public void ExecuteScript(string fullPath, Dictionary<string, string> urlParameters,
ClientHttpResponse response, string extension, string mimeType, HTTPMethod method, string postData,
string documentRoot, dynamic serverHandle, ScriptExecutionParameters executionParameters)
{
//Prepare JSScript
var scriptContents = File.ReadAllText(fullPath);
var scriptDir = Path.GetDirectoryName(fullPath);
var jsEngine = new Engine(cfg => cfg.AllowClr());
var undefined = Undefined.Instance;
//Inject variables
if (method == HTTPMethod.Get)
{
jsEngine.SetValue("_GET", urlParameters);
jsEngine.SetValue("_SERVER", response.RequestHttpHeaders);
jsEngine.SetValue("_POST", undefined);
}
if (method == HTTPMethod.Post)
{
jsEngine.SetValue("_GET", undefined);
jsEngine.SetValue("_SERVER", response.RequestHttpHeaders);
jsEngine.SetValue("_POST", urlParameters);
jsEngine.SetValue("POST_DATA", postData);
}
//Globals
jsEngine.SetValue("DocumentRoot", documentRoot);
jsEngine.SetValue("__dirname__", scriptDir);
switch (extension)
{
case ".jscx": //Fully-controlled script
{
try
{
//Manipulate Scope
jsEngine.SetValue("response", response);
jsEngine.SetValue("FireHTTPServer", serverHandle);
jsEngine.SetValue("_mimeTypeMappings", CommonVariables.MimeTypeMappings);
jsEngine.SetValue("dirSep", _dirSep);
DefineScriptingApi(jsEngine);
jsEngine.Execute(scriptContents);
break;
}
catch (DeadRequestException)
{
throw; //Don't catch these.
}
catch (Exception ex)
{
var level = (int) jsEngine.GetValue("__error_reporting_level").AsNumber();
if (level > 0)
{
if (!response.HasFinishedSendingHeaders)
{
//If headers not sent, send default headers.
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: text/plain");
response.SendEndHeaders();
}
response.OutputStream.WriteLine("Error in script execution. Stack trace:");
response.OutputStream.WriteLine(ex.ToString());
break;
}
throw;
}
}
}
}
private bool HandleFAccessConfig(FileSystemInfo requestedFileInfo, DirectoryInfo containingDir,
FAccessConfig faccess,
ClientHttpResponse response)
{
if (faccess == null)
return false;
var forbidden = !faccess.Allow || _denyFileNames.Contains(requestedFileInfo.Name);
//User-defined access rules:
var dirAccessRules = faccess.FileAccessRules;
var requestedFileName = requestedFileInfo.Name;
switch (dirAccessRules)
{
case AccessRules.ExplicitAllow:
if (!faccess.AllowedFiles.Contains(requestedFileName))
{
forbidden = true;
}
break;
case AccessRules.ExplicitDeny:
if (faccess.DeniedFiles.Contains(requestedFileName))
{
forbidden = true;
}
break;
}
if (forbidden)
{
if (faccess.ErrorDocument403 == null)
{
//Show default 403
Logger.WriteLine("403!");
response.SendFailure403(); //Send 403 Header
response.OutputStream.WriteLine(
"403 - You don't have permission to access this path on this server."); //Default 403 body
return true; //end the connection
}
var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument403;
Logger.WriteLine("403!");
response.SendFailure403(); //Send 403 Header
response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
return true; //end the connection
}
if (requestedFileInfo.Exists) return false;
{
// Default 404
//Check if it is a missing index, and display dirindex if enabled
if (requestedFileInfo.Name == "index.html" && faccess.EnableIndexing && containingDir.Exists)
{
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: text/html");
response.SendEndHeaders();
response.OutputStream.WriteLine(GenerateDirectoryIndex(containingDir, response)); //Dynamic index
Logger.WriteLine("Sent dynamic directory index.");
return true; //end the connection
}
if (faccess.ErrorDocument404 == null)
{
//Show default 404
Logger.WriteLine("404!");
response.SendFailure404(); //Send 404 Header
response.OutputStream.WriteLine("404 - File not found"); //Default 404 body
return true; //end the connection
}
var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument404;
Logger.WriteLine("404!");
response.SendFailure404(); //Send 404 Header
response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
return true; //end the connection
}
}
public override void SendStreamWithMimeType(Stream dataStream, string mimeType, ClientHttpResponse response)
{
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: " + mimeType);
//response.SendHeader("Content-Length: "+fs.Length);
response.SendEndHeaders();
response.OutputStream.Flush();
dataStream.CopyTo(response.OutputStream.BaseStream);
}
private static bool RewriteRequestPath(ref string requestPath, ClientHttpResponse response, string wwwroot)
{
var path = requestPath.Substring(1); //Remove slash at beginning
string rqfullPath = null;
try
{
rqfullPath = Path.Combine(wwwroot, path);
}
catch (ArgumentException)
{
// Invalid path, possibly due to some evil stuff trying to XSS or something
response.SendFailure404();
response.OutputStream.WriteLine("404 - The requested resource could not be located.");
throw new DeadRequestException();
}
var finfo = new FileInfo(rqfullPath);
var dinfo = new DirectoryInfo(rqfullPath);
if (dinfo.Exists && !requestPath.EndsWith("/"))
{
// Permanent redirection
response.SendHeader("HTTP/1.1 301 Moved Permanently");
response.SendHeader("Location: " + requestPath + "/");
response.SendEndHeaders();
}
var isDirectory = requestPath.EndsWith("/", StringComparison.CurrentCulture);
if (isDirectory)
requestPath += "index.html";
return false;
}
public void ExecuteScript(string fullPath, Dictionary<string, string> urlParameters,
ClientHttpResponse response, string extension, string mimeType, HTTPMethod method, string postData,
string documentRoot, dynamic serverHandle, ScriptExecutionParameters executionParameters)
{
//Prepare ExaScript
var scriptContents = File.ReadAllText(fullPath);
var scriptDir = Path.GetDirectoryName(fullPath);
var escLauncher = new ExaScriptLauncher();
dynamic escExecutionScope = escLauncher.UnderlyingInstance.Scope;
var escEngine = escLauncher.UnderlyingInstance.Engine;
//Inject variables
//Inject code
if (method == HTTPMethod.Get)
{
escExecutionScope._GET = urlParameters;
escExecutionScope._SERVER = response.RequestHttpHeaders;
escExecutionScope._POST = null;
}
if (method == HTTPMethod.Post)
{
escExecutionScope._GET = null;
escExecutionScope._SERVER = response.RequestHttpHeaders;
escExecutionScope._POST = urlParameters;
escExecutionScope.POST_DATA = postData;
}
//Globals
escExecutionScope.DocumentRoot = documentRoot;
escExecutionScope.__dirname__ = scriptDir;
switch (extension)
{
case ".esc": //Simple executable script
{
//Manipulate Scope
//Send Headers
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: " + mimeType);
response.SendEndHeaders();
escLauncher.LoadCode(scriptContents);
var result = escLauncher.RunCode();
response.OutputStream.WriteLine(result);
break;
}
case ".escx": //Fully-controlled script
{
try
{
//Manipulate Scope
escExecutionScope.response = response;
escExecutionScope.FireHTTPServer = serverHandle;
escExecutionScope._mimeTypeMappings = CommonVariables.MimeTypeMappings;
escExecutionScope.dirSep = _dirSep;
DefineScriptingApi(escExecutionScope); //Add all the API functions
escLauncher.LoadCode(scriptContents);
escLauncher.RunCode();
break;
}
catch (DeadRequestException)
{
throw; //Don't catch these.
}
catch (Exception ex)
{
int level = escExecutionScope.__error_reporting_level;
if (level <= 0) throw;
if (!response.HasFinishedSendingHeaders)
{
//If headers not sent, send default headers.
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: text/plain");
response.SendEndHeaders();
}
response.OutputStream.WriteLine("Error in script execution. Stack trace:");
response.OutputStream.WriteLine(ex.ToString());
break;
}
}
}
}