Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 1 | #pragma once |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 2 | |
Ed Tanous | 3ccb3ad | 2023-01-13 17:40:03 -0800 | [diff] [blame] | 3 | #include "bmcweb_config.h" |
| 4 | |
Ed Tanous | 51dae67 | 2018-09-05 16:07:32 -0700 | [diff] [blame] | 5 | #include <openssl/crypto.h> |
| 6 | |
Ed Tanous | c867a83 | 2022-03-10 14:17:00 -0800 | [diff] [blame] | 7 | #include <boost/callable_traits.hpp> |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 8 | #include <boost/url/parse.hpp> |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 9 | #include <boost/url/url.hpp> |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 10 | #include <boost/url/url_view.hpp> |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 11 | #include <boost/url/url_view_base.hpp> |
Ed Tanous | 71f2db7 | 2022-05-25 12:28:09 -0700 | [diff] [blame] | 12 | #include <nlohmann/json.hpp> |
Nan Zhou | 1d8782e | 2021-11-29 22:23:18 -0800 | [diff] [blame] | 13 | |
Ed Tanous | 9ea15c3 | 2022-01-04 14:18:22 -0800 | [diff] [blame] | 14 | #include <array> |
Ed Tanous | 74849be | 2021-02-05 09:47:47 -0800 | [diff] [blame] | 15 | #include <chrono> |
Ed Tanous | c715ec2 | 2022-03-10 15:38:01 -0800 | [diff] [blame] | 16 | #include <cstddef> |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 17 | #include <cstdint> |
Ed Tanous | 9ea15c3 | 2022-01-04 14:18:22 -0800 | [diff] [blame] | 18 | #include <ctime> |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 19 | #include <functional> |
Ed Tanous | 9896eae | 2022-07-23 15:07:33 -0700 | [diff] [blame] | 20 | #include <iomanip> |
Ed Tanous | 9ea15c3 | 2022-01-04 14:18:22 -0800 | [diff] [blame] | 21 | #include <limits> |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 22 | #include <stdexcept> |
| 23 | #include <string> |
Ed Tanous | 9ea15c3 | 2022-01-04 14:18:22 -0800 | [diff] [blame] | 24 | #include <string_view> |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 25 | #include <tuple> |
Ed Tanous | 9ea15c3 | 2022-01-04 14:18:22 -0800 | [diff] [blame] | 26 | #include <type_traits> |
| 27 | #include <utility> |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 28 | #include <variant> |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 29 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 30 | namespace crow |
| 31 | { |
Ed Tanous | 47488a9 | 2023-06-26 18:19:33 -0700 | [diff] [blame] | 32 | namespace utility |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 33 | { |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 34 | |
Ed Tanous | 9de65b3 | 2024-03-27 13:34:40 -0700 | [diff] [blame] | 35 | constexpr uint64_t getParameterTag(std::string_view url) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 36 | { |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 37 | uint64_t tagValue = 0; |
| 38 | size_t urlSegmentIndex = std::string_view::npos; |
Ed Tanous | b00dcc2 | 2021-02-23 12:52:50 -0800 | [diff] [blame] | 39 | |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 40 | for (size_t urlIndex = 0; urlIndex < url.size(); urlIndex++) |
| 41 | { |
| 42 | char character = url[urlIndex]; |
| 43 | if (character == '<') |
| 44 | { |
| 45 | if (urlSegmentIndex != std::string_view::npos) |
| 46 | { |
| 47 | return 0; |
| 48 | } |
| 49 | urlSegmentIndex = urlIndex; |
| 50 | } |
| 51 | if (character == '>') |
| 52 | { |
| 53 | if (urlSegmentIndex == std::string_view::npos) |
| 54 | { |
| 55 | return 0; |
| 56 | } |
Patrick Williams | 89492a1 | 2023-05-10 07:51:34 -0500 | [diff] [blame] | 57 | std::string_view tag = url.substr(urlSegmentIndex, |
| 58 | urlIndex + 1 - urlSegmentIndex); |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 59 | |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 60 | if (tag == "<str>" || tag == "<string>") |
| 61 | { |
Ed Tanous | d9e89df | 2024-03-27 14:08:59 -0700 | [diff] [blame] | 62 | tagValue++; |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 63 | } |
| 64 | if (tag == "<path>") |
| 65 | { |
