diff options
Diffstat (limited to 'src/cowboy_static.erl')
-rw-r--r-- | src/cowboy_static.erl | 524 |
1 files changed, 524 insertions, 0 deletions
diff --git a/src/cowboy_static.erl b/src/cowboy_static.erl new file mode 100644 index 0000000..7a84939 --- /dev/null +++ b/src/cowboy_static.erl @@ -0,0 +1,524 @@ +%% Copyright (c) 2011, Magnus Klaar <[email protected]> +%% +%% Permission to use, copy, modify, and/or distribute this software for any +%% purpose with or without fee is hereby granted, provided that the above +%% copyright notice and this permission notice appear in all copies. +%% +%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +%% @doc Static resource handler. +%% +%% This built in HTTP handler provides a simple file serving capability for +%% cowboy applications. It should be considered an experimental feature because +%% of it's dependency on the experimental REST handler. It's recommended to be +%% used for small or temporary environments where it is not preferrable to set +%% up a second server just to serve files. +%% +%% If this handler is used the Erlang node running the cowboy application must +%% be configured to use an async thread pool. This is configured by adding the +%% `+A $POOL_SIZE' argument to the `erl' command used to start the node. See +%% <a href="http://erlang.org/pipermail/erlang-bugs/2012-January/002720.html"> +%% this reply</a> from the OTP team to erlang-bugs +%% +%% == Base configuration == +%% +%% The handler must be configured with a request path prefix to serve files +%% under and the path to a directory to read files from. The request path prefix +%% is defined in the path pattern of the cowboy dispatch rule for the handler. +%% The request path pattern must end with a `...' token. +%% The directory path can be set to either an absolute or relative path in the +%% form of a list or binary string representation of a file system path. A list +%% of binary path segments, as is used throughout cowboy, is also a valid +%% directory path. +%% +%% The directory path can also be set to a relative path within the `priv/' +%% directory of an application. This is configured by setting the value of the +%% directory option to a tuple of the form `{priv_dir, Application, Relpath}'. +%% +%% ==== Examples ==== +%% ``` +%% %% Serve files from /var/www/ under http://example.com/static/ +%% {[<<"static">>, '...'], cowboy_static, +%% [{directory, "/var/www"}]} +%% +%% %% Serve files from the current working directory under http://example.com/static/ +%% {[<<"static">>, '...'], cowboy_static, +%% [{directory, <<"./">>}]} +%% +%% %% Serve files from cowboy/priv/www under http://example.com/ +%% {['...'], cowboy_static, +%% [{directory, {priv_dir, cowboy, [<<"www">>]}}]} +%% ''' +%% +%% == Content type configuration == +%% +%% By default the content type of all static resources will be set to +%% `application/octet-stream'. This can be overriden by supplying a list +%% of filename extension to mimetypes pairs in the `mimetypes' option. +%% The filename extension should be a binary string including the leading dot. +%% The mimetypes must be of a type that the `cowboy_rest' protocol can +%% handle. +%% +%% The <a href="https://github.com/spawngrid/mimetypes">spawngrid/mimetypes</a> +%% application, or an arbitrary function accepting the path to the file being +%% served, can also be used to generate the list of content types for a static +%% file resource. The function used must accept an additional argument after +%% the file path argument. +%% +%% ==== Example ==== +%% ``` +%% %% Use a static list of content types. +%% {[<<"static">>, '...'], cowboy_static, +%% [{directory, {priv_dir, cowboy, []}}, +%% {mimetypes, [ +%% {<<".css">>, [<<"text/css">>]}, +%% {<<".js">>, [<<"application/javascript">>]}]}]} +%% +%% %% Use the default database in the mimetypes application. +%% {[<<"static">>, '...', cowboy_static, +%% [{directory, {priv_dir, cowboy, []}}, +%% {mimetypes, {fun mimetypes:path_to_mimes/2, default}}]]} +%% ''' +%% +%% == ETag Header Function == +%% +%% The