ferron/optional_modules/
scgi.rs

1// SCGI handler code inspired by SVR.JS's OrangeCircle mod, translated from JavaScript to Rust.
2// Based on the "cgi" module
3use std::env;
4use std::error::Error;
5use std::path::{Path, PathBuf};
6
7use crate::ferron_common::{
8  ErrorLogger, HyperRequest, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
9  ServerModuleHandlers, SocketData,
10};
11use crate::ferron_common::{HyperUpgraded, WithRuntime};
12use async_trait::async_trait;
13use futures_util::TryStreamExt;
14use hashlink::LinkedHashMap;
15use http_body_util::{BodyExt, StreamBody};
16use httparse::EMPTY_HEADER;
17use hyper::body::Frame;
18use hyper::{header, Response, StatusCode};
19use hyper_tungstenite::HyperWebsocket;
20use tokio::fs;
21use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
22use tokio::net::TcpStream;
23use tokio::runtime::Handle;
24use tokio_util::io::{ReaderStream, StreamReader};
25
26use crate::ferron_res::server_software::SERVER_SOFTWARE;
27use crate::ferron_util::cgi_response::CgiResponse;
28use crate::ferron_util::copy_move::Copier;
29
30pub fn server_module_init(
31  _config: &ServerConfig,
32) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
33  Ok(Box::new(ScgiModule::new()))
34}
35
36struct ScgiModule;
37
38impl ScgiModule {
39  fn new() -> Self {
40    Self
41  }
42}
43
44impl ServerModule for ScgiModule {
45  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
46    Box::new(ScgiModuleHandlers { handle })
47  }
48}
49struct ScgiModuleHandlers {
50  handle: Handle,
51}
52
53#[async_trait]
54impl ServerModuleHandlers for ScgiModuleHandlers {
55  async fn request_handler(
56    &mut self,
57    request: RequestData,
58    config: &ServerConfig,
59    socket_data: &SocketData,
60    error_logger: &ErrorLogger,
61  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
62    WithRuntime::new(self.handle.clone(), async move {
63      let mut scgi_to = "tcp://localhost:4000/";
64      let scgi_to_yaml = &config["scgiTo"];
65      if let Some(scgi_to_obtained) = scgi_to_yaml.as_str() {
66        scgi_to = scgi_to_obtained;
67      }
68
69      let mut scgi_path = None;
70      if let Some(scgi_path_obtained) = config["scgiPath"].as_str() {
71        scgi_path = Some(scgi_path_obtained.to_string());
72      }
73
74      let hyper_request = request.get_hyper_request();
75
76      let request_path = hyper_request.uri().path();
77      let mut request_path_bytes = request_path.bytes();
78      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
79        return Ok(
80          ResponseData::builder(request)
81            .status(StatusCode::BAD_REQUEST)
82            .build(),
83        );
84      }
85
86      if let Some(scgi_path) = scgi_path {
87        let mut canonical_scgi_path: &str = &scgi_path;
88        if canonical_scgi_path.bytes().last() == Some(b'/') {
89          canonical_scgi_path = &canonical_scgi_path[..(canonical_scgi_path.len() - 1)];
90        }
91
92        let request_path_with_slashes = match request_path == canonical_scgi_path {
93          true => format!("{}/", request_path),
94          false => request_path.to_string(),
95        };
96        if let Some(stripped_request_path) =
97          request_path_with_slashes.strip_prefix(canonical_scgi_path)
98        {
99          let wwwroot_yaml = &config["wwwroot"];
100          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
101
102          let wwwroot_unknown = PathBuf::from(wwwroot);
103          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
104            true => wwwroot_unknown,
105            false => match fs::canonicalize(&wwwroot_unknown).await {
106              Ok(pathbuf) => pathbuf,
107              Err(_) => wwwroot_unknown,
108            },
109          };
110          let wwwroot = wwwroot_pathbuf.as_path();
111
112          let mut relative_path = &request_path[1..];
113          while relative_path.as_bytes().first().copied() == Some(b'/') {
114            relative_path = &relative_path[1..];
115          }
116
117          let decoded_relative_path = match urlencoding::decode(relative_path) {
118            Ok(path) => path.to_string(),
119            Err(_) => {
120              return Ok(
121                ResponseData::builder(request)
122                  .status(StatusCode::BAD_REQUEST)
123                  .build(),
124              );
125            }
126          };
127
128          let joined_pathbuf = wwwroot.join(decoded_relative_path);
129          let execute_pathbuf = joined_pathbuf;
