1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Copyright 2010-2018 Jo-Philipp Wich <jo@mein.io>
3 -- Licensed to the public under the Apache License 2.0.
5 local util = require "luci.util"
6 local coroutine = require "coroutine"
7 local table = require "table"
8 local lhttp = require "lucihttp"
9 local nixio = require "nixio"
10 local ltn12 = require "luci.ltn12"
12 local table, ipairs, pairs, type, tostring, tonumber, error =
13 table, ipairs, pairs, type, tostring, tonumber, error
17 HTTP_MAX_CONTENT = 1024*8 -- 8 kB maximum content size
19 context = util.threadlocal()
21 Request = util.class()
22 function Request.__init__(self, env, sourcein, sinkerr)
27 -- File handler nil by default to let .content() work
28 self.filehandler = nil
34 params = urldecode_params(env.QUERY_STRING or ""),
37 self.parsed_input = false
40 function Request.formvalue(self, name, noparse)
41 if not noparse and not self.parsed_input then
46 return self.message.params[name]
48 return self.message.params
52 function Request.formvaluetable(self, prefix)
54 prefix = prefix and prefix .. "." or "."
56 if not self.parsed_input then
60 local void = self.message.params[nil]
61 for k, v in pairs(self.message.params) do
62 if k:find(prefix, 1, true) == 1 then
63 vals[k:sub(#prefix + 1)] = tostring(v)
70 function Request.content(self)
71 if not self.parsed_input then
75 return self.message.content, self.message.content_length
78 function Request.getcookie(self, name)
79 return lhttp.header_attribute("cookie; " .. (self:getenv("HTTP_COOKIE") or ""), name)
82 function Request.getenv(self, name)
84 return self.message.env[name]
86 return self.message.env
90 function Request.setfilehandler(self, callback)
91 self.filehandler = callback
93 if not self.parsed_input then
97 -- If input has already been parsed then uploads are stored as unlinked
98 -- temporary files pointed to by open file handles in the parameter
99 -- value table. Loop all params, and invoke the file callback for any
100 -- param with an open file handle.
102 for name, value in pairs(self.message.params) do
103 if type(value) == "table" then
105 local data = value.fd:read(1024)
106 local eof = (not data or data == "")
108 callback(value, data, eof)
119 function Request._parse_input(self)
125 self.parsed_input = true
129 if not context.eoh then
134 if not context.closed then
135 context.closed = true
141 return context.request:content()
144 function formvalue(name, noparse)
145 return context.request:formvalue(name, noparse)
148 function formvaluetable(prefix)
149 return context.request:formvaluetable(prefix)
152 function getcookie(name)
153 return context.request:getcookie(name)
156 -- or the environment table itself.
157 function getenv(name)
158 return context.request:getenv(name)
161 function setfilehandler(callback)
162 return context.request:setfilehandler(callback)
165 function header(key, value)
166 if not context.headers then
169 context.headers[key:lower()] = value
170 coroutine.yield(2, key, value)
173 function prepare_content(mime)
174 if not context.headers or not context.headers["content-type"] then
175 if mime == "application/xhtml+xml" then
176 if not getenv("HTTP_ACCEPT") or
177 not getenv("HTTP_ACCEPT"):find("application/xhtml+xml", nil, true) then
178 mime = "text/html; charset=UTF-8"
180 header("Vary", "Accept")
182 header("Content-Type", mime)
187 return context.request.input
190 function status(code, message)
192 message = message or "OK"
193 context.status = code
194 coroutine.yield(1, code, message)
197 -- This function is as a valid LTN12 sink.
198 -- If the content chunk is nil this function will automatically invoke close.
