/libgo/go/net/http/cgi/host.go
Go | 407 lines | 311 code | 41 blank | 55 comment | 101 complexity | 369a8beab70162d93c34694541e5703f MD5 | raw file
- // Copyright 2011 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- // This file implements the host side of CGI (being the webserver
- // parent process).
- // Package cgi implements CGI (Common Gateway Interface) as specified
- // in RFC 3875.
- //
- // Note that using CGI means starting a new process to handle each
- // request, which is typically less efficient than using a
- // long-running server. This package is intended primarily for
- // compatibility with existing systems.
- package cgi
- import (
- "bufio"
- "fmt"
- "io"
- "log"
- "net"
- "net/http"
- "net/textproto"
- "os"
- "os/exec"
- "path/filepath"
- "regexp"
- "runtime"
- "strconv"
- "strings"
- "golang.org/x/net/http/httpguts"
- )
- var trailingPort = regexp.MustCompile(`:([0-9]+)$`)
- var osDefaultInheritEnv = func() []string {
- switch runtime.GOOS {
- case "darwin", "ios":
- return []string{"DYLD_LIBRARY_PATH"}
- case "linux", "freebsd", "netbsd", "openbsd":
- return []string{"LD_LIBRARY_PATH"}
- case "hpux":
- return []string{"LD_LIBRARY_PATH", "SHLIB_PATH"}
- case "irix":
- return []string{"LD_LIBRARY_PATH", "LD_LIBRARYN32_PATH", "LD_LIBRARY64_PATH"}
- case "illumos", "solaris":
- return []string{"LD_LIBRARY_PATH", "LD_LIBRARY_PATH_32", "LD_LIBRARY_PATH_64"}
- case "windows":
- return []string{"SystemRoot", "COMSPEC", "PATHEXT", "WINDIR"}
- }
- return nil
- }()
- // Handler runs an executable in a subprocess with a CGI environment.
- type Handler struct {
- Path string // path to the CGI executable
- Root string // root URI prefix of handler or empty for "/"
- // Dir specifies the CGI executable's working directory.
- // If Dir is empty, the base directory of Path is used.
- // If Path has no base directory, the current working
- // directory is used.
- Dir string
- Env []string // extra environment variables to set, if any, as "key=value"
- InheritEnv []string // environment variables to inherit from host, as "key"
- Logger *log.Logger // optional log for errors or nil to use log.Print
- Args []string // optional arguments to pass to child process
- Stderr io.Writer // optional stderr for the child process; nil means os.Stderr
- // PathLocationHandler specifies the root http Handler that
- // should handle internal redirects when the CGI process
- // returns a Location header value starting with a "/", as
- // specified in RFC 3875 ยง 6.3.2. This will likely be
- // http.DefaultServeMux.
- //
- // If nil, a CGI response with a local URI path is instead sent
- // back to the client and not redirected internally.
- PathLocationHandler http.Handler
- }
- func (h *Handler) stderr() io.Writer {
- if h.Stderr != nil {
- return h.Stderr
- }
- return os.Stderr
- }
- // removeLeadingDuplicates remove leading duplicate in environments.
- // It's possible to override environment like following.
- // cgi.Handler{
- // ...
- // Env: []string{"SCRIPT_FILENAME=foo.php"},
- // }
- func removeLeadingDuplicates(env []string) (ret []string) {
- for i, e := range env {
- found := false
- if eq := strings.IndexByte(e, '='); eq != -1 {
- keq := e[:eq+1] // "key="
- for _, e2 := range env[i+1:] {
- if strings.HasPrefix(e2, keq) {
- found = true
- break
- }
- }
- }
- if !found {
- ret = append(ret, e)
- }
- }
- return
- }
- func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
- root := h.Root
- if root == "" {
- root = "/"
- }
- if len(req.TransferEncoding) > 0 && req.TransferEncoding[0] == "chunked" {
- rw.WriteHeader(http.StatusBadRequest)
- rw.Write([]byte("Chunked request bodies are not supported by CGI."))
