1 /*
2 +----------------------------------------------------------------------+
3 | Swoole |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 2.0 of the Apache license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.apache.org/licenses/LICENSE-2.0.html |
9 | If you did not receive a copy of the Apache2.0 license and are unable|
10 | to obtain it through the world-wide-web, please send a note to |
11 | license@swoole.com so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Author: Tianfeng Han <mikan.tenny@gmail.com> |
14 +----------------------------------------------------------------------+
15 */
16
17 #include "php_swoole_http_server.h"
18
19 SW_EXTERN_C_BEGIN
20 #include "ext/standard/url.h"
21 SW_EXTERN_C_END
22
23 #include "main/php_variables.h"
24
25 #ifdef SW_HAVE_ZLIB
26 #include <zlib.h>
27 #endif
28
29 #ifdef SW_HAVE_BROTLI
30 #include <brotli/encode.h>
31 #endif
32
33 enum http_upload_errno {
34 HTTP_UPLOAD_ERR_OK = 0,
35 HTTP_UPLOAD_ERR_INI_SIZE,
36 HTTP_UPLOAD_ERR_FORM_SIZE,
37 HTTP_UPLOAD_ERR_PARTIAL,
38 HTTP_UPLOAD_ERR_NO_FILE,
39 HTTP_UPLOAD_ERR_NO_TMP_DIR = 6,
40 HTTP_UPLOAD_ERR_CANT_WRITE,
41 };
42
43 using HttpRequest = swoole::http::Request;
44 using HttpContext = swoole::http::Context;
45 using swoole::Connection;
46 using swoole::ListenPort;
47 using swoole::microtime;
48 using swoole::Server;
49
50 static int http_request_on_path(swoole_http_parser *parser, const char *at, size_t length);
51 static int http_request_on_query_string(swoole_http_parser *parser, const char *at, size_t length);
52 static int http_request_on_body(swoole_http_parser *parser, const char *at, size_t length);
53 static int http_request_on_header_field(swoole_http_parser *parser, const char *at, size_t length);
54 static int http_request_on_header_value(swoole_http_parser *parser, const char *at, size_t length);
55 static int http_request_on_headers_complete(swoole_http_parser *parser);
56 static int http_request_message_complete(swoole_http_parser *parser);
57
58 static int multipart_body_on_header_field(multipart_parser *p, const char *at, size_t length);
59 static int multipart_body_on_header_value(multipart_parser *p, const char *at, size_t length);
60 static int multipart_body_on_data(multipart_parser *p, const char *at, size_t length);
61 static int multipart_body_on_header_complete(multipart_parser *p);
62 static int multipart_body_on_data_end(multipart_parser *p);
63
http_request_on_path(swoole_http_parser * parser,const char * at,size_t length)64 static int http_request_on_path(swoole_http_parser *parser, const char *at, size_t length) {
65 HttpContext *ctx = (HttpContext *) parser->data;
66 ctx->request.path = estrndup(at, length);
67 ctx->request.path_len = length;
68 return 0;
69 }
70
http_trim_double_quote(char * ptr,size_t * len)71 static inline char *http_trim_double_quote(char *ptr, size_t *len) {
72 size_t i;
73 char *tmp = ptr;
74
75 // ltrim('"')
76 for (i = 0; i < *len; i++) {
77 if (tmp[0] == '"') {
78 (*len)--;
79 tmp++;
80 continue;
81 } else {
82 break;
83 }
84 }
85 // rtrim('"')
86 for (i = (*len); i > 0; i--) {
87 if (tmp[i - 1] == '"') {
88 tmp[i - 1] = 0;
89 (*len)--;
90 continue;
91 } else {
92 break;
93 }
94 }
95 return tmp;
96 }
97
http_get_method_name(enum swoole_http_method method)98 static sw_inline const char *http_get_method_name(enum swoole_http_method method) {
99 return swoole_http_method_str(method);
100 }
101
102 // clang-format off
103 static const swoole_http_parser_settings http_parser_settings =
104 {
105 nullptr,
106 http_request_on_path,
107 http_request_on_query_string,
108 nullptr,
109 nullptr,
110 http_request_on_header_field,
111 http_request_on_header_value,
112 http_request_on_headers_complete,
113 http_request_on_body,
114 http_request_message_complete
115 };
116
117 static const multipart_parser_settings mt_parser_settings =
118 {
119 multipart_body_on_header_field,
120 multipart_body_on_header_value,
121 multipart_body_on_data,
122 nullptr,
123 multipart_body_on_header_complete,
124 multipart_body_on_data_end,
125 nullptr,
126 };
127 // clang-format on
128
parse(const char * data,size_t length)129 size_t HttpContext::parse(const char *data, size_t length) {
130 return swoole_http_parser_execute(&parser, &http_parser_settings, data, length);
131 }
132
133 zend_class_entry *swoole_http_request_ce;
134 static zend_object_handlers swoole_http_request_handlers;
135
136 typedef struct {
137 HttpContext *ctx;
138 zend_object std;
139 } http_request_t;
140
php_swoole_http_request_fetch_object(zend_object * obj)141 static sw_inline http_request_t *php_swoole_http_request_fetch_object(zend_object *obj) {
