...
Run Format

Source file src/net/http/request.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// HTTP Request reading and parsing.
     6	
     7	package http
     8	
     9	import (
    10		"bufio"
    11		"bytes"
    12		"crypto/tls"
    13		"encoding/base64"
    14		"errors"
    15		"fmt"
    16		"io"
    17		"io/ioutil"
    18		"mime"
    19		"mime/multipart"
    20		"net/textproto"
    21		"net/url"
    22		"strconv"
    23		"strings"
    24		"sync"
    25	)
    26	
    27	const (
    28		maxValueLength   = 4096
    29		maxHeaderLines   = 1024
    30		chunkSize        = 4 << 10  // 4 KB chunks
    31		defaultMaxMemory = 32 << 20 // 32 MB
    32	)
    33	
    34	// ErrMissingFile is returned by FormFile when the provided file field name
    35	// is either not present in the request or not a file field.
    36	var ErrMissingFile = errors.New("http: no such file")
    37	
    38	// HTTP request parsing errors.
    39	type ProtocolError struct {
    40		ErrorString string
    41	}
    42	
    43	func (err *ProtocolError) Error() string { return err.ErrorString }
    44	
    45	var (
    46		ErrHeaderTooLong        = &ProtocolError{"header too long"}
    47		ErrShortBody            = &ProtocolError{"entity body too short"}
    48		ErrNotSupported         = &ProtocolError{"feature not supported"}
    49		ErrUnexpectedTrailer    = &ProtocolError{"trailer header without chunked transfer encoding"}
    50		ErrMissingContentLength = &ProtocolError{"missing ContentLength in HEAD response"}
    51		ErrNotMultipart         = &ProtocolError{"request Content-Type isn't multipart/form-data"}
    52		ErrMissingBoundary      = &ProtocolError{"no multipart boundary param in Content-Type"}
    53	)
    54	
    55	type badStringError struct {
    56		what string
    57		str  string
    58	}
    59	
    60	func (e *badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) }
    61	
    62	// Headers that Request.Write handles itself and should be skipped.
    63	var reqWriteExcludeHeader = map[string]bool{
    64		"Host":              true, // not in Header map anyway
    65		"User-Agent":        true,
    66		"Content-Length":    true,
    67		"Transfer-Encoding": true,
    68		"Trailer":           true,
    69	}
    70	
    71	// A Request represents an HTTP request received by a server
    72	// or to be sent by a client.
    73	//
    74	// The field semantics differ slightly between client and server
    75	// usage. In addition to the notes on the fields below, see the
    76	// documentation for Request.Write and RoundTripper.
    77	type Request struct {
    78		// Method specifies the HTTP method (GET, POST, PUT, etc.).
    79		// For client requests an empty string means GET.
    80		Method string
    81	
    82		// URL specifies either the URI being requested (for server
    83		// requests) or the URL to access (for client requests).
    84		//
    85		// For server requests the URL is parsed from the URI
    86		// supplied on the Request-Line as stored in RequestURI.  For
    87		// most requests, fields other than Path and RawQuery will be
    88		// empty. (See RFC 2616, Section 5.1.2)
    89		//
    90		// For client requests, the URL's Host specifies the server to
    91		// connect to, while the Request's Host field optionally
    92		// specifies the Host header value to send in the HTTP
    93		// request.
    94		URL *url.URL
    95	
    96		// The protocol version for incoming requests.
    97		// Client requests always use HTTP/1.1.
    98		Proto      string // "HTTP/1.0"
    99		ProtoMajor int    // 1
   100		ProtoMinor int    // 0
   101	
   102		// A header maps request lines to their values.
   103		// If the header says
   104		//
   105		//	accept-encoding: gzip, deflate
   106		//	Accept-Language: en-us
   107		//	Connection: keep-alive
   108		//
   109		// then
   110		//
   111		//	Header = map[string][]string{
   112		//		"Accept-Encoding": {"gzip, deflate"},
   113		//		"Accept-Language": {"en-us"},
   114		//		"Connection": {"keep-alive"},
   115		//	}
   116		//
   117		// HTTP defines that header names are case-insensitive.
   118		// The request parser implements this by canonicalizing the
   119		// name, making the first character and any characters
   120		// following a hyphen uppercase and the rest lowercase.
