#include "Globals.h" // NOTE: MSVC stupidness requires this to be the same across all modules #include "WebAdmin.h" #include "Bindings/WebPlugin.h" #include "Bindings/PluginManager.h" #include "Bindings/Plugin.h" #include "World.h" #include "Entities/Player.h" #include "Server.h" #include "Root.h" #include "HTTPServer/HTTPMessage.h" #include "HTTPServer/HTTPServerConnection.h" static const char DEFAULT_WEBADMIN_PORTS[] = "8080"; //////////////////////////////////////////////////////////////////////////////// // cPlayerAccum: /** Helper class - appends all player names together in an HTML list */ class cPlayerAccum : public cPlayerListCallback { virtual bool Item(cPlayer * a_Player) override { m_Contents.append("
  • "); m_Contents.append(a_Player->GetName()); m_Contents.append("
  • "); return false; } public: AString m_Contents; } ; //////////////////////////////////////////////////////////////////////////////// // cWebAdmin: cWebAdmin::cWebAdmin(void) : m_IsInitialized(false), m_IsRunning(false), m_TemplateScript("") { } cWebAdmin::~cWebAdmin() { ASSERT(!m_IsRunning); // Was the HTTP server stopped properly? } void cWebAdmin::AddPlugin(cWebPlugin * a_Plugin) { m_Plugins.remove(a_Plugin); m_Plugins.push_back(a_Plugin); } void cWebAdmin::RemovePlugin(cWebPlugin * a_Plugin) { m_Plugins.remove(a_Plugin); } bool cWebAdmin::Init(void) { if (!m_IniFile.ReadFile("webadmin.ini")) { LOGWARN("Regenerating webadmin.ini, all settings will be reset"); m_IniFile.AddHeaderComment(" This file controls the webadmin feature of Cuberite"); m_IniFile.AddHeaderComment(" Username format: [User:*username*]"); m_IniFile.AddHeaderComment(" Password format: Password=*password*; for example:"); m_IniFile.AddHeaderComment(" [User:admin]"); m_IniFile.AddHeaderComment(" Password=admin"); m_IniFile.SetValue("WebAdmin", "Ports", DEFAULT_WEBADMIN_PORTS); m_IniFile.WriteFile("webadmin.ini"); } if (!m_IniFile.GetValueSetB("WebAdmin", "Enabled", true)) { // WebAdmin is disabled, bail out faking a success return true; } LOGD("Initialising WebAdmin..."); // Initialize the WebAdmin template script and load the file m_TemplateScript.Create(); m_TemplateScript.RegisterAPILibs(); if (!m_TemplateScript.LoadFile(FILE_IO_PREFIX "webadmin/template.lua")) { LOGWARN("Could not load WebAdmin template \"%s\". WebAdmin disabled!", FILE_IO_PREFIX "webadmin/template.lua"); m_TemplateScript.Close(); m_HTTPServer.Stop(); return false; } // Load the login template, provide a fallback default if not found: if (!LoadLoginTemplate()) { LOGWARN("Could not load WebAdmin login template \"%s\", using fallback template.", FILE_IO_PREFIX "webadmin/login_template.html"); // Sets the fallback template: m_LoginTemplate = \ "

