1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
|
package Mojo::Message::Request;
use Mojo::Base 'Mojo::Message';
use Mojo::Cookie::Request;
use Mojo::Util qw(b64_encode b64_decode sha1_sum);
use Mojo::URL;
my ($SEED, $COUNTER) = ($$ . time . rand, int rand 0xffffff);
has env => sub { {} };
has method => 'GET';
has [qw(proxy reverse_proxy)];
has request_id => sub {
substr sha1_sum($SEED . ($COUNTER = ($COUNTER + 1) % 0xffffff)), 0, 8;
};
has url => sub { Mojo::URL->new };
has via_proxy => 1;
sub clone {
my $self = shift;
# Dynamic requests cannot be cloned
return undef unless my $content = $self->content->clone;
my $clone = $self->new(
content => $content,
method => $self->method,
url => $self->url->clone,
version => $self->version
);
$clone->{proxy} = $self->{proxy}->clone if $self->{proxy};
return $clone;
}
sub cookies {
my $self = shift;
# Parse cookies
my $headers = $self->headers;
return [map { @{Mojo::Cookie::Request->parse($_)} } $headers->cookie]
unless @_;
# Add cookies
my @cookies = map { ref $_ eq 'HASH' ? Mojo::Cookie::Request->new($_) : $_ }
$headers->cookie || (), @_;
$headers->cookie(join '; ', @cookies);
return $self;
}
sub every_param { shift->params->every_param(@_) }
sub extract_start_line {
my ($self, $bufref) = @_;
# Ignore any leading empty lines
return undef unless $$bufref =~ s/^\s*(.*?)\x0d?\x0a//;
# We have a (hopefully) full request-line
return !$self->error({message => 'Bad request start-line'})
unless $1 =~ /^(\S+)\s+(\S+)\s+HTTP\/(\d\.\d)$/;
my $url = $self->method($1)->version($3)->url;
my $target = $2;
return !!$url->host_port($target) if $1 eq 'CONNECT';
return !!$url->parse($target)->fragment(undef) if $target =~ /^[^:\/?#]+:/;
return !!$url->path_query($target);
}
sub fix_headers {
my $self = shift;
$self->{fix} ? return $self : $self->SUPER::fix_headers(@_);
# Host
my $url = $self->url;
my $headers = $self->headers;
$headers->host($url->host_port) unless $headers->host;
# Basic authentication
if ((my $info = $url->userinfo) && !$headers->authorization) {
$headers->authorization('Basic ' . b64_encode($info, ''));
}
# Basic proxy authentication
return $self unless (my $proxy = $self->proxy) && $self->via_proxy;
return $self unless my $info = $proxy->userinfo;
$headers->proxy_authorization('Basic ' . b64_encode($info, ''))
unless $headers->proxy_authorization;
return $self;
}
sub get_start_line_chunk {
my ($self, $offset) = @_;
$self->_start_line->emit(progress => 'start_line', $offset);
return substr $self->{start_buffer}, $offset, 131072;
}
sub is_handshake { lc($_[0]->headers->upgrade // '') eq 'websocket' }
sub is_secure {
my $url = shift->url;
return ($url->protocol || $url->base->protocol) eq 'https';
}
sub is_xhr {
(shift->headers->header('X-Requested-With') // '') =~ /XMLHttpRequest/i;
}
sub param { shift->params->param(@_) }
sub params {
my $self = shift;
return $self->{params}
||= $self->body_params->clone->append($self->query_params);
}
sub parse {
my $self = shift;
my ($env, $chunk) = ref $_[0] ? (shift, '') : (undef, shift);
# Parse CGI environment
$self->env($env)->_parse_env($env) if $env;
# Parse normal message
if (($self->{state} // '') ne 'cgi') { $self->SUPER::parse($chunk) }
# Parse CGI content
else { $self->content($self->content->parse_body($chunk))->SUPER::parse('') }
# Check if we can fix things that require all headers
return $self unless $self->is_finished;
# Base URL
my $base = $self->url->base;
$base->scheme('http') unless $base->scheme;
my $headers = $self->headers;
if (!$base->host && (my $host = $headers->host)) { $base->host_port($host) }
# Basic authentication
if (my $basic = _basic($headers->authorization)) { $base->userinfo($basic) }
