1 // SPDX-License-Identifier: Apache-2.0 2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3 #pragma once 4 5 #include "app.hpp" 6 #include "async_resp.hpp" 7 #include "forward_unauthorized.hpp" 8 #include "http_request.hpp" 9 #include "http_response.hpp" 10 #include "logging.hpp" 11 #include "str_utility.hpp" 12 #include "webroutes.hpp" 13 14 #include <boost/beast/http/field.hpp> 15 #include <boost/beast/http/status.hpp> 16 #include <boost/container/flat_set.hpp> 17 18 #include <algorithm> 19 #include <array> 20 #include <filesystem> 21 #include <format> 22 #include <memory> 23 #include <string> 24 #include <string_view> 25 #include <system_error> 26 #include <utility> 27 #include <vector> 28 29 namespace crow 30 { 31 namespace webassets 32 { 33 34 inline std::string getStaticEtag(const std::filesystem::path& webpath) 35 { 36 // webpack outputs production chunks in the form: 37 // <filename>.<hash>.<extension> 38 // For example app.63e2c453.css 39 // Try to detect this, so we can use the hash as the ETAG 40 std::vector<std::string> split; 41 bmcweb::split(split, webpath.filename().string(), '.'); 42 if (split.size() < 3) 43 { 44 return ""; 45 } 46 47 // get the second to last element 48 std::string hash = split.rbegin()[1]; 49 50 // Webpack hashes are 8 characters long 51 if (hash.size() != 8) 52 { 53 return ""; 54 } 55 // Webpack hashes only include hex printable characters 56 if (hash.find_first_not_of("0123456789abcdefABCDEF") != std::string::npos) 57 { 58 return ""; 59 } 60 return std::format("\"{}\"", hash); 61 } 62 63 static constexpr std::string_view rootpath("/usr/share/www/"); 64 65 struct StaticFile 66 { 67 std::filesystem::path absolutePath; 68 std::string_view contentType; 69 std::string_view contentEncoding; 70 std::string etag; 71 bool renamed = false; 72 }; 73 74 inline void handleStaticAsset( 75 const crow::Request& req, 76 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, const StaticFile& file) 77 { 78 if (!file.contentType.empty()) 79 { 80 asyncResp->res.addHeader(boost::beast::http::field::content_type, 81 file.contentType); 82 } 83 84 if (!file.contentEncoding.empty()) 85 { 86 asyncResp->res.addHeader(boost::beast::http::field::content_encoding, 87 file.contentEncoding); 88 } 89 90 if (!file.etag.empty()) 91 { 92 asyncResp->res.addHeader(boost::beast::http::field::etag, file.etag); 93 // Don't cache paths that don't have the etag in them, like 94 // index, which gets transformed to / 95 if (!file.renamed) 96 { 97 // Anything with a hash can be cached forever and is 98 // immutable 99 asyncResp->res.addHeader(boost::beast::http::field::cache_control, 100 "max-age=31556926, immutable"); 101 } 102 103 std::string_view cachedEtag = 104 req.getHeaderValue(boost::beast::http::field::if_none_match); 105 if (cachedEtag == file.etag) 106 { 107 asyncResp->res.result(boost::beast::http::status::not_modified); 108 return; 109 } 110 } 111 112 if (asyncResp->res.openFile(file.absolutePath) != crow::OpenCode::Success) 113 { 114 BMCWEB_LOG_DEBUG("failed to read file"); 115 asyncResp->res.result( 116 boost::beast::http::status::internal_server_error); 117 return; 118 } 119 } 120 121 inline std::string_view getFiletypeForExtension(std::string_view extension) 122 { 123 constexpr static std::array<std::pair<std::string_view, std::string_view>, 124 17> 125 contentTypes{ 126 {{".css", "text/css;charset=UTF-8"}, 127 {".eot", "application/vnd.ms-fontobject"}, 128 {".gif", "image/gif"}, 129 {".html", "text/html;charset=UTF-8"}, 130 {".ico", "image/x-icon"}, 131 {".jpeg", "image/jpeg"}, 132 {".jpg", "image/jpeg"}, 133 {".js", "application/javascript;charset=UTF-8"}, 134 {".json", "application/json"}, 135 // dev tools don't care about map type, setting to json causes 136 // browser to show as text 137 // https://stackoverflow.com/questions/19911929/what-mime-type-should-i-use-for-javascript-source-map-files 