access.cpp

mini http server,可以集成嵌入到程序中,实现简单的web功能

/*____________________________________________________________________________*\
 *

 Copyright (c) 1997-2003 John Roy, Holger Zimmermann. All rights reserved.

 These sources, libraries and applications are
 FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 as long as the following conditions are adhered to.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:

 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer. 

 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in
    the documentation and/or other materials provided with the
    distribution.

 3. The name of the author may not be used to endorse or promote products
    derived from this software without specific prior written permission.

 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 IN NO EVENT SHALL THE AUTHORS OR ITS CONTRIBUTORS BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 OF THE POSSIBILITY OF SUCH DAMAGE.

 *____________________________________________________________________________*|
 *
 * $Source: /cvsroot/pi3web/Pi3Web_200/Source/HTTP/Access.cpp,v $
 * $Date: 2003/05/13 18:42:01 $
 *
 Description:
	File access and stuff

\*____________________________________________________________________________*/
//$SourceTop:$

#include <ctype.h>

#include "HandBase.h"
#include "HTTPCore.h"
#include "PIStrStr.h"

/*____________________________________________________________________________*\
 *
 Description:
\*____________________________________________________________________________*/
#define KEY_CONF_REQUIREPERMISSIONS		"RequirePermissions"
#define VALUE_READ						('R')
#define VALUE_WRITE						('W')
#define VALUE_EXECUTE					('X')

#define	INT_READ		0x01
#define	INT_WRITE		0x02
#define	INT_EXECUTE		0x04
#define INT_ALL			( INT_READ | INT_WRITE | INT_EXECUTE )

#if 0
	/*
	** HTML documentation for this handler
	*/
/*___+++HTMLDOC_BEGIN+++___*/
Name:
	AccessByFile

Description:
	Verify permissions associated with the resource identified by
	the current physical path.	

Options:
<H5>Overview</H5>
<TABLE BORDER=1>
<TH>Option
<TH>Default
<TH>Values
<TH>Short Description
<TH>Example(s)

<TR>
<TD>RequirePermissions
<TD>-
<TD>Combination of 'x', 'r', 'w'
<TD>Permissions required on file
<TD>RequirePermissions="x"

</TABLE>
<STRONG>-</STRONG> in the <IT>default</IT> indicates no default<BR>
<STRONG>+</STRONG> in the <IT>default</IT> indicates the field is mandatory<BR>

<H4>Description of Options</H4>
<H5>
	RequirePermissions
</H5>
These permissions will be compared against the permissions on the filesystem
resource to determine if this handler will indicate a match by returning
PIAPI_COMPLETED without setting the status code to 403.
This value is obtained by concatenating any of the following flags together.
<CENTER>
<TABLE BORDER=1>
<TH>Option
<TH>Meaning
<TR>
<TD>r
<TD>Resource must be readable
<TR>
<TD>w
<TD>Resource must be writable
<TR>
<TD>x
<TD>Resource must be executable
</TABLE>
</CENTER>
Permission flags are not case sensitive.

Phase:
	CHECKACCESS

Returns:
	PIAPI_ERROR if this handler was invoked for an inappropriate phase, 
	otherwise PIAPI_COMPLETED is returned. If the resource does not 
	have the required permissions this handler sets the response status
	to 403 Forbidden.

Note:
	Not all permission flags may be checked on all operating systems, where
	a permission cannot be verified because the operating system does not
	support the flag that permission will be considered passed.
	An observation of this note is that a later phase may fail to 
	access a resource that passed this verification for the access attempted.

