1 /*
2 Minetest
3 Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU Lesser General Public License as published by
7 the Free Software Foundation; either version 2.1 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 #include "lua_api/l_internal.h"
21 #include "common/c_converter.h"
22 #include "common/c_content.h"
23 #include "lua_api/l_http.h"
24 #include "httpfetch.h"
25 #include "settings.h"
26 #include "debug.h"
27 #include "log.h"
28
29 #include <algorithm>
30 #include <iomanip>
31 #include <cctype>
32
33 #define HTTP_API(name) \
34 lua_pushstring(L, #name); \
35 lua_pushcfunction(L, l_http_##name); \
36 lua_settable(L, -3);
37
38 #if USE_CURL
read_http_fetch_request(lua_State * L,HTTPFetchRequest & req)39 void ModApiHttp::read_http_fetch_request(lua_State *L, HTTPFetchRequest &req)
40 {
41 luaL_checktype(L, 1, LUA_TTABLE);
42
43 req.caller = httpfetch_caller_alloc_secure();
44 getstringfield(L, 1, "url", req.url);
45 lua_getfield(L, 1, "user_agent");
46 if (lua_isstring(L, -1))
47 req.useragent = getstringfield_default(L, 1, "user_agent", "");
48 lua_pop(L, 1);
49 req.multipart = getboolfield_default(L, 1, "multipart", false);
50 req.timeout = getintfield_default(L, 1, "timeout", 3) * 1000;
51
52 lua_getfield(L, 1, "method");
53 if (lua_isstring(L, -1)) {
54 std::string mth = getstringfield_default(L, 1, "method", "");
55 if (mth == "GET")
56 req.method = HTTP_GET;
57 else if (mth == "POST")
58 req.method = HTTP_POST;
59 else if (mth == "PUT")
60 req.method = HTTP_PUT;
61 else if (mth == "DELETE")
62 req.method = HTTP_DELETE;
63 }
64 lua_pop(L, 1);
65
66 // post_data: if table, post form data, otherwise raw data DEPRECATED use data and method instead
67 lua_getfield(L, 1, "post_data");
68 if (lua_isnil(L, 2)) {
69 lua_pop(L, 1);
70 lua_getfield(L, 1, "data");
71 }
72 else {
73 req.method = HTTP_POST;
74 }
75
76 if (lua_istable(L, 2)) {
77 lua_pushnil(L);
78 while (lua_next(L, 2) != 0) {
79 req.fields[readParam<std::string>(L, -2)] = readParam<std::string>(L, -1);
80 lua_pop(L, 1);
81 }
82 } else if (lua_isstring(L, 2)) {
83 req.raw_data = readParam<std::string>(L, 2);
84 }
85
86 lua_pop(L, 1);
87
88 lua_getfield(L, 1, "extra_headers");
89 if (lua_istable(L, 2)) {
90 lua_pushnil(L);
91 while (lua_next(L, 2) != 0) {
92 req.extra_headers.emplace_back(readParam<std::string>(L, -1));
93 lua_pop(L, 1);
94 }
95 }
96 lua_pop(L, 1);
97 }
98
push_http_fetch_result(lua_State * L,HTTPFetchResult & res,bool completed)99 void ModApiHttp::push_http_fetch_result(lua_State *L, HTTPFetchResult &res, bool completed)
100 {
101 lua_newtable(L);
102 setboolfield(L, -1, "succeeded", res.succeeded);
103 setboolfield(L, -1, "timeout", res.timeout);
104 setboolfield(L, -1, "completed", completed);
105 setintfield(L, -1, "code", res.response_code);
106 setstringfield(L, -1, "data", res.data);
107 }
108
109 // http_api.fetch_sync(HTTPRequest definition)
l_http_fetch_sync(lua_State * L)110 int ModApiHttp::l_http_fetch_sync(lua_State *L)
111 {
112 NO_MAP_LOCK_REQUIRED;
113
114 HTTPFetchRequest req;
115 read_http_fetch_request(L, req);
116
117 infostream << "Mod performs HTTP request with URL " << req.url << std::endl;
118
119 HTTPFetchResult res;
120 httpfetch_sync(req, res);
121
122 push_http_fetch_result(L, res, true);
123
124 return 1;
125 }
126
127 // http_api.fetch_async(HTTPRequest definition)
l_http_fetch_async(lua_State * L)128 int ModApiHttp::l_http_fetch_async(lua_State *L)
129 {
130 NO_MAP_LOCK_REQUIRED;
131
132 HTTPFetchRequest req;
133 read_http_fetch_request(L, req);
134
135 infostream << "Mod performs HTTP request with URL " << req.url << std::endl;
136 httpfetch_async(req);
137
138 // Convert handle to hex string since lua can't handle 64-bit integers