- return
- }
- pathInfo := req.URL.Path
- if root != "/" && strings.HasPrefix(pathInfo, root) {
- pathInfo = pathInfo[len(root):]
- }
- port := "80"
- if matches := trailingPort.FindStringSubmatch(req.Host); len(matches) != 0 {
- port = matches[1]
- }
- env := []string{
- "SERVER_SOFTWARE=go",
- "SERVER_NAME=" + req.Host,
- "SERVER_PROTOCOL=HTTP/1.1",
- "HTTP_HOST=" + req.Host,
- "GATEWAY_INTERFACE=CGI/1.1",
- "REQUEST_METHOD=" + req.Method,
- "QUERY_STRING=" + req.URL.RawQuery,
- "REQUEST_URI=" + req.URL.RequestURI(),
- "PATH_INFO=" + pathInfo,
- "SCRIPT_NAME=" + root,
- "SCRIPT_FILENAME=" + h.Path,
- "SERVER_PORT=" + port,
- }
- if remoteIP, remotePort, err := net.SplitHostPort(req.RemoteAddr); err == nil {
- env = append(env, "REMOTE_ADDR="+remoteIP, "REMOTE_HOST="+remoteIP, "REMOTE_PORT="+remotePort)
- } else {
- // could not parse ip:port, let's use whole RemoteAddr and leave REMOTE_PORT undefined
- env = append(env, "REMOTE_ADDR="+req.RemoteAddr, "REMOTE_HOST="+req.RemoteAddr)
- }
- if req.TLS != nil {
- env = append(env, "HTTPS=on")
- }
- for k, v := range req.Header {
- k = strings.Map(upperCaseAndUnderscore, k)
- if k == "PROXY" {
- // See Issue 16405
- continue
- }
- joinStr := ", "
- if k == "COOKIE" {
- joinStr = "; "
- }
- env = append(env, "HTTP_"+k+"="+strings.Join(v, joinStr))
- }
- if req.ContentLength > 0 {
- env = append(env, fmt.Sprintf("CONTENT_LENGTH=%d", req.ContentLength))
- }
- if ctype := req.Header.Get("Content-Type"); ctype != "" {
- env = append(env, "CONTENT_TYPE="+ctype)
- }
- envPath := os.Getenv("PATH")
- if envPath == "" {
- envPath = "/bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin"
- }
- env = append(env, "PATH="+envPath)
- for _, e := range h.InheritEnv {
- if v := os.Getenv(e); v != "" {
- env = append(env, e+"="+v)
- }
- }
- for _, e := range osDefaultInheritEnv {
- if v := os.Getenv(e); v != "" {
- env = append(env, e+"="+v)
- }
- }
- if h.Env != nil {
- env = append(env, h.Env...)
- }
- env = removeLeadingDuplicates(env)
- var cwd, path string
- if h.Dir != "" {
- path = h.Path
- cwd = h.Dir
- } else {
- cwd, path = filepath.Split(h.Path)
- }
- if cwd == "" {
- cwd = "."
- }
- internalError := func(err error) {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("CGI error: %v", err)
- }
- cmd := &exec.Cmd{
- Path: path,
- Args: append([]string{h.Path}, h.Args...),
- Dir: cwd,
- Env: env,
- Stderr: h.stderr(),
- }
- if req.ContentLength != 0 {
- cmd.Stdin = req.Body
- }
- stdoutRead, err := cmd.StdoutPipe()
- if err != nil {
- internalError(err)
- return
- }
- err = cmd.Start()
- if err != nil {
- internalError(err)
- return
- }
- if hook := testHookStartProcess; hook != nil {
- hook(cmd.Process)
- }
- defer cmd.Wait()
- defer stdoutRead.Close()
- linebody := bufio.NewReaderSize(stdoutRead, 1024)
- headers := make(http.Header)
- statusCode := 0
- headerLines := 0
- sawBlankLine := false
- for {
- line, isPrefix, err := linebody.ReadLine()
- if isPrefix {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("cgi: long header line from subprocess.")
