2026-01-27 09:06:40 -05:00
|
|
|
// SPDX-FileCopyrightText: 2012 Icinga GmbH <https://icinga.com>
|
|
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2015-07-21 10:10:13 -04:00
|
|
|
|
|
|
|
|
#include "remote/httputility.hpp"
|
2019-02-14 11:27:17 -05:00
|
|
|
#include "remote/url.hpp"
|
2015-07-21 10:10:13 -04:00
|
|
|
#include "base/json.hpp"
|
2015-11-09 16:48:03 -05:00
|
|
|
#include "base/logger.hpp"
|
2018-12-21 05:52:37 -05:00
|
|
|
#include <map>
|
2019-02-14 11:27:17 -05:00
|
|
|
#include <string>
|
2018-12-21 05:52:37 -05:00
|
|
|
#include <vector>
|
2019-02-14 07:12:36 -05:00
|
|
|
#include <boost/beast/http.hpp>
|
2015-07-21 10:10:13 -04:00
|
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
|
|
2019-02-14 11:27:17 -05:00
|
|
|
Dictionary::Ptr HttpUtility::FetchRequestParameters(const Url::Ptr& url, const std::string& body)
|
2015-07-21 10:10:13 -04:00
|
|
|
{
|
|
|
|
|
Dictionary::Ptr result;
|
|
|
|
|
|
2019-02-14 11:27:17 -05:00
|
|
|
if (!body.empty()) {
|
2015-11-09 16:48:03 -05:00
|
|
|
Log(LogDebug, "HttpUtility")
|
2019-02-14 11:27:17 -05:00
|
|
|
<< "Request body: '" << body << '\'';
|
2018-10-09 06:55:53 -04:00
|
|
|
|
2015-07-21 10:10:13 -04:00
|
|
|
result = JsonDecode(body);
|
2015-11-09 16:48:03 -05:00
|
|
|
}
|
2015-07-21 10:10:13 -04:00
|
|
|
|
|
|
|
|
if (!result)
|
|
|
|
|
result = new Dictionary();
|
|
|
|
|
|
2018-12-21 05:52:37 -05:00
|
|
|
std::map<String, std::vector<String>> query;
|
2019-02-14 11:27:17 -05:00
|
|
|
for (const auto& kv : url->GetQuery()) {
|
2018-12-21 05:52:37 -05:00
|
|
|
query[kv.first].emplace_back(kv.second);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (auto& kv : query) {
|
2015-07-29 07:09:42 -04:00
|
|
|
result->Set(kv.first, Array::FromVector(kv.second));
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-30 11:50:17 -04:00
|
|
|
Value HttpUtility::GetLastParameter(const Dictionary::Ptr& params, const String& key)
|
2015-07-29 07:39:58 -04:00
|
|
|
{
|
|
|
|
|
Value varr = params->Get(key);
|
|
|
|
|
|
|
|
|
|
if (!varr.IsObjectType<Array>())
|
|
|
|
|
return varr;
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-07-29 07:39:58 -04:00
|
|
|
Array::Ptr arr = varr;
|
|
|
|
|
|
|
|
|
|
if (arr->GetLength() == 0)
|
2015-07-30 11:50:17 -04:00
|
|
|
return Empty;
|
2015-07-29 07:39:58 -04:00
|
|
|
else
|
|
|
|
|
return arr->Get(arr->GetLength() - 1);
|
|
|
|
|
}
|
2015-09-22 11:58:12 -04:00
|
|
|
|
2025-09-11 07:12:23 -04:00
|
|
|
/**
|
|
|
|
|
* Stream a JSON-encoded body to the client.
|
|
|
|
|
*
|
|
|
|
|
* This function sets the Content-Type header to "application/json", starts the streaming of the response,
|
|
|
|
|
* and encodes the given value as JSON to the client. If pretty-print is requested, the JSON output will be
|
|
|
|
|
* formatted accordingly. It is assumed that the response status code and other necessary headers have already
|
|
|
|
|
* been set.
|
|
|
|
|
*
|
|
|
|
|
* @param response The HTTP response to send the body to.
|
|
|
|
|
* @param params The request parameters.
|
|
|
|
|
* @param val The value to encode as JSON and stream to the client.
|
|
|
|
|
* @param yc The yield context to use for asynchronous operations.