138 {".map", "application/json"}, 139 {".png", "image/png;charset=UTF-8"}, 140 {".svg", "image/svg+xml"}, 141 {".ttf", "application/x-font-ttf"}, 142 {".woff", "application/x-font-woff"}, 143 {".woff2", "application/x-font-woff2"}, 144 {".xml", "application/xml"}}}; 145 146 const auto* contentType = 147 std::ranges::find_if(contentTypes, [&extension](const auto& val) { 148 return val.first == extension; 149 }); 150 151 if (contentType == contentTypes.end()) 152 { 153 BMCWEB_LOG_ERROR( 154 "Cannot determine content-type for file with extension {}", 155 extension); 156 return ""; 157 } 158 return contentType->second; 159 } 160 161 inline void addFile(App& app, const std::filesystem::directory_entry& dir) 162 { 163 StaticFile file; 164 file.absolutePath = dir.path(); 165 std::filesystem::path relativePath( 166 file.absolutePath.string().substr(rootpath.size() - 1)); 167 168 std::string extension = relativePath.extension(); 169 std::filesystem::path webpath = relativePath; 170 171 if (extension == ".gz") 172 { 173 webpath = webpath.replace_extension(""); 174 // Use the non-gzip version for determining content type 175 extension = webpath.extension().string(); 176 file.contentEncoding = "gzip"; 177 } 178 else if (extension == ".zstd") 179 { 180 webpath = webpath.replace_extension(""); 181 // Use the non-zstd version for determining content type 182 extension = webpath.extension().string(); 183 file.contentEncoding = "zstd"; 184 } 185 186 file.etag = getStaticEtag(webpath); 187 188 if (webpath.filename().string().starts_with("index.")) 189 { 190 webpath = webpath.parent_path(); 191 if (webpath.string().empty() || webpath.string().back() != '/') 192 { 193 // insert the non-directory version of this path 194 webroutes::routes.insert(webpath); 195 webpath += "/"; 196 file.renamed = true; 197 } 198 } 199 200 std::pair<boost::container::flat_set<std::string>::iterator, bool> 201 inserted = webroutes::routes.insert(webpath); 202 203 if (!inserted.second) 204 { 205 // Got a duplicated path. This is expected in certain 206 // situations 207 BMCWEB_LOG_DEBUG("Got duplicated path {}", webpath.string()); 208 return; 209 } 210 file.contentType = getFiletypeForExtension(extension); 211 212 if (webpath == "/") 213 { 214 forward_unauthorized::hasWebuiRoute = true; 215 } 216 217 app.routeDynamic(webpath)( 218 [file = std::move( 219 file)](const crow::Request& req, 220 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 221 handleStaticAsset(req, asyncResp, file); 222 }); 223 } 224 225 inline void requestRoutes(App& app) 226 { 227 std::error_code ec; 228 std::filesystem::recursive_directory_iterator dirIter({rootpath}, ec); 229 if (ec) 230 { 231 BMCWEB_LOG_ERROR( 232 "Unable to find or open {} static file hosting disabled", rootpath); 233 return; 234 } 235 236 // In certain cases, we might have both a gzipped version of the file AND a 237 // non-gzipped version. To avoid duplicated routes, we need to make sure we 238 // get the gzipped version first. Because the gzipped path should be longer 239 // than the non gzipped path, if we sort in descending order, we should be 240 // guaranteed to get the gzip version first. 241 std::vector<std::filesystem::directory_entry> paths( 242 std::filesystem::begin(dirIter), std::filesystem::end(dirIter)); 243 std::sort(paths.rbegin(), paths.rend()); 244 245 for (const std::filesystem::directory_entry& dir : paths) 246 { 247 if (std::filesystem::is_directory(dir)) 248 { 249 // don't recurse into hidden directories or symlinks 250 if (dir.path().filename().string().starts_with(".") || 251 std::filesystem::is_symlink(dir)) 252 { 253 dirIter.disable_recursion_pending(); 254 } 255 } 256 else if (std::filesystem::is_regular_file(dir)) 257 { 258 addFile(app, dir); 259 } 260 } 261 } 262 } // namespace webassets 263 } // namespace crow 264