142 return (http_request_t *) ((char *) obj - swoole_http_request_handlers.offset);
143 }
144
php_swoole_http_request_get_context(zval * zobject)145 HttpContext *php_swoole_http_request_get_context(zval *zobject) {
146 return php_swoole_http_request_fetch_object(Z_OBJ_P(zobject))->ctx;
147 }
148
php_swoole_http_request_set_context(zval * zobject,HttpContext * ctx)149 void php_swoole_http_request_set_context(zval *zobject, HttpContext *ctx) {
150 php_swoole_http_request_fetch_object(Z_OBJ_P(zobject))->ctx = ctx;
151 }
152
php_swoole_http_request_free_object(zend_object * object)153 static void php_swoole_http_request_free_object(zend_object *object) {
154 http_request_t *request = php_swoole_http_request_fetch_object(object);
155 HttpContext *ctx = request->ctx;
156 zval zobject, *ztmpfiles;
157
158 ZVAL_OBJ(&zobject, object);
159 ztmpfiles = sw_zend_read_property_ex(swoole_http_request_ce, &zobject, SW_ZSTR_KNOWN(SW_ZEND_STR_TMPFILES), 0);
160 if (ZVAL_IS_ARRAY(ztmpfiles)) {
161 zval *z_file_path;
162 SW_HASHTABLE_FOREACH_START(Z_ARRVAL_P(ztmpfiles), z_file_path) {
163 if (Z_TYPE_P(z_file_path) != IS_STRING) {
164 continue;
165 }
166 unlink(Z_STRVAL_P(z_file_path));
167 if (SG(rfc1867_uploaded_files)) {
168 zend_hash_str_del(SG(rfc1867_uploaded_files), Z_STRVAL_P(z_file_path), Z_STRLEN_P(z_file_path));
169 }
170 }
171 SW_HASHTABLE_FOREACH_END();
172 }
173 if (ctx) {
174 ctx->request.zobject = nullptr;
175 ctx->free();
176 }
177
178 zend_object_std_dtor(&request->std);
179 }
180
php_swoole_http_request_create_object(zend_class_entry * ce)181 static zend_object *php_swoole_http_request_create_object(zend_class_entry *ce) {
182 http_request_t *request = (http_request_t *) zend_object_alloc(sizeof(http_request_t), ce);
183 zend_object_std_init(&request->std, ce);
184 object_properties_init(&request->std, ce);
185 request->std.handlers = &swoole_http_request_handlers;
186 return &request->std;
187 }
188
189 SW_EXTERN_C_BEGIN
190 static PHP_METHOD(swoole_http_request, getData);
191 static PHP_METHOD(swoole_http_request, create);
192 static PHP_METHOD(swoole_http_request, parse);
193 static PHP_METHOD(swoole_http_request, isCompleted);
194 static PHP_METHOD(swoole_http_request, getMethod);
195 static PHP_METHOD(swoole_http_request, getContent);
196 static PHP_METHOD(swoole_http_request, __destruct);
197 SW_EXTERN_C_END
198
199 // clang-format off
200 ZEND_BEGIN_ARG_INFO_EX(arginfo_swoole_http_void, 0, 0, 0)
201 ZEND_END_ARG_INFO()
202
203 ZEND_BEGIN_ARG_INFO_EX(arginfo_swoole_http_create, 0, 0, 0)
204 ZEND_ARG_INFO(0, options)
205 ZEND_END_ARG_INFO()
206
207 ZEND_BEGIN_ARG_INFO_EX(arginfo_swoole_http_parse, 0, 0, 1)
208 ZEND_ARG_INFO(0, data)
209 ZEND_END_ARG_INFO()
210
211 const zend_function_entry swoole_http_request_methods[] =
212 {
213 PHP_ME(swoole_http_request, getContent, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
214 PHP_MALIAS(swoole_http_request, rawContent, getContent, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
215 PHP_ME(swoole_http_request, getData, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
216 PHP_ME(swoole_http_request, create, arginfo_swoole_http_create, ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
217 PHP_ME(swoole_http_request, parse, arginfo_swoole_http_parse, ZEND_ACC_PUBLIC)
218 PHP_ME(swoole_http_request, isCompleted, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
219 PHP_ME(swoole_http_request, getMethod, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
220 PHP_ME(swoole_http_request, __destruct, arginfo_swoole_http_void, ZEND_ACC_PUBLIC)
221 PHP_FE_END
222 };
223 // clang-format on
224
php_swoole_http_request_minit(int module_number)225 void php_swoole_http_request_minit(int module_number) {
226 SW_INIT_CLASS_ENTRY(
227 swoole_http_request, "Swoole\\Http\\Request", "swoole_http_request", nullptr, swoole_http_request_methods);
228 SW_SET_CLASS_NOT_SERIALIZABLE(swoole_http_request);
229 SW_SET_CLASS_CLONEABLE(swoole_http_request, sw_zend_class_clone_deny);
230 SW_SET_CLASS_UNSET_PROPERTY_HANDLER(swoole_http_request, sw_zend_class_unset_property_deny);
231 SW_SET_CLASS_CUSTOM_OBJECT(swoole_http_request,
232 php_swoole_http_request_create_object,
233 php_swoole_http_request_free_object,
234 http_request_t,
235 std);
236
237 zend_declare_property_long(swoole_http_request_ce, ZEND_STRL("fd"), 0, ZEND_ACC_PUBLIC);
238 #ifdef SW_USE_HTTP2
239 zend_declare_property_long(swoole_http_request_ce, ZEND_STRL("streamId"), 0, ZEND_ACC_PUBLIC);
240 #endif
241 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("header"), ZEND_ACC_PUBLIC);