# Basic proxy authentication
my $basic = _basic($headers->proxy_authorization);
$self->proxy(Mojo::URL->new->userinfo($basic)) if $basic;
# "X-Forwarded-Proto"
$base->scheme('https')
if $self->reverse_proxy
&& ($headers->header('X-Forwarded-Proto') // '') eq 'https';
return $self;
}
sub query_params { shift->url->query }
sub start_line_size { length shift->_start_line->{start_buffer} }
sub _basic { $_[0] && $_[0] =~ /Basic (.+)$/ ? b64_decode $1 : undef }
sub _parse_env {
my ($self, $env) = @_;
# Bypass normal message parser
$self->{state} = 'cgi';
# Extract headers
my $headers = $self->headers;
my $url = $self->url;
my $base = $url->base;
for my $name (keys %$env) {
my $value = $env->{$name};
next unless $name =~ s/^HTTP_//i;
$name =~ y/_/-/;
$headers->header($name => $value);
# Host/Port
$value =~ s/:(\d+)$// ? $base->host($value)->port($1) : $base->host($value)
if $name eq 'HOST';
}
# Content-Type is a special case on some servers
$headers->content_type($env->{CONTENT_TYPE}) if $env->{CONTENT_TYPE};
# Content-Length is a special case on some servers
$headers->content_length($env->{CONTENT_LENGTH}) if $env->{CONTENT_LENGTH};
# Query
$url->query->parse($env->{QUERY_STRING}) if $env->{QUERY_STRING};
# Method
$self->method($env->{REQUEST_METHOD}) if $env->{REQUEST_METHOD};
# Scheme/Version
$base->scheme($1) and $self->version($2)
if ($env->{SERVER_PROTOCOL} // '') =~ m!^([^/]+)/([^/]+)$!;
# HTTPS
$base->scheme('https') if uc($env->{HTTPS} // '') eq 'ON';
# Path
my $path = $url->path->parse($env->{PATH_INFO} ? $env->{PATH_INFO} : '');
# Base path
if (my $value = $env->{SCRIPT_NAME}) {
# Make sure there is a trailing slash (important for merging)
$base->path->parse($value =~ m!/$! ? $value : "$value/");
# Remove SCRIPT_NAME prefix if necessary
my $buffer = $path->to_string;
$value =~ s!^/|/$!!g;
$buffer =~ s!^/?\Q$value\E/?!!;
$buffer =~ s!^/!!;
$path->parse($buffer);
}
}
sub _start_line {
my $self = shift;
return $self if defined $self->{start_buffer};
# Path
my $url = $self->url;
my $path = $url->path_query;
$path = "/$path" unless $path =~ m!^/!;
# CONNECT
my $method = uc $self->method;
if ($method eq 'CONNECT') {
my $port = $url->port // ($url->protocol eq 'https' ? '443' : '80');
$path = $url->ihost . ":$port";
}
# Proxy
elsif ($self->proxy && $self->via_proxy && $url->protocol ne 'https') {
$path = $url->clone->userinfo(undef) unless $self->is_handshake;
}
$self->{start_buffer} = "$method $path HTTP/@{[$self->version]}\x0d\x0a";
return $self;
}
1;
=encoding utf8
=head1 NAME
Mojo::Message::Request - HTTP request
=head1 SYNOPSIS
use Mojo::Message::Request;
# Parse
my $req = Mojo::Message::Request->new;
$req->parse("GET /foo HTTP/1.0\x0d\x0a");
$req->parse("Content-Length: 12\x0d\x0a");
$req->parse("Content-Type: text/plain\x0d\x0a\x0d\x0a");
$req->parse('Hello World!');
say $req->method;
say $req->headers->content_type;
say $req->body;
# Build
my $req = Mojo::Message::Request->new;
$req->url->parse('http://127.0.0.1/foo/bar');
$req->method('GET');
say $req->to_string;
=head1 DESCRIPTION
L<Mojo::Message::Request> is a container for HTTP requests, based on
L<RFC 7230|http://tools.ietf.org/html/rfc7230>,
L<RFC 7231|http://tools.ietf.org/html/rfc7231>,
L<RFC 7235|http://tools.ietf.org/html/rfc7235> and
L<RFC 2817|http://tools.ietf.org/html/rfc2817>.
=head1 EVENTS
L<Mojo::Message::Request> inherits all events from L<Mojo::Message>.
=head1 ATTRIBUTES
L<Mojo::Message::Request> inherits all attributes from L<Mojo::Message> and
implements the following new ones.
=head2 env
my $env = $req->env;
$req = $req->env({PATH_INFO => '/'});
Direct access to the C<CGI> or C<PSGI> environment hash if available.
