1 // SPDX-License-Identifier: Apache-2.0 2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3 #pragma once 4 5 #include "app.hpp" 6 #include "async_resp.hpp" 7 #include "forward_unauthorized.hpp" 8 #include "http_body.hpp" 9 #include "http_request.hpp" 10 #include "http_response.hpp" 11 #include "logging.hpp" 12 #include "str_utility.hpp" 13 #include "webroutes.hpp" 14 15 #include <boost/beast/http/field.hpp> 16 #include <boost/beast/http/status.hpp> 17 #include <boost/container/flat_set.hpp> 18 19 #include <algorithm> 20 #include <array> 21 #include <filesystem> 22 #include <format> 23 #include <memory> 24 #include <string> 25 #include <string_view> 26 #include <system_error> 27 #include <utility> 28 #include <vector> 29 30 namespace crow 31 { 32 namespace webassets 33 { 34 35 inline std::string getStaticEtag(const std::filesystem::path& webpath) 36 { 37 // webpack outputs production chunks in the form: 38 // <filename>.<hash>.<extension> 39 // For example app.63e2c453.css 40 // Try to detect this, so we can use the hash as the ETAG 41 std::vector<std::string> split; 42 bmcweb::split(split, webpath.filename().string(), '.'); 43 if (split.size() < 3) 44 { 45 return ""; 46 } 47 48 // get the second to last element 49 std::string hash = split.rbegin()[1]; 50 51 // Webpack hashes are 8 characters long 52 if (hash.size() != 8) 53 { 54 return ""; 55 } 56 // Webpack hashes only include hex printable characters 57 if (hash.find_first_not_of("0123456789abcdefABCDEF") != std::string::npos) 58 { 59 return ""; 60 } 61 return std::format("\"{}\"", hash); 62 } 63 64 static constexpr std::string_view rootpath("/usr/share/www/"); 65 66 struct StaticFile 67 { 68 std::filesystem::path absolutePath; 69 std::string_view contentType; 70 std::string_view contentEncoding; 71 std::string etag; 72 bmcweb::CompressionType onDiskComp = bmcweb::CompressionType::Raw; 73 bool renamed = false; 74 }; 75 76 inline void handleStaticAsset( 77 const crow::Request& req, 78 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, const StaticFile& file) 79 { 80 if (!file.contentType.empty()) 81 { 82 asyncResp->res.addHeader(boost::beast::http::field::content_type, 83 file.contentType); 84 } 85 86 if (!file.contentEncoding.empty()) 87 { 88 asyncResp->res.addHeader(boost::beast::http::field::content_encoding, 89 file.contentEncoding); 90 } 91 92 if (!file.etag.empty()) 93 { 94 asyncResp->res.addHeader(boost::beast::http::field::etag, file.etag); 95 // Don't cache paths that don't have the etag in them, like 96 // index, which gets transformed to / 97 if (!file.renamed) 98 { 99 // Anything with a hash can be cached forever and is 100 // immutable 101 asyncResp->res.addHeader(boost::beast::http::field::cache_control, 102 "max-age=31556926, immutable"); 103 } 104 105 std::string_view cachedEtag = 106 req.getHeaderValue(boost::beast::http::field::if_none_match); 107 if (cachedEtag == file.etag) 108 { 109 asyncResp->res.result(boost::beast::http::status::not_modified); 110 return; 111 } 112 } 113 114 if (asyncResp->res.openFile(file.absolutePath, bmcweb::EncodingType::Raw, 115 file.onDiskComp) != crow::OpenCode::Success) 116 { 117 BMCWEB_LOG_DEBUG("failed to read file"); 118 asyncResp->res.result( 119 boost::beast::http::status::internal_server_error); 120 return; 121 } 122 } 123 124 inline std::string_view getFiletypeForExtension(std::string_view extension) 125 { 126 constexpr static std::array<std::pair<std::string_view, std::string_view>, 127 17> 128 contentTypes{ 129 {{".css", "text/css;charset=UTF-8"}, 130 {".eot", "application/vnd.ms-fontobject"}, 131 {".gif", "image/gif"}, 132 {".html", "text/html;charset=UTF-8"}, 133 {".ico", "image/x-icon"}, 134 {".jpeg", "image/jpeg"}, 135 {".jpg", "image/jpeg"}, 136 {".js", "application/javascript;charset=UTF-8"}, 137 {".json", "application/json"}, 138 // dev tools don't care about map type, setting to json causes 139 // browser to show as text 140 // https://stackoverflow.com/questions/19911929/what-mime-type-should-i-use-for-javascript-source-map-files 