2019-02-25 23:34:32 +01:00
|
|
|
using System;
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
using System.Globalization;
|
|
|
|
|
using System.IO;
|
|
|
|
|
using System.Net;
|
|
|
|
|
using System.Text;
|
|
|
|
|
using MediaBrowser.Model.Services;
|
|
|
|
|
using Microsoft.AspNetCore.Http;
|
2019-02-26 08:09:42 +01:00
|
|
|
using Microsoft.AspNetCore.Http.Extensions;
|
2019-02-25 23:34:32 +01:00
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
using Microsoft.Extensions.Primitives;
|
|
|
|
|
using Microsoft.Net.Http.Headers;
|
2019-04-11 16:58:28 +02:00
|
|
|
using HeaderNames = MediaBrowser.Common.Net.MoreHeaderNames;
|
2019-02-25 23:34:32 +01:00
|
|
|
using IHttpFile = MediaBrowser.Model.Services.IHttpFile;
|
|
|
|
|
using IHttpRequest = MediaBrowser.Model.Services.IHttpRequest;
|
|
|
|
|
using IResponse = MediaBrowser.Model.Services.IResponse;
|
|
|
|
|
|
|
|
|
|
namespace Emby.Server.Implementations.SocketSharp
|
|
|
|
|
{
|
|
|
|
|
public partial class WebSocketSharpRequest : IHttpRequest
|
|
|
|
|
{
|
|
|
|
|
private readonly HttpRequest request;
|
|
|
|
|
|
|
|
|
|
public WebSocketSharpRequest(HttpRequest httpContext, HttpResponse response, string operationName, ILogger logger)
|
|
|
|
|
{
|
|
|
|
|
this.OperationName = operationName;
|
|
|
|
|
this.request = httpContext;
|
2019-03-07 22:26:23 +01:00
|
|
|
this.Response = new WebSocketSharpResponse(logger, response);
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public HttpRequest HttpRequest => request;
|
|
|
|
|
|
2019-03-07 22:26:23 +01:00
|
|
|
public IResponse Response { get; }
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
public string OperationName { get; set; }
|
|
|
|
|
|
|
|
|
|
public object Dto { get; set; }
|
|
|
|
|
|
2019-02-26 19:48:18 +01:00
|
|
|
public string RawUrl => request.GetEncodedPathAndQuery();
|
2019-02-25 23:34:32 +01:00
|
|
|
|
2019-02-26 08:09:42 +01:00
|
|
|
public string AbsoluteUri => request.GetDisplayUrl().TrimEnd('/');
|
2019-04-11 16:58:28 +02:00
|
|
|
// Header[name] returns "" when undefined
|
2019-02-25 23:34:32 +01:00
|
|
|
|
2019-04-11 16:58:28 +02:00
|
|
|
private string GetHeader(string name) => request.Headers[name].ToString();
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
private string remoteIp;
|
2019-02-16 16:54:18 +01:00
|
|
|
public string RemoteIp
|
|
|
|
|
{
|
|
|
|
|
get
|
|
|
|
|
{
|
|
|
|
|
if (remoteIp != null)
|
|
|
|
|
{
|
|
|
|
|
return remoteIp;
|
|
|
|
|
}
|
2019-02-25 23:34:32 +01:00
|
|
|
|
2019-04-11 16:58:28 +02:00
|
|
|
var temp = CheckBadChars(GetHeader(HeaderNames.XForwardedFor).AsSpan());
|
2019-02-16 16:54:18 +01:00
|
|
|
if (temp.Length != 0)
|
|
|
|
|
{
|
|
|
|
|
return remoteIp = temp.ToString();
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-11 16:58:28 +02:00
|
|
|
temp = CheckBadChars(GetHeader(HeaderNames.XRealIP).AsSpan());
|
2019-02-16 16:54:18 +01:00
|
|
|
if (temp.Length != 0)
|
|
|
|
|
{
|
|
|
|
|
return remoteIp = NormalizeIp(temp).ToString();
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-07 20:16:51 +01:00
|
|
|
return remoteIp = NormalizeIp(request.HttpContext.Connection.RemoteIpAddress.ToString().AsSpan()).ToString();
|
2019-02-16 16:54:18 +01:00
|
|
|
}
|
|
|
|
|
}
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
private static readonly char[] HttpTrimCharacters = new char[] { (char)0x09, (char)0xA, (char)0xB, (char)0xC, (char)0xD, (char)0x20 };
|
|
|
|
|
|
|
|
|
|
// CheckBadChars - throws on invalid chars to be not found in header name/value
|
2019-02-16 16:54:18 +01:00
|
|
|
internal static ReadOnlySpan<char> CheckBadChars(ReadOnlySpan<char> name)
