Exemplo n.º 1
0
        public void ExecuteScript(string fullPath, Dictionary<string, string> urlParameters,
            ClientHttpResponse response, string extension, string mimeType, HTTPMethod method, string postData,
            string documentRoot, dynamic serverHandle, ScriptExecutionParameters executionParameters)
        {
            //Prepare JSScript
            var scriptContents = File.ReadAllText(fullPath);
            var scriptDir = Path.GetDirectoryName(fullPath);
            var jsEngine = new Engine(cfg => cfg.AllowClr());

            var undefined = Undefined.Instance;

            //Inject variables
            if (method == HTTPMethod.Get)
            {
                jsEngine.SetValue("_GET", urlParameters);
                jsEngine.SetValue("_SERVER", response.RequestHttpHeaders);
                jsEngine.SetValue("_POST", undefined);
            }
            if (method == HTTPMethod.Post)
            {
                jsEngine.SetValue("_GET", undefined);
                jsEngine.SetValue("_SERVER", response.RequestHttpHeaders);
                jsEngine.SetValue("_POST", urlParameters);
                jsEngine.SetValue("POST_DATA", postData);
            }

            //Globals
            jsEngine.SetValue("DocumentRoot", documentRoot);
            jsEngine.SetValue("__dirname__", scriptDir);

            switch (extension)
            {
                case ".jscx": //Fully-controlled script
                {
                    try
                    {
                        //Manipulate Scope
                        jsEngine.SetValue("response", response);
                        jsEngine.SetValue("FireHTTPServer", serverHandle);
                        jsEngine.SetValue("_mimeTypeMappings", CommonVariables.MimeTypeMappings);
                        jsEngine.SetValue("dirSep", _dirSep);
                        DefineScriptingApi(jsEngine);
                        jsEngine.Execute(scriptContents);
                        break;
                    }
                    catch (DeadRequestException)
                    {
                        throw; //Don't catch these.
                    }
                    catch (Exception ex)
                    {
                        var level = (int) jsEngine.GetValue("__error_reporting_level").AsNumber();
                        if (level > 0)
                        {
                            if (!response.HasFinishedSendingHeaders)
                            {
                                //If headers not sent, send default headers.
                                response.SendHeader("HTTP/1.1 200 OK");
                                response.SendHeader("Content-Type: text/plain");
                                response.SendEndHeaders();
                            }
                            response.OutputStream.WriteLine("Error in script execution. Stack trace:");
                            response.OutputStream.WriteLine(ex.ToString());
                            break;
                        }
                        throw;
                    }
                }
            }
        }
Exemplo n.º 2
0
        private bool HandleFAccessConfig(FileSystemInfo requestedFileInfo, DirectoryInfo containingDir,
            FAccessConfig faccess,
            ClientHttpResponse response)
        {
            if (faccess == null)
                return false;
            var forbidden = !faccess.Allow || _denyFileNames.Contains(requestedFileInfo.Name);
            //User-defined access rules:
            var dirAccessRules = faccess.FileAccessRules;
            var requestedFileName = requestedFileInfo.Name;
            switch (dirAccessRules)
            {
                case AccessRules.ExplicitAllow:
                    if (!faccess.AllowedFiles.Contains(requestedFileName))
                    {
                        forbidden = true;
                    }
                    break;