   121		//
   122		// For client requests certain headers are automatically
   123		// added and may override values in Header.
   124		//
   125		// See the documentation for the Request.Write method.
   126		Header Header
   127	
   128		// Body is the request's body.
   129		//
   130		// For client requests a nil body means the request has no
   131		// body, such as a GET request. The HTTP Client's Transport
   132		// is responsible for calling the Close method.
   133		//
   134		// For server requests the Request Body is always non-nil
   135		// but will return EOF immediately when no body is present.
   136		// The Server will close the request body. The ServeHTTP
   137		// Handler does not need to.
   138		Body io.ReadCloser
   139	
   140		// ContentLength records the length of the associated content.
   141		// The value -1 indicates that the length is unknown.
   142		// Values >= 0 indicate that the given number of bytes may
   143		// be read from Body.
   144		// For client requests, a value of 0 means unknown if Body is not nil.
   145		ContentLength int64
   146	
   147		// TransferEncoding lists the transfer encodings from outermost to
   148		// innermost. An empty list denotes the "identity" encoding.
   149		// TransferEncoding can usually be ignored; chunked encoding is
   150		// automatically added and removed as necessary when sending and
   151		// receiving requests.
   152		TransferEncoding []string
   153	
   154		// Close indicates whether to close the connection after
   155		// replying to this request (for servers) or after sending
   156		// the request (for clients).
   157		Close bool
   158	
   159		// For server requests Host specifies the host on which the
   160		// URL is sought. Per RFC 2616, this is either the value of
   161		// the "Host" header or the host name given in the URL itself.
   162		// It may be of the form "host:port".
   163		//
   164		// For client requests Host optionally overrides the Host
   165		// header to send. If empty, the Request.Write method uses
   166		// the value of URL.Host.
   167		Host string
   168	
   169		// Form contains the parsed form data, including both the URL
   170		// field's query parameters and the POST or PUT form data.
   171		// This field is only available after ParseForm is called.
   172		// The HTTP client ignores Form and uses Body instead.
   173		Form url.Values
   174	
   175		// PostForm contains the parsed form data from POST or PUT
   176		// body parameters.
   177		// This field is only available after ParseForm is called.
   178		// The HTTP client ignores PostForm and uses Body instead.
   179		PostForm url.Values
   180	
   181		// MultipartForm is the parsed multipart form, including file uploads.
   182		// This field is only available after ParseMultipartForm is called.
   183		// The HTTP client ignores MultipartForm and uses Body instead.
   184		MultipartForm *multipart.Form
   185	
   186		// Trailer specifies additional headers that are sent after the request
   187		// body.
   188		//
   189		// For server requests the Trailer map initially contains only the
   190		// trailer keys, with nil values. (The client declares which trailers it
   191		// will later send.)  While the handler is reading from Body, it must
   192		// not reference Trailer. After reading from Body returns EOF, Trailer
   193		// can be read again and will contain non-nil values, if they were sent
   194		// by the client.
   195		//
   196		// For client requests Trailer must be initialized to a map containing
   197		// the trailer keys to later send. The values may be nil or their final
   198		// values. The ContentLength must be 0 or -1, to send a chunked request.
   199		// After the HTTP request is sent the map values can be updated while
   200		// the request body is read. Once the body returns EOF, the caller must
   201		// not mutate Trailer.
   202		//
   203		// Few HTTP clients, servers, or proxies support HTTP trailers.
   204		Trailer Header
   205	
   206		// RemoteAddr allows HTTP servers and other software to record
   207		// the network address that sent the request, usually for
   208		// logging. This field is not filled in by ReadRequest and
   209		// has no defined format. The HTTP server in this package
   210		// sets RemoteAddr to an "IP:port" address before invoking a
   211		// handler.
   212		// This field is ignored by the HTTP client.
   213		RemoteAddr string
   214	
   215		// RequestURI is the unmodified Request-URI of the
   216		// Request-Line (RFC 2616, Section 5.1) as sent by the client
   217		// to a server. Usually the URL field should be used instead.
   218		// It is an error to set this field in an HTTP client request.
   219		RequestURI string
   220	
   221		// TLS allows HTTP servers and other software to record
   222		// information about the TLS connection on which the request
   223		// was received. This field is not filled in by ReadRequest.