Ed Tanous | d9e89df | 2024-03-27 14:08:59 -0700 | [diff] [blame] | 66 | tagValue++; |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 67 | } |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 68 | urlSegmentIndex = std::string_view::npos; |
| 69 | } |
| 70 | } |
| 71 | if (urlSegmentIndex != std::string_view::npos) |
Ed Tanous | 988403c | 2020-08-24 11:29:49 -0700 | [diff] [blame] | 72 | { |
| 73 | return 0; |
| 74 | } |
Ed Tanous | 1c30e50 | 2022-03-08 18:02:24 -0800 | [diff] [blame] | 75 | return tagValue; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 76 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 77 | |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 78 | class Base64Encoder |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 79 | { |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 80 | char overflow1 = '\0'; |
| 81 | char overflow2 = '\0'; |
| 82 | uint8_t overflowCount = 0; |
| 83 | |
| 84 | constexpr static std::array<char, 64> key = { |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 85 | 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', |
| 86 | 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', |
| 87 | 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', |
| 88 | 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', |
| 89 | '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'}; |
| 90 | |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 91 | // Takes 3 ascii chars, and encodes them as 4 base64 chars |
| 92 | static void encodeTriple(char first, char second, char third, |
| 93 | std::string& output) |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 94 | { |
Ed Tanous | 543f440 | 2022-01-06 13:12:53 -0800 | [diff] [blame] | 95 | size_t keyIndex = 0; |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 96 | |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 97 | keyIndex = static_cast<size_t>(first & 0xFC) >> 2; |
| 98 | output += key[keyIndex]; |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 99 | |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 100 | keyIndex = static_cast<size_t>(first & 0x03) << 4; |
| 101 | keyIndex += static_cast<size_t>(second & 0xF0) >> 4; |
| 102 | output += key[keyIndex]; |
| 103 | |
| 104 | keyIndex = static_cast<size_t>(second & 0x0F) << 2; |
| 105 | keyIndex += static_cast<size_t>(third & 0xC0) >> 6; |
| 106 | output += key[keyIndex]; |
| 107 | |
| 108 | keyIndex = static_cast<size_t>(third & 0x3F); |
| 109 | output += key[keyIndex]; |
| 110 | } |
| 111 | |
| 112 | public: |
| 113 | // Accepts a partial string to encode, and writes the encoded characters to |
| 114 | // the output stream. requires subsequently calling finalize to complete |
| 115 | // stream. |
| 116 | void encode(std::string_view data, std::string& output) |
| 117 | { |
| 118 | // Encode the last round of overflow chars first |
| 119 | if (overflowCount == 2) |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 120 | { |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 121 | if (!data.empty()) |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 122 | { |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 123 | encodeTriple(overflow1, overflow2, data[0], output); |
| 124 | overflowCount = 0; |
| 125 | data.remove_prefix(1); |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 126 | } |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 127 | } |
| 128 | else if (overflowCount == 1) |
| 129 | { |
| 130 | if (data.size() >= 2) |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 131 | { |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 132 | encodeTriple(overflow1, data[0], data[1], output); |
| 133 | overflowCount = 0; |
| 134 | data.remove_prefix(2); |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 135 | } |
| 136 | } |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 137 | |
| 138 | while (data.size() >= 3) |
| 139 | { |
| 140 | encodeTriple(data[0], data[1], data[2], output); |
| 141 | data.remove_prefix(3); |
| 142 | } |
| 143 | |