130          let execute_path_info = stripped_request_path
131            .strip_prefix("/")
132            .map(|s| s.to_string());
133
134          return execute_scgi_with_environment_variables(
135            request,
136            socket_data,
137            error_logger,
138            wwwroot,
139            execute_pathbuf,
140            execute_path_info,
141            config["serverAdministratorEmail"].as_str(),
142            scgi_to,
143          )
144          .await;
145        }
146      }
147      Ok(ResponseData::builder(request).build())
148    })
149    .await
150  }
151
152  async fn proxy_request_handler(
153    &mut self,
154    request: RequestData,
155    _config: &ServerConfig,
156    _socket_data: &SocketData,
157    _error_logger: &ErrorLogger,
158  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
159    Ok(ResponseData::builder(request).build())
160  }
161
162  async fn response_modifying_handler(
163    &mut self,
164    response: HyperResponse,
165  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
166    Ok(response)
167  }
168
169  async fn proxy_response_modifying_handler(
170    &mut self,
171    response: HyperResponse,
172  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
173    Ok(response)
174  }
175
176  async fn connect_proxy_request_handler(
177    &mut self,
178    _upgraded_request: HyperUpgraded,
179    _connect_address: &str,
180    _config: &ServerConfig,
181    _socket_data: &SocketData,
182    _error_logger: &ErrorLogger,
183  ) -> Result<(), Box<dyn Error + Send + Sync>> {
184    Ok(())
185  }
186
187  fn does_connect_proxy_requests(&mut self) -> bool {
188    false
189  }
190
191  async fn websocket_request_handler(
192    &mut self,
193    _websocket: HyperWebsocket,
194    _uri: &hyper::Uri,
195    _config: &ServerConfig,
196    _socket_data: &SocketData,
197    _error_logger: &ErrorLogger,
198  ) -> Result<(), Box<dyn Error + Send + Sync>> {
199    Ok(())
200  }
201
202  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
203    false
204  }
205}
206
207#[allow(clippy::too_many_arguments)]
208async fn execute_scgi_with_environment_variables(
209  request: RequestData,
210  socket_data: &SocketData,
211  error_logger: &ErrorLogger,
212  wwwroot: &Path,
213  execute_pathbuf: PathBuf,
214  path_info: Option<String>,
215  server_administrator_email: Option<&str>,
216  scgi_to: &str,
217) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
218  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
219
220  let hyper_request = request.get_hyper_request();
221  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
222
223  if let Some(auth_user) = request.get_auth_user() {
224    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
225      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
226      let mut authorization_value_split = authorization_value.split(" ");
227      if let Some(authorization_type) = authorization_value_split.next() {
228        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
229      }
230    }
231    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
232  }
233
234  environment_variables.insert(
235    "QUERY_STRING".to_string(),
236    match hyper_request.uri().query() {
237      Some(query) => query.to_string(),
238      None => "".to_string(),
239    },
240  );
241
242  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
243  environment_variables.insert(
244    "SERVER_PROTOCOL".to_string(),
245    match hyper_request.version() {
246      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
247      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
248      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
249      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
250      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
251      _ => "HTTP/Unknown".to_string(),
252    },
253  );
254  environment_variables.insert(
255    "SERVER_PORT".to_string(),
256    socket_data.local_addr.port().to_string(),
257  );
258  environment_variables.insert(
259    "SERVER_ADDR".to_string(),
260    socket_data.local_addr.ip().to_canonical().to_string(),
261  );
262  if let Some(server_administrator_email) = server_administrator_email {
263    environment_variables.insert(
264      "SERVER_ADMIN".to_string(),
265      server_administrator_email.to_string(),
266    );
267  }
268  if let Some(host) = hyper_request.headers().get(header::HOST) {
269    environment_variables.insert(