242 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("server"), ZEND_ACC_PUBLIC);
243 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("cookie"), ZEND_ACC_PUBLIC);
244 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("get"), ZEND_ACC_PUBLIC);
245 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("files"), ZEND_ACC_PUBLIC);
246 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("post"), ZEND_ACC_PUBLIC);
247 zend_declare_property_null(swoole_http_request_ce, ZEND_STRL("tmpfiles"), ZEND_ACC_PUBLIC);
248 }
249
http_request_on_query_string(swoole_http_parser * parser,const char * at,size_t length)250 static int http_request_on_query_string(swoole_http_parser *parser, const char *at, size_t length) {
251 HttpContext *ctx = (HttpContext *) parser->data;
252 add_assoc_stringl_ex(ctx->request.zserver, ZEND_STRL("query_string"), (char *) at, length);
253 // parse url params
254 sapi_module.treat_data(PARSE_STRING,
255 estrndup(at, length), // it will be freed by treat_data
256 swoole_http_init_and_read_property(
257 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zget, ZEND_STRL("get")));
258 return 0;
259 }
260
http_request_on_header_field(swoole_http_parser * parser,const char * at,size_t length)261 static int http_request_on_header_field(swoole_http_parser *parser, const char *at, size_t length) {
262 HttpContext *ctx = (HttpContext *) parser->data;
263 ctx->current_header_name = (char *) at;
264 ctx->current_header_name_len = length;
265 return 0;
266 }
267
parse_form_data(const char * boundary_str,int boundary_len)268 bool HttpContext::parse_form_data(const char *boundary_str, int boundary_len) {
269 mt_parser = multipart_parser_init(boundary_str, boundary_len, &mt_parser_settings);
270 if (!mt_parser) {
271 php_swoole_fatal_error(E_WARNING, "multipart_parser_init() failed");
272 return false;
273 }
274
275 mt_parser->data = this;
276 return true;
277 }
278
swoole_http_parse_cookie(zval * zarray,const char * at,size_t length,bool url_decode)279 void swoole_http_parse_cookie(zval *zarray, const char *at, size_t length, bool url_decode) {
280 char keybuf[SW_HTTP_COOKIE_KEYLEN];
281 char valbuf[SW_HTTP_COOKIE_VALLEN];
282 char *_c = (char *) at;
283
284 char *_value;
285 size_t klen = 0;
286 size_t vlen = 0;
287 int state = -1;
288
289 int i = 0, j = 0;
290 while (_c < at + length) {
291 if (state <= 0 && *_c == '=') {
292 klen = i - j + 1;
293 if (klen >= SW_HTTP_COOKIE_KEYLEN) {
294 swoole_warning("cookie[%.*s...] name length %zu is exceed the max name len %d",
295 8,
296 (char *) at + j,
297 klen,
298 SW_HTTP_COOKIE_KEYLEN);
299 return;
300 }
301 memcpy(keybuf, (char *) at + j, klen - 1);
302 keybuf[klen - 1] = 0;
303
304 j = i + 1;
305 state = 1;
306 } else if (state == 1 && *_c == ';') {
307 vlen = i - j;
308 if (vlen >= SW_HTTP_COOKIE_VALLEN) {
309 swoole_warning("cookie[%s]'s value[v=%.*s...] length %zu is exceed the max value len %d",
310 keybuf,
311 8,
312 (char *) at + j,
313 vlen,
314 SW_HTTP_COOKIE_VALLEN);
315 return;
316 }
317 memcpy(valbuf, (char *) at + j, vlen);
318 valbuf[vlen] = 0;
319 _value = http_trim_double_quote(valbuf, &vlen);
320 vlen = php_url_decode(_value, vlen);
321 if (klen > 1) {
322 add_assoc_stringl_ex(zarray, keybuf, klen - 1, _value, vlen);
323 }
324 j = i + 1;
325 state = -1;
326 } else if (state < 0) {
327 if (isspace(*_c)) {
328 // Remove leading spaces from cookie names
329 j++;
330 } else {
331 state = 0;
332 }
333 }
334 _c++;
335 i++;
336 }
337 if (j < (off_t) length) {
338 vlen = i - j;
339 if (klen >= SW_HTTP_COOKIE_KEYLEN) {
340 swoole_warning(
341 "cookie[%.*s...] name length %zu is exceed the max name len %d", 8, keybuf, klen, SW_HTTP_COOKIE_KEYLEN);
342 return;
343 }
344 keybuf[klen - 1] = 0;
345 if (vlen >= SW_HTTP_COOKIE_VALLEN) {
346 swoole_warning("cookie[%s]'s value[v=%.*s...] length %zu is exceed the max value len %d",
347 keybuf,
348 8,
349 (char *) at + j,
350 vlen,
351 SW_HTTP_COOKIE_VALLEN);
352 return;
353 }
354 memcpy(valbuf, (char *) at + j, vlen);
355 valbuf[vlen] = 0;
356 _value = http_trim_double_quote(valbuf, &vlen);
357 if (url_decode) {
358 vlen = php_url_decode(_value, vlen);
359 }
360 if (klen > 1) {
361 add_assoc_stringl_ex(zarray, keybuf, klen - 1, _value, vlen);
362 }
363 }
364 }
365
http_request_on_header_value(swoole_http_parser * parser,const char * at,size_t length)366 static int http_request_on_header_value(swoole_http_parser *parser, const char *at, size_t length) {
367 size_t offset = 0;
368 HttpContext *ctx = (HttpContext *) parser->data;
369 zval *zheader = ctx->request.zheader;
370 size_t header_len = ctx->current_header_name_len;
371 char *header_name = zend_str_tolower_dup(ctx->current_header_name, header_len);