| 144 | if (!data.empty() && overflowCount == 0) |
| 145 | { |
| 146 | overflow1 = data[0]; |
| 147 | overflowCount++; |
| 148 | data.remove_prefix(1); |
| 149 | } |
| 150 | |
| 151 | if (!data.empty() && overflowCount == 1) |
| 152 | { |
| 153 | overflow2 = data[0]; |
| 154 | overflowCount++; |
| 155 | data.remove_prefix(1); |
| 156 | } |
| 157 | } |
| 158 | |
| 159 | // Completes a base64 output, by writing any MOD(3) characters to the |
| 160 | // output, as well as any required trailing = |
| 161 | void finalize(std::string& output) |
| 162 | { |
| 163 | if (overflowCount == 0) |
| 164 | { |
| 165 | return; |
| 166 | } |
| 167 | size_t keyIndex = static_cast<size_t>(overflow1 & 0xFC) >> 2; |
| 168 | output += key[keyIndex]; |
| 169 | |
| 170 | keyIndex = static_cast<size_t>(overflow1 & 0x03) << 4; |
| 171 | if (overflowCount == 2) |
| 172 | { |
| 173 | keyIndex += static_cast<size_t>(overflow2 & 0xF0) >> 4; |
| 174 | output += key[keyIndex]; |
| 175 | keyIndex = static_cast<size_t>(overflow2 & 0x0F) << 2; |
| 176 | output += key[keyIndex]; |
| 177 | } |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 178 | else |
| 179 | { |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 180 | output += key[keyIndex]; |
| 181 | output += '='; |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 182 | } |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 183 | output += '='; |
| 184 | overflowCount = 0; |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 185 | } |
| 186 | |
Ed Tanous | ee192c0 | 2023-12-13 10:49:58 -0800 | [diff] [blame] | 187 | // Returns the required output buffer in characters for an input of size |
| 188 | // inputSize |
| 189 | static size_t constexpr encodedSize(size_t inputSize) |
| 190 | { |
| 191 | // Base64 encodes 3 character blocks as 4 character blocks |
| 192 | // With a possibility of 2 trailing = characters |
| 193 | return (inputSize + 2) / 3 * 4; |
| 194 | } |
| 195 | }; |
| 196 | |
| 197 | inline std::string base64encode(std::string_view data) |
| 198 | { |
| 199 | // Encodes a 3 character stream into a 4 character stream |
| 200 | std::string out; |
| 201 | Base64Encoder base64; |
| 202 | out.reserve(Base64Encoder::encodedSize(data.size())); |
| 203 | base64.encode(data, out); |
| 204 | base64.finalize(out); |
| 205 | return out; |
Adriana Kobylak | d830ff5 | 2021-01-27 14:15:27 -0600 | [diff] [blame] | 206 | } |
| 207 | |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 208 | // TODO this is temporary and should be deleted once base64 is refactored out of |
| 209 | // crow |
Ed Tanous | 26ccae3 | 2023-02-16 10:28:44 -0800 | [diff] [blame] | 210 | inline bool base64Decode(std::string_view input, std::string& output) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 211 | { |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 212 | static const char nop = static_cast<char>(-1); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 213 | // See note on encoding_data[] in above function |
Jonathan Doman | 5beaf84 | 2020-08-14 11:23:33 -0700 | [diff] [blame] | 214 | static const std::array<char, 256> decodingData = { |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 215 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 216 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 217 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 218 | nop, 62, nop, nop, nop, 63, 52, 53, 54, 55, 56, 57, 58, 59, |
| 219 | 60, 61, nop, nop, nop, nop, nop, nop, nop, 0, 1, 2, 3, 4, |
| 220 | 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, |
| 221 | 19, 20, 21, 22, 23, 24, 25, nop, nop, nop, nop, nop, nop, 26, |
| 222 | 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, |
| 223 | 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, nop, nop, nop, |
| 224 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 225 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 226 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 227 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 228 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 229 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 230 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 231 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 232 | nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, |