   224		// The HTTP server in this package sets the field for
   225		// TLS-enabled connections before invoking a handler;
   226		// otherwise it leaves the field nil.
   227		// This field is ignored by the HTTP client.
   228		TLS *tls.ConnectionState
   229	}
   230	
   231	// ProtoAtLeast reports whether the HTTP protocol used
   232	// in the request is at least major.minor.
   233	func (r *Request) ProtoAtLeast(major, minor int) bool {
   234		return r.ProtoMajor > major ||
   235			r.ProtoMajor == major && r.ProtoMinor >= minor
   236	}
   237	
   238	// UserAgent returns the client's User-Agent, if sent in the request.
   239	func (r *Request) UserAgent() string {
   240		return r.Header.Get("User-Agent")
   241	}
   242	
   243	// Cookies parses and returns the HTTP cookies sent with the request.
   244	func (r *Request) Cookies() []*Cookie {
   245		return readCookies(r.Header, "")
   246	}
   247	
   248	var ErrNoCookie = errors.New("http: named cookie not present")
   249	
   250	// Cookie returns the named cookie provided in the request or
   251	// ErrNoCookie if not found.
   252	func (r *Request) Cookie(name string) (*Cookie, error) {
   253		for _, c := range readCookies(r.Header, name) {
   254			return c, nil
   255		}
   256		return nil, ErrNoCookie
   257	}
   258	
   259	// AddCookie adds a cookie to the request.  Per RFC 6265 section 5.4,
   260	// AddCookie does not attach more than one Cookie header field.  That
   261	// means all cookies, if any, are written into the same line,
   262	// separated by semicolon.
   263	func (r *Request) AddCookie(c *Cookie) {
   264		s := fmt.Sprintf("%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value))
   265		if c := r.Header.Get("Cookie"); c != "" {
   266			r.Header.Set("Cookie", c+"; "+s)
   267		} else {
   268			r.Header.Set("Cookie", s)
   269		}
   270	}
   271	
   272	// Referer returns the referring URL, if sent in the request.
   273	//
   274	// Referer is misspelled as in the request itself, a mistake from the
   275	// earliest days of HTTP.  This value can also be fetched from the
   276	// Header map as Header["Referer"]; the benefit of making it available
   277	// as a method is that the compiler can diagnose programs that use the
   278	// alternate (correct English) spelling req.Referrer() but cannot
   279	// diagnose programs that use Header["Referrer"].
   280	func (r *Request) Referer() string {
   281		return r.Header.Get("Referer")
   282	}
   283	
   284	// multipartByReader is a sentinel value.
   285	// Its presence in Request.MultipartForm indicates that parsing of the request
   286	// body has been handed off to a MultipartReader instead of ParseMultipartFrom.
   287	var multipartByReader = &multipart.Form{
   288		Value: make(map[string][]string),
   289		File:  make(map[string][]*multipart.FileHeader),
   290	}
   291	
   292	// MultipartReader returns a MIME multipart reader if this is a
   293	// multipart/form-data POST request, else returns nil and an error.
   294	// Use this function instead of ParseMultipartForm to
   295	// process the request body as a stream.
   296	func (r *Request) MultipartReader() (*multipart.Reader, error) {
   297		if r.MultipartForm == multipartByReader {
   298			return nil, errors.New("http: MultipartReader called twice")
   299		}
   300		if r.MultipartForm != nil {
   301			return nil, errors.New("http: multipart handled by ParseMultipartForm")
   302		}
   303		r.MultipartForm = multipartByReader
   304		return r.multipartReader()
   305	}
   306	
   307	func (r *Request) multipartReader() (*multipart.Reader, error) {
   308		v := r.Header.Get("Content-Type")
   309		if v == "" {
   310			return nil, ErrNotMultipart
   311		}
   312		d, params, err := mime.ParseMediaType(v)
   313		if err != nil || d != "multipart/form-data" {
   314			return nil, ErrNotMultipart
   315		}
   316		boundary, ok := params["boundary"]
   317		if !ok {
   318			return nil, ErrMissingBoundary
   319		}
   320		return multipart.NewReader(r.Body, boundary), nil
   321	}
   322	
   323	// Return value if nonempty, def otherwise.
   324	func valueOrDefault(value, def string) string {
   325		if value != "" {
   326			return value
   327		}
   328		return def
   329	}
   330	
   331	// NOTE: This is not intended to reflect the actual Go version being used.