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
2019-02-16 16:54:18 +01:00
|
|
|
if (name.Length == 0)
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
|
|
|
|
return name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// VALUE check
|
|
|
|
|
// Trim spaces from both ends
|
|
|
|
|
name = name.Trim(HttpTrimCharacters);
|
|
|
|
|
|
|
|
|
|
// First, check for correctly formed multi-line value
|
|
|
|
|
// Second, check for absence of CTL characters
|
|
|
|
|
int crlf = 0;
|
|
|
|
|
for (int i = 0; i < name.Length; ++i)
|
|
|
|
|
{
|
|
|
|
|
char c = (char)(0x000000ff & (uint)name[i]);
|
|
|
|
|
switch (crlf)
|
|
|
|
|
{
|
|
|
|
|
case 0:
|
|
|
|
|
if (c == '\r')
|
|
|
|
|
{
|
|
|
|
|
crlf = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (c == '\n')
|
|
|
|
|
{
|
|
|
|
|
// Technically this is bad HTTP. But it would be a breaking change to throw here.
|
|
|
|
|
// Is there an exploit?
|
|
|
|
|
crlf = 2;
|
|
|
|
|
}
|
|
|
|
|
else if (c == 127 || (c < ' ' && c != '\t'))
|
|
|
|
|
{
|
2019-02-16 16:54:18 +01:00
|
|
|
throw new ArgumentException("net_WebHeaderInvalidControlChars", nameof(name));
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 1:
|
|
|
|
|
if (c == '\n')
|
|
|
|
|
{
|
|
|
|
|
crlf = 2;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-16 16:54:18 +01:00
|
|
|
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
case 2:
|
|
|
|
|
if (c == ' ' || c == '\t')
|
|
|
|
|
{
|
|
|
|
|
crlf = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-16 16:54:18 +01:00
|
|
|
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (crlf != 0)
|
|
|
|
|
{
|
2019-02-16 16:54:18 +01:00
|
|
|
throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return name;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-16 16:54:18 +01:00
|
|
|
private ReadOnlySpan<char> NormalizeIp(ReadOnlySpan<char> ip)
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
2019-02-16 16:54:18 +01:00
|
|
|
if (ip.Length != 0 && !ip.IsWhiteSpace())
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
|
|
|
|
// Handle ipv4 mapped to ipv6
|
|
|
|
|
const string srch = "::ffff:";
|
2019-03-07 20:16:51 +01:00
|
|
|
var index = ip.IndexOf(srch.AsSpan(), StringComparison.OrdinalIgnoreCase);
|
2019-02-25 23:34:32 +01:00
|
|
|
if (index == 0)
|
|
|
|
|
{
|
2019-02-16 16:54:18 +01:00
|
|
|
ip = ip.Slice(srch.Length);
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ip;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public string[] AcceptTypes => request.Headers.GetCommaSeparatedValues(HeaderNames.Accept);
|
|
|
|
|
|
|
|
|
|
private Dictionary<string, object> items;
|
|
|
|
|
public Dictionary<string, object> Items => items ?? (items = new Dictionary<string, object>());
|
|
|
|
|
|
|
|
|
|
private string responseContentType;
|
|
|
|
|
public string ResponseContentType
|
|
|
|
|
{
|
|
|
|
|
get =>
|
|
|
|
|
responseContentType
|
|
|
|
|
?? (responseContentType = GetResponseContentType(HttpRequest));
|
|
|
|
|
set => this.responseContentType = value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public const string FormUrlEncoded = "application/x-www-form-urlencoded";
|
|
|
|
|
public const string MultiPartFormData = "multipart/form-data";
|
|
|
|
|
public static string GetResponseContentType(HttpRequest httpReq)
|
|
|
|
|
{
|
|
|
|
|
var specifiedContentType = GetQueryStringContentType(httpReq);
|
|
|
|
|
if (!string.IsNullOrEmpty(specifiedContentType))
|
|
|
|
|
{
|
|
|
|
|
return specifiedContentType;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const string serverDefaultContentType = "application/json";