139 std::stringstream handle_conversion_stream;
140 handle_conversion_stream << std::hex << req.caller;
141 std::string caller_handle(handle_conversion_stream.str());
142
143 lua_pushstring(L, caller_handle.c_str());
144 return 1;
145 }
146
147 // http_api.fetch_async_get(handle)
l_http_fetch_async_get(lua_State * L)148 int ModApiHttp::l_http_fetch_async_get(lua_State *L)
149 {
150 NO_MAP_LOCK_REQUIRED;
151
152 std::string handle_str = luaL_checkstring(L, 1);
153
154 // Convert hex string back to 64-bit handle
155 u64 handle;
156 std::stringstream handle_conversion_stream;
157 handle_conversion_stream << std::hex << handle_str;
158 handle_conversion_stream >> handle;
159
160 HTTPFetchResult res;
161 bool completed = httpfetch_async_get(handle, res);
162
163 push_http_fetch_result(L, res, completed);
164
165 return 1;
166 }
167
l_request_http_api(lua_State * L)168 int ModApiHttp::l_request_http_api(lua_State *L)
169 {
170 NO_MAP_LOCK_REQUIRED;
171
172 // We have to make sure that this function is being called directly by
173 // a mod, otherwise a malicious mod could override this function and
174 // steal its return value.
175 lua_Debug info;
176
177 // Make sure there's only one item below this function on the stack...
178 if (lua_getstack(L, 2, &info)) {
179 return 0;
180 }
181 FATAL_ERROR_IF(!lua_getstack(L, 1, &info), "lua_getstack() failed");
182 FATAL_ERROR_IF(!lua_getinfo(L, "S", &info), "lua_getinfo() failed");
183
184 // ...and that that item is the main file scope.
185 if (strcmp(info.what, "main") != 0) {
186 return 0;
187 }
188
189 // Mod must be listed in secure.http_mods or secure.trusted_mods
190 lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_CURRENT_MOD_NAME);
191 if (!lua_isstring(L, -1)) {
192 return 0;
193 }
194
195 std::string mod_name = readParam<std::string>(L, -1);
196 std::string http_mods = g_settings->get("secure.http_mods");
197 http_mods.erase(std::remove(http_mods.begin(), http_mods.end(), ' '), http_mods.end());
198 std::vector<std::string> mod_list_http = str_split(http_mods, ',');
199
200 std::string trusted_mods = g_settings->get("secure.trusted_mods");
201 trusted_mods.erase(std::remove(trusted_mods.begin(), trusted_mods.end(), ' '), trusted_mods.end());
202 std::vector<std::string> mod_list_trusted = str_split(trusted_mods, ',');
203
204 mod_list_http.insert(mod_list_http.end(), mod_list_trusted.begin(), mod_list_trusted.end());
205 if (std::find(mod_list_http.begin(), mod_list_http.end(), mod_name) == mod_list_http.end()) {
206 lua_pushnil(L);
207 return 1;
208 }
209
210 lua_getglobal(L, "core");
211 lua_getfield(L, -1, "http_add_fetch");
212
213 lua_newtable(L);
214 HTTP_API(fetch_async);
215 HTTP_API(fetch_async_get);
216
217 // Stack now looks like this:
218 // <core.http_add_fetch> <table with fetch_async, fetch_async_get>
219 // Now call core.http_add_fetch to append .fetch(request, callback) to table
220 lua_call(L, 1, 1);
221
222 return 1;
223 }
224
l_get_http_api(lua_State * L)225 int ModApiHttp::l_get_http_api(lua_State *L)
226 {
227 NO_MAP_LOCK_REQUIRED;
228
229 lua_newtable(L);
230 HTTP_API(fetch_async);
231 HTTP_API(fetch_async_get);
232 HTTP_API(fetch_sync);
233
234 return 1;
235 }
236
237 #endif
238
Initialize(lua_State * L,int top)239 void ModApiHttp::Initialize(lua_State *L, int top)
240 {
241 #if USE_CURL
242
243 bool isMainmenu = false;
244 #ifndef SERVER
245 isMainmenu = ModApiBase::getGuiEngine(L) != nullptr;
246 #endif
247
248 if (isMainmenu) {
249 API_FCT(get_http_api);
250 } else {
251 API_FCT(request_http_api);
252 }
253
254 #endif
255 }
256
InitializeAsync(lua_State * L,int top)257 void ModApiHttp::InitializeAsync(lua_State *L, int top)
258 {
259 #if USE_CURL
260 API_FCT(get_http_api);
261 #endif
262 }
263