   332	// It was changed from "Go http package" to "Go 1.1 package http" at the
   333	// time of the Go 1.1 release because the former User-Agent had ended up
   334	// on a blacklist for some intrusion detection systems.
   335	// See https://codereview.appspot.com/7532043.
   336	const defaultUserAgent = "Go 1.1 package http"
   337	
   338	// Write writes an HTTP/1.1 request -- header and body -- in wire format.
   339	// This method consults the following fields of the request:
   340	//	Host
   341	//	URL
   342	//	Method (defaults to "GET")
   343	//	Header
   344	//	ContentLength
   345	//	TransferEncoding
   346	//	Body
   347	//
   348	// If Body is present, Content-Length is <= 0 and TransferEncoding
   349	// hasn't been set to "identity", Write adds "Transfer-Encoding:
   350	// chunked" to the header. Body is closed after it is sent.
   351	func (r *Request) Write(w io.Writer) error {
   352		return r.write(w, false, nil)
   353	}
   354	
   355	// WriteProxy is like Write but writes the request in the form
   356	// expected by an HTTP proxy.  In particular, WriteProxy writes the
   357	// initial Request-URI line of the request with an absolute URI, per
   358	// section 5.1.2 of RFC 2616, including the scheme and host.
   359	// In either case, WriteProxy also writes a Host header, using
   360	// either r.Host or r.URL.Host.
   361	func (r *Request) WriteProxy(w io.Writer) error {
   362		return r.write(w, true, nil)
   363	}
   364	
   365	// extraHeaders may be nil
   366	func (req *Request) write(w io.Writer, usingProxy bool, extraHeaders Header) error {
   367		host := req.Host
   368		if host == "" {
   369			if req.URL == nil {
   370				return errors.New("http: Request.Write on Request with no Host or URL set")
   371			}
   372			host = req.URL.Host
   373		}
   374	
   375		ruri := req.URL.RequestURI()
   376		if usingProxy && req.URL.Scheme != "" && req.URL.Opaque == "" {
   377			ruri = req.URL.Scheme + "://" + host + ruri
   378		} else if req.Method == "CONNECT" && req.URL.Path == "" {
   379			// CONNECT requests normally give just the host and port, not a full URL.
   380			ruri = host
   381		}
   382		// TODO(bradfitz): escape at least newlines in ruri?
   383	
   384		// Wrap the writer in a bufio Writer if it's not already buffered.
   385		// Don't always call NewWriter, as that forces a bytes.Buffer
   386		// and other small bufio Writers to have a minimum 4k buffer
   387		// size.
   388		var bw *bufio.Writer
   389		if _, ok := w.(io.ByteWriter); !ok {
   390			bw = bufio.NewWriter(w)
   391			w = bw
   392		}
   393	
   394		_, err := fmt.Fprintf(w, "%s %s HTTP/1.1\r\n", valueOrDefault(req.Method, "GET"), ruri)
   395		if err != nil {
   396			return err
   397		}
   398	
   399		// Header lines
   400		_, err = fmt.Fprintf(w, "Host: %s\r\n", host)
   401		if err != nil {
   402			return err
   403		}
   404	
   405		// Use the defaultUserAgent unless the Header contains one, which
   406		// may be blank to not send the header.
   407		userAgent := defaultUserAgent
   408		if req.Header != nil {
   409			if ua := req.Header["User-Agent"]; len(ua) > 0 {
   410				userAgent = ua[0]
   411			}
   412		}
   413		if userAgent != "" {
   414			_, err = fmt.Fprintf(w, "User-Agent: %s\r\n", userAgent)
   415			if err != nil {
   416				return err
   417			}
   418		}
   419	
   420		// Process Body,ContentLength,Close,Trailer
   421		tw, err := newTransferWriter(req)
   422		if err != nil {
   423			return err
   424		}
   425		err = tw.WriteHeader(w)
   426		if err != nil {
   427			return err
   428		}
   429	
   430		err = req.Header.WriteSubset(w, reqWriteExcludeHeader)
   431		if err != nil {
   432			return err
   433		}
   434	
   435		if extraHeaders != nil {
   436			err = extraHeaders.Write(w)
   437			if err != nil {
   438				return err
   439			}
   440		}
   441	
   442		_, err = io.WriteString(w, "\r\n")
   443		if err != nil {
   444			return err
   445		}
   446	
   447		// Write body and trailer
   448		err = tw.WriteBody(w)
   449		if err != nil {
   450			return err
   451		}
   452	
   453		if bw != nil {
   454			return bw.Flush()
   455		}
   456		return nil
   457	}
   458	
   459	// ParseHTTPVersion parses a HTTP version string.