|
|
|
|
|
|
2019-02-26 08:09:42 +01:00
|
|
|
var acceptContentTypes = httpReq.Headers.GetCommaSeparatedValues(HeaderNames.Accept);
|
2019-02-25 23:34:32 +01:00
|
|
|
string defaultContentType = null;
|
|
|
|
|
if (HasAnyOfContentTypes(httpReq, FormUrlEncoded, MultiPartFormData))
|
|
|
|
|
{
|
|
|
|
|
defaultContentType = serverDefaultContentType;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var acceptsAnything = false;
|
|
|
|
|
var hasDefaultContentType = defaultContentType != null;
|
|
|
|
|
if (acceptContentTypes != null)
|
|
|
|
|
{
|
|
|
|
|
foreach (var acceptsType in acceptContentTypes)
|
|
|
|
|
{
|
|
|
|
|
// TODO: @bond move to Span when Span.Split lands
|
|
|
|
|
// https://github.com/dotnet/corefx/issues/26528
|
|
|
|
|
var contentType = acceptsType?.Split(';')[0].Trim();
|
|
|
|
|
acceptsAnything = contentType.Equals("*/*", StringComparison.OrdinalIgnoreCase);
|
|
|
|
|
|
|
|
|
|
if (acceptsAnything)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (acceptsAnything)
|
|
|
|
|
{
|
|
|
|
|
if (hasDefaultContentType)
|
|
|
|
|
{
|
|
|
|
|
return defaultContentType;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return serverDefaultContentType;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (acceptContentTypes == null && httpReq.ContentType == Soap11)
|
|
|
|
|
{
|
|
|
|
|
return Soap11;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We could also send a '406 Not Acceptable', but this is allowed also
|
|
|
|
|
return serverDefaultContentType;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public const string Soap11 = "text/xml; charset=utf-8";
|
|
|
|
|
|
|
|
|
|
public static bool HasAnyOfContentTypes(HttpRequest request, params string[] contentTypes)
|
|
|
|
|
{
|
|
|
|
|
if (contentTypes == null || request.ContentType == null)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach (var contentType in contentTypes)
|
|
|
|
|
{
|
|
|
|
|
if (IsContentType(request, contentType))
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static bool IsContentType(HttpRequest request, string contentType)
|
|
|
|
|
{
|
|
|
|
|
return request.ContentType.StartsWith(contentType, StringComparison.OrdinalIgnoreCase);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static string GetQueryStringContentType(HttpRequest httpReq)
|
|
|
|
|
{
|
2019-02-26 22:40:25 +01:00
|
|
|
ReadOnlySpan<char> format = httpReq.Query["format"].ToString().AsSpan();
|
2019-02-25 23:34:32 +01:00
|
|
|
if (format == null)
|
|
|
|
|
{
|
|
|
|
|
const int formatMaxLength = 4;
|
2019-02-26 22:40:25 +01:00
|
|
|
ReadOnlySpan<char> pi = httpReq.Path.ToString().AsSpan();
|
2019-02-25 23:34:32 +01:00
|
|
|
if (pi == null || pi.Length <= formatMaxLength)
|
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pi[0] == '/')
|
|
|
|
|
{
|
2019-02-26 22:40:25 +01:00
|
|
|
pi = pi.Slice(1);
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
format = LeftPart(pi, '/');
|
|
|
|
|
if (format.Length > formatMaxLength)
|
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
format = LeftPart(format, '.');
|
2019-02-26 22:40:25 +01:00
|
|
|
if (format.Contains("json".AsSpan(), StringComparison.OrdinalIgnoreCase))
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
|
|
|
|
return "application/json";
|
|
|
|
|
}
|
2019-02-26 22:40:25 +01:00
|
|
|
else if (format.Contains("xml".AsSpan(), StringComparison.OrdinalIgnoreCase))
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
|
|
|
|
return "application/xml";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-26 22:40:25 +01:00
|
|
|