    Cuberite WebAdmin

    " \ "
    " \ "
    " \ "" \ "
    " \ "
    "; } // Read the ports to be used: // Note that historically the ports were stored in the "Port" and "PortsIPv6" values m_Ports = ReadUpgradeIniPorts(m_IniFile, "WebAdmin", "Ports", "Port", "PortsIPv6", DEFAULT_WEBADMIN_PORTS); if (!m_HTTPServer.Initialize()) { return false; } m_IsInitialized = true; m_IniFile.WriteFile("webadmin.ini"); return true; } bool cWebAdmin::Start(void) { if (!m_IsInitialized) { // Not initialized return false; } LOGD("Starting WebAdmin..."); m_IsRunning = m_HTTPServer.Start(*this, m_Ports); return m_IsRunning; } void cWebAdmin::Stop(void) { if (!m_IsRunning) { return; } LOGD("Stopping WebAdmin..."); m_HTTPServer.Stop(); m_IsRunning = false; } bool cWebAdmin::LoadLoginTemplate(void) { cFile File(FILE_IO_PREFIX "webadmin/login_template.html", cFile::fmRead); if (!File.IsOpen()) { return false; } AString TemplateContent; if (File.ReadRestOfFile(TemplateContent) == -1) { return false; } m_LoginTemplate = TemplateContent; return true; } void cWebAdmin::HandleWebadminRequest(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request) { if (!a_Request.HasAuth()) { a_Connection.SendNeedAuth("Cuberite WebAdmin"); return; } // Check auth: AString UserPassword = m_IniFile.GetValue("User:" + a_Request.GetAuthUsername(), "Password", ""); if ((UserPassword == "") || (a_Request.GetAuthPassword() != UserPassword)) { a_Connection.SendNeedAuth("Cuberite WebAdmin - bad username or password"); return; } // Check if the contents should be wrapped in the template: AString BareURL = a_Request.GetBareURL(); ASSERT(BareURL.length() > 0); bool ShouldWrapInTemplate = ((BareURL.length() > 1) && (BareURL[1] != '~')); // Retrieve the request data: cWebadminRequestData * Data = reinterpret_cast(a_Request.GetUserData()); if (Data == nullptr) { a_Connection.SendStatusAndReason(500, "Bad UserData"); return; } // Wrap it all up for the Lua call: AString Template; HTTPTemplateRequest TemplateRequest; TemplateRequest.Request.URL = a_Request.GetURL(); TemplateRequest.Request.Username = a_Request.GetAuthUsername(); TemplateRequest.Request.Method = a_Request.GetMethod(); TemplateRequest.Request.Path = BareURL.substr(1); if (Data->m_Form.Finish()) { for (cHTTPFormParser::const_iterator itr = Data->m_Form.begin(), end = Data->m_Form.end(); itr != end; ++itr) { HTTPFormData HTTPfd; HTTPfd.Value = itr->second; HTTPfd.Type = ""; HTTPfd.Name = itr->first; TemplateRequest.Request.FormData[itr->first] = HTTPfd; TemplateRequest.Request.PostParams[itr->first] = itr->second; } // for itr - Data->m_Form[] // Parse the URL into individual params: const AString & URL = a_Request.GetURL(); size_t idxQM = URL.find('?'); if (idxQM != AString::npos) { cHTTPFormParser URLParams(cHTTPFormParser::fpkURL, URL.c_str() + idxQM + 1, URL.length() - idxQM - 1, *Data); URLParams.Finish(); for (cHTTPFormParser::const_iterator itr = URLParams.begin(), end = URLParams.end(); itr != end; ++itr) { TemplateRequest.Request.Params[itr->first] = itr->second; } // for itr - URLParams[] } } // Try to get the template from the Lua template script if (ShouldWrapInTemplate) { if (m_TemplateScript.Call("ShowPage", this, &TemplateRequest, cLuaState::Return, Template)) { cHTTPResponse Resp; Resp.SetContentType("text/html"); a_Connection.Send(Resp); a_Connection.Send(Template.c_str(), Template.length()); return; } a_Connection.SendStatusAndReason(500, "m_TemplateScript failed"); return; } AString BaseURL = GetBaseURL(BareURL); AString Menu; Template = "{CONTENT}"; AString FoundPlugin; for (PluginList::iterator itr = m_Plugins.begin(); itr != m_Plugins.end(); ++itr) { cWebPlugin * WebPlugin = *itr; std::list< std::pair > NameList = WebPlugin->GetTabNames(); for (std::list< std::pair >::iterator Names = NameList.begin(); Names != NameList.end(); ++Names) { Menu += "
  • " + (*Names).first + "
  • "; } } sWebAdminPage Page = GetPage(TemplateRequest.Request); AString Content = Page.Content; FoundPlugin = Page.PluginName; if (!Page.TabName.empty()) { FoundPlugin += " - " + Page.TabName; } if (FoundPlugin.empty()) // Default page { Content = GetDefaultPage(); } int MemUsageKiB = cRoot::GetPhysicalRAMUsage(); if (MemUsageKiB > 0) { ReplaceString(Template, "{MEM}", Printf("%.02f", static_cast(MemUsageKiB) / 1024)); ReplaceString(Template, "{MEMKIB}", Printf("%d", MemUsageKiB)); } else { ReplaceString(Template, "{MEM}", "unknown"); ReplaceString(Template, "{MEMKIB}", "unknown"); } ReplaceString(Template, "{USERNAME}", a_Request.GetAuthUsername()); ReplaceString(Template, "{MENU}", Menu); ReplaceString(Template, "{PLUGIN_NAME}", FoundPlugin); ReplaceString(Template, "{CONTENT}", Content); ReplaceString(Template, "{TITLE}", "Cuberite"); AString NumChunks; Printf(NumChunks, "%d", cRoot::Get()->GetTotalChunkCount()); ReplaceString(Template, "{NUMCHUNKS}", NumChunks); cHTTPResponse Resp; Resp.SetContentType("text/html"); a_Connection.Send(Resp); a_Connection.Send(Template.c_str(), Template.length()); } void cWebAdmin::HandleRootRequest(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request) { UNUSED(a_Request); cHTTPResponse Resp; Resp.SetContentType("text/html"); a_Connection.Send(Resp); a_Connection.Send(m_LoginTemplate); a_Connection.FinishResponse(); } void cWebAdmin::HandleFileRequest(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request) { AString FileURL = a_Request.GetURL(); std::replace(FileURL.begin(), FileURL.end(), '\\', '/'); // Remove all leading backslashes: if (FileURL[0] == '/') { size_t FirstCharToRead = FileURL.find_first_not_of('/'); if (FirstCharToRead != AString::npos) { FileURL = FileURL.substr(FirstCharToRead); } } // Remove all "../" strings: ReplaceString(FileURL, "../", ""); bool LoadedSuccessfull = false; AString Content = "