|
|
|
|
|
*/
|
|
|
|
|
void HttpUtility::SendJsonBody(HttpApiResponse& response, const Dictionary::Ptr& params, const Value& val, boost::asio::yield_context& yc)
|
|
|
|
|
{
|
|
|
|
|
namespace http = boost::beast::http;
|
|
|
|
|
|
|
|
|
|
response.set(http::field::content_type, "application/json");
|
|
|
|
|
response.StartStreaming(false);
|
|
|
|
|
response.GetJsonEncoder(params && GetLastParameter(params, "pretty")).Encode(val, &yc);
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-22 06:41:21 -05:00
|
|
|
void HttpUtility::SendJsonBody(HttpApiResponse& response, const Dictionary::Ptr& params, const Value& val)
|
2015-09-22 11:58:12 -04:00
|
|
|
{
|
2019-05-23 09:25:08 -04:00
|
|
|
namespace http = boost::beast::http;
|
2017-12-20 09:31:05 -05:00
|
|
|
|
2019-05-23 09:25:08 -04:00
|
|
|
response.set(http::field::content_type, "application/json");
|
2025-07-23 03:37:05 -04:00
|
|
|
response.GetJsonEncoder(params && GetLastParameter(params, "pretty")).Encode(val);
|
2015-09-22 11:58:12 -04:00
|
|
|
}
|
|
|
|
|
|
2026-01-22 06:41:21 -05:00
|
|
|
void HttpUtility::SendJsonError(HttpApiResponse& response,
|
2019-02-14 10:07:06 -05:00
|
|
|
const Dictionary::Ptr& params, int code, const String& info, const String& diagnosticInformation)
|
|
|
|
|
{
|
|
|
|
|
Dictionary::Ptr result = new Dictionary({ { "error", code } });
|
|
|
|
|
|
|
|
|
|
if (!info.IsEmpty()) {
|
|
|
|
|
result->Set("status", info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (params && HttpUtility::GetLastParameter(params, "verbose") && !diagnosticInformation.IsEmpty()) {
|
|
|
|
|
result->Set("diagnostic_information", diagnosticInformation);
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-23 03:37:05 -04:00
|
|
|
response.Clear();
|
2019-02-14 10:07:06 -05:00
|
|
|
response.result(code);
|
|
|
|
|
|
|
|
|
|
HttpUtility::SendJsonBody(response, params, result);
|
|
|
|
|
}
|
2025-11-28 03:52:17 -05:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the given string is suitable to be used as an HTTP header name.
|
|
|
|
|
*
|
|
|
|
|
* @param name The value to check for validity
|
|
|
|
|
* @return true if the argument is a valid header name, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
bool HttpUtility::IsValidHeaderName(std::string_view name)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Derived from the following syntax definition in RFC9110:
|
|
|
|
|
*
|
|
|
|
|
* field-name = token
|
|
|
|
|
* token = 1*tchar
|
|
|
|
|
* tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
|
|
|
|
|
* ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
|
|
|
|
|
* DIGIT = %x30-39 ; 0-9
|
|
|
|
|
*
|
|
|
|
|
* References:
|
|
|
|
|
* - https://datatracker.ietf.org/doc/html/rfc9110#section-5.1
|
|
|
|
|
* - https://datatracker.ietf.org/doc/html/rfc9110#appendix-A
|
|
|
|
|
* - https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
return !name.empty() && std::all_of(name.begin(), name.end(), [](char c) {
|
|
|
|
|
switch (c) {
|
|
|
|
|
case '!': case '#': case '$': case '%': case '&': case '\'': case '*': case '+':
|
|
|
|
|
case '-': case '.': case '^': case '_': case '`': case '|': case '~':
|
|
|
|
|
return true;
|
|
|
|
|
default:
|
|
|
|
|
return ('0' <= c && c <= '9') || ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z');
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the given string is suitable to be used as an HTTP header value.
|
|
|
|
|
*
|
|
|
|
|
* @param value The value to check for validity
|
|
|
|
|
* @return true if the argument is a valid header value, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
bool HttpUtility::IsValidHeaderValue(std::string_view value)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Derived from the following syntax definition in RFC9110:
|
|
|
|
|
*
|
|
|
|
|
* field-value = *field-content
|
|
|
|
|
* field-content = field-vchar [ 1*( SP / HTAB / field-vchar ) field-vchar ]
|
|
|
|
|
* field-vchar = VCHAR / obs-text
|
|
|
|
|
* obs-text = %x80-FF
|
|
|
|
|
* VCHAR = %x21-7E ; visible (printing) characters
|
|
|
|
|
*
|
|
|
|
|
* References:
|
|
|
|
|
* - https://datatracker.ietf.org/doc/html/rfc9110#section-5.5
|
|
|
|
|
* - https://datatracker.ietf.org/doc/html/rfc9110#appendix-A
|
|
|
|
|
* - https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (!value.empty()) {
|
|
|
|
|
// Must not start or end with space or tab.
|
2025-12-03 05:09:44 -05:00
|
|
|
for (char c : {value.front(), value.back()}) {
|
2025-11-28 03:52:17 -05:00
|
|
|
if (c == ' ' || c == '\t') {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return std::all_of(value.begin(), value.end(), [](char c) {
|
|
|
|
|
return c == ' ' || c == '\t' || ('\x21' <= c && c <= '\x7e') || ('\x80' <= c && c <= '\xff');
|
|
|
|
|
});
|
|
|
|
|
}
|