# Check CGI version
my $version = $req->env->{GATEWAY_INTERFACE};
# Check PSGI version
my $version = $req->env->{'psgi.version'};
=head2 method
my $method = $req->method;
$req = $req->method('POST');
HTTP request method, defaults to C<GET>.
=head2 proxy
my $url = $req->proxy;
$req = $req->proxy(Mojo::URL->new('http://127.0.0.1:3000'));
Proxy URL for request.
=head2 reverse_proxy
my $bool = $req->reverse_proxy;
$req = $req->reverse_proxy($bool);
Request has been performed through a reverse proxy.
=head2 request_id
my $id = $req->request_id;
$req = $req->request_id('aee7d5d8');
Request ID, defaults to a reasonably unique value.
=head2 url
my $url = $req->url;
$req = $req->url(Mojo::URL->new);
HTTP request URL, defaults to a L<Mojo::URL> object.
# Get request information
my $info = $req->url->to_abs->userinfo;
my $host = $req->url->to_abs->host;
my $path = $req->url->to_abs->path;
=head2 via_proxy
my $bool = $req->via_proxy;
$req = $req->via_proxy($bool);
Request can be performed through a proxy server.
=head1 METHODS
L<Mojo::Message::Request> inherits all methods from L<Mojo::Message> and
implements the following new ones.
=head2 clone
my $clone = $req->clone;
Return a new L<Mojo::Message::Request> object cloned from this request if
possible, otherwise return C<undef>.
=head2 cookies
my $cookies = $req->cookies;
$req = $req->cookies(Mojo::Cookie::Request->new);
$req = $req->cookies({name => 'foo', value => 'bar'});
Access request cookies, usually L<Mojo::Cookie::Request> objects.
# Names of all cookies
say $_->name for @{$req->cookies};
=head2 every_param
my $values = $req->every_param('foo');
Similar to L</"param">, but returns all values sharing the same name as an
array reference.
# Get first value
say $req->every_param('foo')->[0];
=head2 extract_start_line
my $bool = $req->extract_start_line(\$str);
Extract request-line from string.
=head2 fix_headers
$req = $req->fix_headers;
Make sure request has all required headers.
=head2 get_start_line_chunk
my $bytes = $req->get_start_line_chunk($offset);
Get a chunk of request-line data starting from a specific position. Note that
this method finalizes the request.
=head2 is_handshake
my $bool = $req->is_handshake;
Check C<Upgrade> header for C<websocket> value.
=head2 is_secure
my $bool = $req->is_secure;
Check if connection is secure.
=head2 is_xhr
my $bool = $req->is_xhr;
Check C<X-Requested-With> header for C<XMLHttpRequest> value.
=head2 param
my $value = $req->param('foo');
Access C<GET> and C<POST> parameters extracted from the query string and
C<application/x-www-form-urlencoded> or C<multipart/form-data> message body. If
there are multiple values sharing the same name, and you want to access more
than just the last one, you can use L</"every_param">. Note that this method
caches all data, so it should not be called before the entire request body has
been received. Parts of the request body need to be loaded into memory to parse
C<POST> parameters, so you have to make sure it is not excessively large.
There's a 16MiB limit for requests by default.
=head2 params
my $params = $req->params;
All C<GET> and C<POST> parameters extracted from the query string and
C<application/x-www-form-urlencoded> or C<multipart/form-data> message body,
usually a L<Mojo::Parameters> object. Note that this method caches all data, so
it should not be called before the entire request body has been received. Parts
of the request body need to be loaded into memory to parse C<POST> parameters,
so you have to make sure it is not excessively large. There's a 16MiB limit for
requests by default.
# Get parameter names and values
my $hash = $req->params->to_hash;
=head2 parse
$req = $req->parse('GET /foo/bar HTTP/1.1');
$req = $req->parse({PATH_INFO => '/'});
Parse HTTP request chunks or environment hash.
=head2 query_params
my $params = $req->query_params;
All C<GET> parameters, usually a L<Mojo::Parameters> object.
# Turn GET parameters to hash and extract value
say $req->query_params->to_hash->{foo};
=head2 start_line_size
my $size = $req->start_line_size;
Size of the request-line in bytes. Note that this method finalizes the request.
=head1 SEE ALSO
L<Mojolicious>, L<Mojolicious::Guides>, L<https://mojolicious.org>.
=cut
|