default behaviour of the static file handler is to not generate ETag +%% headers. This is because generating ETag headers based on file metadata +%% causes different servers in a cluster to generate different ETag values for +%% the same file unless the metadata is also synced. Generating strong ETags +%% based on the contents of a file is currently out of scope for this module. +%% +%% The default behaviour can be overridden to generate an ETag header based on +%% a combination of the file path, file size, inode and mtime values. If the +%% option value is a non-empty list of attribute names tagged with `attributes' +%% a hex encoded checksum of each attribute specified is included in the value +%% of the the ETag header. If the list of attribute names is empty no ETag +%% header is generated. +%% +%% If a strong ETag is required a user defined function for generating the +%% header value can be supplied. The function must accept a proplist of the +%% file attributes as the first argument and a second argument containing any +%% additional data that the function requires. The function must return a term +%% of the type `{weak | strong, binary()}' or `undefined'. +%% +%% ==== Examples ==== +%% ``` +%% %% A value of default is equal to not specifying the option. +%% {[<<"static">>, '...', cowboy_static, +%% [{directory, {priv_dir, cowboy, []}}, +%% {etag, default}]]} +%% +%% %% Use all avaliable ETag function arguments to generate a header value. +%% {[<<"static">>, '...', cowboy_static, +%% [{directory, {priv_dir, cowboy, []}}, +%% {etag, {attributes, [filepath, filesize, inode, mtime]}}]]} +%% +%% %% Use a user defined function to generate a strong ETag header value. +%% {[<<"static">>, '...', cowboy_static, +%% [{directory, {priv_dir, cowboy, []}}, +%% {etag, {fun generate_strong_etag/2, strong_etag_extra}}]]} +%% +%% generate_strong_etag(Arguments, strong_etag_extra) -> +%% {_, Filepath} = lists:keyfind(filepath, 1, Arguments), +%% {_, _Filesize} = lists:keyfind(filesize, 1, Arguments), +%% {_, _INode} = lists:keyfind(inode, 1, Arguments), +%% {_, _Modified} = lists:keyfind(mtime, 1, Arguments), +%% ChecksumCommand = lists:flatten(io_lib:format("sha1sum ~s", [Filepath])), +%% [Checksum|_] = string:tokens(os:cmd(ChecksumCommand), " "), +%% {strong, iolist_to_binary(Checksum)}. +%% ''' +%% +%% == File configuration == +%% +%% If the file system path being served does not share a common suffix with +%% the request path it is possible to override the file path using the `file' +%% option. The value of this option is expected to be a relative path within +%% the static file directory specified using the `directory' option. +%% The path must be in the form of a list or binary string representation of a +%% file system path. A list of binary path segments, as is used throughout +%% cowboy, is also a valid. +%% +%% When the `file' option is used the same file will be served for all requests +%% matching the cowboy dispatch fule for the handler. It is not necessary to +%% end the request path pattern with a `...' token because the request path +%% will not be used to determine which file to serve from the static directory. +%% +%% === Examples === +%% +%% ``` +%% %% Serve cowboy/priv/www/index.html as http://example.com/ +%% {[], cowboy_static, +%% [{directory, {priv_dir, cowboy, [<<"www">>]}} +%% {file, <<"index.html">>}]} +%% +%% %% Serve cowboy/priv/www/page.html under http://example.com/*/page +%% {['*', <<"page">>], cowboy_static, +%% [{directory, {priv_dir, cowboy, [<<"www">>]}} +%% {file, <<"page.html">>}]}. +%% +%% %% Always serve cowboy/priv/www/other.html under http://example.com/other +%% {[<<"other">>, '...'], cowboy_static, +%% [{directory, {priv_dir, cowboy, [<<"www">>]}} +%% {file, "other.html"}]} +%% ''' +-module(cowboy_static). + +%% include files +-include("http.hrl"). +-include_lib("kernel/include/file.hrl"). + +%% cowboy_protocol callbacks +-export([init/3]). + +%% cowboy_rest callbacks +-export([rest_init/2]). +-export([allowed_methods/2]). +-export([malformed_request/2]). +-export([resource_exists/2]). +-export([forbidden/2]). +-export([last_modified/2]). +-export([generate_etag/2]). +-export([content_types_provided/2]). +-export([file_contents/2]). + +%% internal +-export([path_to_mimetypes/2]). + +%% types +-type dirpath() :: string() | binary() | [binary()]. +-type dirspec() :: dirpath() | {priv, atom(), dirpath()}. +-type mimedef() :: {binary(), binary(), [{binary(), binary()}]}. +-type etagarg() :: {filepath, binary()} | {mtime, calendar:datetime()} + | {inode, non_neg_integer()} | {filesize, non_neg_integer()}. + +%% handler state +-record(state, { + filepath :: binary() | error, + fileinfo :: {ok, #file_info{}} | {error, _} | error, + mimetypes :: {fun((binary(), T) -> [mimedef()]), T} | undefined, + etag_fun :: {fun(([etagarg()], T) -> + undefined | {strong | weak, binary()}), T}}). + + +%% @private Upgrade from HTTP handler to REST handler. +init({_Transport, http}, _Req, _Opts) -> + {upgrade, protocol, cowboy_rest}. + + +%% @private Set up initial state of REST handler. +-spec rest_init(#http_req{}, list()) -> {ok, #http_req{}, #state{}}. +rest_init(Req, Opts) -> + Directory = proplists:get_value(directory, Opts), + Directory1 = directory_path(Directory), + Mimetypes = proplists:get_value(mimetypes, Opts, []), + Mimetypes1 = case Mimetypes of + {_, _} -> Mimetypes; + [] -> {fun path_to_mimetypes/2, []}; + [_|_] -> {fun path_to_mimetypes/2, Mimetypes} + end, + ETagFunction = case proplists:get_value(etag, Opts) of + default -> {fun no_etag_function/2, undefined}; + undefined -> {fun no_etag_function/2, undefined}; + {attributes, []} -> {fun no_etag_function/2, undefined}; + {attributes, Attrs} -> {fun attr_etag_function/2, Attrs}; + {_, _}=ETagFunction1 -> ETagFunction1 + end, + {Filepath, Req1} = case lists:keyfind(file, 1, Opts) of + {_, Filepath2} -> {filepath_path(Filepath2), Req}; + false -> cowboy_req:path_info(Req) + end, + State = case check_path(Filepath) of + error -> + #state{filepath=error, fileinfo=error, mimetypes=undefined, + etag_fun=ETagFunction}; + ok -> + Filepath1 = join_paths(Directory1, Filepath), + Fileinfo = file:read_file_info(Filepath1), + #state{filepath=Filepath1, fileinfo=Fileinfo, mimetypes=Mimetypes1, + etag_fun=ETagFunction} + end, + {ok, Req1, State}. + + +%% @private Only allow GET and HEAD requests on files. +-spec allowed_methods(#http_req{}, #state{}) -> + {[atom()], #http_req{}, #state{}}. +allowed_methods(Req, State) -> + {['GET', 'HEAD'], Req, State}. + +%% @private +-spec malformed_request(#http_req{}, #state{}) -> + {boolean(), #http_req{}, #state{}}. +malformed_request(Req, #state{filepath=error}=State) -> + {true, Req, State}; +malformed_request(Req, State) -> + {false, Req, State}. + + +%% @private Check if the resource exists under the document root. +-spec resource_exists(#http_req{}, #state{}) -> + {boolean(), #http_req{}, #state{}}. +resource_exists(Req, #state{fileinfo={error, _}}=State) -> + {false, Req, State}; +resource_exists(Req, #state{fileinfo={ok, Fileinfo}}=State) -> + {Fileinfo#file_info.type =:= regular, Req, State}. + + +%% @private +%% Access to a file resource is forbidden if it exists and the local node does +%% not have permission to read it. Directory listings are always forbidden. +-spec forbidden(#http_req{}, #state{}) -> {boolean(), #http_req{}, #state{}}. +forbidden(Req, #state{fileinfo={_, #file_info{type=directory}}}=State) -> + {true, Req, State}; +forbidden(Req, #state{fileinfo={error, eacces}}=State) -> + {true, Req, State}; +forbidden(Req, #state{fileinfo={error, _}}=State) -> + {false, Req, State}; +forbidden(Req, #state{fileinfo={ok, #file_info{access=Access}}}=State) -> + {not (Access =:= read orelse Access =:= read_write), Req, State}. + + +%% @private Read the time a file system system object was last modified. +-spec last_modified(#http_req{}, #state{}) -> + {calendar:datetime(), #http_req{}, #state{}}. +last_modified(Req, #state{fileinfo={ok, #file_info{mtime=Modified}}}=State) -> + {Modified, Req, State}. + + +%% @private Generate the ETag header value for this