- return
- }
- if err == io.EOF {
- break
- }
- if err != nil {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("cgi: error reading headers: %v", err)
- return
- }
- if len(line) == 0 {
- sawBlankLine = true
- break
- }
- headerLines++
- header, val, ok := strings.Cut(string(line), ":")
- if !ok {
- h.printf("cgi: bogus header line: %s", string(line))
- continue
- }
- if !httpguts.ValidHeaderFieldName(header) {
- h.printf("cgi: invalid header name: %q", header)
- continue
- }
- val = textproto.TrimString(val)
- switch {
- case header == "Status":
- if len(val) < 3 {
- h.printf("cgi: bogus status (short): %q", val)
- return
- }
- code, err := strconv.Atoi(val[0:3])
- if err != nil {
- h.printf("cgi: bogus status: %q", val)
- h.printf("cgi: line was %q", line)
- return
- }
- statusCode = code
- default:
- headers.Add(header, val)
- }
- }
- if headerLines == 0 || !sawBlankLine {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("cgi: no headers")
- return
- }
- if loc := headers.Get("Location"); loc != "" {
- if strings.HasPrefix(loc, "/") && h.PathLocationHandler != nil {
- h.handleInternalRedirect(rw, req, loc)
- return
- }
- if statusCode == 0 {
- statusCode = http.StatusFound
- }
- }
- if statusCode == 0 && headers.Get("Content-Type") == "" {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("cgi: missing required Content-Type in headers")
- return
- }
- if statusCode == 0 {
- statusCode = http.StatusOK
- }
- // Copy headers to rw's headers, after we've decided not to
- // go into handleInternalRedirect, which won't want its rw
- // headers to have been touched.
- for k, vv := range headers {
- for _, v := range vv {
- rw.Header().Add(k, v)
- }
- }
- rw.WriteHeader(statusCode)
- _, err = io.Copy(rw, linebody)
- if err != nil {
- h.printf("cgi: copy error: %v", err)
- // And kill the child CGI process so we don't hang on
- // the deferred cmd.Wait above if the error was just
- // the client (rw) going away. If it was a read error
- // (because the child died itself), then the extra
- // kill of an already-dead process is harmless (the PID
- // won't be reused until the Wait above).
- cmd.Process.Kill()
- }
- }
- func (h *Handler) printf(format string, v ...any) {
- if h.Logger != nil {
- h.Logger.Printf(format, v...)
- } else {
- log.Printf(format, v...)
- }
- }
- func (h *Handler) handleInternalRedirect(rw http.ResponseWriter, req *http.Request, path string) {
- url, err := req.URL.Parse(path)
- if err != nil {
- rw.WriteHeader(http.StatusInternalServerError)
- h.printf("cgi: error resolving local URI path %q: %v", path, err)
- return
- }
- // TODO: RFC 3875 isn't clear if only GET is supported, but it
- // suggests so: "Note that any message-body attached to the
- // request (such as for a POST request) may not be available
- // to the resource that is the target of the redirect." We
- // should do some tests against Apache to see how it handles
- // POST, HEAD, etc. Does the internal redirect get the same
- // method or just GET? What about incoming headers?
- // (e.g. Cookies) Which headers, if any, are copied into the
- // second request?
- newReq := &http.Request{
- Method: "GET",
- URL: url,
- Proto: "HTTP/1.1",
- ProtoMajor: 1,
- ProtoMinor: 1,
- Header: make(http.Header),
- Host: url.Host,
- RemoteAddr: req.RemoteAddr,
- TLS: req.TLS,
- }
- h.PathLocationHandler.ServeHTTP(rw, newReq)
- }
- func upperCaseAndUnderscore(r rune) rune {
- switch {
- case r >= 'a' && r <= 'z':
- return r - ('a' - 'A')
- case r == '-':
- return '_'
- case r == '=':
- // Maybe not part of the CGI 'spec' but would mess up
- // the environment in any case, as Go represents the
- // environment as a slice of "key=value" strings.
- return '_'
- }
- // TODO: other transformations in spec or practice?
- return r
- }
- var testHookStartProcess func(*os.Process) // nil except for some tests