| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523 | using System;using System.Collections.Generic;using System.Globalization;using System.IO;using System.Net;using System.Text;using Emby.Server.Implementations.HttpServer;using MediaBrowser.Model.Services;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Http.Extensions;using Microsoft.Extensions.Logging;using Microsoft.Extensions.Primitives;using Microsoft.Net.Http.Headers;using IHttpFile = MediaBrowser.Model.Services.IHttpFile;using IHttpRequest = MediaBrowser.Model.Services.IHttpRequest;using IResponse = MediaBrowser.Model.Services.IResponse;namespace Emby.Server.Implementations.SocketSharp{    public partial class WebSocketSharpRequest : IHttpRequest    {        private readonly HttpRequest request;        private readonly IResponse response;        public WebSocketSharpRequest(HttpRequest httpContext, HttpResponse response, string operationName, ILogger logger)        {            this.OperationName = operationName;            this.request = httpContext;            this.response = new WebSocketSharpResponse(logger, response, this);            // HandlerFactoryPath = GetHandlerPathIfAny(UrlPrefixes[0]);        }        public HttpRequest HttpRequest => request;        public IResponse Response => response;        public IResponse HttpResponse => response;        public string OperationName { get; set; }        public object Dto { get; set; }        public string RawUrl => request.GetEncodedPathAndQuery();        public string AbsoluteUri => request.GetDisplayUrl().TrimEnd('/');        public string XForwardedFor            => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-For"]) ? null : request.Headers["X-Forwarded-For"].ToString();        public int? XForwardedPort            => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-Port"]) ? (int?)null : int.Parse(request.Headers["X-Forwarded-Port"], CultureInfo.InvariantCulture);        public string XForwardedProtocol => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-Proto"]) ? null : request.Headers["X-Forwarded-Proto"].ToString();        public string XRealIp => StringValues.IsNullOrEmpty(request.Headers["X-Real-IP"]) ? null : request.Headers["X-Real-IP"].ToString();        private string remoteIp;        public string RemoteIp        {            get            {                if (remoteIp != null)                {                    return remoteIp;                }                var temp = CheckBadChars(XForwardedFor.AsSpan());                if (temp.Length != 0)                {                    return remoteIp = temp.ToString();                }                temp = CheckBadChars(XRealIp.AsSpan());                if (temp.Length != 0)                {                    return remoteIp = NormalizeIp(temp).ToString();                }                return remoteIp = NormalizeIp(request.HttpContext.Connection.RemoteIpAddress.ToString().AsSpan()).ToString();            }        }        private static readonly char[] HttpTrimCharacters = new char[] { (char)0x09, (char)0xA, (char)0xB, (char)0xC, (char)0xD, (char)0x20 };        // CheckBadChars - throws on invalid chars to be not found in header name/value        internal static ReadOnlySpan<char> CheckBadChars(ReadOnlySpan<char> name)        {            if (name.Length == 0)            {                return name;            }            // VALUE check            // Trim spaces from both ends            name = name.Trim(HttpTrimCharacters);            // First, check for correctly formed multi-line value            // Second, check for absence of CTL characters            int crlf = 0;            for (int i = 0; i < name.Length; ++i)            {                char c = (char)(0x000000ff & (uint)name[i]);                switch (crlf)                {                    case 0:                    {                        if (c == '\r')                        {                            crlf = 1;                        }                        else if (c == '\n')                        {                            // Technically this is bad HTTP.  But it would be a breaking change to throw here.                            // Is there an exploit?                            crlf = 2;                        }                        else if (c == 127 || (c < ' ' && c != '\t'))                        {                            throw new ArgumentException("net_WebHeaderInvalidControlChars", nameof(name));                        }                        break;                    }                    case 1:                    {                        if (c == '\n')                        {                            crlf = 2;                            break;                        }                        throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));                    }                    case 2:                    {                        if (c == ' ' || c == '\t')                        {                            crlf = 0;                            break;                        }                        throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));                    }                }            }            if (crlf != 0)            {                throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));            }            return name;        }        private ReadOnlySpan<char> NormalizeIp(ReadOnlySpan<char> ip)        {            if (ip.Length != 0 && !ip.IsWhiteSpace())            {                // Handle ipv4 mapped to ipv6                const string srch = "::ffff:";                var index = ip.IndexOf(srch.AsSpan(), StringComparison.OrdinalIgnoreCase);                if (index == 0)                {                    ip = ip.Slice(srch.Length);                }            }            return ip;        }        public string[] AcceptTypes => request.Headers.GetCommaSeparatedValues(HeaderNames.Accept);        private Dictionary<string, object> items;        public Dictionary<string, object> Items => items ?? (items = new Dictionary<string, object>());        private string responseContentType;        public string ResponseContentType        {            get =>                responseContentType                ?? (responseContentType = GetResponseContentType(HttpRequest));            set => this.responseContentType = value;        }        public const string FormUrlEncoded = "application/x-www-form-urlencoded";        public const string MultiPartFormData = "multipart/form-data";        public static string GetResponseContentType(HttpRequest httpReq)        {            var specifiedContentType = GetQueryStringContentType(httpReq);            if (!string.IsNullOrEmpty(specifiedContentType))            {                return specifiedContentType;            }            const string serverDefaultContentType = "application/json";            var acceptContentTypes = httpReq.Headers.GetCommaSeparatedValues(HeaderNames.Accept);            string defaultContentType = null;            if (HasAnyOfContentTypes(httpReq, FormUrlEncoded, MultiPartFormData))            {                defaultContentType = serverDefaultContentType;            }            var acceptsAnything = false;            var hasDefaultContentType = defaultContentType != null;            if (acceptContentTypes != null)            {                foreach (var acceptsType in acceptContentTypes)                {                    // TODO: @bond move to Span when Span.Split lands                    // https://github.com/dotnet/corefx/issues/26528                    var contentType = acceptsType?.Split(';')[0].Trim();                    acceptsAnything = contentType.Equals("*/*", StringComparison.OrdinalIgnoreCase);                    if (acceptsAnything)                    {                        break;                    }                }                if (acceptsAnything)                {                    if (hasDefaultContentType)                    {                        return defaultContentType;                    }                    else                    {                        return serverDefaultContentType;                    }                }            }            if (acceptContentTypes == null && httpReq.ContentType == Soap11)            {                return Soap11;            }            // We could also send a '406 Not Acceptable', but this is allowed also            return serverDefaultContentType;        }        public const string Soap11 = "text/xml; charset=utf-8";        public static bool HasAnyOfContentTypes(HttpRequest request, params string[] contentTypes)        {            if (contentTypes == null || request.ContentType == null)            {                return false;            }            foreach (var contentType in contentTypes)            {                if (IsContentType(request, contentType))                {                    return true;                }            }            return false;        }        public static bool IsContentType(HttpRequest request, string contentType)        {            return request.ContentType.StartsWith(contentType, StringComparison.OrdinalIgnoreCase);        }        private static string GetQueryStringContentType(HttpRequest httpReq)        {            ReadOnlySpan<char> format = httpReq.Query["format"].ToString().AsSpan();            if (format == null)            {                const int formatMaxLength = 4;                ReadOnlySpan<char> pi = httpReq.Path.ToString().AsSpan();                if (pi == null || pi.Length <= formatMaxLength)                {                    return null;                }                if (pi[0] == '/')                {                    pi = pi.Slice(1);                }                format = LeftPart(pi, '/');                if (format.Length > formatMaxLength)                {                    return null;                }            }            format = LeftPart(format, '.');            if (format.Contains("json".AsSpan(), StringComparison.OrdinalIgnoreCase))            {                return "application/json";            }            else if (format.Contains("xml".AsSpan(), StringComparison.OrdinalIgnoreCase))            {                return "application/xml";            }            return null;        }        public static ReadOnlySpan<char> LeftPart(ReadOnlySpan<char> strVal, char needle)        {            if (strVal == null)            {                return null;            }            var pos = strVal.IndexOf(needle);            return pos == -1 ? strVal : strVal.Slice(0, pos);        }        public static string HandlerFactoryPath;        private string pathInfo;        public string PathInfo        {            get            {                if (this.pathInfo == null)                {                    var mode = HandlerFactoryPath;                    var pos = RawUrl.IndexOf("?", StringComparison.Ordinal);                    if (pos != -1)                    {                        var path = RawUrl.Substring(0, pos);                        this.pathInfo = GetPathInfo(                            path,                            mode,                            mode ?? string.Empty);                    }                    else                    {                        this.pathInfo = RawUrl;                    }                    this.pathInfo = WebUtility.UrlDecode(pathInfo);                    this.pathInfo = NormalizePathInfo(pathInfo, mode).ToString();                }                return this.pathInfo;            }        }        private static string GetPathInfo(string fullPath, string mode, string appPath)        {            var pathInfo = ResolvePathInfoFromMappedPath(fullPath, mode);            if (!string.IsNullOrEmpty(pathInfo))            {                return pathInfo;            }            // Wildcard mode relies on this to work out the handlerPath            pathInfo = ResolvePathInfoFromMappedPath(fullPath, appPath);            if (!string.IsNullOrEmpty(pathInfo))            {                return pathInfo;            }            return fullPath;        }        private static string ResolvePathInfoFromMappedPath(string fullPath, string mappedPathRoot)        {            if (mappedPathRoot == null)            {                return null;            }            var sbPathInfo = new StringBuilder();            var fullPathParts = fullPath.Split('/');            var mappedPathRootParts = mappedPathRoot.Split('/');            var fullPathIndexOffset = mappedPathRootParts.Length - 1;            var pathRootFound = false;            for (var fullPathIndex = 0; fullPathIndex < fullPathParts.Length; fullPathIndex++)            {                if (pathRootFound)                {                    sbPathInfo.Append("/" + fullPathParts[fullPathIndex]);                }                else if (fullPathIndex - fullPathIndexOffset >= 0)                {                    pathRootFound = true;                    for (var mappedPathRootIndex = 0; mappedPathRootIndex < mappedPathRootParts.Length; mappedPathRootIndex++)                    {                        if (!string.Equals(fullPathParts[fullPathIndex - fullPathIndexOffset + mappedPathRootIndex], mappedPathRootParts[mappedPathRootIndex], StringComparison.OrdinalIgnoreCase))                        {                            pathRootFound = false;                            break;                        }                    }                }            }            if (!pathRootFound)            {                return null;            }            var path = sbPathInfo.ToString();            return path.Length > 1 ? path.TrimEnd('/') : "/";        }        public string UserAgent => request.Headers[HeaderNames.UserAgent];        public IHeaderDictionary Headers => request.Headers;        public IQueryCollection QueryString => request.Query;        public bool IsLocal => string.Equals(request.HttpContext.Connection.LocalIpAddress.ToString(), request.HttpContext.Connection.RemoteIpAddress.ToString());        private string httpMethod;        public string HttpMethod =>            httpMethod            ?? (httpMethod = request.Method);        public string Verb => HttpMethod;        public string ContentType => request.ContentType;        private Encoding ContentEncoding        {            get            {                // TODO is this necessary?                if (UserAgent != null && CultureInfo.InvariantCulture.CompareInfo.IsPrefix(UserAgent, "UP"))                {                    string postDataCharset = Headers["x-up-devcap-post-charset"];                    if (!string.IsNullOrEmpty(postDataCharset))                    {                        try                        {                            return Encoding.GetEncoding(postDataCharset);                        }                        catch (ArgumentException)                        {                        }                    }                }                return request.GetTypedHeaders().ContentType.Encoding ?? Encoding.UTF8;            }        }        public Uri UrlReferrer => request.GetTypedHeaders().Referer;        public static Encoding GetEncoding(string contentTypeHeader)        {            var param = GetParameter(contentTypeHeader.AsSpan(), "charset=");            if (param == null)            {                return null;            }            try            {                return Encoding.GetEncoding(param);            }            catch (ArgumentException)            {                return null;            }        }        public Stream InputStream => request.Body;        public long ContentLength => request.ContentLength ?? 0;        private IHttpFile[] httpFiles;        public IHttpFile[] Files        {            get            {                if (httpFiles == null)                {                    if (files == null)                    {                        return httpFiles = Array.Empty<IHttpFile>();                    }                    httpFiles = new IHttpFile[files.Count];                    var i = 0;                    foreach (var pair in files)                    {                        var reqFile = pair.Value;                        httpFiles[i] = new HttpFile                        {                            ContentType = reqFile.ContentType,                            ContentLength = reqFile.ContentLength,                            FileName = reqFile.FileName,                            InputStream = reqFile.InputStream,                        };                        i++;                    }                }                return httpFiles;            }        }        public static ReadOnlySpan<char> NormalizePathInfo(string pathInfo, string handlerPath)        {            if (handlerPath != null)            {                var trimmed = pathInfo.AsSpan().TrimStart('/');                if (trimmed.StartsWith(handlerPath.AsSpan(), StringComparison.OrdinalIgnoreCase))                {                    return trimmed.Slice(handlerPath.Length).ToString().AsSpan();                }            }            return pathInfo.AsSpan();        }    }}
 |