From a021cc6899c82b8af55013514dbc8c7b2a383fcd Mon Sep 17 00:00:00 2001 From: Malfurious Date: Sat, 11 Nov 2023 18:14:37 -0500 Subject: dmt: Add routing / proper request handling All requests are handled by interpreting the $PATH_INFO environment variable, which is set by the main path component of the HTTP request. All requests are assumed to be GET requests, as no other request method is supported. Elements in the $PATH_INFO are split into an array on the '/' delimiter, and we apply some sanity checks to the string to prevent potential exploits. Routes are established for all present API endpoints and valid resources / pages. Signed-off-by: Malfurious --- dmt/dmt | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/dmt/dmt b/dmt/dmt index 771ef88..c23e844 100755 --- a/dmt/dmt +++ b/dmt/dmt @@ -9,6 +9,16 @@ CYCHE_STATUS_FILE="/data/status" CYCHE_VERSION_FILE="/version" source config.sh +sane_path_info() { + # Permit only '-_./' and alphanumeric, as in "/Foo/bar_baz/ex-420.txt". + # Fail if any ".." or "//" is detected to prevent bad file access. + # Final path info is split on '/' for easy forming into an array. + ( (! echo "$PATH_INFO" | grep -Eq '^[-_\.\/A-Za-z0-9]+$') \ + || (! echo "$PATH_INFO" | grep -Evq '\.\.|//') ) \ + && exit 1 + echo "$PATH_INFO" | sed 's/\// /g' +} + integer() { [ "$1" -eq "$1" ] >/dev/null 2>&1 } @@ -80,5 +90,23 @@ api_log() { fi } -page_template="html/jobs.html" -template html/master.html text/html +route=($(sane_path_info)) || exit 1 + +case ${route[0]} in + "api") + case ${route[1]} in + "status") api_status ;; + "job") api_job "${route[2]}" ;; + "log") api_log "${route[2]}" ;; + esac + ;; + + "") + page_template="html/jobs.html" + template "html/master.html" text/html + ;; + + "style.css") + template "style.css" text/css + ;; +esac -- cgit v1.2.3