-
Notifications
You must be signed in to change notification settings - Fork 93
Expand file tree
/
Copy pathhttp_utils.cpp
More file actions
548 lines (509 loc) · 27 KB
/
http_utils.cpp
File metadata and controls
548 lines (509 loc) · 27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
#include "cpprest/http_utils.h"
#include <algorithm>
#include <cctype>
#include <map>
#include <set>
#include <boost/algorithm/string/predicate.hpp>
#include "cpprest/basic_utils.h" // for utility::conversions
#include "detail/private_access.h"
namespace web
{
namespace http
{
std::pair<utility::string_t, int> get_host_port(const web::http::http_request& req)
{
//return{ req.absolute_uri().host(), req.absolute_uri().port() };
// That naive approach doesn't work at least on Windows.
// See https://github.com/Microsoft/cpprestsdk/issues/401
// Instead, try to use the 'Host' header.
// In order to support deployment behind a reverse proxy, also look at the 'X-Forwarded-Host' header.
// The RFC 7239 equivalent is the 'host=' directive in the 'Forwarded' header, but Apache and Lighttpd
// seem to add 'X-Forwarded-Host' out of the box.
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
auto header = req.headers().find(U("X-Forwarded-Host"));
if (req.headers().end() == header) header = req.headers().find(web::http::header_names::host);
if (req.headers().end() != header)
{
auto first = header->second.substr(0, header->second.find(','));
auto colon = first.find(':');
if (utility::string_t::npos == colon) return{ std::move(first), 0 };
return{ first.substr(0, colon), utility::conversions::details::scan_string(first.substr(colon + 1), 0) };
}
else
{
return{};
}
}
namespace details
{
// Extract the basic 'type/subtype' media type from a Content-Type value
utility::string_t get_mime_type(const utility::string_t& content_type)
{
auto first = std::find_if_not(content_type.begin(), content_type.end(), [](utility::char_t c) { return U(' ') == c || U('\t') == c; });
// media-type = type "/" subtype *( OWS ";" OWS parameter )
// OWS = *( SP / HTAB )
auto last = std::find_if(first, content_type.end(), [](utility::char_t c) { return U(';') == c || U(' ') == c || U('\t') == c; });
return{ first, last };
}
// Check if a media type is JSON
bool is_mime_type_json(const utility::string_t& mime_type)
{
// as well as application/json, also check for the +json structured syntax suffix
// see https://tools.ietf.org/html/rfc6839#section-3.1
return web::http::details::mime_types::application_json == mime_type || boost::algorithm::iends_with(mime_type, U("+json"));
}
}
bool has_header_value(const http_headers& headers, const utility::string_t& name, const utility::string_t& value)
{
const auto header = headers.find(name);
if (headers.end() == header || header->second.empty())
{
return false;
}
else
{
// this provides protection against substring matches but relies on a comma being followed by single space
// consistently, and doesn't handle quoted string values that may contain this delimiter
// (http_headers::add does the former, and doesn't explicitly support the latter)
const auto comma = _XPLATSTR(", ");
const auto searchable = comma + header->second + comma;
return utility::string_t::npos != searchable.find(comma + value + comma);
}
}
bool add_header_value(http_headers& headers, const utility::string_t& name, utility::string_t value)
{
if (has_header_value(headers, name, value))
{
return false;
}
else
{
headers.add(name, value);
return true;
}
}
void set_reply(web::http::http_response& res, web::http::status_code code)
{
res.set_status_code(code);
}
void set_reply(web::http::http_response& res, web::http::status_code code, const concurrency::streams::istream& body, const utility::string_t& content_type)
{
res.set_status_code(code);
res.set_body(body, content_type);
}
void set_reply(web::http::http_response& res, web::http::status_code code, const concurrency::streams::istream& body, utility::size64_t content_length, const utility::string_t& content_type)
{
res.set_status_code(code);
res.set_body(body, content_length, content_type);
}
void set_reply(web::http::http_response& res, web::http::status_code code, const utility::string_t& body_text, const utility::string_t& content_type)
{
res.set_status_code(code);
// this http_response::set_body overload blindly adds "; charset=utf-8" (because it converts body_text to UTF-8)
// which for "application/json" isn't necessary, or strictly valid
// see https://www.iana.org/assignments/media-types/application/json
// same goes for "application/sdp"
// see https://www.iana.org/assignments/media-types/application/sdp
res.set_body(body_text, content_type);
if (web::http::details::mime_types::application_json == content_type || U("application/sdp") == content_type)
{
res.headers().set_content_type(content_type);
}
}
void set_reply(web::http::http_response& res, web::http::status_code code, const web::json::value& body_data)
{
res.set_status_code(code);
res.set_body(body_data);
}
namespace cors
{
bool is_cors_response_header(const web::http::http_headers::key_type& header)
{
// See https://fetch.spec.whatwg.org/
static const std::set<web::http::http_headers::key_type> cors_response_headers
{
web::http::cors::header_names::allow_origin,
web::http::cors::header_names::allow_credentials,
web::http::cors::header_names::allow_methods,
web::http::cors::header_names::allow_headers,
web::http::cors::header_names::max_age,
web::http::cors::header_names::expose_headers
};
return cors_response_headers.end() != cors_response_headers.find(header);
}
bool is_cors_safelisted_response_header(const web::http::http_headers::key_type& header)
{
// See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
static const std::set<web::http::http_headers::key_type> cors_safelisted_response_headers
{
// don't need to include these simple headers in the Expose-Headers header
web::http::header_names::cache_control,
web::http::header_names::content_language,
web::http::header_names::content_type, // unless the value is not one of the CORS-safelisted types?