372
373 if (ctx->parse_cookie && SW_STREQ(header_name, header_len, "cookie")) {
374 zval *zcookie = swoole_http_init_and_read_property(
375 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zcookie, ZEND_STRL("cookie"));
376 swoole_http_parse_cookie(zcookie, at, length);
377 efree(header_name);
378 return 0;
379 } else if (SW_STREQ(header_name, header_len, "upgrade") && SW_STRCASEEQ(at, length, "websocket")) {
380 ctx->websocket = 1;
381 if (ctx->co_socket) {
382 goto _add_header;
383 }
384 Server *serv = (Server *) ctx->private_data;
385 if (!serv) {
386 goto _add_header;
387 }
388 Connection *conn = serv->get_connection_by_session_id(ctx->fd);
389 if (!conn) {
390 swoole_error_log(SW_LOG_NOTICE, SW_ERROR_SESSION_CLOSED, "session[%ld] is closed", ctx->fd);
391 efree(header_name);
392 return -1;
393 }
394 ListenPort *port = serv->get_port_by_server_fd(conn->server_fd);
395 if (port->open_websocket_protocol) {
396 conn->websocket_status = swoole::websocket::STATUS_CONNECTION;
397 }
398 } else if ((parser->method == PHP_HTTP_POST || parser->method == PHP_HTTP_PUT ||
399 parser->method == PHP_HTTP_DELETE || parser->method == PHP_HTTP_PATCH) &&
400 SW_STREQ(header_name, header_len, "content-type")) {
401 if (SW_STRCASECT(at, length, "application/x-www-form-urlencoded")) {
402 ctx->request.post_form_urlencoded = 1;
403 } else if (SW_STRCASECT(at, length, "multipart/form-data")) {
404 offset = sizeof("multipart/form-data") - 1;
405 // skip ' ' and ';'
406 while (offset < length && (at[offset] == ' ' || at[offset] == ';')) {
407 offset++;
408 }
409 // skip 'boundary='
410 offset += sizeof("boundary=") - 1;
411 int boundary_len = length - offset;
412 char *boundary_str = (char *) at + offset;
413 // find eof of boundary
414 if (boundary_len > 0) {
415 // find ';'
416 char *tmp = (char *) memchr(boundary_str, ';', boundary_len);
417 if (tmp) {
418 boundary_len = tmp - boundary_str;
419 }
420 }
421 if (boundary_len <= 0) {
422 swoole_warning("invalid multipart/form-data body fd:%ld", ctx->fd);
423 /* make it same with protocol error */
424 ctx->parser.state = s_dead;
425 return -1;
426 }
427 // trim '"'
428 if (boundary_len >= 2 && boundary_str[0] == '"' && *(boundary_str + boundary_len - 1) == '"') {
429 boundary_str++;
430 boundary_len -= 2;
431 }
432 swoole_trace_log(SW_TRACE_HTTP, "form_data, boundary_str=%s", boundary_str);
433 ctx->parse_form_data(boundary_str, boundary_len);
434 }
435 }
436 #ifdef SW_HAVE_COMPRESSION
437 else if (ctx->enable_compression && SW_STREQ(header_name, header_len, "accept-encoding")) {
438 ctx->set_compression_method(at, length);
439 }
440 #endif
441 else if (SW_STREQ(header_name, header_len, "transfer-encoding") && SW_STRCASECT(at, length, "chunked")) {
442 ctx->recv_chunked = 1;
443 }
444
445 _add_header:
446 add_assoc_stringl_ex(zheader, header_name, header_len, (char *) at, length);
447 efree(header_name);
448
449 return 0;
450 }
451
http_request_on_headers_complete(swoole_http_parser * parser)452 static int http_request_on_headers_complete(swoole_http_parser *parser) {
453 HttpContext *ctx = (HttpContext *) parser->data;
454 const char *vpath = ctx->request.path, *end = vpath + ctx->request.path_len, *p = end;
455 zval *zserver = ctx->request.zserver;
456
457 ctx->request.version = parser->http_major * 100 + parser->http_minor;
458 ctx->request.ext = end;
459 ctx->request.ext_len = 0;
460
461 while (p > vpath) {
462 --p;
463 if (*p == '.') {
464 ++p;
465 ctx->request.ext = p;
466 ctx->request.ext_len = end - p;
467 break;
468 }
469 }
470
471 ctx->keepalive = swoole_http_should_keep_alive(parser);
472
473 add_assoc_string(zserver, "request_method", http_get_method_name(parser->method));
474 add_assoc_stringl_ex(zserver, ZEND_STRL("request_uri"), ctx->request.path, ctx->request.path_len);
475 // path_info should be decoded
476 zend_string *zstr_path = zend_string_init(ctx->request.path, ctx->request.path_len, 0);
477 ZSTR_LEN(zstr_path) = php_url_decode(ZSTR_VAL(zstr_path), ZSTR_LEN(zstr_path));
478 add_assoc_str_ex(zserver, ZEND_STRL("path_info"), zstr_path);
479 add_assoc_long_ex(zserver, ZEND_STRL("request_time"), time(nullptr));
480 add_assoc_double_ex(zserver, ZEND_STRL("request_time_float"), microtime());
481 add_assoc_string(zserver, "server_protocol", (char *) (ctx->request.version == 101 ? "HTTP/1.1" : "HTTP/1.0"));
482
483 ctx->current_header_name = nullptr;
484
485 return 0;
486 }
487
multipart_body_on_header_field(multipart_parser * p,const char * at,size_t length)488 static int multipart_body_on_header_field(multipart_parser *p, const char *at, size_t length) {