   460	// "HTTP/1.0" returns (1, 0, true).
   461	func ParseHTTPVersion(vers string) (major, minor int, ok bool) {
   462		const Big = 1000000 // arbitrary upper bound
   463		switch vers {
   464		case "HTTP/1.1":
   465			return 1, 1, true
   466		case "HTTP/1.0":
   467			return 1, 0, true
   468		}
   469		if !strings.HasPrefix(vers, "HTTP/") {
   470			return 0, 0, false
   471		}
   472		dot := strings.Index(vers, ".")
   473		if dot < 0 {
   474			return 0, 0, false
   475		}
   476		major, err := strconv.Atoi(vers[5:dot])
   477		if err != nil || major < 0 || major > Big {
   478			return 0, 0, false
   479		}
   480		minor, err = strconv.Atoi(vers[dot+1:])
   481		if err != nil || minor < 0 || minor > Big {
   482			return 0, 0, false
   483		}
   484		return major, minor, true
   485	}
   486	
   487	// NewRequest returns a new Request given a method, URL, and optional body.
   488	//
   489	// If the provided body is also an io.Closer, the returned
   490	// Request.Body is set to body and will be closed by the Client
   491	// methods Do, Post, and PostForm, and Transport.RoundTrip.
   492	func NewRequest(method, urlStr string, body io.Reader) (*Request, error) {
   493		u, err := url.Parse(urlStr)
   494		if err != nil {
   495			return nil, err
   496		}
   497		rc, ok := body.(io.ReadCloser)
   498		if !ok && body != nil {
   499			rc = ioutil.NopCloser(body)
   500		}
   501		req := &Request{
   502			Method:     method,
   503			URL:        u,
   504			Proto:      "HTTP/1.1",
   505			ProtoMajor: 1,
   506			ProtoMinor: 1,
   507			Header:     make(Header),
   508			Body:       rc,
   509			Host:       u.Host,
   510		}
   511		if body != nil {
   512			switch v := body.(type) {
   513			case *bytes.Buffer:
   514				req.ContentLength = int64(v.Len())
   515			case *bytes.Reader:
   516				req.ContentLength = int64(v.Len())
   517			case *strings.Reader:
   518				req.ContentLength = int64(v.Len())
   519			}
   520		}
   521	
   522		return req, nil
   523	}
   524	
   525	// BasicAuth returns the username and password provided in the request's
   526	// Authorization header, if the request uses HTTP Basic Authentication.
   527	// See RFC 2617, Section 2.
   528	func (r *Request) BasicAuth() (username, password string, ok bool) {
   529		auth := r.Header.Get("Authorization")
   530		if auth == "" {
   531			return
   532		}
   533		return parseBasicAuth(auth)
   534	}
   535	
   536	// parseBasicAuth parses an HTTP Basic Authentication string.
   537	// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
   538	func parseBasicAuth(auth string) (username, password string, ok bool) {
   539		if !strings.HasPrefix(auth, "Basic ") {
   540			return
   541		}
   542		c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
   543		if err != nil {
   544			return
   545		}
   546		cs := string(c)
   547		s := strings.IndexByte(cs, ':')
   548		if s < 0 {
   549			return
   550		}
   551		return cs[:s], cs[s+1:], true
   552	}
   553	
   554	// SetBasicAuth sets the request's Authorization header to use HTTP
   555	// Basic Authentication with the provided username and password.
   556	//
   557	// With HTTP Basic Authentication the provided username and password
   558	// are not encrypted.
   559	func (r *Request) SetBasicAuth(username, password string) {
   560		r.Header.Set("Authorization", "Basic "+basicAuth(username, password))
   561	}
   562	
   563	// parseRequestLine parses "GET /foo HTTP/1.1" into its three parts.