                case AccessRules.ExplicitDeny:
                    if (faccess.DeniedFiles.Contains(requestedFileName))
                    {
                        forbidden = true;
                    }
                    break;
            }
            if (forbidden)
            {
                if (faccess.ErrorDocument403 == null)
                {
                    //Show default 403
                    Logger.WriteLine("403!");
                    response.SendFailure403(); //Send 403 Header
                    response.OutputStream.WriteLine(
                        "403 - You don't have permission to access this path on this server."); //Default 403 body
                    return true; //end the connection
                }
                var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument403;
                Logger.WriteLine("403!");
                response.SendFailure403(); //Send 403 Header
                response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
                return true; //end the connection
            }
            if (requestedFileInfo.Exists) return false;
            {
                // Default 404
                //Check if it is a missing index, and display dirindex if enabled
                if (requestedFileInfo.Name == "index.html" && faccess.EnableIndexing && containingDir.Exists)
                {
                    response.SendHeader("HTTP/1.1 200 OK");
                    response.SendHeader("Content-Type: text/html");
                    response.SendEndHeaders();
                    response.OutputStream.WriteLine(GenerateDirectoryIndex(containingDir, response)); //Dynamic index
                    Logger.WriteLine("Sent dynamic directory index.");
                    return true; //end the connection
                }
                if (faccess.ErrorDocument404 == null)
                {
                    //Show default 404
                    Logger.WriteLine("404!");
                    response.SendFailure404(); //Send 404 Header
                    response.OutputStream.WriteLine("404 - File not found"); //Default 404 body
                    return true; //end the connection
                }
                var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument404;
                Logger.WriteLine("404!");
                response.SendFailure404(); //Send 404 Header
                response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
                return true; //end the connection
            }
        }
Exemplo n.º 3
0
 public override void SendStreamWithMimeType(Stream dataStream, string mimeType, ClientHttpResponse response)
 {
     response.SendHeader("HTTP/1.1 200 OK");
     response.SendHeader("Content-Type: " + mimeType);
     //response.SendHeader("Content-Length: "+fs.Length);
     response.SendEndHeaders();
     response.OutputStream.Flush();
     dataStream.CopyTo(response.OutputStream.BaseStream);
 }
Exemplo n.º 4
0
 private static bool RewriteRequestPath(ref string requestPath, ClientHttpResponse response, string wwwroot)
 {
     var path = requestPath.Substring(1); //Remove slash at beginning
     string rqfullPath = null;
     try
     {
         rqfullPath = Path.Combine(wwwroot, path);
     }
     catch (ArgumentException)
     {
         // Invalid path, possibly due to some evil stuff trying to XSS or something
         response.SendFailure404();
         response.OutputStream.WriteLine("404 - The requested resource could not be located.");
         throw new DeadRequestException();
     }
     var finfo = new FileInfo(rqfullPath);
     var dinfo = new DirectoryInfo(rqfullPath);
     if (dinfo.Exists && !requestPath.EndsWith("/"))
     {
         // Permanent redirection
         response.SendHeader("HTTP/1.1 301 Moved Permanently");
         response.SendHeader("Location: " + requestPath + "/");
         response.SendEndHeaders();
     }
     var isDirectory = requestPath.EndsWith("/", StringComparison.CurrentCulture);
     if (isDirectory)
         requestPath += "index.html";
     return false;
 }
Exemplo n.º 5
0
        public void ExecuteScript(string fullPath, Dictionary<string, string> urlParameters,
            ClientHttpResponse response, string extension, string mimeType, HTTPMethod method, string postData,
            string documentRoot, dynamic serverHandle, ScriptExecutionParameters executionParameters)
        {
            //Prepare ExaScript
            var scriptContents = File.ReadAllText(fullPath);
            var scriptDir = Path.GetDirectoryName(fullPath);
            var escLauncher = new ExaScriptLauncher();
            dynamic escExecutionScope = escLauncher.UnderlyingInstance.Scope;
            var escEngine = escLauncher.UnderlyingInstance.Engine;

            //Inject variables
            //Inject code
            if (method == HTTPMethod.Get)
            {
                escExecutionScope._GET = urlParameters;
                escExecutionScope._SERVER = response.RequestHttpHeaders;
                escExecutionScope._POST = null;
            }
            if (method == HTTPMethod.Post)
            {
                escExecutionScope._GET = null;
                escExecutionScope._SERVER = response.RequestHttpHeaders;
                escExecutionScope._POST = urlParameters;
                escExecutionScope.POST_DATA = postData;
            }

            //Globals
            escExecutionScope.DocumentRoot = documentRoot;
            escExecutionScope.__dirname__ = scriptDir;

            switch (extension)
            {
                case ".esc": //Simple executable script
                {
                    //Manipulate Scope

                    //Send Headers
                    response.SendHeader("HTTP/1.1 200 OK");
                    response.SendHeader("Content-Type: " + mimeType);
                    response.SendEndHeaders();

                    escLauncher.LoadCode(scriptContents);
                    var result = escLauncher.RunCode();
                    response.OutputStream.WriteLine(result);
                    break;
                }
                case ".escx": //Fully-controlled script
                {
                    try
                    {
                        //Manipulate Scope
                        escExecutionScope.response = response;
                        escExecutionScope.FireHTTPServer = serverHandle;
                        escExecutionScope._mimeTypeMappings = CommonVariables.MimeTypeMappings;
                        escExecutionScope.dirSep = _dirSep;
                        DefineScriptingApi(escExecutionScope); //Add all the API functions
                        escLauncher.LoadCode(scriptContents);
                        escLauncher.RunCode();
                        break;
                    }
                    catch (DeadRequestException)
                    {
                        throw; //Don't catch these.
                    }
                    catch (Exception ex)
                    {
                        int level = escExecutionScope.__error_reporting_level;
                        if (level <= 0) throw;
                        if (!response.HasFinishedSendingHeaders)
                        {
                            //If headers not sent, send default headers.
                            response.SendHeader("HTTP/1.1 200 OK");
                            response.SendHeader("Content-Type: text/plain");
                            response.SendEndHeaders();
                        }
                        response.OutputStream.WriteLine("Error in script execution. Stack trace:");
                        response.OutputStream.WriteLine(ex.ToString());
                        break;
                    }
                }
            }
        }