file. +%% The ETag header value is only generated if the resource is a file that +%% exists in document root. +-spec generate_etag(#http_req{}, #state{}) -> + {undefined | binary(), #http_req{}, #state{}}. +generate_etag(Req, #state{fileinfo={_, #file_info{type=regular, inode=INode, + mtime=Modified, size=Filesize}}, filepath=Filepath, + etag_fun={ETagFun, ETagData}}=State) -> + ETagArgs = [ + {filepath, Filepath}, {filesize, Filesize}, + {inode, INode}, {mtime, Modified}], + {ETagFun(ETagArgs, ETagData), Req, State}; +generate_etag(Req, State) -> + {undefined, Req, State}. + + +%% @private Return the content type of a file. +-spec content_types_provided(#http_req{}, #state{}) -> tuple(). +content_types_provided(Req, #state{filepath=Filepath, + mimetypes={MimetypesFun, MimetypesData}}=State) -> + Mimetypes = [{T, file_contents} + || T <- MimetypesFun(Filepath, MimetypesData)], + {Mimetypes, Req, State}. + + +%% @private Return a function that writes a file directly to the socket. +-spec file_contents(#http_req{}, #state{}) -> tuple(). +file_contents(Req, #state{filepath=Filepath, + fileinfo={ok, #file_info{size=Filesize}}}=State) -> + {ok, Transport, Socket} = cowboy_req:transport(Req), + Writefile = content_function(Transport, Socket, Filepath), + {{stream, Filesize, Writefile}, Req, State}. + + +%% @private Return a function writing the contents of a file to a socket. +%% The function returns the number of bytes written to the socket to enable +%% the calling function to determine if the expected number of bytes were +%% written to the socket. +-spec content_function(module(), inet:socket(), binary()) -> + fun(() -> {sent, non_neg_integer()}). +content_function(Transport, Socket, Filepath) -> + %% `file:sendfile/2' will only work with the `ranch_tcp' + %% transport module. SSL or future SPDY transports that require the + %% content to be encrypted or framed as the content is sent + %% will use the fallback mechanism. + case erlang:function_exported(file, sendfile, 2) of + false -> + fun() -> sfallback(Transport, Socket, Filepath) end; + _ when Transport =/= ranch_tcp -> + fun() -> sfallback(Transport, Socket, Filepath) end; + true -> + fun() -> sendfile(Socket, Filepath) end + end. + + +%% @private Sendfile fallback function. +-spec sfallback(module(), inet:socket(), binary()) -> {sent, non_neg_integer()}. +sfallback(Transport, Socket, Filepath) -> + {ok, File} = file:open(Filepath, [read,binary,raw]), + sfallback(Transport, Socket, File, 0). + +-spec sfallback(module(), inet:socket(), file:io_device(), + non_neg_integer()) -> {sent, non_neg_integer()}. +sfallback(Transport, Socket, File, Sent) -> + case file:read(File, 16#1FFF) of + eof -> + ok = file:close(File), + {sent, Sent}; + {ok, Bin} -> + case Transport:send(Socket, Bin) of + ok -> sfallback(Transport, Socket, File, Sent + byte_size(Bin)); + {error, closed} -> {sent, Sent} + end + end. + + +%% @private Wrapper for sendfile function. +-spec sendfile(inet:socket(), binary()) -> {sent, non_neg_integer()}. +sendfile(Socket, Filepath) -> + {ok, Sent} = file:sendfile(Filepath, Socket), + {sent, Sent}. + +-spec directory_path(dirspec()) -> dirpath(). +directory_path({priv_dir, App, []}) -> + priv_dir_path(App); +directory_path({priv_dir, App, [H|_]=Path}) when is_integer(H) -> + filename:join(priv_dir_path(App), Path); +directory_path({priv_dir, App, [H|_]=Path}) when is_binary(H) -> + filename:join(filename:split(priv_dir_path(App)) ++ Path); +directory_path({priv_dir, App, Path}) when is_binary(Path) -> + filename:join(priv_dir_path(App), Path); +directory_path(Path) -> + Path. + +%% @private Ensure that a file path is of the same type as a request path. +-spec filepath_path(dirpath()) -> Path::[binary()]. +filepath_path([H|_]=Path) when is_integer(H) -> + filename:split(list_to_binary(Path)); +filepath_path(Path) when is_binary(Path) -> + filename:split(Path); +filepath_path([H|_]=Path) when is_binary(H) -> + Path. + +%% @private Validate a request path for unsafe characters. +%% There is no way to escape special characters in