489 HttpContext *ctx = (HttpContext *) p->data;
490 return http_request_on_header_field(&ctx->parser, at, length);
491 }
492
multipart_body_on_header_value(multipart_parser * p,const char * at,size_t length)493 static int multipart_body_on_header_value(multipart_parser *p, const char *at, size_t length) {
494 char value_buf[SW_HTTP_FORM_KEYLEN];
495 size_t value_len;
496 int ret = 0;
497
498 HttpContext *ctx = (HttpContext *) p->data;
499 /**
500 * Hash collision attack
501 */
502 if (ctx->input_var_num > PG(max_input_vars)) {
503 php_swoole_error(E_WARNING,
504 "Input variables exceeded " ZEND_LONG_FMT ". "
505 "To increase the limit change max_input_vars in php.ini",
506 PG(max_input_vars));
507 return SW_OK;
508 } else {
509 ctx->input_var_num++;
510 }
511
512 size_t header_len = ctx->current_header_name_len;
513 char *header_name = zend_str_tolower_dup(ctx->current_header_name, header_len);
514
515 if (SW_STRCASEEQ(header_name, header_len, "content-disposition")) {
516 // not form data
517 if (swoole_strnpos(at, length, ZEND_STRL("form-data;")) < 0) {
518 goto _end;
519 }
520
521 zval tmp_array;
522 array_init(&tmp_array);
523 swoole_http_parse_cookie(&tmp_array, at + sizeof("form-data;") - 1, length - sizeof("form-data;") + 1, false);
524
525 zval *zform_name;
526 if (!(zform_name = zend_hash_str_find(Z_ARRVAL(tmp_array), ZEND_STRL("name")))) {
527 goto _end;
528 }
529
530 if (Z_STRLEN_P(zform_name) >= SW_HTTP_FORM_KEYLEN) {
531 swoole_warning("form_name[%s] is too large", Z_STRVAL_P(zform_name));
532 ret = -1;
533 goto _end;
534 }
535
536 swoole_strlcpy(value_buf, Z_STRVAL_P(zform_name), sizeof(value_buf));
537 value_len = Z_STRLEN_P(zform_name);
538 char *tmp = http_trim_double_quote(value_buf, &value_len);
539
540 zval *zfilename;
541 // POST form data
542 if (!(zfilename = zend_hash_str_find(Z_ARRVAL(tmp_array), ZEND_STRL("filename")))) {
543 ctx->current_form_data_name = estrndup(tmp, value_len);
544 ctx->current_form_data_name_len = value_len;
545 }
546 // upload file
547 else {
548 if (Z_STRLEN_P(zfilename) >= SW_HTTP_FORM_KEYLEN) {
549 swoole_warning("filename[%s] is too large", Z_STRVAL_P(zfilename));
550 ret = -1;
551 goto _end;
552 }
553 ctx->current_input_name = estrndup(tmp, value_len);
554 ctx->current_input_name_len = value_len;
555
556 zval *z_multipart_header = sw_malloc_zval();
557 array_init(z_multipart_header);
558
559 add_assoc_string(z_multipart_header, "name", (char *) "");
560 add_assoc_string(z_multipart_header, "type", (char *) "");
561 add_assoc_string(z_multipart_header, "tmp_name", (char *) "");
562 add_assoc_long(z_multipart_header, "error", HTTP_UPLOAD_ERR_OK);
563 add_assoc_long(z_multipart_header, "size", 0);
564
565 swoole_strlcpy(value_buf, Z_STRVAL_P(zfilename), sizeof(value_buf));
566 value_len = Z_STRLEN_P(zfilename);
567 tmp = http_trim_double_quote(value_buf, &value_len);
568
569 add_assoc_stringl(z_multipart_header, "name", tmp, value_len);
570 if (value_len == 0) {
571 add_assoc_long(z_multipart_header, "error", HTTP_UPLOAD_ERR_NO_FILE);
572 }
573
574 ctx->current_multipart_header = z_multipart_header;
575 }
576 zval_ptr_dtor(&tmp_array);
577 } else if (SW_STRCASEEQ(header_name, header_len, "content-type") && ctx->current_multipart_header) {
578 zval *z_multipart_header = ctx->current_multipart_header;
579 zval *zerr = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("error"));
580 if (zerr && Z_TYPE_P(zerr) == IS_LONG && Z_LVAL_P(zerr) == HTTP_UPLOAD_ERR_OK) {
581 add_assoc_stringl(z_multipart_header, "type", (char *) at, length);
582 }
583 }
584
585 _end:
586 efree(header_name);
587
588 return ret;
589 }
590
multipart_body_on_data(multipart_parser * p,const char * at,size_t length)591 static int multipart_body_on_data(multipart_parser *p, const char *at, size_t length) {
592 HttpContext *ctx = (HttpContext *) p->data;
593 if (ctx->current_form_data_name) {
594 swoole_http_form_data_buffer->append(at, length);
595 return 0;
596 }
597 if (p->fp == nullptr) {
598 return 0;
599 }
600 int n = fwrite(at, sizeof(char), length, (FILE *) p->fp);
601 if (n != (off_t) length) {
602 zval *z_multipart_header = ctx->current_multipart_header;
603 add_assoc_long(z_multipart_header, "error", HTTP_UPLOAD_ERR_CANT_WRITE);
604
605 fclose((FILE *) p->fp);
606 p->fp = nullptr;
607
608 swoole_sys_warning("write upload file failed");
609 }
610 return 0;
611 }
612
613 #if 0
614 static void get_random_file_name(char *des, const char *src)
615 {
616 unsigned char digest[16] = {};
617 char buf[19] = {};
618 int n = sprintf(buf, "%s%d", src, swoole_system_random(0, 9999));
619
620 PHP_MD5_CTX ctx;
621 PHP_MD5Init(&ctx);