199 function write(content, src_err)
207 elseif #content == 0 then
210 if not context.eoh then
211 if not context.status then
214 if not context.headers or not context.headers["content-type"] then
215 header("Content-Type", "text/html; charset=utf-8")
217 if not context.headers["cache-control"] then
218 header("Cache-Control", "no-cache")
219 header("Expires", "0")
221 if not context.headers["x-frame-options"] then
222 header("X-Frame-Options", "SAMEORIGIN")
224 if not context.headers["x-xss-protection"] then
225 header("X-XSS-Protection", "1; mode=block")
227 if not context.headers["x-content-type-options"] then
228 header("X-Content-Type-Options", "nosniff")
234 coroutine.yield(4, content)
239 function splice(fd, size)
240 coroutine.yield(6, fd, size)
243 function redirect(url)
244 if url == "" then url = "/" end
246 header("Location", url)
250 function build_querystring(q)
251 local s, n, k, v = {}, 1, nil, nil
253 for k, v in pairs(q) do
254 s[n+0] = (n == 1) and "?" or "&"
255 s[n+1] = util.urlencode(k)
257 s[n+3] = util.urlencode(v)
261 return table.concat(s, "")
264 urldecode = util.urldecode
266 urlencode = util.urlencode
268 function write_json(x)
269 util.serialize_json(x, write)
272 -- from given url or string. Returns a table with urldecoded values.
273 -- Simple parameters are stored as string values associated with the parameter
274 -- name within the table. Parameters with multiple values are stored as array
275 -- containing the corresponding values.
276 function urldecode_params(url, tbl)
278 local params = tbl or { }
280 parser = lhttp.urlencoded_parser(function (what, buffer, length)
281 if what == parser.TUPLE then
282 name, value = nil, nil
283 elseif what == parser.NAME then
284 name = lhttp.urldecode(buffer)
285 elseif what == parser.VALUE and name then
286 params[name] = lhttp.urldecode(buffer) or ""
293 parser:parse((url or ""):match("[^?]*$"))
300 -- separated by "&". Tables are encoded as parameters with multiple values by
301 -- repeating the parameter name with each value.
302 function urlencode_params(tbl)
305 for k, v in pairs(tbl) do
306 if type(v) == "table" then
308 for i, v2 in ipairs(v) do
314 enc[n+0] = lhttp.urlencode(k)
316 enc[n+2] = lhttp.urlencode(v2)
325 enc[n+0] = lhttp.urlencode(k)
327 enc[n+2] = lhttp.urlencode(v)
332 return table.concat(enc, "")
335 -- Content-Type. Stores all extracted data associated with its parameter name
336 -- in the params table within the given message object. Multiple parameter
337 -- values are stored as tables, ordinary ones as strings.
338 -- If an optional file callback function is given then it is feeded with the
339 -- file contents chunk by chunk and only the extracted file name is stored
340 -- within the params table. The callback function will be called subsequently
341 -- with three arguments:
342 -- o Table containing decoded (name, file) and raw (headers) mime header data
343 -- o String value containing a chunk of the file data
344 -- o Boolean which indicates wheather the current chunk is the last one (eof)
345 function mimedecode_message_body(src, msg, file_cb)
346 local parser, header, field
347 local len, maxlen = 0, tonumber(msg.env.CONTENT_LENGTH or nil)
349 parser, err = lhttp.multipart_parser(msg.env.CONTENT_TYPE, function (what, buffer, length)
350 if what == parser.PART_INIT then
353 elseif what == parser.HEADER_NAME then
354 header = buffer:lower()
356 elseif what == parser.HEADER_VALUE and header then
357 if header:lower() == "content-disposition" and
358 lhttp.header_attribute(buffer, nil) == "form-data"
360 field.name = lhttp.header_attribute(buffer, "name")
361 field.file = lhttp.header_attribute(buffer, "filename")
362 field[1] = field.file
365 if field.headers then
366 field.headers[header] = buffer
368 field.headers = { [header] = buffer }
371 elseif what == parser.PART_BEGIN then
372 return not field.file
374 elseif what == parser.PART_DATA and field.name and length > 0 then
377 file_cb(field, buffer, false)
378 msg.params[field.name] = msg.params[field.name] or field
381 field.fd = nixio.mkstemp(field.name)
385 field.fd:write(buffer)
386 msg.params[field.name] = msg.params[field.name] or field
393 elseif what == parser.PART_END and field.name then
394 if field.file and msg.params[field.name] then
396 file_cb(field, "", true)
398 field.fd:seek(0, "set")
401 local val = msg.params[field.name]
403 if type(val) == "table" then
404 val[#val+1] = field.value or ""
405 elseif val ~= nil then
406 msg.params[field.name] = { val, field.value or "" }
408 msg.params[field.name] = field.value or ""
414 elseif what == parser.ERROR then
421 return ltn12.pump.all(src, function (chunk)
422 len = len + (chunk and #chunk or 0)
424 if maxlen and len > maxlen + 2 then
425 return nil, "Message body size exceeds Content-Length"
428 if not parser or not parser:parse(chunk) then
436 -- Content-Type. Stores all extracted data associated with its parameter name
437 -- in the params table within the given message object. Multiple parameter
438 -- values are stored as tables, ordinary ones as strings.
