;;; http server in the Scheme Shell -*- Scheme -*- ;;; This file is part of the Scheme Untergrund Networking package. ;;; For copyright information, see the file COPYING which comes with ;;; the distribution. ;;; This file implements the core of an HTTP server: code to establish ;;; net connections, read and parse requests, and handler errors. ;;; It does not have the code to actually handle requests. That's up ;;; to other modules, and could vary from server to server. To build ;;; a complete server, you need to define request handlers (see below) -- ;;; they determine how requests are to be handled. ;;; ;;; See RFC 2616 for the specification of the HTTP/1.1 protocol. ;;; ;;; The server is compatible with previous versions of HTTP in the way ;;; described in RFC 2616 19.6. See RFC 1945 for the specification of ;;; HTTP/1.0 and 0.9. (define (httpd options) (let ((port (httpd-options-port options)) (root-dir (httpd-options-root-directory options)) (rate-limiter (cond ((httpd-options-simultaneous-requests options) => make-rate-limiter) (else #f)))) (let-thread-fluid logging (make-logging) (lambda () (init-http-log! options) (with-syslog-destination "httpd" #f #f #f (lambda () (with-cwd root-dir (bind-prepare-listen-accept-loop protocol-family/internet (lambda () (cond ((httpd-options-post-bind-thunk options) => (lambda (thunk) (thunk))))) (lambda (sock addr) (if rate-limiter (begin (rate-limit-block rate-limiter) (rate-limit-open rate-limiter))) (with-fatal-error-handler (lambda (c decline) (http-syslog (syslog-level notice) "error during connection negotiation~%") (if rate-limiter (rate-limit-close rate-limiter))) (call-with-values (lambda () (socket-address->internet-address (socket-remote-address sock))) (lambda (host-address service-port) (if (and rate-limiter (http-syslog?)) (http-syslog (syslog-level info) "<~a>~a: concurrent request #~a~%" (pid) (format-internet-host-address host-address) (rate-limiter-current-requests rate-limiter))) (set-port-buffering (socket:outport sock) bufpol/block 4096) (fork-thread (lambda () ;; If there is buffering for the input, ;; CGI scripts don't get the full request (set-port-buffering (socket:inport sock) bufpol/none) (process-toplevel-request sock host-address options) (if (http-syslog?) (http-syslog (syslog-level debug) "<~a>~a [closing]~%" (pid) (format-internet-host-address host-address))) (with-fatal-error-handler (lambda (c decline) (if (http-syslog?) (http-syslog (syslog-level notice) "<~a>~a [error closing (~a)]~%" (pid) (format-internet-host-address host-address) c))) (close-socket sock)) (if rate-limiter (rate-limit-close rate-limiter)) (if (http-syslog?) (http-syslog (syslog-level info) "<~a>~a [closed]~%" (pid) (format-internet-host-address host-address))))))))) port)))))))) ;;; Top-level http request processor ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;; Read, parse, and handle a single http request. The only thing that makes ;;; this complicated is handling errors -- as a server, we can't just let the ;;; standard error handlers toss us into a breakpoint. We have to catch the ;;; error, send an error response back to the client if we can, and then keep ;;; on trucking. This means using the S48's condition system to catch and ;;; handle the various errors, which introduces a major point of R5RS ;;; incompatibiliy -- R5RS has no exception system. So if you were to port ;;; this code to some other Scheme, you'd really have to sit down and think ;;; about this issue for a minute. (define (process-toplevel-request sock host-address options) ;; This top-level error-handler catches *all* uncaught errors and warnings. ;; If the error condition is a reportable HTTP error, we send a response back ;; to the client. In any event, we abort the transaction, and return from ;; PROCESS-TOPLEVEL-REQUEST. ;; ;; We *oughta* map non-http-errors into replies anyway. (with-fatal-error-handler* (lambda (c decline) (http-syslog (syslog-level notice) "<~a>~a: error: ~s~%" (pid) (format-internet-host-address host-address) c) (with-fatal-error-handler* (lambda (c decline) (http-syslog (syslog-level notice) "<~a>~a [error shutting down: ~s]~%" (pid) (format-internet-host-address host-address) c)) (lambda () (shutdown-socket sock shutdown/sends+receives) (http-syslog (syslog-level info) "<~a>~a [shut down]~%" (pid) (format-internet-host-address host-address))))) (lambda () (call-with-values (lambda () (with-fatal-error-handler* (lambda (c decline) (http-syslog (syslog-level notice) "<~a>~a: error: ~s~%" (pid) (format-internet-host-address host-address) c) (cond ((http-error? c) (apply (lambda (status-code req . args) (values req (apply make-error-response status-code req args))) (condition-stuff c))) ((fatal-syntax-error? c) (values #f (apply make-error-response (status-code bad-request) #f ; No request yet. (condition-stuff c)))) ((not (and (exception? c) (eq? (exception-reason c);;?? -> (enum exception os-error))));;?? -> ;;which cases is this supposed to catch excactly? broken ;;connection to client? If so, does it work? (values #f (apply make-error-response (status-code internal-error) #f ; don't know c))) (else (decline)))) (lambda () (let ((initial-req (parse-http-request sock options))) (check-major-http-version initial-req) (check-host-header initial-req) (let redirect-loop ((req initial-req)) (let response-loop ((response ((httpd-options-request-handler options) (http-url-path (request-url req)) req))) (cond ((input-response? response) (response-loop ((input-response-body-maker response) (socket:inport sock)))) ((nph-response? response) (values req response)) ((eq? (response-code response) (status-code redirect));internal redirect (redirect-loop (redirect-request req response sock options))) (else (values req response))))))))) (lambda (req response) (send-http-response req response (socket:inport sock) (socket:outport sock) options) ))))) ;;; REDIRECT-REQUEST relies on that nothing is read out from SOCKET. (define (redirect-request req response socket options) (let* ((new-location-uri (redirect-body-location (response-body response))) (url (with-fatal-error-handler* (lambda (c decline) (if (fatal-syntax-error? c) (http-error (status-code internal-error) req (format #f "Bad redirection out from CGI program: ~%~a" (cdr c))) (decline c))) (lambda () ;; (future) NOTE: With this, a redirection may change the ;; protocol in use (currently, the server only supports one of ;; it). This might be inapplicable. (url-string->http-url new-location-uri))))) (make-request "GET" new-location-uri url (request-version req) ; did not change '() ; no rfc822 headers (request-socket req)))) ;;; Read and parse an http request from INPORT. (define (parse-http-request sock options) (let ((line (read-crlf-line (socket:inport sock)))) ;; Blat out some logging info. (if (http-syslog?) (call-with-values (lambda () (socket-address->internet-address (socket-remote-address sock))) (lambda (host-address service-port) (http-syslog (syslog-level info) "<~a>~a: ~a~%" (pid) (format-internet-host-address host-address) line)))) (if (eof-object? line) (fatal-syntax-error "EOF while parsing request.") (let* ((elts (string->words line)) ; Split at white-space. (version (case (length elts) ((2) '(0 . 9)) ((3) (parse-http-version (caddr elts))) (else (fatal-syntax-error "Bad Request Line.")))) (meth (car elts)) (request-uri (cadr elts)) (url (url-string->http-url request-uri)) (headers (if (equal? version '(0 . 9)) '() (with-fatal-error-handler (lambda (c decline) (fatal-syntax-error "Illegal RFC 822 field syntax of request headers")) (read-rfc822-headers (socket:inport sock)))))) (make-request meth request-uri url version headers sock))))) (define parse-http-version (let ((re (make-regexp "^HTTP/([0-9]+)\\.([0-9]+)$")) (lose (lambda (s) (fatal-syntax-error "Bad HTTP version" s)))) (lambda (vstring) (let ((m (regexp-exec re vstring))) (if m (cons (or (string->number (match:substring m 1) 10) (lose vstring)) (or (string->number (match:substring m 2) 10) (lose vstring))) (lose vstring)))))) ;;; check whether the request's major HTTP version is greater than the ;;; server's major HTTP version; if so, send 505 (Version not supported). (define (check-major-http-version req) (if (> (car (request-version req)) (car http-version)) (http-error (status-code version-not-supp) req))) (define (check-host-header req) (if (not (version< (request-version req) '(1 . 1))) (or (get-header (request-headers req) 'host) (http-error (status-code bad-request) req "Missing Host header")))) ;;; Split string into a list of whitespace-separated strings. ;;; This could have been trivially defined in scsh as (field-splitter " \t\n") ;;; but I hand-coded it because it's short, and I didn't want invoke the ;;; regexp machinery for something so simple. (define non-whitespace (char-set-complement char-set:whitespace)) (define (string->words s) (let recur ((start 0)) (cond ((string-index s non-whitespace start) => (lambda (start) (cond ((string-index s char-set:whitespace start) => (lambda (end) (cons (substring s start end) (recur end)))) (else (list (substring s start (string-length s))))))) (else '())))) (define (send-http-headers response port) (display (version->string http-version) port) (write-char #\space port) (display (status-code-number (response-code response)) port) (write-char #\space port) (display (or (response-message response) (status-code-message (response-code response))) port) (write-crlf port) (send-http-header-fields (list (cons 'server (string-append "Scheme Untergrund " sunet-version-identifier)) (cons 'content-type (response-mime response)) (cons 'date (rfc822-time->string (response-seconds response))) (cons 'connection "close")) port) (send-http-header-fields (response-extras response) port) (write-crlf port)) (define (send-http-response request response input-port output-port options) (cond ;;if request-record could not be built (i.e. either ;;fatal-syntax-error was called because of an erroneous request ;;line, or an server-internal error (not an os-error) occurred) ;;and therefore HTTP-version of request is not known, answer ;;with HTTP/1.0 ((not request) (send-http-headers response output-port) (display-http-body (response-body response) input-port output-port options)) ;;no CLF-logging) ((nph-response? response) (display-http-body (nph-response-body response) input-port output-port options) (http-log request (status-code ok))); guess the status code (else (if (not (v0.9-request? request)) (send-http-headers response output-port)) (if (not (or (string=? (request-method request) "HEAD") (no-body? (response-body response)))) ;; response messages which MUST NOT include a message-body (display-http-body (response-body response) input-port output-port options)) (http-log request (response-code response))))) (define (send-http-header-fields headers port) (for-each (lambda (pair) (display (car pair) port) (write-char #\: port) (display (cdr pair) port) (write-crlf port)) headers))