622 PHP_MD5Update(&ctx, buf, n);
623 PHP_MD5Final(digest, &ctx);
624 make_digest_ex(des, digest, 16);
625 }
626 #endif
627
multipart_body_on_header_complete(multipart_parser * p)628 static int multipart_body_on_header_complete(multipart_parser *p) {
629 HttpContext *ctx = (HttpContext *) p->data;
630 if (!ctx->current_input_name) {
631 return 0;
632 }
633
634 zval *z_multipart_header = ctx->current_multipart_header;
635 zval *zerr = nullptr;
636 if (!(zerr = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("error")))) {
637 return 0;
638 }
639 if (Z_TYPE_P(zerr) == IS_LONG && Z_LVAL_P(zerr) != HTTP_UPLOAD_ERR_OK) {
640 return 0;
641 }
642
643 char file_path[SW_HTTP_UPLOAD_TMPDIR_SIZE];
644 sw_snprintf(file_path, SW_HTTP_UPLOAD_TMPDIR_SIZE, "%s/swoole.upfile.XXXXXX", ctx->upload_tmp_dir.c_str());
645 int tmpfile = swoole_tmpfile(file_path);
646 if (tmpfile < 0) {
647 return 0;
648 }
649
650 FILE *fp = fdopen(tmpfile, "wb+");
651 if (fp == nullptr) {
652 add_assoc_long(z_multipart_header, "error", HTTP_UPLOAD_ERR_NO_TMP_DIR);
653 swoole_sys_warning("fopen(%s) failed", file_path);
654 return 0;
655 }
656
657 p->fp = fp;
658 add_assoc_string(z_multipart_header, "tmp_name", file_path);
659
660 size_t file_path_len = strlen(file_path);
661 add_next_index_stringl(
662 swoole_http_init_and_read_property(
663 swoole_http_request_ce, ctx->request.zobject, &ctx->request.ztmpfiles, ZEND_STRL("tmpfiles")),
664 file_path,
665 file_path_len);
666 // support is_upload_file
667 zend_hash_str_add_ptr(SG(rfc1867_uploaded_files), file_path, file_path_len, (char *) file_path);
668
669 return 0;
670 }
671
multipart_body_on_data_end(multipart_parser * p)672 static int multipart_body_on_data_end(multipart_parser *p) {
673 HttpContext *ctx = (HttpContext *) p->data;
674
675 if (ctx->current_form_data_name) {
676 php_register_variable_safe(
677 ctx->current_form_data_name,
678 swoole_http_form_data_buffer->str,
679 swoole_http_form_data_buffer->length,
680 swoole_http_init_and_read_property(
681 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zpost, ZEND_STRL("post")));
682
683 efree(ctx->current_form_data_name);
684 ctx->current_form_data_name = nullptr;
685 ctx->current_form_data_name_len = 0;
686 swoole_http_form_data_buffer->clear();
687 return 0;
688 }
689
690 if (!ctx->current_input_name) {
691 return 0;
692 }
693
694 zval *z_multipart_header = ctx->current_multipart_header;
695 if (p->fp != nullptr) {
696 long size = swoole::file_get_size((FILE *) p->fp);
697 add_assoc_long(z_multipart_header, "size", size);
698
699 fclose((FILE *) p->fp);
700 p->fp = nullptr;
701 }
702
703 zval *zfiles = swoole_http_init_and_read_property(
704 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zfiles, ZEND_STRL("files"));
705
706 int input_path_pos = swoole_strnpos(ctx->current_input_name, ctx->current_input_name_len, ZEND_STRL("["));
707 if (ctx->parse_files && input_path_pos > 0) {
708 char meta_name[SW_HTTP_FORM_KEYLEN + sizeof("[tmp_name]") - 1];
709 char *input_path = ctx->current_input_name + input_path_pos;
710 char *meta_path = meta_name + input_path_pos;
711 size_t meta_path_len = sizeof(meta_name) - input_path_pos;
712
713 swoole_strlcpy(meta_name, ctx->current_input_name, sizeof(meta_name));
714
715 zval *zname = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("name"));
716 zval *ztype = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("type"));
717 zval *zfile = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("tmp_name"));
718 zval *zerr = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("error"));
719 zval *zsize = zend_hash_str_find(Z_ARRVAL_P(z_multipart_header), ZEND_STRL("size"));
720
721 sw_snprintf(meta_path, meta_path_len, "[name]%s", input_path);
722 php_register_variable_ex(meta_name, zname, zfiles);
723
724 sw_snprintf(meta_path, meta_path_len, "[type]%s", input_path);
725 php_register_variable_ex(meta_name, ztype, zfiles);
726
727 sw_snprintf(meta_path, meta_path_len, "[tmp_name]%s", input_path);
728 php_register_variable_ex(meta_name, zfile, zfiles);
729
730 sw_snprintf(meta_path, meta_path_len, "[error]%s", input_path);
731 php_register_variable_ex(meta_name, zerr, zfiles);
732
733 sw_snprintf(meta_path, meta_path_len, "[size]%s", input_path);
734 php_register_variable_ex(meta_name, zsize, zfiles);
735 } else {
736 php_register_variable_ex(ctx->current_input_name, z_multipart_header, zfiles);
737 }
738
739 efree(ctx->current_input_name);
740 ctx->current_input_name = nullptr;
741 ctx->current_input_name_len = 0;
742 efree(ctx->current_multipart_header);
743 ctx->current_multipart_header = nullptr;
744
745 return 0;
746 }
747