439 function urldecode_message_body(src, msg)
440 local err, name, value, parser
441 local len, maxlen = 0, tonumber(msg.env.CONTENT_LENGTH or nil)
443 parser = lhttp.urlencoded_parser(function (what, buffer, length)
444 if what == parser.TUPLE then
445 name, value = nil, nil
446 elseif what == parser.NAME then
447 name = lhttp.urldecode(buffer, lhttp.DECODE_PLUS)
448 elseif what == parser.VALUE and name then
449 local val = msg.params[name]
451 if type(val) == "table" then
452 val[#val+1] = lhttp.urldecode(buffer, lhttp.DECODE_PLUS) or ""
453 elseif val ~= nil then
454 msg.params[name] = { val, lhttp.urldecode(buffer, lhttp.DECODE_PLUS) or "" }
456 msg.params[name] = lhttp.urldecode(buffer, lhttp.DECODE_PLUS) or ""
458 elseif what == parser.ERROR then
465 return ltn12.pump.all(src, function (chunk)
466 len = len + (chunk and #chunk or 0)
468 if maxlen and len > maxlen + 2 then
469 return nil, "Message body size exceeds Content-Length"
470 elseif len > HTTP_MAX_CONTENT then
471 return nil, "Message body size exceeds maximum allowed length"
474 if not parser or not parser:parse(chunk) then
482 -- This function will examine the Content-Type within the given message object
483 -- to select the appropriate content decoder.
484 -- Currently the application/x-www-urlencoded and application/form-data
485 -- mime types are supported. If the encountered content encoding can't be
486 -- handled then the whole message body will be stored unaltered as "content"
487 -- property within the given message object.
488 function parse_message_body(src, msg, filecb)
489 if msg.env.CONTENT_LENGTH or msg.env.REQUEST_METHOD == "POST" then
490 local ctype = lhttp.header_attribute(msg.env.CONTENT_TYPE, nil)
492 -- Is it multipart/mime ?
493 if ctype == "multipart/form-data" then
494 return mimedecode_message_body(src, msg, filecb)
496 -- Is it application/x-www-form-urlencoded ?
497 elseif ctype == "application/x-www-form-urlencoded" then
498 return urldecode_message_body(src, msg)
502 -- Unhandled encoding
503 -- If a file callback is given then feed it chunk by chunk, else
504 -- store whole buffer in message.content
507 -- If we have a file callback then feed it
508 if type(filecb) == "function" then
511 encoding = msg.env.CONTENT_TYPE
513 sink = function( chunk )
515 return filecb(meta, chunk, false)
517 return filecb(meta, nil, true)
520 -- ... else append to .content
523 msg.content_length = 0
525 sink = function( chunk )
527 if ( msg.content_length + #chunk ) <= HTTP_MAX_CONTENT then
528 msg.content = msg.content .. chunk
529 msg.content_length = msg.content_length + #chunk
532 return nil, "POST data exceeds maximum allowed length"
541 local ok, err = ltn12.pump.step( src, sink )
543 if not ok and err then
545 elseif not ok then -- eof