| 233 | nop, nop, nop, nop}; |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 234 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 235 | size_t inputLength = input.size(); |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 236 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 237 | // allocate space for output string |
| 238 | output.clear(); |
| 239 | output.reserve(((inputLength + 2) / 3) * 4); |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 240 | |
Jonathan Doman | 5beaf84 | 2020-08-14 11:23:33 -0700 | [diff] [blame] | 241 | auto getCodeValue = [](char c) { |
| 242 | auto code = static_cast<unsigned char>(c); |
| 243 | // Ensure we cannot index outside the bounds of the decoding array |
| 244 | static_assert(std::numeric_limits<decltype(code)>::max() < |
| 245 | decodingData.size()); |
| 246 | return decodingData[code]; |
| 247 | }; |
| 248 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 249 | // for each 4-bytes sequence from the input, extract 4 6-bits sequences by |
Gunnar Mills | caa3ce3 | 2020-07-08 14:46:53 -0500 | [diff] [blame] | 250 | // dropping first two bits |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 251 | // and regenerate into 3 8-bits sequences |
James Feist | 5a80664 | 2020-07-31 16:40:33 +0000 | [diff] [blame] | 252 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 253 | for (size_t i = 0; i < inputLength; i++) |
| 254 | { |
Ed Tanous | 543f440 | 2022-01-06 13:12:53 -0800 | [diff] [blame] | 255 | char base64code0 = 0; |
| 256 | char base64code1 = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 257 | char base64code2 = 0; // initialized to 0 to suppress warnings |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 258 | |
Jonathan Doman | 5beaf84 | 2020-08-14 11:23:33 -0700 | [diff] [blame] | 259 | base64code0 = getCodeValue(input[i]); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 260 | if (base64code0 == nop) |
| 261 | { // non base64 character |
| 262 | return false; |
| 263 | } |
| 264 | if (!(++i < inputLength)) |
| 265 | { // we need at least two input bytes for first |
| 266 | // byte output |
| 267 | return false; |
| 268 | } |
Jonathan Doman | 5beaf84 | 2020-08-14 11:23:33 -0700 | [diff] [blame] | 269 | base64code1 = getCodeValue(input[i]); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 270 | if (base64code1 == nop) |
| 271 | { // non base64 character |
| 272 | return false; |
| 273 | } |
| 274 | output += |
| 275 | static_cast<char>((base64code0 << 2) | ((base64code1 >> 4) & 0x3)); |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 276 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 277 | if (++i < inputLength) |
| 278 | { |
| 279 | char c = input[i]; |
| 280 | if (c == '=') |
| 281 | { // padding , end of input |
| 282 | return (base64code1 & 0x0f) == 0; |
| 283 | } |
Jonathan Doman | 5beaf84 | 2020-08-14 11:23:33 -0700 | [diff] [blame] | 284 | base64code2 = getCodeValue(input[i]); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 285 | if (base64code2 == nop) |
| 286 | { // non base64 character |
| 287 | return false; |
| 288 | } |
| 289 | output += static_cast<char>(((base64code1 << 4) & 0xf0) | |
| 290 | ((base64code2 >> 2) & 0x0f)); |
| 291 | } |
| 292 | |
| 293 | if (++i < inputLength) |
| 294 | { |
| 295 | char c = input[i]; |
| 296 | if (c == '=') |
| 297 | { // padding , end of input |
| 298 | return (base64code2 & 0x03) == 0; |
| 299 | } |
Ed Tanous | f8fe53e | 2022-06-30 15:55:45 -0700 | [diff] [blame] | 300 | char base64code3 = getCodeValue(input[i]); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 301 | if (base64code3 == nop) |
| 302 | { // non base64 character |
| 303 | return false; |
| 304 | } |
| 305 | output += |
| 306 | static_cast<char>((((base64code2 << 6) & 0xc0) | base64code3)); |