   564	func parseRequestLine(line string) (method, requestURI, proto string, ok bool) {
   565		s1 := strings.Index(line, " ")
   566		s2 := strings.Index(line[s1+1:], " ")
   567		if s1 < 0 || s2 < 0 {
   568			return
   569		}
   570		s2 += s1 + 1
   571		return line[:s1], line[s1+1 : s2], line[s2+1:], true
   572	}
   573	
   574	var textprotoReaderPool sync.Pool
   575	
   576	func newTextprotoReader(br *bufio.Reader) *textproto.Reader {
   577		if v := textprotoReaderPool.Get(); v != nil {
   578			tr := v.(*textproto.Reader)
   579			tr.R = br
   580			return tr
   581		}
   582		return textproto.NewReader(br)
   583	}
   584	
   585	func putTextprotoReader(r *textproto.Reader) {
   586		r.R = nil
   587		textprotoReaderPool.Put(r)
   588	}
   589	
   590	// ReadRequest reads and parses a request from b.
   591	func ReadRequest(b *bufio.Reader) (req *Request, err error) {
   592	
   593		tp := newTextprotoReader(b)
   594		req = new(Request)
   595	
   596		// First line: GET /index.html HTTP/1.0
   597		var s string
   598		if s, err = tp.ReadLine(); err != nil {
   599			return nil, err
   600		}
   601		defer func() {
   602			putTextprotoReader(tp)
   603			if err == io.EOF {
   604				err = io.ErrUnexpectedEOF
   605			}
   606		}()
   607	
   608		var ok bool
   609		req.Method, req.RequestURI, req.Proto, ok = parseRequestLine(s)
   610		if !ok {
   611			return nil, &badStringError{"malformed HTTP request", s}
   612		}
   613		rawurl := req.RequestURI
   614		if req.ProtoMajor, req.ProtoMinor, ok = ParseHTTPVersion(req.Proto); !ok {
   615			return nil, &badStringError{"malformed HTTP version", req.Proto}
   616		}
   617	
   618		// CONNECT requests are used two different ways, and neither uses a full URL:
   619		// The standard use is to tunnel HTTPS through an HTTP proxy.
   620		// It looks like "CONNECT www.google.com:443 HTTP/1.1", and the parameter is
   621		// just the authority section of a URL. This information should go in req.URL.Host.
   622		//
   623		// The net/rpc package also uses CONNECT, but there the parameter is a path
   624		// that starts with a slash. It can be parsed with the regular URL parser,
   625		// and the path will end up in req.URL.Path, where it needs to be in order for
   626		// RPC to work.
   627		justAuthority := req.Method == "CONNECT" && !strings.HasPrefix(rawurl, "/")
   628		if justAuthority {
   629			rawurl = "http://" + rawurl
   630		}
   631	
   632		if req.URL, err = url.ParseRequestURI(rawurl); err != nil {
   633			return nil, err
   634		}
   635	
   636		if justAuthority {
   637			// Strip the bogus "http://" back off.
   638			req.URL.Scheme = ""
   639		}
   640	
   641		// Subsequent lines: Key: value.
   642		mimeHeader, err := tp.ReadMIMEHeader()
   643		if err != nil {
   644			return nil, err
   645		}
   646		req.Header = Header(mimeHeader)
   647	
   648		// RFC2616: Must treat
   649		//	GET /index.html HTTP/1.1
   650		//	Host: www.google.com
   651		// and
   652		//	GET http://www.google.com/index.html HTTP/1.1
   653		//	Host: doesntmatter
   654		// the same.  In the second case, any Host line is ignored.
   655		req.Host = req.URL.Host
   656		if req.Host == "" {
   657			req.Host = req.Header.get("Host")
   658		}
   659		delete(req.Header, "Host")
   660	
   661		fixPragmaCacheControl(req.Header)
   662	
   663		err = readTransfer(req, b)
   664		if err != nil {
   665			return nil, err
   666		}
   667	
   668		req.Close = shouldClose(req.ProtoMajor, req.ProtoMinor, req.Header, false)
   669		return req, nil
   670	}
   671	
   672	// MaxBytesReader is similar to io.LimitReader but is intended for
   673	// limiting the size of incoming request bodies. In contrast to
   674	// io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a
   675	// non-EOF error for a Read beyond the limit, and Closes the
   676	// underlying reader when its Close method is called.