web::http::header_names::expires,
web::http::header_names::last_modified,
web::http::header_names::pragma
};
return cors_safelisted_response_headers.end() != cors_safelisted_response_headers.find(header);
}
}
// based on existing function from cpprestsdk's internal_http_helpers.h
utility::string_t get_default_reason_phrase(web::http::status_code code)
{
static const std::map<web::http::status_code, const utility::char_t*> default_reason_phrases
{
#define _PHRASES
#define DAT(a,b,c) {status_codes::a, c},
#include "cpprest/details/http_constants.dat"
#undef _PHRASES
#undef DAT
};
auto found = default_reason_phrases.find(code);
return default_reason_phrases.end() != found ? found->second : _XPLATSTR("");
}
namespace experimental
{
namespace details
{
// token = 1*tchar
// tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
// / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
// / DIGIT / ALPHA
// see https://tools.ietf.org/html/rfc7230#section-3.2.6
inline bool is_tchar(utility::char_t c)
{
static const utility::string_t tchar_punct{ U("!#$%&'*+-.^_`|~") };
return std::isalnum(c, std::locale::classic()) || std::string::npos != tchar_punct.find(c);
}
// "A sender SHOULD NOT generate a quoted-pair in a quoted-string except where necessary to quote DQUOTE and backslash"
// see https://tools.ietf.org/html/rfc7230#section-3.2.6
inline bool is_backslash_required(utility::char_t c)
{
return U('"') == c || U('\\') == c;
}
}
utility::string_t make_ptokens_header(const ptokens& values)
{
utility::string_t result;
for (const auto& value : values)
{
// comma is followed by a single space (as in http_headers::add)
if (!result.empty()) { result.push_back(U(',')); result.push_back(U(' ')); }
result += value.first;
for (const auto& param : value.second)
{
result.push_back(U(';'));
result.append(param.first);
result.push_back(U('='));
if (param.second.empty() || param.second.end() != std::find_if(param.second.begin(), param.second.end(), [](utility::char_t c) { return !details::is_tchar(c); }))
{
result.push_back(U('"'));
for (auto c : param.second)
{
if (details::is_backslash_required(c))
{
result.push_back(U('\\'));
}
result.push_back(c);
}
result.push_back(U('"'));
}
else
{
result.append(param.second);
}
}
}
return result;
}
ptokens parse_ptokens_header(const utility::string_t& value)
{
enum {
pre_value,
value_name,
pre_param,
pre_param_name,
param_name,
pre_param_value,
param_value,
param_value_token,
param_value_quoted_string,
param_value_quoted_string_escape
} state = pre_value;
ptokens result;
utility::string_t name;
for (auto c : value)
{
switch (state)
{
case pre_value:
// surprising handling of multiple commas is due to the ABNF List Extension: #rule
// #element => [ ( "," / element ) *( OWS "," [ OWS element ] ) ]
// see https://tools.ietf.org/html/rfc7230#section-7
if (details::is_tchar(c)) { name.push_back(c); state = value_name; break; }
if (U(',') == c) { break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid value name, expected tchar");
case value_name:
if (details::is_tchar(c)) { name.push_back(c); break; }
result.push_back({ name, {} }); name.clear();
if (U(',') == c) { state = pre_value; break; }
if (U(';') == c) { state = pre_param_name; break; }
if (U(' ') == c || U('\t') == c) { state = pre_param; break; }
throw std::invalid_argument("invalid value name, expected tchar");
case pre_param:
if (U(',') == c) { state = pre_value; break; }
if (U(';') == c) { state = pre_param_name; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid value, expected ',' or ';'");
case pre_param_name:
if (details::is_tchar(c)) { name.push_back(c); state = param_name; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid parameter name, expected tchar");
case param_name:
if (details::is_tchar(c)) { name.push_back(c); break; }
result.back().second.push_back({ name, {} }); name.clear();
if (U('=') == c) { state = param_value; break; }
if (U(' ') == c || U('\t') == c) { state = pre_param_value; break; }
throw std::invalid_argument("invalid parameter name, expected tchar");
case pre_param_value:
if (U('=') == c) { state = param_value; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid parameter, expected '='");
case param_value:
if (details::is_tchar(c)) { result.back().second.back().second.push_back(c); state = param_value_token; break; }
if (U('"') == c) { state = param_value_quoted_string; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid parameter value, expected tchar or '\"'");