public static ReadOnlySpan<char> LeftPart(ReadOnlySpan<char> strVal, char needle)
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
|
|
|
|
if (strVal == null)
|
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-26 22:40:25 +01:00
|
|
|
var pos = strVal.IndexOf(needle);
|
2019-02-25 23:34:32 +01:00
|
|
|
return pos == -1 ? strVal : strVal.Slice(0, pos);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-09 20:19:27 +02:00
|
|
|
public string PathInfo => this.request.Path.Value;
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
public string UserAgent => request.Headers[HeaderNames.UserAgent];
|
|
|
|
|
|
2019-02-27 14:23:39 +01:00
|
|
|
public IHeaderDictionary Headers => request.Headers;
|
2019-02-25 23:34:32 +01:00
|
|
|
|
2019-02-27 14:23:39 +01:00
|
|
|
public IQueryCollection QueryString => request.Query;
|
2019-02-25 23:34:32 +01:00
|
|
|
|
2019-02-26 08:09:42 +01:00
|
|
|
public bool IsLocal => string.Equals(request.HttpContext.Connection.LocalIpAddress.ToString(), request.HttpContext.Connection.RemoteIpAddress.ToString());
|
2019-02-25 23:34:32 +01:00
|
|
|
|
|
|
|
|
private string httpMethod;
|
|
|
|
|
public string HttpMethod =>
|
|
|
|
|
httpMethod
|
|
|
|
|
?? (httpMethod = request.Method);
|
|
|
|
|
|
|
|
|
|
public string Verb => HttpMethod;
|
|
|
|
|
|
|
|
|
|
public string ContentType => request.ContentType;
|
|
|
|
|
|
2019-03-03 13:54:14 +01:00
|
|
|
private Encoding ContentEncoding
|
2019-02-25 23:34:32 +01:00
|
|
|
{
|
2019-03-03 13:54:14 +01:00
|
|
|
get
|
|
|
|
|
{
|
|
|
|
|
// TODO is this necessary?
|
|
|
|
|
if (UserAgent != null && CultureInfo.InvariantCulture.CompareInfo.IsPrefix(UserAgent, "UP"))
|
|
|
|
|
{
|
|
|
|
|
string postDataCharset = Headers["x-up-devcap-post-charset"];
|
|
|
|
|
if (!string.IsNullOrEmpty(postDataCharset))
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
return Encoding.GetEncoding(postDataCharset);
|
|
|
|
|
}
|
|
|
|
|
catch (ArgumentException)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return request.GetTypedHeaders().ContentType.Encoding ?? Encoding.UTF8;
|
|
|
|
|
}
|
2019-02-25 23:34:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public Uri UrlReferrer => request.GetTypedHeaders().Referer;
|
|
|
|
|
|
|
|
|
|
public static Encoding GetEncoding(string contentTypeHeader)
|
|
|
|
|
{
|
2019-03-07 20:16:51 +01:00
|
|
|
var param = GetParameter(contentTypeHeader.AsSpan(), "charset=");
|
2019-02-25 23:34:32 +01:00
|
|
|
if (param == null)
|
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
return Encoding.GetEncoding(param);
|
|
|
|
|
}
|
|
|
|
|
catch (ArgumentException)
|
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public Stream InputStream => request.Body;
|
|
|
|
|
|
|
|
|
|
public long ContentLength => request.ContentLength ?? 0;
|
|
|
|
|
|
|
|
|
|
private IHttpFile[] httpFiles;
|
|
|
|
|
public IHttpFile[] Files
|
|
|
|
|
{
|
|
|
|
|
get
|
|
|
|
|
{
|
|
|
|
|
if (httpFiles == null)
|
|
|
|
|
{
|
|
|
|
|
if (files == null)
|
|
|
|
|
{
|
|
|
|
|
return httpFiles = Array.Empty<IHttpFile>();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
httpFiles = new IHttpFile[files.Count];
|
|
|
|
|
var i = 0;
|
|
|
|
|
foreach (var pair in files)
|
|
|
|
|
{
|
|
|
|
|
var reqFile = pair.Value;
|
|
|
|
|
httpFiles[i] = new HttpFile
|
|
|
|
|
{
|
|
|
|
|
ContentType = reqFile.ContentType,
|
|
|
|
|
ContentLength = reqFile.ContentLength,
|
|
|
|
|
FileName = reqFile.FileName,
|
|
|
|
|
InputStream = reqFile.InputStream,
|
|
|
|
|
};
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return httpFiles;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