270      "SERVER_NAME".to_string(),
271      String::from_utf8_lossy(host.as_bytes()).to_string(),
272    );
273  }
274
275  environment_variables.insert(
276    "DOCUMENT_ROOT".to_string(),
277    wwwroot.to_string_lossy().to_string(),
278  );
279  environment_variables.insert(
280    "PATH_INFO".to_string(),
281    match &path_info {
282      Some(path_info) => format!("/{}", path_info),
283      None => "".to_string(),
284    },
285  );
286  environment_variables.insert(
287    "PATH_TRANSLATED".to_string(),
288    match &path_info {
289      Some(path_info) => {
290        let mut path_translated = execute_pathbuf.clone();
291        path_translated.push(path_info);
292        path_translated.to_string_lossy().to_string()
293      }
294      None => "".to_string(),
295    },
296  );
297  environment_variables.insert(
298    "REQUEST_METHOD".to_string(),
299    hyper_request.method().to_string(),
300  );
301  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
302  environment_variables.insert("SCGI".to_string(), "1".to_string());
303  environment_variables.insert(
304    "REQUEST_URI".to_string(),
305    format!(
306      "{}{}",
307      original_request_uri.path(),
308      match original_request_uri.query() {
309        Some(query) => format!("?{}", query),
310        None => String::from(""),
311      }
312    ),
313  );
314
315  environment_variables.insert(
316    "REMOTE_PORT".to_string(),
317    socket_data.remote_addr.port().to_string(),
318  );
319  environment_variables.insert(
320    "REMOTE_ADDR".to_string(),
321    socket_data.remote_addr.ip().to_canonical().to_string(),
322  );
323
324  environment_variables.insert(
325    "SCRIPT_FILENAME".to_string(),
326    execute_pathbuf.to_string_lossy().to_string(),
327  );
328  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
329    environment_variables.insert(
330      "SCRIPT_NAME".to_string(),
331      format!(
332        "/{}",
333        match cfg!(windows) {
334          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
335          false => script_path.to_string_lossy().to_string(),
336        }
337      ),
338    );
339  }
340
341  if socket_data.encrypted {
342    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
343  }
344
345  let mut content_length_set = false;
346  for (header_name, header_value) in hyper_request.headers().iter() {
347    let env_header_name = match *header_name {
348      header::CONTENT_LENGTH => {
349        content_length_set = true;
350        "CONTENT_LENGTH".to_string()
351      }
352      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
353      _ => {
354        let mut result = String::new();
355
356        result.push_str("HTTP_");
357
358        for c in header_name.as_str().to_uppercase().chars() {
359          if c.is_alphanumeric() {
360            result.push(c);
361          } else {
362            result.push('_');
363          }
364        }
365
366        result
367      }
368    };
369    if environment_variables.contains_key(&env_header_name) {
370      let value = environment_variables.get_mut(&env_header_name);
371      if let Some(value) = value {
372        if env_header_name == "HTTP_COOKIE" {
373          value.push_str("; ");
374        } else {
375          // See https://stackoverflow.com/a/1801191
376          value.push_str(", ");
377        }
378        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
379      } else {
380        environment_variables.insert(
381          env_header_name,
382          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
383        );
384      }
385    } else {
386      environment_variables.insert(
387        env_header_name,
388        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
389      );
390    }
391  }
392
393  if !content_length_set {
394    environment_variables.insert("CONTENT_LENGTH".to_string(), "0".to_string());
395  }
396
397  let (hyper_request, _, _) = request.into_parts();
398
399  execute_scgi(hyper_request, error_logger, scgi_to, environment_variables).await
400}
401
402async fn execute_scgi(
403  hyper_request: HyperRequest,
404  error_logger: &ErrorLogger,
405  scgi_to: &str,
406  mut environment_variables: LinkedHashMap<String, String>,
407) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
408  let (_, body) = hyper_request.into_parts();
409
410  // Insert other environment variables
411  for (key, value) in env::vars_os() {
412    let key_string = key.to_string_lossy().to_string();