| 307 | } |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 308 | } |
| 309 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 310 | return true; |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 311 | } |
| 312 | |
Ed Tanous | 26ccae3 | 2023-02-16 10:28:44 -0800 | [diff] [blame] | 313 | inline bool constantTimeStringCompare(std::string_view a, std::string_view b) |
Ed Tanous | 51dae67 | 2018-09-05 16:07:32 -0700 | [diff] [blame] | 314 | { |
| 315 | // Important note, this function is ONLY constant time if the two input |
| 316 | // sizes are the same |
| 317 | if (a.size() != b.size()) |
| 318 | { |
| 319 | return false; |
| 320 | } |
| 321 | return CRYPTO_memcmp(a.data(), b.data(), a.size()) == 0; |
| 322 | } |
| 323 | |
| 324 | struct ConstantTimeCompare |
| 325 | { |
Ed Tanous | 26ccae3 | 2023-02-16 10:28:44 -0800 | [diff] [blame] | 326 | bool operator()(std::string_view a, std::string_view b) const |
Ed Tanous | 51dae67 | 2018-09-05 16:07:32 -0700 | [diff] [blame] | 327 | { |
| 328 | return constantTimeStringCompare(a, b); |
| 329 | } |
| 330 | }; |
| 331 | |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 332 | namespace details |
| 333 | { |
| 334 | inline boost::urls::url |
Willy Tu | c6bcedc | 2022-09-27 05:36:59 +0000 | [diff] [blame] | 335 | appendUrlPieces(boost::urls::url& url, |
| 336 | const std::initializer_list<std::string_view> args) |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 337 | { |
Ed Tanous | 26ccae3 | 2023-02-16 10:28:44 -0800 | [diff] [blame] | 338 | for (std::string_view arg : args) |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 339 | { |
| 340 | url.segments().push_back(arg); |
| 341 | } |
| 342 | return url; |
| 343 | } |
Willy Tu | c6bcedc | 2022-09-27 05:36:59 +0000 | [diff] [blame] | 344 | |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 345 | } // namespace details |
| 346 | |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 347 | class OrMorePaths |
| 348 | {}; |
| 349 | |
Ed Tanous | eae855c | 2021-10-26 11:26:02 -0700 | [diff] [blame] | 350 | template <typename... AV> |
Willy Tu | c6bcedc | 2022-09-27 05:36:59 +0000 | [diff] [blame] | 351 | inline void appendUrlPieces(boost::urls::url& url, const AV... args) |
| 352 | { |
| 353 | details::appendUrlPieces(url, {args...}); |
| 354 | } |
| 355 | |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 356 | namespace details |
| 357 | { |
| 358 | |
| 359 | // std::reference_wrapper<std::string> - extracts segment to variable |
| 360 | // std::string_view - checks if segment is equal to variable |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 361 | using UrlSegment = std::variant<std::reference_wrapper<std::string>, |
| 362 | std::string_view, OrMorePaths>; |
| 363 | |
| 364 | enum class UrlParseResult |
| 365 | { |
| 366 | Continue, |
| 367 | Fail, |
| 368 | Done, |
| 369 | }; |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 370 | |
| 371 | class UrlSegmentMatcherVisitor |
| 372 | { |
| 373 | public: |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 374 | UrlParseResult operator()(std::string& output) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 375 | { |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 376 | output = segment; |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 377 | return UrlParseResult::Continue; |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 378 | } |
| 379 | |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 380 | UrlParseResult operator()(std::string_view expected) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 381 | { |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 382 | if (segment == expected) |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 383 | { |
| 384 | return UrlParseResult::Continue; |
| 385 | } |
| 386 | return UrlParseResult::Fail; |
| 387 | } |
| 388 | |
| 389 | UrlParseResult operator()(OrMorePaths /*unused*/) |
| 390 | { |
| 391 | return UrlParseResult::Done; |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 392 | } |
