbe@0: end jbe@0: ) jbe@0: ) jbe@0: end jbe@0: end jbe@0: jbe@0: -- status codes that carry no response body (in addition to 1xx): jbe@0: -- (set to "zero_content_length" if Content-Length header is required) jbe@0: status_without_response_body = { jbe@5: ["101"] = true, -- list 101 to allow protocol switch jbe@0: ["204"] = true, jbe@0: ["205"] = "zero_content_length", jbe@0: ["304"] = true jbe@0: } jbe@0: jbe@154: -- parses URL encoded form data: jbe@154: local function read_urlencoded_form(data) jbe@154: local tbl = {} jbe@154: for rawkey, rawvalue in string.gmatch(data, "([^?=&]*)=([^?=&]*)") do jbe@154: local key = decode_uri(rawkey) jbe@154: local value = decode_uri(rawvalue) jbe@154: local subtbl = tbl[key] jbe@154: if subtbl then jbe@154: subtbl[#subtbl+1] = value jbe@154: else jbe@154: tbl[key] = {value} jbe@35: end jbe@35: end jbe@154: return tbl jbe@0: end jbe@0: jbe@154: -- extracts first value from each subtable: jbe@154: local function get_first_values(tbl) jbe@154: local newtbl = {} jbe@154: for key, subtbl in pairs(tbl) do jbe@154: newtbl[key] = subtbl[1] jbe@0: end jbe@154: return newtbl jbe@154: end jbe@154: jbe@154: request_pt = {} jbe@154: request_mt = { __index = request_pt } jbe@154: jbe@154: function request_pt:_init(handler, options) jbe@0: -- process options: jbe@0: options = options or {} jbe@0: do jbe@0: -- named arg "static_headers" is used to create the preamble: jbe@0: local s = options.static_headers jbe@0: local t = {} jbe@0: if s then jbe@0: if type(s) == "string" then jbe@0: for line in string.gmatch(s, "[^\r\n]+") do jbe@0: t[#t+1] = line jbe@0: end jbe@0: else jbe@0: for i, kv in ipairs(options.static_headers) do jbe@0: if type(kv) == "string" then jbe@0: t[#t+1] = kv jbe@0: else jbe@0: t[#t+1] = kv[1] .. ": " .. kv[2] jbe@0: end jbe@0: end jbe@0: end jbe@0: end jbe@0: t[#t+1] = "" jbe@154: self._preamble = table.concat(t, "\r\n") -- preamble sent with every(!) HTTP response jbe@115: end jbe@154: self._input_chunk_size = options.maximum_input_chunk_size or options.chunk_size or 16384 jbe@154: self._output_chunk_size = options.minimum_output_chunk_size or options.chunk_size or 1024 jbe@154: self._header_size_limit = options.header_size_limit or 1024*1024 jbe@154: local function init_timeout(name, default) jbe@154: local value = options[name] jbe@154: if value == nil then jbe@154: self["_"..name] = default jbe@154: else jbe@154: self["_"..name] = value or 0 jbe@154: end jbe@53: end jbe@154: init_timeout("request_idle_timeout", 330) jbe@154: init_timeout("request_header_timeout", 30) jbe@154: init_timeout("request_body_timeout", 1800) jbe@154: init_timeout("response_timeout", 1830) jbe@154: self._poll = options.poll_function or moonbridge_io.poll jbe@154: self:_create_closure("_write_yield") jbe@154: self:_create_closure("_handler") jbe@154: -- table mapping header field names to value-lists: jbe@154: self._headers_mt = { jbe@154: __index = function(tbl, key) jbe@154: local lowerkey = string.lower(key) jbe@154: local result = self._headers[lowerkey] jbe@154: if result == nil then jbe@154: result = {} jbe@50: end jbe@154: tbl[lowerkey] = result jbe@154: tbl[key] = result jbe@154: return result jbe@154: end jbe@154: } jbe@154: -- table mapping header field names to value-lists jbe@154: -- (for headers with comma separated values): jbe@154: self._headers_csv_table_mt = { jbe@154: __index = function(tbl, key) jbe@154: local result = {} jbe@154: for i, line in ipairs(self.headers[key]) do jbe@154: for entry in string.gmatch(line, "[^,]+") do jbe@154: local value = string.match(entry, "^[ \t]*(..