http_request_on_body(swoole_http_parser * parser,const char * at,size_t length)748 static int http_request_on_body(swoole_http_parser *parser, const char *at, size_t length) {
749 if (length == 0) {
750 return 0;
751 }
752
753 HttpContext *ctx = (HttpContext *) parser->data;
754 bool is_beginning = (ctx->request.chunked_body ? ctx->request.chunked_body->length : ctx->request.body_length) == 0;
755
756 if (ctx->recv_chunked) {
757 if (ctx->request.chunked_body == nullptr) {
758 ctx->request.chunked_body = new swoole::String(SW_BUFFER_SIZE_STD);
759 }
760 ctx->request.chunked_body->append(at, length);
761 } else {
762 ctx->request.body_at = at - ctx->request.body_length;
763 ctx->request.body_length += length;
764 }
765
766 if (ctx->mt_parser != nullptr) {
767 multipart_parser *multipart_parser = ctx->mt_parser;
768 if (is_beginning) {
769 /* Compatibility: some clients may send extra EOL */
770 do {
771 if (*at != '\r' && *at != '\n') {
772 break;
773 }
774 at++;
775 length--;
776 } while (length != 0);
777 }
778 size_t n = multipart_parser_execute(multipart_parser, at, length);
779 if (n != length) {
780 swoole_error_log(SW_LOG_WARNING, SW_ERROR_SERVER_INVALID_REQUEST, "parse multipart body failed, n=%zu", n);
781 }
782 }
783
784 return 0;
785 }
786
http_request_message_complete(swoole_http_parser * parser)787 static int http_request_message_complete(swoole_http_parser *parser) {
788 HttpContext *ctx = (HttpContext *) parser->data;
789 size_t content_length = ctx->request.chunked_body ? ctx->request.chunked_body->length : ctx->request.body_length;
790
791 if (ctx->request.chunked_body != nullptr && ctx->parse_body && ctx->request.post_form_urlencoded) {
792 /* parse dechunked content */
793 sapi_module.treat_data(
794 PARSE_STRING,
795 estrndup(ctx->request.chunked_body->str, content_length), // do not free, it will be freed by treat_data
796 swoole_http_init_and_read_property(
797 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zpost, ZEND_STRL("post")));
798 } else if (!ctx->recv_chunked && ctx->parse_body && ctx->request.post_form_urlencoded && ctx->request.body_at) {
799 sapi_module.treat_data(
800 PARSE_STRING,
801 estrndup(ctx->request.body_at, ctx->request.body_length), // do not free, it will be freed by treat_data
802 swoole_http_init_and_read_property(
803 swoole_http_request_ce, ctx->request.zobject, &ctx->request.zpost, ZEND_STRL("post")));
804 }
805 if (ctx->mt_parser) {
806 multipart_parser_free(ctx->mt_parser);
807 ctx->mt_parser = nullptr;
808 }
809 ctx->completed = 1;
810
811 swoole_trace_log(SW_TRACE_HTTP, "request body length=%ld", content_length);
812
813 return 1; /* return from execute */
814 }
815
816 #ifdef SW_HAVE_COMPRESSION
set_compression_method(const char * accept_encoding,size_t length)817 void HttpContext::set_compression_method(const char *accept_encoding, size_t length) {
818 #ifdef SW_HAVE_BROTLI
819 if (swoole_strnpos(accept_encoding, length, ZEND_STRL("br")) >= 0) {
820 accept_compression = 1;
821 compression_method = HTTP_COMPRESS_BR;
822 } else
823 #endif
824 if (swoole_strnpos(accept_encoding, length, ZEND_STRL("gzip")) >= 0) {
825 accept_compression = 1;
826 compression_method = HTTP_COMPRESS_GZIP;
827 } else if (swoole_strnpos(accept_encoding, length, ZEND_STRL("deflate")) >= 0) {
828 accept_compression = 1;
829 compression_method = HTTP_COMPRESS_DEFLATE;
830 } else {
831 accept_compression = 0;
832 }
833 }
834
get_content_encoding()835 const char *HttpContext::get_content_encoding() {
836 if (compression_method == HTTP_COMPRESS_GZIP) {
837 return "gzip";
838 } else if (compression_method == HTTP_COMPRESS_DEFLATE) {
839 return "deflate";
840 }
841 #ifdef SW_HAVE_BROTLI
842 else if (compression_method == HTTP_COMPRESS_BR) {
843 return "br";
844 }
845 #endif
846 else {
847 return nullptr;
848 }
849 }
850 #endif
851
PHP_METHOD(swoole_http_request,getContent)852 static PHP_METHOD(swoole_http_request, getContent) {
853 HttpContext *ctx = php_swoole_http_request_get_and_check_context(ZEND_THIS);
854 if (UNEXPECTED(!ctx)) {
855 RETURN_FALSE;
856 }
857
858 HttpRequest *req = &ctx->request;
859 if (req->body_length > 0) {
860 zval *zdata = &req->zdata;
861 RETURN_STRINGL(Z_STRVAL_P(zdata) + Z_STRLEN_P(zdata) - req->body_length, req->body_length);
862 } else if (req->chunked_body && req->chunked_body->length != 0) {
863 RETURN_STRINGL(req->chunked_body->str, req->chunked_body->length);
864 }
865 #ifdef SW_USE_HTTP2
866 else if (req->h2_data_buffer && req->h2_data_buffer->length != 0) {
867 RETURN_STRINGL(req->h2_data_buffer->str, req->h2_data_buffer->length);
868 }
869 #endif
870
871 RETURN_EMPTY_STRING();
872 }
873