   677	//
   678	// MaxBytesReader prevents clients from accidentally or maliciously
   679	// sending a large request and wasting server resources.
   680	func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser {
   681		return &maxBytesReader{w: w, r: r, n: n}
   682	}
   683	
   684	type maxBytesReader struct {
   685		w       ResponseWriter
   686		r       io.ReadCloser // underlying reader
   687		n       int64         // max bytes remaining
   688		stopped bool
   689	}
   690	
   691	func (l *maxBytesReader) Read(p []byte) (n int, err error) {
   692		if l.n <= 0 {
   693			if !l.stopped {
   694				l.stopped = true
   695				if res, ok := l.w.(*response); ok {
   696					res.requestTooLarge()
   697				}
   698			}
   699			return 0, errors.New("http: request body too large")
   700		}
   701		if int64(len(p)) > l.n {
   702			p = p[:l.n]
   703		}
   704		n, err = l.r.Read(p)
   705		l.n -= int64(n)
   706		return
   707	}
   708	
   709	func (l *maxBytesReader) Close() error {
   710		return l.r.Close()
   711	}
   712	
   713	func copyValues(dst, src url.Values) {
   714		for k, vs := range src {
   715			for _, value := range vs {
   716				dst.Add(k, value)
   717			}
   718		}
   719	}
   720	
   721	func parsePostForm(r *Request) (vs url.Values, err error) {
   722		if r.Body == nil {
   723			err = errors.New("missing form body")
   724			return
   725		}
   726		ct := r.Header.Get("Content-Type")
   727		// RFC 2616, section 7.2.1 - empty type
   728		//   SHOULD be treated as application/octet-stream
   729		if ct == "" {
   730			ct = "application/octet-stream"
   731		}
   732		ct, _, err = mime.ParseMediaType(ct)
   733		switch {
   734		case ct == "application/x-www-form-urlencoded":
   735			var reader io.Reader = r.Body
   736			maxFormSize := int64(1<<63 - 1)
   737			if _, ok := r.Body.(*maxBytesReader); !ok {
   738				maxFormSize = int64(10 << 20) // 10 MB is a lot of text.
   739				reader = io.LimitReader(r.Body, maxFormSize+1)
   740			}
   741			b, e := ioutil.ReadAll(reader)
   742			if e != nil {
   743				if err == nil {
   744					err = e
   745				}
   746				break
   747			}
   748			if int64(len(b)) > maxFormSize {
   749				err = errors.New("http: POST too large")
   750				return
   751			}
   752			vs, e = url.ParseQuery(string(b))
   753			if err == nil {
   754				err = e
   755			}
   756		case ct == "multipart/form-data":
   757			// handled by ParseMultipartForm (which is calling us, or should be)
   758			// TODO(bradfitz): there are too many possible
   759			// orders to call too many functions here.
   760			// Clean this up and write more tests.
   761			// request_test.go contains the start of this,
   762			// in TestParseMultipartFormOrder and others.
   763		}
   764		return
   765	}
   766	
   767	// ParseForm parses the raw query from the URL and updates r.Form.
   768	//
   769	// For POST or PUT requests, it also parses the request body as a form and
   770	// put the results into both r.PostForm and r.Form.
   771	// POST and PUT body parameters take precedence over URL query string values
   772	// in r.Form.
   773	//
   774	// If the request Body's size has not already been limited by MaxBytesReader,
   775	// the size is capped at 10MB.
   776	//
   777	// ParseMultipartForm calls ParseForm automatically.
   778	// It is idempotent.
   779	func (r *Request) ParseForm() error {
   780		var err error
   781		if r.PostForm == nil {
   782			if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" {
   783				r.PostForm, err = parsePostForm(r)
   784			}
   785			if r.PostForm == nil {
   786				r.PostForm = make(url.Values)
   787			}
   788		}
   789		if r.Form == nil {
   790			if len(r.PostForm) > 0 {
   791				r.Form = make(url.Values)
   792				copyValues(r.Form, r.PostForm)
   793			}
   794			var newValues url.Values
   795			if r.URL != nil {
   796				var e error
   797				newValues, e = url.ParseQuery(r.URL.RawQuery)
   798				if err == nil {
   799					err = e
   800				}
   801			}
   802			if newValues == nil {
   803				newValues = make(url.Values)
   804			}
   805			if r.Form == nil {
   806				r.Form = newValues
   807			} else {
   808				copyValues(r.Form, newValues)
   809			}
   810		}
   811		return err
   812	}
   813	
   814	// ParseMultipartForm parses a request body as multipart/form-data.