141 {".map", "application/json"}, 142 {".png", "image/png;charset=UTF-8"}, 143 {".svg", "image/svg+xml"}, 144 {".ttf", "application/x-font-ttf"}, 145 {".woff", "application/x-font-woff"}, 146 {".woff2", "application/x-font-woff2"}, 147 {".xml", "application/xml"}}}; 148 149 const auto* contentType = 150 std::ranges::find_if(contentTypes, [&extension](const auto& val) { 151 return val.first == extension; 152 }); 153 154 if (contentType == contentTypes.end()) 155 { 156 BMCWEB_LOG_ERROR( 157 "Cannot determine content-type for file with extension {}", 158 extension); 159 return ""; 160 } 161 return contentType->second; 162 } 163 164 inline void addFile(App& app, const std::filesystem::directory_entry& dir) 165 { 166 StaticFile file; 167 file.absolutePath = dir.path(); 168 std::filesystem::path relativePath( 169 file.absolutePath.string().substr(rootpath.size() - 1)); 170 171 std::string extension = relativePath.extension(); 172 std::filesystem::path webpath = relativePath; 173 174 if (extension == ".gz") 175 { 176 webpath = webpath.replace_extension(""); 177 // Use the non-gzip version for determining content type 178 extension = webpath.extension().string(); 179 file.contentEncoding = "gzip"; 180 file.onDiskComp = bmcweb::CompressionType::Gzip; 181 } 182 else if (extension == ".zstd") 183 { 184 webpath = webpath.replace_extension(""); 185 // Use the non-zstd version for determining content type 186 extension = webpath.extension().string(); 187 file.contentEncoding = "zstd"; 188 file.onDiskComp = bmcweb::CompressionType::Zstd; 189 } 190 191 file.etag = getStaticEtag(webpath); 192 193 if (webpath.filename().string().starts_with("index.")) 194 { 195 webpath = webpath.parent_path(); 196 if (webpath.string().empty() || webpath.string().back() != '/') 197 { 198 // insert the non-directory version of this path 199 webroutes::routes.insert(webpath); 200 webpath += "/"; 201 file.renamed = true; 202 } 203 } 204 205 std::pair<boost::container::flat_set<std::string>::iterator, bool> 206 inserted = webroutes::routes.insert(webpath); 207 208 if (!inserted.second) 209 { 210 // Got a duplicated path. This is expected in certain 211 // situations 212 BMCWEB_LOG_DEBUG("Got duplicated path {}", webpath.string()); 213 return; 214 } 215 file.contentType = getFiletypeForExtension(extension); 216 217 if (webpath == "/") 218 { 219 forward_unauthorized::hasWebuiRoute() = true; 220 } 221 222 app.routeDynamic(webpath)( 223 [file = std::move( 224 file)](const crow::Request& req, 225 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { 226 handleStaticAsset(req, asyncResp, file); 227 }); 228 } 229 230 inline void requestRoutes(App& app) 231 { 232 std::error_code ec; 233 std::filesystem::recursive_directory_iterator dirIter({rootpath}, ec); 234 if (ec) 235 { 236 BMCWEB_LOG_ERROR( 237 "Unable to find or open {} static file hosting disabled", rootpath); 238 return; 239 } 240 241 // In certain cases, we might have both a gzipped version of the file AND a 242 // non-gzipped version. To avoid duplicated routes, we need to make sure we 243 // get the gzipped version first. Because the gzipped path should be longer 244 // than the non gzipped path, if we sort in descending order, we should be 245 // guaranteed to get the gzip version first. 246 std::vector<std::filesystem::directory_entry> paths( 247 std::filesystem::begin(dirIter), std::filesystem::end(dirIter)); 248 std::sort(paths.rbegin(), paths.rend()); 249 250 for (const std::filesystem::directory_entry& dir : paths) 251 { 252 if (std::filesystem::is_directory(dir)) 253 { 254 // don't recurse into hidden directories or symlinks 255 if (dir.path().filename().string().starts_with(".") || 256 std::filesystem::is_symlink(dir)) 257 { 258 dirIter.disable_recursion_pending(); 259 } 260 } 261 else if (std::filesystem::is_regular_file(dir)) 262 { 263 addFile(app, dir); 264 } 265 } 266 } 267 } // namespace webassets 268 } // namespace crow 269