nitlanguage / nit.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nitcorn: harden request processing
[nit.git] / lib / nitcorn / http_request.nit
1 # This file is part of NIT ( http://www.nitlanguage.org ).
2 #
3 # Copyright 2013 Frederic Sevillano
4 # Copyright 2013 Jean-Philippe Caissy <jpcaissy@piji.ca>
5 # Copyright 2014 Alexis Laferrière <alexis.laf@xymus.net>
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 # http://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18
19 # Provides the `HttpRequest` class and services to create it
20 module http_request
21
22 import standard
23
24 # A request received over HTTP, is build by `HttpRequestParser`
25 class HttpRequest
26 private init do end
27
28 # HTTP protocol version
29 var http_version: String
30
31 # Method of this request (GET or POST)
32 var method: String
33
34 # The host targetter by this request (usually the server)
35 var host: String
36
37 # The full URL requested by the client (including the `query_string`)
38 var url: String
39
40 # The resource requested by the client (only the page, not the `query_string`)
41 var uri: String
42
43 # The string following `?` in the requested URL
44 var query_string = ""
45
46 # The header of this request
47 var header = new HashMap[String, String]
48
49 # The content of the cookie of this request
50 var cookie = new HashMap[String, String]
51
52 # The arguments passed with the GET method,
53 var get_args = new HashMap[String, String]
54
55 # The arguments passed with the POST method
56 var post_args = new HashMap[String, String]
57 end
58
59 # Utility class to parse a request string and build a `HttpRequest`
60 #
61 # The main method is `parse_http_request`.
62 class HttpRequestParser
63 # The current `HttpRequest` under construction
64 private var http_request: HttpRequest
65
66 # Untreated body
67 private var body = ""
68
69 # Lines of the header
70 private var header_fields = new Array[String]
71
72 # Words of the first line
73 private var first_line = new Array[String]
74
75 init do end
76
77 fun parse_http_request(full_request: String): nullable HttpRequest
78 do
79 clear_data
80
81 var http_request = new HttpRequest
82 self.http_request = http_request
83
84 segment_http_request(full_request)
85
86 # Parse first line, looks like "GET dir/index.html?user=xymus HTTP/1.0"
87 if first_line.length < 3 then
88 print "HTTP error: request first line apprears invalid: {first_line}"
89 return null
90 end
91 http_request.method = first_line[0]
92 http_request.url = first_line[1]
93 http_request.http_version = first_line[2]
94
95 # GET args
96 if http_request.url.has('?') then
97 http_request.uri = first_line[1].substring(0, first_line[1].index_of('?'))
98 http_request.query_string = first_line[1].substring_from(first_line[1].index_of('?')+1)
99 http_request.get_args = parse_url
100 else
101 http_request.uri = first_line[1]
102 end
103
104 # POST args
105 if http_request.method == "POST" then
106 var lines = body.split_with('&')
107 for line in lines do if not line.trim.is_empty then
108 var parts = line.split_once_on('=')
109 if parts.length > 1 then
110 var decoded = parts[1].replace('+', " ").from_percent_encoding
111 if decoded == null then
112 print "decode error"
113 continue
114 end
115 http_request.post_args[parts[0]] = decoded
116 else
117 print "POST Error: {line} format error on {line}"
118 end
119 end
120 end
121
122 # Headers
123 for i in header_fields do
124 var temp_field = i.split_with(": ")
125
126 if temp_field.length == 2 then
127 http_request.header[temp_field[0]] = temp_field[1]
128 end
129 end
130
131 # Cookies
132 if http_request.header.keys.has("Cookie") then
133 var cookie = http_request.header["Cookie"]
134 for couple in cookie.split_with(';') do
135 var words = couple.trim.split_with('=')
136 if words.length != 2 then continue
137 http_request.cookie[words[0]] = words[1]
138 end
139 end
140
141 return http_request
142 end
143
144 private fun clear_data
145 do
146 first_line.clear
147 header_fields.clear
148 end
149
150 private fun segment_http_request(http_request: String): Bool
151 do
152 var header_end = http_request.search("\r\n\r\n")
153
154 if header_end == null then
155 header_fields = http_request.split_with("\r\n")
156 else
157 header_fields = http_request.substring(0, header_end.from).split_with("\r\n")
158 body = http_request.substring(header_end.after, http_request.length-1)
159 end
160
161 # If a line of the http_request is long it may change line, it has " " at the
162 # end to indicate this. This section turns them into 1 line.
163 if header_fields.length > 1 and header_fields[0].has_suffix(" ") then
164 var temp_req = header_fields[0].substring(0, header_fields[0].length-1) + header_fields[1]
165
166 first_line = temp_req.split_with(' ')
167 header_fields.shift
168 header_fields.shift
169
170 if first_line.length != 3 then return false
171 else
172 first_line = header_fields[0].split_with(' ')
173 header_fields.shift
174
175 if first_line.length != 3 then return false
176 end
177
178 # Cut off the header in lines
179 var pos = 0
180 while pos < header_fields.length do
181 if pos < header_fields.length-1 and header_fields[pos].has_suffix(" ") then
182 header_fields[pos] = header_fields[pos].substring(0, header_fields[pos].length-1) + header_fields[pos+1]
183 header_fields.remove_at(pos+1)
184 pos = pos-1
185 end
186 pos = pos+1
187 end
188
189 return true
190 end
191
192 # Extract args from the URL
193 private fun parse_url: HashMap[String, String]
194 do
195 var query_strings = new HashMap[String, String]
196
197 if http_request.url.has('?') then
198 var get_args = http_request.query_string.split_with("&")
199 for param in get_args do
200 var key_value = param.split_with("=")
201 if key_value.length < 2 then continue
202 query_strings[key_value[0]] = key_value[1]
203 end
204 end
205
206 return query_strings
207 end
208 end
Nit language project; an oo programing language and its tool suite.