    404 Not Found

    "; AString Path = Printf(FILE_IO_PREFIX "webadmin/files/%s", FileURL.c_str()); if (cFile::IsFile(Path)) { cFile File(Path, cFile::fmRead); AString FileContent; if (File.IsOpen() && (File.ReadRestOfFile(FileContent) != -1)) { LoadedSuccessfull = true; Content = FileContent; } } // Find content type (The currently method is very bad. We should change it later) AString ContentType = "text/html"; size_t LastPointPosition = Path.find_last_of('.'); if (LoadedSuccessfull && (LastPointPosition != AString::npos) && (LastPointPosition < Path.length())) { AString FileExtension = Path.substr(LastPointPosition + 1); ContentType = GetContentTypeFromFileExt(FileExtension); } // Send the response: cHTTPResponse Resp; Resp.SetContentType(ContentType); a_Connection.Send(Resp); a_Connection.Send(Content); a_Connection.FinishResponse(); } AString cWebAdmin::GetContentTypeFromFileExt(const AString & a_FileExtension) { static bool IsInitialized = false; static std::map ContentTypeMap; if (!IsInitialized) { // Initialize the ContentTypeMap: ContentTypeMap["png"] = "image/png"; ContentTypeMap["fif"] = "image/fif"; ContentTypeMap["gif"] = "image/gif"; ContentTypeMap["jpeg"] = "image/jpeg"; ContentTypeMap["jpg"] = "image/jpeg"; ContentTypeMap["jpe"] = "image/jpeg"; ContentTypeMap["tiff"] = "image/tiff"; ContentTypeMap["ico"] = "image/ico"; ContentTypeMap["csv"] = "image/comma-separated-values"; ContentTypeMap["css"] = "text/css"; ContentTypeMap["js"] = "text/javascript"; ContentTypeMap["txt"] = "text/plain"; ContentTypeMap["rtx"] = "text/richtext"; ContentTypeMap["xml"] = "text/xml"; } AString FileExtension = StrToLower(a_FileExtension); if (ContentTypeMap.find(a_FileExtension) == ContentTypeMap.end()) { return "text/html"; } return ContentTypeMap[FileExtension]; } sWebAdminPage cWebAdmin::GetPage(const HTTPRequest & a_Request) { sWebAdminPage Page; AStringVector Split = StringSplit(a_Request.Path, "/"); // Find the plugin that corresponds to the requested path AString FoundPlugin; if (Split.size() > 1) { for (PluginList::iterator itr = m_Plugins.begin(); itr != m_Plugins.end(); ++itr) { if ((*itr)->GetWebTitle() == Split[1]) { Page.Content = (*itr)->HandleWebRequest(a_Request); cWebPlugin * WebPlugin = *itr; FoundPlugin = WebPlugin->GetWebTitle(); AString TabName = WebPlugin->GetTabNameForRequest(a_Request).first; Page.PluginName = FoundPlugin; Page.TabName = TabName; break; } } } // Return the page contents return Page; } AString cWebAdmin::GetDefaultPage(void) { AString Content; Content += "

    Server Name:

    "; Content += "

    " + AString( cRoot::Get()->GetServer()->GetServerID()) + "

    "; // Display a list of all plugins: Content += "

