X-Git-Url: https://git.plutz.net/?p=confetti;a=blobdiff_plain;f=cgilite%2Fcgilite.sh;h=f766ee2a425591245926952a5b961dde86cac4ee;hp=506e2f9f146c13919e65a9bbbd844391b96bbe9d;hb=5ab459e666f2526f671fe222cd1646a4e6798b27;hpb=3c6444860aab3376e3b888f9d9b56e8efdaa03dc diff --git a/cgilite/cgilite.sh b/cgilite/cgilite.sh new file mode 100755 index 0000000..f766ee2 --- /dev/null +++ b/cgilite/cgilite.sh @@ -0,0 +1,268 @@ +#!/bin/sh + +# Copyright 2017 - 2020 Paul Hänsch +# +# This is CGIlite. +# A collection of posix shell functions for writing CGI scripts. +# +# CGIlite is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# CGIlite is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with CGIlite. If not, see . + +[ -n "$include_cgilite" ] && return 0 +# guard set after webserver part + +# ksh and zsh workaround +# set -o posix # ksh, not portable +setopt -o OCTAL_ZEROES 2>&- + +CR=" " +BR=' +' +cgilite_timeout=2 + +PATH(){ + local str seg out + [ $# -eq 0 ] && str="$(cat)" || str="$*" + while [ "$str" ]; do + seg=${str%%/*}; str="${str#*/}" + case $seg in + ..) out="${out%/}"; out="${out%/*}/";; + .|'') out="${out%/}/";; + *) out="${out%/}/${seg}";; + esac; + [ "$seg" = "$str" ] && break + done + [ "${str}" -a "${out}" ] && printf %s "$out" || printf %s/ "${out%/}" +} + +HEX_DECODE=' + s;\\;\\\\;g; :HEXDECODE_X; s;%([^0-9A-F]);\\045\1;g; tHEXDECODE_X; + # Hexadecimal { %00 - %FF } will be transformed to octal { \000 - \377 } for posix printf + s;%[0123].;&\\0;g; s;%[4567].;&\\1;g; s;%[89AB].;&\\2;g; s;%[CDEF].;&\\3;g; + s;%[048C][0-7]\\.;&0;g; s;%[048C][89A-F]\\.;&1;g; s;%[159D][0-7]\\.;&2;g; s;%[159D][89A-F]\\.;&3;g; + s;%[26AE][0-7]\\.;&4;g; s;%[26AE][89A-F]\\.;&5;g; s;%[37BF][0-7]\\.;&6;g; s;%[37BF][89A-F]\\.;&7;g; + s;%.[08](\\..);\10;g; s;%.[19](\\..);\11;g; s;%.[2A](\\..);\12;g; s;%.[3B](\\..);\13;g; + s;%.[4C](\\..);\14;g; s;%.[5D](\\..);\15;g; s;%.[6E](\\..);\16;g; s;%.[7F](\\..);\17;g; +' + +HEX_DECODE(){ + printf -- "$(printf %s "$1" |sed -E "$HEX_DECODE")" +} + +if [ -z "$REQUEST_METHOD" ]; then + # no webserver variables means we are running via inetd / ncat + # so use builtin web server + + # Use env from inetd as webserver variables + REMOTE_ADDR="${TCPREMOTEIP}" + SERVER_NAME="${TCPLOCALIP}" + SERVER_PORT="${TCPLOCALPORT}" + + # Wait 2 seconds for request or kill connection through watchdog. + # Once Request is received the watchdog will be suspended (killed). + # At the end of the loop the watchdog will be restarted to enable + # timeout for the subsequent request. + + (sleep $cgilite_timeout && kill $$) & cgilite_watchdog=$! + while read REQUEST_METHOD REQUEST_URI SERVER_PROTOCOL; do + [ "${SERVER_PROTOCOL#HTTP/1.[01]${CR}}" ] && break + kill $cgilite_watchdog + + SERVER_PROTOCOL="${SERVER_PROTOCOL%${CR}}" + PATH_INFO="$(HEX_DECODE "${REQUEST_URI%\?*}" |PATH)" + [ "${REQUEST_URI}" = "${REQUEST_URI#*\?}" ] \ + && QUERY_STRING='' \ + || QUERY_STRING="${REQUEST_URI#*\?}" + cgilite_headers=''; while read -r hl; do + hl="${hl%${CR}}"; [ "$hl" ] || break + case $hl in + 'Content-Length: '*) CONTENT_LENGTH="${hl#*: }";; + 'Content-Type: '*) CONTENT_TYPE="${hl#*: }";; + esac + cgilite_headers="${cgilite_headers}${hl}${BR}" + done + + export REMOTE_ADDR SERVER_NAME SERVER_PORT REQUEST_METHOD REQUEST_URI SERVER_PROTOCOL \ + PATH_INFO QUERY_STRING CONTENT_TYPE CONTENT_LENGTH + + # Try to serve multiple requests, provided that script serves a + # Content-Length header. + # Without Content-Length header, connection will terminate after + # script. + + cgilite_status='200 OK'; cgilite_response=''; cgilite_cl="Connection: close${CR}${BR}"; + . "$0" | while read -r l; do case $l in + Status:*) + cgilite_status="${l#Status: }";; + Content-Length:*) + cgilite_cl="" + cgilite_response="${cgilite_response:+${cgilite_response}${BR}}${l}";; + Connection:*) + cgilite_cl="${l}${BR}";; + $CR) printf '%s %s\r\n%s%s\r\n' \ + 'HTTP/1.1' "${cgilite_status%${CR}}" \ + "${cgilite_response}${cgilite_response:+${BR}}" "${cgilite_cl}" + cat || kill $$ + [ "${cgilite_cl#Connection}" = "${cgilite_cl}" ]; exit;; + *) cgilite_response="${cgilite_response:+${cgilite_response}${BR}}${l}";; + esac; done || exit 0; + (sleep $cgilite_timeout && kill $$) & cgilite_watchdog=$! + done + kill $cgilite_watchdog + exit 0 +fi + +include_cgilite="$0" + +if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \ + "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then + cgilite_post="$(head -c "$CONTENT_LENGTH")" +fi + +debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; } +[ "${DEBUG+x}" ] && env >&2 + +cgilite_count(){ + printf %s "&$1" \ + | grep -oE '&'"$2"'=[^&]*' \ + | wc -l +} + +cgilite_value(){ + local str="&$1" name="$2" cnt="${3:-1}" + while [ $cnt -gt 0 ]; do + [ "${str}" = "${str#*&${name}=}" ] && return 1 + str="${str#*&${name}=}" + cnt=$((cnt - 1)) + done + printf -- "$(printf %s "${str%%&*}" |sed -E 's;\+; ;g;'"$HEX_DECODE")" +} + +cgilite_keys(){ + local str="&$1" + while [ "${str#*&}" != "${str}" ]; do + str="${str#*&}" + printf '%s\n' "${str%%=*}" + done \ + | sort -u +} + +GET(){ cgilite_value "${QUERY_STRING}" $@; } +GET_COUNT(){ cgilite_count "${QUERY_STRING}" $1; } +GET_KEYS(){ cgilite_keys "${QUERY_STRING}"; } + +POST(){ cgilite_value "${cgilite_post}" $@; } +POST_COUNT(){ cgilite_count "${cgilite_post}" $1; } +POST_KEYS(){ cgilite_keys "${cgilite_post}"; } + +REF(){ cgilite_value "${HTTP_REFERER#*\?}" $@; } +REF_COUNT(){ cgilite_count "${HTTP_REFERER#*\?}" $1; } +REF_KEYS(){ cgilite_keys "${HTTP_REFERER#*\?}"; } + +HEADER(){ + # Read value of header line. Use this instead of + # referencing HTTP_* environment variables. + if [ -n "${cgilite_headers+x}" ]; then + local str="${BR}${cgilite_headers}" + [ "${str}" = "${str#*${BR}${1}: }" ] && return 1 + str="${str#*${BR}${1}: }" + printf %s "${str%%${BR}*}" + else + local var="HTTP_$(printf %s "$1" |tr a-z- A-Z-)" + eval "[ \"\$$var\" ] && printf %s \"\$$var\" || return 1" + # eval "printf %s \"\$HTTP_$(printf %s "${1}" |tr a-z A-Z |tr -c A-Z _)\"" + fi +} + +COOKIE(){ + HEX_DECODE "$( + HEADER Cookie \ + | grep -oE '(^|; ?)'"$1"'=[^;]*' \ + | sed -En "${2:-1}"'{s;^[^=]+=;;; s;\+; ;g; p;}' + )" +} + +HTML(){ + # Escape HTML cahracters + # Also escape [, ], and \n for use in html-sh + local str out + [ $# -eq 0 ] && str="$(cat)" || str="$*" + while [ "$str" ]; do + case $str in + \&*) out="${out}&";; + \<*) out="${out}<";; + \>*) out="${out}>";; + \"*) out="${out}"";; + \'*) out="${out}'";; + \[*) out="${out}[";; + \]*) out="${out}]";; + "${CR}"*) out="${out} ";; + "${BR}"*) out="${out} ";; + *) out="${out}${str%"${str#?}"}";; + esac + str="${str#?}" + done + printf %s "$out" +} + +URL(){ + # Escape pathes, so they can be used in link tags and HTTP Headers + local str out + [ $# -eq 0 ] && str="$(cat)" || str="$*" + while [ "$str" ]; do + case $str in + \&*) out="${out}%26";; + \"*) out="${out}%22";; + \'*) out="${out}%27";; + \?*) out="${out}%3F";; + \#*) out="${out}%23";; + \[*) out="${out}%5B";; + \]*) out="${out}%5D";; + \ *) out="${out}%20";; + " "*) out="${out}%09";; + "${CR}"*) out="${out}%0D";; + "${BR}"*) out="${out}%0A";; + %*) out="${out}%25";; + *) out="${out}${str%"${str#?}"}";; + esac + str="${str#?}" + done + printf %s "$out" +} + +SET_COOKIE(){ + # Param: session | +seconds | [date] + # Param: name=value + # Param: Path= | Domain= | Secure + local expire cookie + case "$1" in + ''|0|session) expire='';; + [+-][0-9]*) expire="$(date -R -d @$(($(date +%s) + $1)))";; + *) expire="$(date -R -d "$1")";; + esac + cookie="$2" + + printf 'Set-Cookie: %s; HttpOnly; SameSite=Lax' "$cookie" + [ -n "$expire" ] && printf '; Expires=%s' "${expire%+????}${expire:+GMT}" + [ $# -ge 3 ] && shift 2 && printf '; %s' "$@" + printf '\r\n' +} + +REDIRECT(){ + printf '%s: %s\r\n' \ + Status "303 See Other" \ + Content-Length 0 \ + Location "$*" + printf '\r\n' + exit 0 +}