Example:
	<PRE>
	&lt;Object&gt;
		Name AccessByFile
		Class AccessByFileClass
	&lt;/Object&gt;

	&lt;Object&gt;
		...
		CheckAccess AccessByFile RequirePermissions="R"
		...
	&lt;/Object&gt;

	</PRE>
/*___+++HTMLDOC_END+++___*/
#endif

/*____________________________________________________________________________*\
 *
 Class:
 Description:
\*____________________________________________________________________________*/
class AccessByFile : public HandlerBaseHTTP
{
private:
	/* ---
	Configuration data
	--- */
	int iRequiredPermissions;	

protected:
	int Parameter( const char *pVariable, const char *pValue,
		const char *pWhere )
		{
		assert( pVariable && pValue );
		PIOStrStream os;
		os << pWhere << "AccessByFile: ";
		if ( !PIUtil_stricmp( KEY_CONF_REQUIREPERMISSIONS, pVariable ) )
			{
			int iLen = strlen( pValue );
			for( int i=0; i<iLen; i++ )
				{
				char c = toupper( pValue[i] );
				switch( c )
					{
					case VALUE_READ:
						iRequiredPermissions |= INT_READ; break;

					case VALUE_WRITE:
						iRequiredPermissions |= INT_WRITE; break;

					case VALUE_EXECUTE:
						iRequiredPermissions |= INT_EXECUTE; break;

					default:;
						{
						os << "Unknown permission '" << c << "'" << ends;
						CONFIG_ERR( Object(), os.str() );
						return 0;
						};
					};
				};
			}
		else
			{
			os << "Unknown directive '" << pVariable <<
				"'" << ends;
			CONFIG_ERR( Object(), os.str() );
			return 0;
			};

		return 1;
		};

public:
	AccessByFile( PIObject *pObject, int iArgc, const char *ppArgv[] )
	:	HandlerBaseHTTP( pObject ), iRequiredPermissions( 0 )
		{
		ReadParameters( iArgc, ppArgv );
		};

	int Handle( int iPhase, PIHTTP &tPIHTTP, PIIOBuffer & )
		{
		if ( iPhase!=PH_CHECKACCESS )
			{ return PIAPI_ERROR; };

		const char *pPath = (const char *)PIDB_lookup( tPIHTTP.pResponseDB,
			PIDBTYPE_STRING, KEY_INT_PATH, 0 );

		PIFInfo *pFInfo = HTTPCore_getCachedFile( pPath ); 
		if ( !pFInfo )
			{ return PIAPI_ERROR; };

		if ( ( iRequiredPermissions & INT_READ ) &&
			!PIFInfo_isReadable( pFInfo ) )
			{
			HTTPCore_logError( &tPIHTTP, "AccessByFile: Path '%s' refused, \
file is not readable.", PIFInfo_getPath( pFInfo ) );
			goto do_continue;
			}
		else if ( ( iRequiredPermissions & INT_WRITE ) &&
			!PIFInfo_isWritable( pFInfo ) )
			{
			HTTPCore_logError( &tPIHTTP, "AccessByFile: Path '%s' refused, \
file is not writable.", PIFInfo_getPath( pFInfo ) );
			goto do_continue;
			}
		else if ( ( iRequiredPermissions & INT_EXECUTE ) &&
			!PIFInfo_isExecutable( pFInfo ) )
			{
			HTTPCore_logError( &tPIHTTP, "AccessByFile: Path '%s' refused, \
file is not executable.", PIFInfo_getPath( pFInfo ) );
			goto do_continue;
			}

		HTTPCore_releaseCachedFile( pFInfo );
		return PIAPI_COMPLETED;

do_continue:
		HTTPCore_releaseCachedFile( pFInfo );
		return HTTPUtil_doHTTPError( &tPIHTTP, ST_FORBIDDEN );
		};
};

/*____________________________________________________________________________*\
 *
 Function:
 Synopsis:
 Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int AccessByFile_constructor( PIObject *pObj,
	int iArgc, const char *ppArgv[] )
{
	return HandlerBaseHTTP_constructor( pObj, PI_NEW( AccessByFile( pObj,
		iArgc, ppArgv ) ) );
}

#if 0
/*___+++CNF_BEGIN+++___*/
	<Class>
		Name AccessByFileClass
		Type LogicExtension
		Library HTTP
		OnClassLoad HandlerBaseHTTP_onClassLoad
		Constructor AccessByFile_constructor
		CopyConstructor HandlerBaseHTTP_copyConstructor
		Destructor HandlerBaseHTTP_destructor
		Execute HandlerBaseHTTP_execute
	</Class>

	<Object>
		Name AccessByFile
		Class AccessByFileClass
	</Object>

/*___+++CNF_END+++___*/
#endif