   815	// The whole request body is parsed and up to a total of maxMemory bytes of
   816	// its file parts are stored in memory, with the remainder stored on
   817	// disk in temporary files.
   818	// ParseMultipartForm calls ParseForm if necessary.
   819	// After one call to ParseMultipartForm, subsequent calls have no effect.
   820	func (r *Request) ParseMultipartForm(maxMemory int64) error {
   821		if r.MultipartForm == multipartByReader {
   822			return errors.New("http: multipart handled by MultipartReader")
   823		}
   824		if r.Form == nil {
   825			err := r.ParseForm()
   826			if err != nil {
   827				return err
   828			}
   829		}
   830		if r.MultipartForm != nil {
   831			return nil
   832		}
   833	
   834		mr, err := r.multipartReader()
   835		if err != nil {
   836			return err
   837		}
   838	
   839		f, err := mr.ReadForm(maxMemory)
   840		if err != nil {
   841			return err
   842		}
   843		for k, v := range f.Value {
   844			r.Form[k] = append(r.Form[k], v...)
   845		}
   846		r.MultipartForm = f
   847	
   848		return nil
   849	}
   850	
   851	// FormValue returns the first value for the named component of the query.
   852	// POST and PUT body parameters take precedence over URL query string values.
   853	// FormValue calls ParseMultipartForm and ParseForm if necessary and ignores
   854	// any errors returned by these functions.
   855	// To access multiple values of the same key, call ParseForm and
   856	// then inspect Request.Form directly.
   857	func (r *Request) FormValue(key string) string {
   858		if r.Form == nil {
   859			r.ParseMultipartForm(defaultMaxMemory)
   860		}
   861		if vs := r.Form[key]; len(vs) > 0 {
   862			return vs[0]
   863		}
   864		return ""
   865	}
   866	
   867	// PostFormValue returns the first value for the named component of the POST
   868	// or PUT request body. URL query parameters are ignored.
   869	// PostFormValue calls ParseMultipartForm and ParseForm if necessary and ignores
   870	// any errors returned by these functions.
   871	func (r *Request) PostFormValue(key string) string {
   872		if r.PostForm == nil {
   873			r.ParseMultipartForm(defaultMaxMemory)
   874		}
   875		if vs := r.PostForm[key]; len(vs) > 0 {
   876			return vs[0]
   877		}
   878		return ""
   879	}
   880	
   881	// FormFile returns the first file for the provided form key.
   882	// FormFile calls ParseMultipartForm and ParseForm if necessary.
   883	func (r *Request) FormFile(key string) (multipart.File, *multipart.FileHeader, error) {
   884		if r.MultipartForm == multipartByReader {
   885			return nil, nil, errors.New("http: multipart handled by MultipartReader")
   886		}
   887		if r.MultipartForm == nil {
   888			err := r.ParseMultipartForm(defaultMaxMemory)
   889			if err != nil {
   890				return nil, nil, err
   891			}
   892		}
   893		if r.MultipartForm != nil && r.MultipartForm.File != nil {
   894			if fhs := r.MultipartForm.File[key]; len(fhs) > 0 {
   895				f, err := fhs[0].Open()
   896				return f, fhs[0], err
   897			}
   898		}
   899		return nil, nil, ErrMissingFile
   900	}
   901	
   902	func (r *Request) expectsContinue() bool {
   903		return hasToken(r.Header.get("Expect"), "100-continue")
   904	}
   905	
   906	func (r *Request) wantsHttp10KeepAlive() bool {
   907		if r.ProtoMajor != 1 || r.ProtoMinor != 0 {
   908			return false
   909		}
   910		return hasToken(r.Header.get("Connection"), "keep-alive")
   911	}
   912	
   913	func (r *Request) wantsClose() bool {
   914		return hasToken(r.Header.get("Connection"), "close")
   915	}
   916	
   917	func (r *Request) closeBody() {
   918		if r.Body != nil {
   919			r.Body.Close()
   920		}
   921	}
   922	

View as plain text