-)[ \t]*$") jbe@154: if value then jbe@154: result[#result+1] = value jbe@0: end jbe@0: end jbe@0: end jbe@154: tbl[key] = result jbe@154: return result jbe@154: end jbe@154: } jbe@154: -- table mapping header field names to a comma separated string jbe@154: -- (for headers with comma separated values): jbe@154: self._headers_csv_string_mt = { jbe@154: __index = function(tbl, key) jbe@154: local result = {} jbe@154: for i, line in ipairs(self.headers[key]) do jbe@154: result[#result+1] = line jbe@154: end jbe@154: result = string.concat(result, ", ") jbe@154: tbl[key] = result jbe@154: return result jbe@154: end jbe@154: } jbe@154: -- table mapping header field names to a single string value jbe@154: -- (or false if header has been sent multiple times): jbe@154: self._headers_value_mt = { jbe@154: __index = function(tbl, key) jbe@154: if self._headers_value_nil[key] then jbe@154: return nil jbe@154: end jbe@154: local result = nil jbe@154: local values = self.headers_csv_table[key] jbe@154: if #values == 0 then jbe@154: self._headers_value_nil[key] = true jbe@154: elseif #values == 1 then jbe@154: result = values[1] jbe@154: else jbe@154: result = false jbe@154: end jbe@154: tbl[key] = result jbe@154: return result jbe@154: end jbe@154: } jbe@154: -- table mapping header field names to a flag table, jbe@154: -- indicating if the comma separated value contains certain entries: jbe@154: self._headers_flags_mt = { jbe@154: __index = function(tbl, key) jbe@154: local result = setmetatable({}, { jbe@154: __index = function(tbl, key) jbe@154: local lowerkey = string.lower(key) jbe@154: local result = rawget(tbl, lowerkey) or false jbe@154: tbl[lowerkey] = result jbe@154: tbl[key] = result jbe@154: return result jbe@0: end jbe@154: }) jbe@154: for i, value in ipairs(self.headers_csv_table[key]) do jbe@154: result[string.lower(value)] = true jbe@0: end jbe@154: tbl[key] = result jbe@154: return result jbe@154: end jbe@154: } jbe@154: end jbe@154: jbe@154: function request_pt:_create_closure(name) jbe@154: self[name.."_closure"] = function(...) jbe@154: return self[name](self, ...) jbe@154: end jbe@154: end jbe@154: jbe@154: function request_pt:_create_magictable(name) jbe@154: self[name] = setmetatable({}, self["_"..name.."_mt"]) jbe@154: end jbe@154: jbe@154: function request_pt:_handler(socket) jbe@154: self._socket = socket jbe@154: self._survive = true jbe@154: self._socket_set = {[socket] = true} jbe@154: self._faulty = false jbe@154: self._consume_input = self._drain_input jbe@154: self._headers = {} jbe@154: self._headers_value_nil = {} jbe@154: self:_create_magictable("headers") jbe@154: self:_create_magictable("headers_csv_table") jbe@154: self:_create_magictable("headers_csv_string") jbe@154: self:_create_magictable("headers_value") jbe@154: self:_create_magictable("headers_flags") jbe@154: repeat jbe@154: -- wait for input: jbe@154: if not moonbridge_io.poll(self._socket_set, nil, self._request_idle_timeout) then jbe@154: self:_error("408 Request Timeout", "Idle connection timed out") jbe@154: return self._survive jbe@154: end jbe@154: -- read headers (with timeout): jbe@154: do jbe@154: local coro = coroutine.wrap(self._read_headers) jbe@154: local timeout = self._request_header_timeout jbe@154: local starttime = timeout and moonbridge_io.timeref() jbe@154: while true do jbe@154: local status = coro(self) jbe@154: if status == nil then jbe@154: local remaining jbe@154: if timeout then jbe@154: remaining = timeout - moonbridge_io.timeref(starttime) jbe@0: end jbe@154: if not self._poll(self._socket_set, nil, remaining) then jbe@154: self:_error("408 Request Timeout", "Timeout while receiving headers") jbe@154: return self._survive jbe@0: end jbe@154: elseif status == false then jbe@154: return self._survive jbe@154: elseif status == true then jbe@154: break jbe@154: else jbe@154: error("Unexpected yield value") jbe@0: end jbe@0: end jbe@154: end jbe@154: until true jbe@154: end jbe@154: jbe@154: function request_pt:_error(status, explanation) jbe@154: end jbe@154: jbe@154: function request_pt:_read(...) jbe@154: local line, status = self._socket:read_yield(...) jbe@154: if line == nil then jbe@154: self._faulty = true jbe@154: error(status) jbe@154: else jbe@154: return line, status jbe@154: end jbe@154: end jbe@154: jbe@154: function request_pt:_read_headers() jbe@154: local remaining = self._header_size_limit jbe@154: -- read and parse request line: jbe@154: local target, proto jbe@154: do jbe@154: local line, status = self:_read(remaining-2, "\n") jbe@154: if status == "maxlen" then jbe@154: self:_error("414 Request-URI Too Long") jbe@154: return false jbe@154: elseif status == "eof" then jbe@154: if line ~= "" then jbe@154: self:_error("400 Bad Request", "Unexpected EOF in request-URI line") jbe@115: end jbe@154: return false jbe@154: end jbe@154: remaining = remaining - #line jbe@154: self.method, target, proto = jbe@154: line:match("^([^ \t\r]+)[ \t]+([^ \t\r]+)[ \t]*([^ \t\r]*)[ \t]*\r?\n$") jbe@154: if not request.method then jbe@154: self:_error("400 Bad Request", "Invalid request-URI line") jbe@154: return false jbe@154: elseif proto ~= "HTTP/1.1" then jbe@154: self:_error("505 HTTP Version Not Supported") jbe@154: return false jbe@154: end jbe@154: end jbe@154: -- read and parse headers: jbe@154: while true do jbe@154: local line, status = self:_read(remaining, "\n"); jbe@154: if status == "maxlen" then jbe@154: self:_error("431 Request Header Fields Too Large") jbe@154: return false jbe@154: elseif status == "eof" then jbe@154: self:_error("400 Bad Request", "Unexpected EOF in request headers") jbe@154: return false jbe@154: end jbe@154: remaining = remaining - #line jbe@154: if line == "\r\n" or line == "\n" then jbe@154: break jbe@154: end jbe@154: local key, value = string.match(line, "^([^ \t\r]+):[ \t]*(.-)[ \t]*\r?\n$") jbe@154: if not key then jbe@154: self:_error("400 Bad Request", "Invalid header line") jbe@154: return false jbe@154: end jbe@154: local lowerkey = key:lower() jbe@154: local values = self._headers[lowerkey] jbe@154: if values then jbe@154: values[#values+1] = value jbe@154: else jbe@154: self._headers[lowerkey] = {value} jbe@154: end jbe@154: end jbe@154: -- process "Connection: close" header if existent: jbe@154: self._connection_close_requested = self.headers_flags["Connection"]["close"] jbe@154: -- process "Content-Length" header if existent: jbe@154: do jbe@154: local values = self.headers_csv_table["Content-Length"] jbe@154: if #values > 0 then jbe@154: self._request_body_content_length = tonumber(values[1]) jbe@154: local proper_value = tostring(request_body_content_length) jbe@154: for i, value in ipairs(values) do jbe@154: value = string.match(value, "^0*(.