413    let value_string = value.to_string_lossy().to_string();
414    environment_variables
415      .entry(key_string)
416      .or_insert(value_string);
417  }
418
419  let scgi_to_fixed = if let Some(stripped) = scgi_to.strip_prefix("unix:///") {
420    // hyper::Uri fails to parse a string if there is an empty authority, so add an "ignore" authority to Unix socket URLs
421    &format!("unix://ignore/{}", stripped)
422  } else {
423    scgi_to
424  };
425
426  let scgi_to_url = scgi_to_fixed.parse::<hyper::Uri>()?;
427  let scheme_str = scgi_to_url.scheme_str();
428
429  let (socket_reader, mut socket_writer) = match scheme_str {
430    Some("tcp") => {
431      let host = match scgi_to_url.host() {
432        Some(host) => host,
433        None => Err(anyhow::anyhow!("The SCGI URL doesn't include the host"))?,
434      };
435
436      let port = match scgi_to_url.port_u16() {
437        Some(port) => port,
438        None => Err(anyhow::anyhow!("The SCGI URL doesn't include the port"))?,
439      };
440
441      let addr = format!("{}:{}", host, port);
442
443      match connect_tcp(&addr).await {
444        Ok(data) => data,
445        Err(err) => match err.kind() {
446          tokio::io::ErrorKind::ConnectionRefused
447          | tokio::io::ErrorKind::NotFound
448          | tokio::io::ErrorKind::HostUnreachable => {
449            error_logger
450              .log(&format!("Service unavailable: {}", err))
451              .await;
452            return Ok(
453              ResponseData::builder_without_request()
454                .status(StatusCode::SERVICE_UNAVAILABLE)
455                .build(),
456            );
457          }
458          _ => Err(err)?,
459        },
460      }
461    }
462    Some("unix") => {
463      let path = scgi_to_url.path();
464      match connect_unix(path).await {
465        Ok(data) => data,
466        Err(err) => match err.kind() {
467          tokio::io::ErrorKind::ConnectionRefused
468          | tokio::io::ErrorKind::NotFound
469          | tokio::io::ErrorKind::HostUnreachable => {
470            error_logger
471              .log(&format!("Service unavailable: {}", err))
472              .await;
473            return Ok(
474              ResponseData::builder_without_request()
475                .status(StatusCode::SERVICE_UNAVAILABLE)
476                .build(),
477            );
478          }
479          _ => Err(err)?,
480        },
481      }
482    }
483    _ => Err(anyhow::anyhow!(
484      "Only HTTP and HTTPS reverse proxy URLs are supported."
485    ))?,
486  };
487
488  // Create environment variable netstring
489  let mut environment_variables_to_wrap = Vec::new();
490  for (key, value) in environment_variables.iter() {
491    let mut environment_variable = Vec::new();
492    environment_variable.extend_from_slice(key.as_bytes());
493    environment_variable.push(b'\0');
494    environment_variable.extend_from_slice(value.as_bytes());
495    environment_variable.push(b'\0');
496    if key == "CONTENT_LENGTH" {
497      environment_variable.append(&mut environment_variables_to_wrap);
498      environment_variables_to_wrap = environment_variable;
499    } else {
500      environment_variables_to_wrap.append(&mut environment_variable);
501    }
502  }
503
504  let environment_variables_to_wrap_length = environment_variables_to_wrap.len();
505  let mut environment_variables_netstring = Vec::new();
506  environment_variables_netstring
507    .extend_from_slice(environment_variables_to_wrap_length.to_string().as_bytes());
508  environment_variables_netstring.push(b':');
509  environment_variables_netstring.append(&mut environment_variables_to_wrap);
510  environment_variables_netstring.push(b',');
511
512  // Write environment variable netstring
513  socket_writer
514    .write_all(&environment_variables_netstring)
515    .await?;
516
517  let cgi_stdin_reader = StreamReader::new(body.into_data_stream().map_err(std::io::Error::other));
518
519  // Emulated standard input and standard output
520  // SCGI doesn't support standard error
521  let stdin = socket_writer;
522  let stdout = socket_reader;
523
524  let mut cgi_response = CgiResponse::new(stdout);
525
526  let stdin_copy_future = Copier::new(cgi_stdin_reader, stdin).copy();
527  let mut stdin_copy_future_pinned = Box::pin(stdin_copy_future);
528
529  let mut headers = [EMPTY_HEADER; 128];
530
531  let mut early_stdin_copied = false;
532
533  // Needed to wrap this in another scope to prevent errors with multiple mutable borrows.
534  {
535    let mut head_obtained = false;
536    let stdout_parse_future = cgi_response.get_head();
537    tokio::pin!(stdout_parse_future);
538
539    // Cannot use a loop with tokio::select, since stdin_copy_future_pinned being constantly ready will make the web server stop responding to HTTP requests
540    tokio::select! {
541      biased;
542
543      obtained_head = &mut stdout_parse_future => {
544        let obtained_head = obtained_head?;
545        if !obtained_head.is_empty() {
546          httparse::parse_headers(obtained_head, &mut headers)?;
547        }
548        head_obtained = true;
549      },
550      result = &mut stdin_copy_future_pinned => {
551        early_stdin_copied = true;
552        result?;
553      }
554    }
555
556    if !head_obtained {
557      // Kept it same as in the tokio::select macro
558      let obtained_head = stdout_parse_future.await?;
559      if !obtained_head.is_empty() {
560        httparse::parse_headers(obtained_head, &mut headers)?;
561      }
562    }
563  }
564
565  let mut response_builder = Response::builder();
566  let mut status_code = 200;
567  for header in headers {
568    if header == EMPTY_HEADER {
569      break;
570    }
571    let mut is_status_header = false;
572    match &header.name.to_lowercase() as &str {
573      "location" => {
574        if !(300..=399).contains(&status_code) {
575          status_code = 302;
576        }
577      }
578      "status" => {
579        is_status_header = true;
580        let header_value_cow = String::from_utf8_lossy(header.value);
581        let mut split_status = header_value_cow.split(" ");
582        let first_part = split_status.next();
583        if let Some(first_part) = first_part {
584          if first_part.starts_with("HTTP/") {
585            let second_part = split_status.next();
586            if let Some(second_part) = second_part {
587              if let Ok(parsed_status_code) = second_part.parse::<u16>() {
588                status_code = parsed_status_code;
589              }
590            }
591          } else if let Ok(parsed_status_code) = first_part.parse::<u16>() {
592            status_code = parsed_status_code;
593          }
594        }
595      }
596      _ => (),
597    }
598    if !is_status_header {
599      response_builder = response_builder.header(header.name, header.value);
600    }
601  }
602
603  response_builder = response_builder.status(status_code);
604
605  let reader_stream = ReaderStream::new(cgi_response);
606  let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
607  let boxed_body = stream_body.boxed();
608
609  let response = response_builder.body(boxed_body)?;
610
611  Ok(
612    ResponseData::builder_without_request()
613      .response(response)
614      .parallel_fn(async move {
615        if !early_stdin_copied {
616          stdin_copy_future_pinned.await.unwrap_or_default();
617        }
618      })
619      .build(),
620  )
621}
622
623async fn connect_tcp(
624  addr: &str,
625) -> Result<
626  (
627    Box<dyn AsyncRead + Send + Sync + Unpin>,
628    Box<dyn AsyncWrite + Send + Sync + Unpin>,
629  ),
630  tokio::io::Error,
631> {
632  let socket = TcpStream::connect(addr).await?;
633  socket.set_nodelay(true)?;
634
635  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
636  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
637}
638
639#[allow(dead_code)]
640#[cfg(unix)]
641async fn connect_unix(
642  path: &str,
643) -> Result<
644  (
645    Box<dyn AsyncRead + Send + Sync + Unpin>,
646    Box<dyn AsyncWrite + Send + Sync + Unpin>,
647  ),
648  tokio::io::Error,
649> {
650  use tokio::net::UnixStream;
651
652  let socket = UnixStream::connect(path).await?;
653
654  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
655  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
656}
657
658#[allow(dead_code)]
659#[cfg(not(unix))]
660async fn connect_unix(
661  _path: &str,
662) -> Result<
663  (
664    Box<dyn AsyncRead + Send + Sync + Unpin>,
665    Box<dyn AsyncWrite + Send + Sync + Unpin>,
666  ),
667  tokio::io::Error,
668> {
669  Err(tokio::io::Error::new(
670    tokio::io::ErrorKind::Unsupported,
671    "Unix sockets are not supports on non-Unix platforms.",
672  ))
673}