multi.ml1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306(*********************************************************************************) (* Stog *) (* *) (* Copyright (C) 2012-2024 INRIA All rights reserved. *) (* Author: Maxence Guesdon, INRIA Saclay *) (* *) (* This program is free software; you can redistribute it and/or modify *) (* it under the terms of the GNU General Public License as *) (* published by the Free Software Foundation, version 3 of the License. *) (* *) (* This program is distributed in the hope that it will be useful, *) (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) (* GNU General Public License for more details. *) (* *) (* You should have received a copy of the GNU General Public *) (* License along with this program; if not, write to the Free Software *) (* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA *) (* 02111-1307 USA *) (* *) (* As a special exception, you have permission to link this program *) (* with the OCaml compiler and distribute executables, as long as you *) (* follow the requirements of the GNU GPL in regard to all of the *) (* software in the executable aside from the OCaml compiler. *) (* *) (* Contact: Maxence.Guesdon@inria.fr *) (* *) (*********************************************************************************) (** *) open Stog.Url open Config open Stog_server_types.Types open Session open Gs module S = Cohttp_lwt_unix.Server module Request = Cohttp.Request let (>>=) = Lwt.bind module XR = Xtmpl.Rewrite let restart_previous_sessions cfg sessions = List.iter (fun session -> try prerr_endline ("restarting "^(session.session_id)); Session.start_session ?sshkey: cfg.ssh_priv_key session ; Gs.add_session session sessions with e -> prerr_endline (Printexc.to_string e) ) (Session.load_previous_sessions cfg) let add_logged gs user_token account = gs.logged := Stog.Types.Str_map.add user_token account !(gs.logged) let new_token () = Session.new_id () let = "STOGMULTILOGINTOKEN" let action_form_login app_url = let url = List.fold_left Stog.Url.concat app_url Page.path_sessions in Stog.Url.to_string url let sha256 s = Cryptokit.( let h = Hash.sha256 () in let t = Hexa.encode () in String.lowercase_ascii (transform_string t (hash_string h s)) ) let respond_page page = let body = XR.to_string page in S.respond_string ~status:`OK ~body () let handle_login_post cfg gs req body = Cohttp_lwt__.Body.to_string body >>= fun body -> let module F = Page.Form_login in match let (tmpl, form) = F.read_form (Page.param_of_body body) in try let account = List.find (fun acc -> acc.login = form.F.login) cfg.accounts in prerr_endline (Printf.sprintf "account found: %s\npasswd=%s" account.login account.passwd); let pwd = sha256 form.F.password in prerr_endline (Printf.sprintf "sha256(pwd)=%s" pwd); if pwd = String.lowercase_ascii account.passwd then account else raise Not_found with | Not_found -> raise (F.Error (tmpl, ["Invalid user/password"])) with | exception (F.Error (tmpl, errors)) -> let error_msg = Page.error_block (`Block (List.map (fun msg -> XR.node ("","div") [XR.cdata msg]) errors)) in let contents = tmpl ~error_msg ~action: (Page.url_login cfg) () in let page = Page.page cfg None ~title: "Login" contents in respond_page page | account -> let token = new_token () in add_logged gs token account; let = let path = ("/"^(String.concat "/" (Stog.Url.path cfg.http_url.priv))) in Cohttp.Cookie.Set_cookie_hdr.make ~expiration: `Session ~path ~http_only: true (token_cookie, token) in let page = User.page cfg gs account in let body = XR.to_string page in let headers = let (h,s) = Cohttp.Cookie.Set_cookie_hdr.serialize cookie in Cohttp.Header.init_with h s in S.respond_string ~headers ~status:`OK ~body () let handle_login_get cfg gs opt_user = match opt_user with Some user -> respond_page (User.page cfg gs user) | None -> let module F = Page.Form_login in let contents = F.form ~action: (Page.url_login cfg) () in let page = Page.page cfg None ~title: "Login" contents in respond_page page let req_path_from_app cfg req = let app_path = Stog.Url.path cfg.http_url.priv in let req_uri = Cohttp.Request.uri req in let req_path = Stog_base.Misc.split_string (Uri.path req_uri) ['/'] in let rec iter = function | [], p -> p | h1::q1, h2::q2 when h1 = h2 -> iter (q1, q2) | _, _ -> let msg = Printf.sprintf "bad query path: %S is not under %S" (Uri.to_string req_uri) (Stog.Url.to_string cfg.http_url.priv) in failwith msg in iter (app_path, req_path) let get_opt_user gs req = let h = Cohttp.Request.headers req in let = Cohttp.Cookie.Cookie_hdr.extract h in try let c = List.assoc token_cookie cookies in Some (Stog.Types.Str_map.find c !(gs.logged)) with Not_found -> None let require_user cfg opt_user f = match opt_user with None -> let error = `Msg "You must be connected. Please log in" in respond_page (Page.page cfg None ~title: "Error" ~error []) | Some user -> f user let handle_path cfg gs ~http_url ~ws_url sock opt_user req body = function | [] -> let contents = Page.Form_login.form ~action: (Page.url_login cfg) () in let page = Page.page cfg None ~title: "Login" contents in let body = XR.to_string page in S.respond_string ~status:`OK ~body () | ["styles" ; s] when s = Stog_server.Preview.default_css -> begin match cfg.css_file with | None -> Stog_server.Preview.respond_default_css | Some file -> let body = try Stog_base.Misc.string_of_file file with _ -> "" in Stog_server.Preview.respond_css body end | p when p = Page.path_login && req.Request.meth = `GET-> handle_login_get cfg gs opt_user | p when p = Page.path_login && req.Request.meth = `POST -> handle_login_post cfg gs req body | p when p = Page.path_sessions && req.Request.meth = `GET -> require_user cfg opt_user (fun user -> User.handle_sessions_get cfg gs user req body >>= respond_page) | p when p = Page.path_sessions && req.Request.meth = `POST -> require_user cfg opt_user (fun user -> User.handle_sessions_post cfg gs user req body >>= respond_page) | path -> match path with | "sessions" :: session_id :: q when req.Request.meth = `GET -> begin match Stog.Types.Str_map.find session_id !(gs.sessions) with | exception Not_found -> let body = Printf.sprintf "Session %S not found" session_id in S.respond_error ~status:`Not_found ~body () | session -> match q with | ["styles" ; s] when s = Stog_server.Preview.default_css -> Stog_server.Preview.respond_default_css | "preview" :: _ -> let base_path = (Stog.Url.path cfg.http_url.priv) @ Page.path_sessions @ [session_id] in Stog_server.Http.handler session.session_stog.stog_state ~http_url ~ws_url base_path req | "editor" :: p -> let base_path = (Stog.Url.path cfg.http_url.priv) @ Page.path_sessions @ [session_id] in require_user cfg opt_user (fun user -> Ed.http_handler cfg user ~http_url ~ws_url base_path session_id req body p) | _ -> S.respond_error ~status:`Not_found ~body:"" () end | _ -> let body = "<html><header><title>Stog-server</title></header>"^ "<body>404 Not found</body></html>" in S.respond_error ~status:`Not_found ~body () let handler cfg gs ~http_url ~ws_url sock req body = let path = req_path_from_app cfg req in let opt_user = get_opt_user gs req in Lwt.catch (fun () -> handle_path cfg gs ~http_url ~ws_url sock opt_user req body path) (fun e -> let msg = match e with Failure msg | Sys_error msg -> msg | _ -> Printexc.to_string e in S.respond_error ~status: `Internal_server_error ~body: msg () ) let start_server cfg gs ~http_url ~ws_url = let host = Stog.Url.host http_url.priv in let port = Stog.Url.port http_url.priv in Lwt_io.write Lwt_io.stdout (Printf.sprintf "Listening for HTTP request on: %s:%d\n" host port) >>= fun _ -> let conn_closed (_,id) = ignore(Lwt_io.write Lwt_io.stdout (Printf.sprintf "connection %s closed\n%!" (Cohttp.Connection.to_string id))) in let config = S.make ~callback: (handler cfg gs ~http_url ~ws_url) ~conn_closed () in Conduit_lwt_unix.init ~src:host () >>= fun ctx -> let ctx = Cohttp_lwt_unix.Net.init ~ctx () in let mode = `TCP (`Port port) in S.create ~ctx ~mode config let launch ~http_url ~ws_url args = let cfg = match args with [] -> failwith "Please give a configuration file" | file :: _ -> Config.read file in prerr_endline (Printf.sprintf "http_url = %S\npublic_http_url = %S\nws_url = %S\npublic_ws_url = %S" (Stog.Url.to_string cfg.http_url.priv) (Stog.Url.to_string cfg.http_url.pub) (Stog.Url.to_string cfg.ws_url.priv) (Stog.Url.to_string cfg.ws_url.pub)); let gs = { sessions = ref (Stog.Types.Str_map.empty : session Stog.Types.Str_map.t) ; logged = ref (Stog.Types.Str_map.empty : account Stog.Types.Str_map.t) ; } in restart_previous_sessions cfg gs.sessions ; let _ws_server = Ws.run_server cfg gs in start_server cfg gs ~http_url: cfg.http_url ~ws_url: cfg.ws_url let () = let run ~http_url ~ws_url args = Lwt_main.run (launch ~http_url ~ws_url args) in Stog.Server_mode.set_multi run