*)") jbe@154: if value ~= proper_value then jbe@154: self:_error("400 Bad Request", "Content-Length header(s) invalid") jbe@154: return false jbe@0: end jbe@38: end jbe@154: if request_body_content_length > self._body_size_limit then jbe@154: self:_error("413 Request Entity Too Large", "Announced request body size is too big") jbe@154: return false jbe@38: end jbe@154: end jbe@154: end jbe@154: -- process "Transfer-Encoding" header if existent: jbe@154: do jbe@154: local flag = self.headers_flags["Transfer-Encoding"]["chunked"] jbe@154: local list = self.headers_csv_table["Transfer-Encoding"] jbe@154: if (flag and #list ~= 1) or (not flag and #list ~= 0) then jbe@154: self:_error("400 Bad Request", "Unexpected Transfer-Encoding") jbe@154: return false jbe@154: end jbe@154: end jbe@154: -- process "Expect" header if existent: jbe@154: for i, value in ipairs(self.headers_csv_table["Expect"]) do jbe@154: if string.lower(value) ~= "100-continue" then jbe@154: self:_error("417 Expectation Failed", "Unexpected Expect header") jbe@154: return false jbe@154: end jbe@154: end jbe@154: -- get mandatory Host header according to RFC 7230: jbe@154: self.host = self.headers_value["Host"] jbe@154: if not self.host then jbe@154: self:_error("400 Bad Request", "No valid host header") jbe@154: return false jbe@154: end jbe@154: -- parse request target: jbe@154: self.path, self.query = string.match(target, "^/([^?]*)(.*)$") jbe@154: if not self.path then jbe@154: local host2 jbe@154: host2, self.path, self.query = string.match(target, "^[Hh][Tt][Tt][Pp]://([^/?]+)/?([^?]*)(.*)$") jbe@154: if host2 then jbe@154: if self.host ~= host2 then jbe@154: self:_error("400 Bad Request", "No valid host header") jbe@154: return false jbe@38: end jbe@154: elseif not (target == "*" and self.method == "OPTIONS") then jbe@154: self:_error("400 Bad Request", "Invalid request target") jbe@154: end jbe@154: end jbe@154: -- parse GET params: jbe@154: if self.query then jbe@154: self.get_params_list = read_urlencoded_form(request.query) jbe@154: self.get_params = get_first_values(self.get_params_list) jbe@154: end jbe@154: -- parse cookies: jbe@154: for i, line in ipairs(self.headers["Cookie"]) do jbe@154: for rawkey, rawvalue in jbe@154: string.gmatch(line, "([^=; ]*)=([^=; ]*)") jbe@154: do jbe@154: self.cookies[decode_uri(rawkey)] = decode_uri(rawvalue) jbe@154: end jbe@0: end jbe@0: end jbe@0: jbe@154: function request_pt:_assert_not_faulty() jbe@154: assert(not self._faulty, "Tried to use faulty request handle") jbe@154: end jbe@154: jbe@154: function request_pt:_write_yield() jbe@154: self:_consume_input() jbe@154: self._poll(self._socket_set, self._socket_set) jbe@154: end jbe@154: jbe@154: function request_pt:_write(...) jbe@154: assert(self._socket:write_call(self._write_yield_closure, ...)) jbe@154: end jbe@154: jbe@154: function request_pt:_flush(...) jbe@154: assert(self._socket:write_call(self._write_yield_closure, ...)) jbe@154: end jbe@154: jbe@154: function request_pt:_drain_input() jbe@154: socket:drain_nb(self._input_chunk_size) jbe@154: end jbe@154: jbe@154: jbe@154: -- function creating a HTTP handler: jbe@154: function generate_handler(handler, options) jbe@154: -- swap arguments if necessary (for convenience): jbe@154: if type(handler) ~= "function" and type(options) == "function" then jbe@154: handler, options = options, handler jbe@154: end jbe@154: local request = setmetatable({}, request_mt) jbe@154: request:_init(handler, options) jbe@154: return request._handler_closure jbe@154: end jbe@154: jbe@0: return _M jbe@0: