// Copyright (c) 2019-2022 Alexander Medvednikov. All rights reserved. // Use of this source code is governed by an MIT license // that can be found in the LICENSE file. module web import os import io import net import net.http import net.urllib import time import json import log import metrics // The Context struct represents the Context which hold the HTTP request and response. // It has fields for the query, form, files. pub struct Context { pub: // HTTP Request req http.Request // API key used when authenticating requests api_key string // TODO Response pub mut: // TCP connection to client. // But beware, do not store it for further use, after request processing web will close connection. conn &net.TcpConn = unsafe { nil } // Gives access to a shared logger object logger shared log.Log // Used to collect metrics on the web server collector &metrics.MetricsCollector // time.ticks() from start of web connection handle. // You can use it to determine how much time is spent on your request. page_gen_start i64 // REQUEST static_files map[string]string static_mime_types map[string]string // Map containing query params for the route. // Example: `http://localhost:3000/index?q=vpm&order_by=desc => { 'q': 'vpm', 'order_by': 'desc' } query map[string]string // Multipart-form fields. form map[string]string // Files from multipart-form. files map[string][]http.FileData // Allows reading the request body reader &io.BufferedReader = unsafe { nil } // RESPONSE status http.Status = http.Status.ok content_type string = 'text/plain' // response headers header http.Header } struct FileData { pub: filename string content_type string data string } struct Route { methods []http.Method path string } // Defining this method is optional. // before_request is called before every request (aka middleware). // Probably you can use it for check user session cookie or add header. pub fn (ctx Context) before_request() {} // send_string writes the given string to the TCP connection socket. fn (mut ctx Context) send_string(s string) ! { ctx.conn.write(s.bytes())! } // send_reader reads at most `size` bytes from the given reader & writes them // to the TCP connection socket. Internally, a 10KB buffer is used, to avoid // having to store all bytes in memory at once. fn (mut ctx Context) send_reader(mut reader io.Reader, size u64) ! { mut buf := []u8{len: 10_000} mut bytes_left := size // Repeat as long as the stream still has data for bytes_left > 0 { bytes_read := reader.read(mut buf)! bytes_left -= u64(bytes_read) mut to_write := bytes_read for to_write > 0 { bytes_written := ctx.conn.write(buf[bytes_read - to_write..bytes_read]) or { break } to_write = to_write - bytes_written } } } // send_custom_response sends the given http.Response to the client. It can be // used to overwrite the Context object & send a completely custom // http.Response instead. fn (mut ctx Context) send_custom_response(resp &http.Response) ! { ctx.send_string(resp.bytestr())! } // send_response_header constructs a valid HTTP response with an empty body & // sends it to the client. pub fn (mut ctx Context) send_response_header() ! { mut resp := http.new_response( header: ctx.header.join(headers_close) ) resp.header.add(.content_type, ctx.content_type) resp.set_status(ctx.status) ctx.send_custom_response(resp)! } // send is a convenience function for sending the HTTP response with an empty // body. pub fn (mut ctx Context) send() bool { return ctx.send_response('') } // send_response constructs the resulting HTTP response with the given body // string & sends it to the client. pub fn (mut ctx Context) send_response(res string) bool { ctx.send_response_header() or { return false } ctx.send_string(res) or { return false } return true } // send_reader_response constructs the resulting HTTP response with the given // body & streams the reader's contents to the client. pub fn (mut ctx Context) send_reader_response(mut reader io.Reader, size u64) bool { ctx.send_response_header() or { return false } ctx.send_reader(mut reader, size) or { return false } return true } // is_authenticated checks whether the request passes a correct API key. pub fn (ctx &Context) is_authenticated() bool { if provided_key := ctx.req.header.get_custom('X-Api-Key') { return provided_key == ctx.api_key } return false } // body sends the given body as an HTTP response. pub fn (mut ctx Context) body(status http.Status, content_type string, body string) Result { ctx.status = status ctx.content_type = content_type ctx.send_response(body) return Result{} } // json[T] HTTP_OK with json_s as payload with content-type `application/json` pub fn (mut ctx Context) json[T](status http.Status, j T) Result { ctx.status = status ctx.content_type = 'application/json' json_s := json.encode(j) ctx.send_response(json_s) return Result{} } // file Response HTTP_OK with file as payload // This function manually implements responses because it needs to stream the file contents pub fn (mut ctx Context) file(f_path string) Result { // If the file doesn't exist, just respond with a 404 if !os.is_file(f_path) { ctx.status = .not_found ctx.send() return Result{} } ctx.header.add(.accept_ranges, 'bytes') file_size := os.file_size(f_path) ctx.header.add(http.CommonHeader.content_length, file_size.str()) // A HEAD request only returns the size of the file. if ctx.req.method == .head { ctx.send() return Result{} } mut file := os.open(f_path) or { eprintln(err.msg()) ctx.server_error(500) return Result{} } defer { file.close() } // Currently, this only supports a single provided range, e.g. // bytes=0-1023, and not multiple ranges, e.g. bytes=0-50, 100-150 if range_str := ctx.req.header.get(.range) { mut parts := range_str.split_nth('=', 2) // We only support the 'bytes' range type if parts[0] != 'bytes' { ctx.status = .requested_range_not_satisfiable ctx.header.delete(.content_length) ctx.send() return Result{} } parts = parts[1].split_nth('-', 2) start := parts[0].i64() end := if parts[1] == '' { file_size - 1 } else { parts[1].u64() } // Either the actual number 0 or the result of an invalid integer if end == 0 { ctx.status = .requested_range_not_satisfiable ctx.header.delete(.content_length) ctx.send() return Result{} } // Move cursor to start of data to read file.seek(start, .start) or { ctx.server_error(500) return Result{} } length := end - u64(start) + 1 ctx.status = .partial_content ctx.header.set(.content_length, length.str()) ctx.send_reader_response(mut file, length) } else { ctx.send_reader_response(mut file, file_size) } return Result{} } // status responds with an empty textual response, essentially only returning // the given status code. pub fn (mut ctx Context) status(status http.Status) Result { ctx.status = status ctx.send() return Result{} } // server_error Response a server error pub fn (mut ctx Context) server_error(ecode int) Result { ctx.send_custom_response(http_500) or {} return Result{} } // redirect Redirect to an url pub fn (mut ctx Context) redirect(url string) Result { mut resp := http_302 resp.header = resp.header.join(ctx.header) resp.header.add(.location, url) ctx.send_custom_response(resp) or {} return Result{} } interface DbInterface { db voidptr } // run runs the app [manualfree] pub fn run[T](global_app &T, port int) { mut l := net.listen_tcp(.ip6, ':${port}') or { panic('failed to listen ${err.code()} ${err}') } // Parsing methods attributes mut routes := map[string]Route{} $for method in T.methods { http_methods, route_path := parse_attrs(method.name, method.attrs) or { eprintln('error parsing method attributes: ${err}') return } routes[method.name] = Route{ methods: http_methods path: route_path } } println('[Vweb] Running app on http://localhost:${port}') for { // Create a new app object for each connection, copy global data like db connections mut request_app := &T{} $if T is DbInterface { request_app.db = global_app.db } $else { // println('web no db') } $for field in T.fields { if 'web_global' in field.attrs || field.is_shared { request_app.$(field.name) = global_app.$(field.name) } } request_app.Context = global_app.Context // copy the context ref that contains static files map etc mut conn := l.accept() or { // failures should not panic eprintln('accept() failed with error: ${err.msg()}') continue } spawn handle_conn[T](mut conn, mut request_app, routes) } } // handle_conn handles a connection [manualfree] fn handle_conn[T](mut conn net.TcpConn, mut app T, routes map[string]Route) { conn.set_read_timeout(30 * time.second) conn.set_write_timeout(30 * time.second) defer { conn.close() or {} lock app.logger { app.logger.flush() } // Record how long request took to process path := urllib.parse(app.req.url) or { urllib.URL{} }.path labels := [ ['method', app.req.method.str()]!, ['path', path]!, // Not all methods properly set this value yet I think ['status', app.status.int().str()]!, ] app.collector.counter_increment(name: 