case param_value_token:
if (details::is_tchar(c)) { result.back().second.back().second.push_back(c); break; }
if (U(',') == c) { state = pre_value; break; }
if (U(';') == c) { state = pre_param_name; break; }
if (U(' ') == c || U('\t') == c) { state = pre_param; break; }
throw std::invalid_argument("invalid parameter value, expected tchar");
case param_value_quoted_string:
if (U('"') == c) { state = pre_param; break; }
if (U('\\') == c) { state = param_value_quoted_string_escape; break; }
result.back().second.back().second.push_back(c);
break;
case param_value_quoted_string_escape:
result.back().second.back().second.push_back(c);
state = param_value_quoted_string;
break;
default:
throw std::logic_error("unreachable code");
}
}
switch (state)
{
case pre_value:
break;
case value_name:
result.push_back({ name, {} }); name.clear();
break;
case pre_param:
break;
case pre_param_name:
throw std::invalid_argument("invalid parameter name, expected tchar");
case param_name:
throw std::invalid_argument("invalid parameter, expected '='");
case pre_param_value:
throw std::invalid_argument("invalid parameter, expected '='");
case param_value:
throw std::invalid_argument("invalid parameter value, expected tchar or '\"'");
case param_value_token:
break;
case param_value_quoted_string:
throw std::invalid_argument("invalid parameter value, expected '\"'");
case param_value_quoted_string_escape:
throw std::invalid_argument("invalid parameter value, expected escaped char'");
default:
throw std::logic_error("unreachable code");
}
return result;
}
utility::string_t make_directives_header(const directives& values)
{
utility::string_t result;
for (auto& value : values)
{
if (!result.empty()) { result.push_back(U(';')); }
result.append(value.first);
if (!value.second.empty())
{
result.push_back(U('='));
result.append(value.second);
}
}
return result;
}
directives parse_directives_header(const utility::string_t& value)
{
enum {
pre_directive,
pre_directive_name,
directive_name,
pre_directive_value,
directive_value,
directive_value_token,
directive_value_quoted_string,
directive_value_quoted_string_escape
} state = pre_directive_name;
directives result;
utility::string_t name;
for (auto c : value)
{
switch (state)
{
case pre_directive:
if (U(';') == c) { state = pre_directive_name; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid value, expected ';'");
case pre_directive_name:
if (details::is_tchar(c)) { name.push_back(c); state = directive_name; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid directive name, expected tchar");
case directive_name:
if (details::is_tchar(c)) { name.push_back(c); break; }
result.push_back({ name, {} }); name.clear();
if (U('=') == c) { state = directive_value; break; }
if (U(';') == c) { state = pre_directive_name; break; }
if (U(' ') == c || U('\t') == c) { state = pre_directive_value; break; }
throw std::invalid_argument("invalid directive name, expected tchar");
case pre_directive_value:
if (U('=') == c) { state = directive_value; break; }
if (U(' ') == c || U('\t') == c) { break; }
if (U(';') == c) { state = pre_directive_name; break; }
throw std::invalid_argument("invalid directive, expected '='");
case directive_value:
if (details::is_tchar(c)) { result.back().second.push_back(c); state = directive_value_token; break; }
if (U('"') == c) { state = directive_value_quoted_string; break; }
if (U(' ') == c || U('\t') == c) { break; }
throw std::invalid_argument("invalid directive value, expected tchar or '\"'");
case directive_value_token:
if (details::is_tchar(c)) { result.back().second.push_back(c); break; }
if (U(';') == c) { state = pre_directive_name; break; }
if (U(' ') == c || U('\t') == c) { state = pre_directive; break; }
throw std::invalid_argument("invalid directive value, expected tchar");
case directive_value_quoted_string:
if (U('"') == c) { state = pre_directive; break; }
if (U('\\') == c) { state = directive_value_quoted_string_escape; break; }
result.back().second.push_back(c);
break;
case directive_value_quoted_string_escape:
result.back().second.push_back(c);
state = directive_value_quoted_string;
break;
default:
throw std::logic_error("unreachable code");
}
}
switch (state)
{
case pre_directive:
break;
case pre_directive_name:
break;
case directive_name:
result.push_back({ name, {} }); name.clear();
break;
case pre_directive_value:
break;
case directive_value:
