aicra/request_builder.go

package gfw

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"reflect"
	"strings"
	"time"
)

// buildRequest builds an interface request
// from a http.Request
func buildRequest(req *http.Request) (*Request, error) {

	/* (1) Init request */
	uri := NormaliseUri(req.URL.Path)
	rawpost := FetchFormData(req)
	rawget := FetchGetData(req)
	inst := &Request{
		Uri:      strings.Split(uri, "/"),
		GetData:  make(map[string]interface{}, 0),
		FormData: make(map[string]interface{}, 0),
		UrlData:  make([]interface{}, 0),
		Data:     make(map[string]interface{}, 0),
	}
	inst.ControllerUri = make([]string, 0, len(inst.Uri))

	/* (2) Fill 'Data' with GET data */
	for name, rawdata := range rawget {

		// 1. Parse arguments
		data := parseHttpData(rawdata)

		if data == nil {
			continue
		}

		// 2. prevent injections
		if isParameterNameInjection(name) {
			log.Printf("get.name_injection:  '%s'\n", name)
			delete(inst.GetData, name)
			continue
		}

		// 3. add into data
		inst.GetData[name] = data
		inst.Data[fmt.Sprintf("GET@%s", name)] = data
	}

	/* (3) Fill 'Data' with POST data */
	for name, rawdata := range rawpost {

		// 1. Parse arguments
		data := parseHttpData(rawdata)

		if data == nil {
			continue
		}

		// 2. prevent injections
		if isParameterNameInjection(name) {
			log.Printf("post.name_injection: '%s'\n", name)
			delete(inst.FormData, name)
			continue
		}

		// 3. add into data
		inst.Data[name] = data
		inst.FormData[name] = data
	}

	return inst, nil
}

// NormaliseUri removes the trailing '/' to always
// have the same Uri format for later processing
func NormaliseUri(uri string) string {

	if len(uri) < 1 {
		return uri
	}

	if uri[0] == '/' {
		uri = uri[1:]
	}

	if len(uri) > 1 && uri[len(uri)-1] == '/' {
		uri = uri[0 : len(uri)-1]
	}

	return uri
}

// FetchGetData extracts the GET data
// from an HTTP request
func FetchGetData(req *http.Request) map[string]interface{} {

	res := make(map[string]interface{})

	for name, value := range req.URL.Query() {
		res[name] = value
	}

	return res

}

// FetchFormData extracts FORM data
//
// - parse 'form-data' if not supported (not POST requests)
// - parse 'x-www-form-urlencoded'
// - parse 'application/json'
func FetchFormData(req *http.Request) map[string]interface{} {

	res := make(map[string]interface{})

	// Abort if GET request
	if req.Method == "GET" {
		return res
	}

	ct := req.Header.Get("Content-Type")

	if strings.HasPrefix(ct, "application/json") {

		receiver := make(map[string]interface{}, 0)

		// 1. Init JSON reader
		decoder := json.NewDecoder(req.Body)
		if err := decoder.Decode(&receiver); err != nil {
			log.Printf("[parse.json] %s\n", err)
			return res
		}

		// 2. Return result
		return receiver

	} else if strings.HasPrefix(ct, "application/x-www-form-urlencoded") {

		// 1. Parse url encoded data
		req.ParseForm()

		// 2. Extract values
		for name, value := range req.PostForm {
			res[name] = value
		}

	} else { // form-data or anything

		startn := time.Now().UnixNano()
		// 1. Parse form-data
		if err := req.ParseMultipartForm(req.ContentLength + 1); err != nil {
			log.Printf("[read.multipart] %s\n", err)
			return res
		}

		// 2. Extract values
		for name, value := range req.PostForm {
			res[name] = value
		}
		fmt.Printf("* %.3f us\n", float64(time.Now().UnixNano()-startn)/1e3)

	}

	return res
}

// isParameterNameInjection returns whether there is
// a parameter name injection:
// - inferred GET parameters
// - inferred URL parameters
func isParameterNameInjection(pName string) bool {
	return strings.HasPrefix(pName, "GET@") || strings.HasPrefix(pName, "URL#")
}

// parseHttpData parses http GET/POST data
// - []string of 1 element : return json of element 0
// - string : return json if valid, else return raw string
func parseHttpData(data interface{}) interface{} {
	dtype := reflect.TypeOf(data)
	dvalue := reflect.ValueOf(data)

	switch dtype.Kind() {

	/* (1) []string -> recursive */
	case reflect.Slice:

		// 1. Return nothing if empty
		if dvalue.Len() == 0 {
			return nil
		}

		// 2. only return first element if alone
		if dvalue.Len() == 1 {

			element := dvalue.Index(0)
			if element.Kind() != reflect.String {
				return nil
			}
			return parseHttpData(element.String())

			// 3. Return all elements if more than 1
		} else {

			result := make([]interface{}, dvalue.Len())

			for i, l := 0, dvalue.Len(); i < l; i++ {
				element := dvalue.Index(i)

				// ignore non-string
				if element.Kind() != reflect.String {
					continue
				}

				result[i] = parseHttpData(element.String())
			}
			return result

		}

	/* (2) string -> parse */
	case reflect.String:

		// build json wrapper
		wrapper := fmt.Sprintf("{\"wrapped\":%s}", dvalue.String())

		// try to parse as json
		var result interface{}
		err := json.Unmarshal([]byte(wrapper), &result)

		// return if success
		if err == nil {

			mapval, ok := result.(map[string]interface{})
			if !ok {
				return dvalue.String()
			}

			wrapped, ok := mapval["wrapped"]
			if !ok {
				return dvalue.String()
			}

			return wrapped
		}

		// else return as string
		return dvalue.String()

	}

	/* (3) NIL if unknown type */
	return nil

}