PHP_METHOD(swoole_http_request,getData)874 static PHP_METHOD(swoole_http_request, getData) {
875 HttpContext *ctx = php_swoole_http_request_get_and_check_context(ZEND_THIS);
876 if (UNEXPECTED(!ctx)) {
877 RETURN_FALSE;
878 }
879
880 #ifdef SW_USE_HTTP2
881 if (ctx->http2) {
882 php_swoole_fatal_error(E_WARNING, "unable to get data from HTTP2 request");
883 RETURN_FALSE;
884 }
885 #endif
886
887 if (Z_TYPE(ctx->request.zdata) == IS_STRING) {
888 RETURN_ZVAL(&ctx->request.zdata, 1, 0);
889 }
890
891 RETURN_EMPTY_STRING();
892 }
893
PHP_METHOD(swoole_http_request,create)894 static PHP_METHOD(swoole_http_request, create) {
895 zval *zoptions = nullptr;
896
897 ZEND_PARSE_PARAMETERS_START(0, 1)
898 Z_PARAM_OPTIONAL
899 Z_PARAM_ARRAY(zoptions)
900 ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE);
901
902 HttpContext *ctx = new HttpContext();
903 object_init_ex(return_value, swoole_http_request_ce);
904 zval *zrequest_object = &ctx->request._zobject;
905 ctx->request.zobject = zrequest_object;
906 *zrequest_object = *return_value;
907 php_swoole_http_request_set_context(zrequest_object, ctx);
908
909 ctx->parse_cookie = 1;
910 ctx->parse_body = 1;
911 ctx->parse_files = 1;
912 #ifdef SW_HAVE_COMPRESSION
913 ctx->enable_compression = 1;
914 ctx->compression_level = SW_Z_BEST_SPEED;
915 #endif
916 ctx->upload_tmp_dir = "/tmp";
917
918 if (zoptions && ZVAL_IS_ARRAY(zoptions)) {
919 char *key;
920 uint32_t keylen;
921 int keytype;
922 zval *zvalue;
923
924 SW_HASHTABLE_FOREACH_START2(Z_ARRVAL_P(zoptions), key, keylen, keytype, zvalue) {
925 if (SW_STRCASEEQ(key, keylen, "parse_cookie")) {
926 ctx->parse_cookie = zval_is_true(zvalue);
927 } else if (SW_STRCASEEQ(key, keylen, "parse_body")) {
928 ctx->parse_body = zval_is_true(zvalue);
929 } else if (SW_STRCASEEQ(key, keylen, "parse_files")) {
930 ctx->parse_files = zval_is_true(zvalue);
931 }
932 #ifdef SW_HAVE_COMPRESSION
933 else if (SW_STRCASEEQ(key, keylen, "enable_compression")) {
934 ctx->enable_compression = zval_is_true(zvalue);
935 } else if (SW_STRCASEEQ(key, keylen, "compression_level")) {
936 ctx->compression_level = zval_get_long(zvalue);
937 }
938 #endif
939 #ifdef SW_HAVE_ZLIB
940 else if (SW_STRCASEEQ(key, keylen, "websocket_compression")) {
941 ctx->websocket_compression = zval_is_true(zvalue);
942 }
943 #endif
944 else if (SW_STRCASEEQ(key, keylen, "upload_tmp_dir")) {
945 ctx->upload_tmp_dir = zend::String(zvalue).to_std_string();
946 }
947 (void) keytype;
948 }
949 SW_HASHTABLE_FOREACH_END();
950 }
951
952 swoole_http_parser *parser = &ctx->parser;
953 parser->data = ctx;
954 swoole_http_parser_init(parser, PHP_HTTP_REQUEST);
955
956 swoole_http_init_and_read_property(
957 swoole_http_request_ce, zrequest_object, &ctx->request.zserver, ZEND_STRL("server"));
958 swoole_http_init_and_read_property(
959 swoole_http_request_ce, zrequest_object, &ctx->request.zheader, ZEND_STRL("header"));
960 }
961
PHP_METHOD(swoole_http_request,parse)962 static PHP_METHOD(swoole_http_request, parse) {
963 HttpContext *ctx = php_swoole_http_request_get_and_check_context(ZEND_THIS);
964 if (UNEXPECTED(!ctx) || ctx->completed) {
965 RETURN_FALSE;
966 }
967
968 char *str;
969 size_t l_str;
970
971 ZEND_PARSE_PARAMETERS_START(1, 1)
972 Z_PARAM_STRING(str, l_str)
973 ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE);
974
975 if (Z_TYPE(ctx->request.zdata) != IS_STRING) {
976 ZVAL_STRINGL(&ctx->request.zdata, str, l_str);
977 } else {
978 size_t len = Z_STRLEN(ctx->request.zdata) + l_str;
979 zend_string *new_str = zend_string_alloc(len + 1, 0);
980 memcpy(new_str->val, Z_STRVAL(ctx->request.zdata), Z_STRLEN(ctx->request.zdata));
981 memcpy(new_str->val + Z_STRLEN(ctx->request.zdata), str, l_str);
982 new_str->val[len] = 0;
983 new_str->len = len;
984 zval_dtor(&ctx->request.zdata);
985 ZVAL_STR(&ctx->request.zdata, new_str);
986 }
987
988 RETURN_LONG(ctx->parse(str, l_str));
989 }
990
PHP_METHOD(swoole_http_request,getMethod)991 static PHP_METHOD(swoole_http_request, getMethod) {
992 HttpContext *ctx = php_swoole_http_request_get_and_check_context(ZEND_THIS);
993 if (UNEXPECTED(!ctx)) {
994 RETURN_FALSE;
995 }
996 const char *method = http_get_method_name((ctx->parser).method);
997 RETURN_STRING(method);
998 }
999
PHP_METHOD(swoole_http_request,isCompleted)1000 static PHP_METHOD(swoole_http_request, isCompleted) {
1001 HttpContext *ctx = php_swoole_http_request_get_and_check_context(ZEND_THIS);
1002 if (UNEXPECTED(!ctx)) {
1003 RETURN_FALSE;
1004 }
1005 RETURN_BOOL(ctx->completed);
1006 }
1007
PHP_METHOD(swoole_http_request,__destruct)1008 static PHP_METHOD(swoole_http_request, __destruct) {}
1009