    Plugins:

      "; struct cPluginCallback: public cPluginManager::cPluginCallback { AString & m_Content; cPluginCallback(AString & a_Content): m_Content(a_Content) { } virtual bool Item(cPlugin * a_Plugin) override { if (a_Plugin->IsLoaded()) { AppendPrintf(m_Content, "
    • %s V.%i
    • ", a_Plugin->GetName().c_str(), a_Plugin->GetVersion()); } return false; } } Callback(Content); cPluginManager::Get()->ForEachPlugin(Callback); Content += "
    "; // Display a list of all players: Content += "

    Players:

      "; cPlayerAccum PlayerAccum; cWorld * World = cRoot::Get()->GetDefaultWorld(); // TODO - Create a list of worlds and players if (World != nullptr) { World->ForEachPlayer(PlayerAccum); Content.append(PlayerAccum.m_Contents); } Content += "

    "; return Content; } AString cWebAdmin::GetBaseURL(const AString & a_URL) { return GetBaseURL(StringSplit(a_URL, "/")); } AString cWebAdmin::GetHTMLEscapedString(const AString & a_Input) { AString dst; dst.reserve(a_Input.length()); // Loop over input and substitute HTML characters for their alternatives: size_t len = a_Input.length(); for (size_t i = 0; i < len; i++) { switch (a_Input[i]) { case '&': dst.append("&"); break; case '\'': dst.append("'"); break; case '"': dst.append("""); break; case '<': dst.append("<"); break; case '>': dst.append(">"); break; default: { dst.push_back(a_Input[i]); break; } } // switch (a_Input[i]) } // for i - a_Input[] return dst; } AString cWebAdmin::GetURLEncodedString(const AString & a_Input) { // Translation table from nibble to hex: static const char Hex[] = "0123456789abcdef"; // Preallocate the output to match input: AString dst; size_t len = a_Input.length(); dst.reserve(len); // Loop over input and substitute whatever is needed: for (size_t i = 0; i < len; i++) { char ch = a_Input[i]; if (isalnum(ch) || (ch == '-') || (ch == '_') || (ch == '.') || (ch == '~')) { dst.push_back(ch); } else { dst.push_back('%'); dst.push_back(Hex[(ch >> 4) & 0x0f]); dst.push_back(Hex[ch & 0x0f]); } } // for i - a_Input[] return dst; } AString cWebAdmin::GetBaseURL(const AStringVector & a_URLSplit) { AString BaseURL = "./"; if (a_URLSplit.size() > 1) { for (unsigned int i = 0; i < a_URLSplit.size(); i++) { BaseURL += "../"; } BaseURL += "webadmin/"; } return BaseURL; } void cWebAdmin::OnRequestBegun(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request) { UNUSED(a_Connection); const AString & URL = a_Request.GetURL(); if ( (strncmp(URL.c_str(), "/webadmin", 9) == 0) || (strncmp(URL.c_str(), "/~webadmin", 10) == 0) ) { a_Request.SetUserData(new cWebadminRequestData(a_Request)); return; } if (URL == "/") { // The root needs no body handler and is fully handled in the OnRequestFinished() call return; } // TODO: Handle other requests } void cWebAdmin::OnRequestBody(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request, const char * a_Data, size_t a_Size) { UNUSED(a_Connection); cRequestData * Data = reinterpret_cast(a_Request.GetUserData()); if (Data == nullptr) { return; } Data->OnBody(a_Data, a_Size); } void cWebAdmin::OnRequestFinished(cHTTPServerConnection & a_Connection, cHTTPRequest & a_Request) { const AString & URL = a_Request.GetURL(); if ( (strncmp(URL.c_str(), "/webadmin", 9) == 0) || (strncmp(URL.c_str(), "/~webadmin", 10) == 0) ) { HandleWebadminRequest(a_Connection, a_Request); } else if (URL == "/") { // The root needs no body handler and is fully handled in the OnRequestFinished() call HandleRootRequest(a_Connection, a_Request); } else { HandleFileRequest(a_Connection, a_Request); } // Delete any request data assigned to the request: cRequestData * Data = reinterpret_cast(a_Request.GetUserData()); delete Data; Data = nullptr; } //////////////////////////////////////////////////////////////////////////////// // cWebAdmin::cWebadminRequestData void cWebAdmin::cWebadminRequestData::OnBody(const char * a_Data, size_t a_Size) { m_Form.Parse(a_Data, a_Size); }