'http_requests_total', labels: labels) // Prometheus prefers metrics containing base units, as defined here // https://prometheus.io/docs/practices/naming/ app.collector.histogram_record(f64(time.ticks() - app.page_gen_start) / 1000, name: 'http_requests_duration_seconds' labels: labels ) unsafe { free(app) } } mut reader := io.new_buffered_reader(reader: conn) defer { reader.free() } page_gen_start := time.ticks() // Request parse head := http.parse_request_head(mut reader) or { // Prevents errors from being thrown when BufferedReader is empty if '${err}' != 'none' { eprintln('error parsing request head: ${err}') } return } // The healthcheck spams the logs, which isn't very useful if head.url != '/health' { lock app.logger { app.logger.debug('${head.method} ${head.url} ${head.version}') } } // req := http.parse_request(mut reader) or { // // Prevents errors from being thrown when BufferedReader is empty // if '$err' != 'none' { // eprintln('error parsing request: $err') // } // return // } // URL Parse url := urllib.parse(head.url) or { eprintln('error parsing path: ${err}') return } // Query parse query := parse_query_from_url(url) url_words := url.path.split('/').filter(it != '') // TODO re-add form parsing // Form parse // form, files := parse_form_from_request(req) or { // // Bad request // conn.write(web.http_400.bytes()) or {} // return // } app.Context = Context{ req: head page_gen_start: page_gen_start conn: conn query: query // form: form // files: files static_files: app.static_files static_mime_types: app.static_mime_types reader: reader logger: app.logger collector: app.collector api_key: app.api_key } // Calling middleware... app.before_request() // Route matching $for method in T.methods { $if method.return_type is Result { route := routes[method.name] or { eprintln('parsed attributes for the `${method.name}` are not found, skipping...') Route{} } // Skip if the HTTP request method does not match the attributes if head.method in route.methods { // Used for route matching route_words := route.path.split('/').filter(it != '') // Route immediate matches & index files first // For example URL `/register` matches route `/:user`, but `fn register()` // should be called first. if (!route.path.contains('/:') && url_words == route_words) || (url_words.len == 0 && route_words == ['index'] && method.name == 'index') { // Check whether the request is authorised if 'auth' in method.attrs && !app.is_authenticated() { conn.write(http_401.bytes()) or {} return } // We found a match app.$method() return } else if params := route_matches(url_words, route_words) { // Check whether the request is authorised if 'auth' in method.attrs && !app.is_authenticated() { conn.write(http_401.bytes()) or {} return } method_args := params.clone() if method_args.len != method.args.len { eprintln('warning: uneven parameters count (${method.args.len}) in `${method.name}`, compared to the web route `${method.attrs}` (${method_args.len})') } app.$method(method_args) return } } } } // Route not found conn.write(http_404.bytes()) or {} } // route_matches returns wether a route matches fn route_matches(url_words []string, route_words []string) ?[]string { // URL path should be at least as long as the route path // except for the catchall route (`/:path...`) if route_words.len == 1 && route_words[0].starts_with(':') && route_words[0].ends_with('...') { return ['/' + url_words.join('/')] } if url_words.len < route_words.len { return none } mut params := []string{cap: url_words.len} if url_words.len == route_words.len { for i in 0 .. url_words.len { if route_words[i].starts_with(':') { // We found a path paramater params << url_words[i] } else if route_words[i] != url_words[i] { // This url does not match the route return none } } return params } // The last route can end with ... indicating an array if route_words.len == 0 || !route_words[route_words.len - 1].ends_with('...') { return none } for i in 0 .. route_words.len - 1 { if route_words[i].starts_with(':') { // We found a path paramater params << url_words[i] } else if route_words[i] != url_words[i] { // This url does not match the route return none } } params << url_words[route_words.len - 1..url_words.len].join('/') return params } // filter Do not delete. // It used by `vlib/v/gen/c/str_intp.v:130` for string interpolation inside web templates // TODO: move it to template render fn filter(s string) string { return s.replace_each([ '<', '<', '"', '"', '&', '&', ]) }