| 393 | |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 394 | explicit UrlSegmentMatcherVisitor(std::string_view segmentIn) : |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 395 | segment(segmentIn) |
| 396 | {} |
| 397 | |
| 398 | private: |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 399 | std::string_view segment; |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 400 | }; |
| 401 | |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 402 | inline bool readUrlSegments(const boost::urls::url_view_base& url, |
Ed Tanous | 5be2b14 | 2024-03-27 15:27:04 -0700 | [diff] [blame] | 403 | std::initializer_list<UrlSegment> segments) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 404 | { |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 405 | const boost::urls::segments_view& urlSegments = url.segments(); |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 406 | |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 407 | if (!urlSegments.is_absolute()) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 408 | { |
| 409 | return false; |
| 410 | } |
| 411 | |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 412 | boost::urls::segments_view::const_iterator it = urlSegments.begin(); |
| 413 | boost::urls::segments_view::const_iterator end = urlSegments.end(); |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 414 | |
| 415 | for (const auto& segment : segments) |
| 416 | { |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 417 | if (it == end) |
| 418 | { |
| 419 | // If the request ends with an "any" path, this was successful |
| 420 | return std::holds_alternative<OrMorePaths>(segment); |
| 421 | } |
| 422 | UrlParseResult res = std::visit(UrlSegmentMatcherVisitor(*it), segment); |
| 423 | if (res == UrlParseResult::Done) |
| 424 | { |
| 425 | return true; |
| 426 | } |
| 427 | if (res == UrlParseResult::Fail) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 428 | { |
| 429 | return false; |
| 430 | } |
| 431 | it++; |
| 432 | } |
Carson Labrado | 4c30e22 | 2022-06-24 22:16:00 +0000 | [diff] [blame] | 433 | |
| 434 | // There will be an empty segment at the end if the URI ends with a "/" |
| 435 | // e.g. /redfish/v1/Chassis/ |
| 436 | if ((it != end) && urlSegments.back().empty()) |
| 437 | { |
| 438 | it++; |
| 439 | } |
Ed Tanous | 7f8d8fa | 2022-08-19 07:00:38 -0700 | [diff] [blame] | 440 | return it == end; |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 441 | } |
| 442 | |
| 443 | } // namespace details |
| 444 | |
| 445 | template <typename... Args> |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 446 | inline bool readUrlSegments(const boost::urls::url_view_base& url, |
| 447 | Args&&... args) |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 448 | { |
Ed Tanous | 39662a3 | 2023-02-06 15:09:46 -0800 | [diff] [blame] | 449 | return details::readUrlSegments(url, {std::forward<Args>(args)...}); |
Szymon Dompke | ca1600c | 2022-03-03 14:42:52 +0100 | [diff] [blame] | 450 | } |
| 451 | |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 452 | inline boost::urls::url |
| 453 | replaceUrlSegment(const boost::urls::url_view_base& urlView, |
| 454 | const uint replaceLoc, std::string_view newSegment) |
Carson Labrado | 1c0bb5c | 2022-05-18 00:12:52 +0000 | [diff] [blame] | 455 | { |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 456 | const boost::urls::segments_view& urlSegments = urlView.segments(); |
Carson Labrado | 1c0bb5c | 2022-05-18 00:12:52 +0000 | [diff] [blame] | 457 | boost::urls::url url("/"); |
| 458 | |
| 459 | if (!urlSegments.is_absolute()) |
| 460 | { |
| 461 | return url; |
| 462 | } |
| 463 | |
| 464 | boost::urls::segments_view::iterator it = urlSegments.begin(); |
| 465 | boost::urls::segments_view::iterator end = urlSegments.end(); |
| 466 | |
| 467 | for (uint idx = 0; it != end; it++, idx++) |
| 468 | { |
| 469 | if (idx == replaceLoc) |
| 470 | { |
| 471 | url.segments().push_back(newSegment); |
| 472 | } |
| 473 | else |