throw std::invalid_argument("invalid directive value, expected tchar or '\"'");
case directive_value_token:
break;
case directive_value_quoted_string:
throw std::invalid_argument("invalid directive value, expected '\"'");
case directive_value_quoted_string_escape:
throw std::invalid_argument("invalid directive value, expected escaped char'");
break;
default:
throw std::logic_error("unreachable code");
}
return result;
}
namespace details
{
template <typename TimePoint>
inline double milliseconds_since_epoch(const TimePoint& tp)
{
return std::chrono::duration_cast<std::chrono::microseconds>(tp.time_since_epoch()) / 1000.0;
}
}
utility::string_t make_timing_header(const timing_metrics& values)
{
ptokens results;
for (auto& value : values)
{
ptoken token{ value.name, {} };
if (0.0 != value.duration) token.second.push_back({ U("dur"), utility::ostringstreamed(value.duration) });
if (!value.description.empty()) token.second.push_back({ U("desc"), value.description });
results.push_back(std::move(token));
}
return make_ptokens_header(results);
}
timing_metrics parse_timing_header(const utility::string_t& value)
{
// See https://w3c.github.io/server-timing/#server-timing-header-parsing-algorithm
timing_metrics results;
auto ptokens = parse_ptokens_header(value);
for (auto& ptoken : ptokens)
{
timing_metric metric{ ptoken.first };
// "Set duration to the server-timing-param-value for the server-timing-param where server-timing-param-name
// is case-insensitively equal to "dur", or value 0 if omitted or not representable as a double"
const auto dur = std::find_if(ptoken.second.begin(), ptoken.second.end(), [](const ptoken_param& param) { return boost::algorithm::iequals(param.first, U("dur")); });
if (ptoken.second.end() != dur) metric.duration = utility::istringstreamed(dur->second, 0.0);
const auto desc = std::find_if(ptoken.second.begin(), ptoken.second.end(), [](const ptoken_param& param) { return boost::algorithm::iequals(param.first, U("desc")); });
if (ptoken.second.end() != desc) metric.description = desc->second;
results.push_back(std::move(metric));
}
return results;
}
utility::string_t make_hsts_header(const hsts& value)
{
directives result;
result.push_back({ U("max-age"), utility::ostringstreamed(value.max_age) });
if (value.include_sub_domains) result.push_back({ U("includeSubDomains"), {} });
return make_directives_header(result);
}
// "1. The order of appearance of directives is not significant.
// 2. All directives MUST appear only once in an STS header field.
// Directives are either optional or required, as stipulated in
// their definitions.
// 3. Directive names are case-insensitive."
// See https://tools.ietf.org/html/rfc6797#section-6.1
inline directives::const_iterator find_directive(const directives& directives, const directive::first_type& directive_name)
{
return std::find_if(directives.begin(), directives.end(), [&](const directive& directive) { return boost::algorithm::iequals(directive.first, directive_name); });
}
hsts parse_hsts_header(const utility::string_t& value)
{
hsts result;
auto directives = parse_directives_header(value);
// required
const auto max_age = find_directive(directives, U("max-age"));
if (directives.end() == max_age) throw std::invalid_argument("invalid Strict-Transport-Security header, missing max-age");
// hm, invalid value is treated as 0
result.max_age = utility::istringstreamed(max_age->second, 0u);
// optional
const auto include_sub_domains = find_directive(directives, U("includeSubDomains"));
if (directives.end() != include_sub_domains) result.include_sub_domains = true;
return result;
}
}
namespace details
{
struct http_request_impl { typedef std::shared_ptr<web::http::details::_http_request>(web::http::http_request::*type); };
struct http_request_initiated_response { typedef pplx::details::atomic_long(web::http::details::_http_request::*type); };
}
bool has_initiated_response(const web::http::http_request& req)
{
return 0 < *(req.*detail::stowed<details::http_request_impl>::value).*detail::stowed<details::http_request_initiated_response>::value;
}
}
}
// Sigh. "An explicit instantiation shall appear in an enclosing namespace of its template."
template struct detail::stow_private<web::http::details::http_request_impl, &web::http::http_request::_m_impl>;
template struct detail::stow_private<web::http::details::http_request_initiated_response, &web::http::details::_http_request::m_initiated_response>;