a filesystem path. +-spec check_path(Path::[binary()]) -> ok | error. +check_path([]) -> ok; +check_path([<<"">>|_T]) -> error; +check_path([<<".">>|_T]) -> error; +check_path([<<"..">>|_T]) -> error; +check_path([H|T]) -> + case binary:match(H, <<"/">>) of + {_, _} -> error; + nomatch -> check_path(T) + end. + + +%% @private Join the the directory and request paths. +-spec join_paths(dirpath(), [binary()]) -> binary(). +join_paths([H|_]=Dirpath, Filepath) when is_integer(H) -> + filename:join(filename:split(Dirpath) ++ Filepath); +join_paths([H|_]=Dirpath, Filepath) when is_binary(H) -> + filename:join(Dirpath ++ Filepath); +join_paths(Dirpath, Filepath) when is_binary(Dirpath) -> + filename:join([Dirpath] ++ Filepath); +join_paths([], Filepath) -> + filename:join(Filepath). + + +%% @private Return the path to the priv/ directory of an application. +-spec priv_dir_path(atom()) -> string(). +priv_dir_path(App) -> + case code:priv_dir(App) of + {error, bad_name} -> priv_dir_mod(App); + Dir -> Dir + end. + +-spec priv_dir_mod(atom()) -> string(). +priv_dir_mod(Mod) -> + case code:which(Mod) of + File when not is_list(File) -> "../priv"; + File -> filename:join([filename:dirname(File),"../priv"]) + end. + + +%% @private Use application/octet-stream as the default mimetype. +%% If a list of extension - mimetype pairs are provided as the mimetypes +%% an attempt to find the mimetype using the file extension. If no match +%% is found the default mimetype is returned. +-spec path_to_mimetypes(binary(), [{binary(), [mimedef()]}]) -> + [mimedef()]. +path_to_mimetypes(Filepath, Extensions) when is_binary(Filepath) -> + Ext = filename:extension(Filepath), + case Ext of + <<>> -> default_mimetype(); + _Ext -> path_to_mimetypes_(Ext, Extensions) + end. + +-spec path_to_mimetypes_(binary(), [{binary(), [mimedef()]}]) -> [mimedef()]. +path_to_mimetypes_(Ext, Extensions) -> + case lists:keyfind(Ext, 1, Extensions) of + {_, MTs} -> MTs; + _Unknown -> default_mimetype() + end. + +-spec default_mimetype() -> [mimedef()]. +default_mimetype() -> + [{<<"application">>, <<"octet-stream">>, []}]. + + +%% @private Do not send ETag headers in the default configuration. +-spec no_etag_function([etagarg()], undefined) -> undefined. +no_etag_function(_Args, undefined) -> + undefined. + +%% @private A simple alternative is to send an ETag based on file attributes. +-type fileattr() :: filepath | filesize | mtime | inode. +-spec attr_etag_function([etagarg()], [fileattr()]) -> {strong, binary()}. +attr_etag_function(Args, Attrs) -> + [[_|H]|T] = [begin + {_,Pair} = {_,{_,_}} = {Attr,lists:keyfind(Attr, 1, Args)}, + [$-|integer_to_list(erlang:phash2(Pair, 1 bsl 32), 16)] + end || Attr <- Attrs], + {strong, list_to_binary([H|T])}. + + +-ifdef(TEST). +-include_lib("eunit/include/eunit.hrl"). +-define(_eq(E, I), ?_assertEqual(E, I)). + +check_path_test_() -> + C = fun check_path/1, + [?_eq(error, C([<<>>])), + ?_eq(ok, C([<<"abc">>])), + ?_eq(error, C([<<".">>])), + ?_eq(error, C([<<"..">>])), + ?_eq(error, C([<<"/">>])) + ]. + +join_paths_test_() -> + P = fun join_paths/2, + [?_eq(<<"a">>, P([], [<<"a">>])), + ?_eq(<<"a/b/c">>, P(<<"a/b">>, [<<"c">>])), + ?_eq(<<"a/b/c">>, P("a/b", [<<"c">>])), + ?_eq(<<"a/b/c">>, P([<<"a">>, <<"b">>], [<<"c">>])) + ]. + +directory_path_test_() -> + P = fun directory_path/1, + PL = fun(I) -> length(filename:split(P(I))) end, + Base = PL({priv_dir, cowboy, []}), + [?_eq(Base + 1, PL({priv_dir, cowboy, "a"})), + ?_eq(Base + 1, PL({priv_dir, cowboy, <<"a">>})), + ?_eq(Base + 1, PL({priv_dir, cowboy, [<<"a">>]})), + ?_eq(Base + 2, PL({priv_dir, cowboy, "a/b"})), + ?_eq(Base + 2, PL({priv_dir, cowboy, <<"a/b">>})), + ?_eq(Base + 2, PL({priv_dir, cowboy, [<<"a">>, <<"b">>]})), + ?_eq("a/b", P("a/b")) + ]. + +filepath_path_test_() -> + P = fun filepath_path/1, + [?_eq([<<"a">>], P("a")), + ?_eq([<<"a">>], P(<<"a">>)), + ?_eq([<<"a">>], P([<<"a">>])), + ?_eq([<<"a">>, <<"b">>], P("a/b")), + ?_eq([<<"a">>, <<"b">>], P(<<"a/b">>)), + ?_eq([<<"a">>, <<"b">>], P([<<"a">>, <<"b">>])) + ]. + +-endif. |