| 474 | { |
| 475 | url.segments().push_back(*it); |
| 476 | } |
| 477 | } |
| 478 | |
| 479 | return url; |
| 480 | } |
| 481 | |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 482 | inline void setProtocolDefaults(boost::urls::url& url, |
| 483 | std::string_view protocol) |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 484 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 485 | if (url.has_scheme()) |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 486 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 487 | return; |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 488 | } |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 489 | if (protocol == "Redfish" || protocol.empty()) |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 490 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 491 | if (url.port_number() == 443) |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 492 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 493 | url.set_scheme("https"); |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 494 | } |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 495 | if (url.port_number() == 80) |
| 496 | { |
| 497 | if (bmcwebInsecureEnableHttpPushStyleEventing) |
| 498 | { |
| 499 | url.set_scheme("http"); |
| 500 | } |
| 501 | } |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 502 | } |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 503 | else if (protocol == "SNMPv2c") |
Chicago Duan | 3d30708 | 2020-11-26 14:12:12 +0800 | [diff] [blame] | 504 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 505 | url.set_scheme("snmp"); |
Chicago Duan | 3d30708 | 2020-11-26 14:12:12 +0800 | [diff] [blame] | 506 | } |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 507 | } |
| 508 | |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 509 | inline void setPortDefaults(boost::urls::url& url) |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 510 | { |
| 511 | uint16_t port = url.port_number(); |
| 512 | if (port != 0) |
| 513 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 514 | return; |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 515 | } |
| 516 | |
| 517 | // If the user hasn't explicitly stated a port, pick one explicitly for them |
| 518 | // based on the protocol defaults |
| 519 | if (url.scheme() == "http") |
| 520 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 521 | url.set_port_number(80); |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 522 | } |
| 523 | if (url.scheme() == "https") |
| 524 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 525 | url.set_port_number(443); |
Ed Tanous | eb1c47d | 2022-02-09 11:47:27 -0800 | [diff] [blame] | 526 | } |
Chicago Duan | 3d30708 | 2020-11-26 14:12:12 +0800 | [diff] [blame] | 527 | if (url.scheme() == "snmp") |
| 528 | { |
Ed Tanous | a716aa7 | 2023-08-01 11:35:53 -0700 | [diff] [blame] | 529 | url.set_port_number(162); |
Chicago Duan | 3d30708 | 2020-11-26 14:12:12 +0800 | [diff] [blame] | 530 | } |
Ed Tanous | 11baefe | 2022-02-09 12:14:12 -0800 | [diff] [blame] | 531 | } |
| 532 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 533 | } // namespace utility |
| 534 | } // namespace crow |
Ed Tanous | 71f2db7 | 2022-05-25 12:28:09 -0700 | [diff] [blame] | 535 | |
| 536 | namespace nlohmann |
| 537 | { |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 538 | template <std::derived_from<boost::urls::url_view_base> URL> |
| 539 | struct adl_serializer<URL> |
Ed Tanous | 71f2db7 | 2022-05-25 12:28:09 -0700 | [diff] [blame] | 540 | { |
| 541 | // NOLINTNEXTLINE(readability-identifier-naming) |
Ed Tanous | 4a7fbef | 2024-04-06 16:03:49 -0700 | [diff] [blame^] | 542 | static void to_json(json& j, const URL& url) |
Ed Tanous | 71f2db7 | 2022-05-25 12:28:09 -0700 | [diff] [blame] | 543 | { |
Ed Tanous | 079360a | 2022-06-29 10:05:19 -0700 | [diff] [blame] | 544 | j = url.buffer(); |
Ed Tanous | 71f2db7 | 2022-05-25 12:28:09 -0700 | [diff] [blame] | 545 | } |
| 546 | }; |
| 547 | } // namespace nlohmann |