...
Run Format

Source file src/pkg/net/http/request.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// HTTP Request reading and parsing.
     6	
     7	package http
     8	
     9	import (
    10		"bufio"
    11		"bytes"
    12		"crypto/tls"
    13		"errors"
    14		"fmt"
    15		"io"
    16		"io/ioutil"
    17		"mime"
    18		"mime/multipart"
    19		"net/textproto"
    20		"net/url"
    21		"strconv"
    22		"strings"
    23		"sync"
    24	)
    25	
    26	const (
    27		maxValueLength   = 4096
    28		maxHeaderLines   = 1024
    29		chunkSize        = 4 << 10  // 4 KB chunks
    30		defaultMaxMemory = 32 << 20 // 32 MB
    31	)
    32	
    33	// ErrMissingFile is returned by FormFile when the provided file field name
    34	// is either not present in the request or not a file field.
    35	var ErrMissingFile = errors.New("http: no such file")
    36	
    37	// HTTP request parsing errors.
    38	type ProtocolError struct {
    39		ErrorString string
    40	}
    41	
    42	func (err *ProtocolError) Error() string { return err.ErrorString }
    43	
    44	var (
    45		ErrHeaderTooLong        = &ProtocolError{"header too long"}
    46		ErrShortBody            = &ProtocolError{"entity body too short"}
    47		ErrNotSupported         = &ProtocolError{"feature not supported"}
    48		ErrUnexpectedTrailer    = &ProtocolError{"trailer header without chunked transfer encoding"}
    49		ErrMissingContentLength = &ProtocolError{"missing ContentLength in HEAD response"}
    50		ErrNotMultipart         = &ProtocolError{"request Content-Type isn't multipart/form-data"}
    51		ErrMissingBoundary      = &ProtocolError{"no multipart boundary param in Content-Type"}
    52	)
    53	
    54	type badStringError struct {
    55		what string
    56		str  string
    57	}
    58	
    59	func (e *badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) }
    60	
    61	// Headers that Request.Write handles itself and should be skipped.
    62	var reqWriteExcludeHeader = map[string]bool{
    63		"Host":              true, // not in Header map anyway
    64		"User-Agent":        true,
    65		"Content-Length":    true,
    66		"Transfer-Encoding": true,
    67		"Trailer":           true,
    68	}
    69	
    70	// A Request represents an HTTP request received by a server
    71	// or to be sent by a client.
    72	//
    73	// The field semantics differ slightly between client and server
    74	// usage. In addition to the notes on the fields below, see the
    75	// documentation for Request.Write and RoundTripper.
    76	type Request struct {
    77		// Method specifies the HTTP method (GET, POST, PUT, etc.).
    78		// For client requests an empty string means GET.
    79		Method string
    80	
    81		// URL specifies either the URI being requested (for server
    82		// requests) or the URL to access (for client requests).
    83		//
    84		// For server requests the URL is parsed from the URI
    85		// supplied on the Request-Line as stored in RequestURI.  For
    86		// most requests, fields other than Path and RawQuery will be
    87		// empty. (See RFC 2616, Section 5.1.2)
    88		//
    89		// For client requests, the URL's Host specifies the server to
    90		// connect to, while the Request's Host field optionally
    91		// specifies the Host header value to send in the HTTP
    92		// request.
    93		URL *url.URL
    94	
    95		// The protocol version for incoming requests.
    96		// Client requests always use HTTP/1.1.
    97		Proto      string // "HTTP/1.0"
    98		ProtoMajor int    // 1
    99		ProtoMinor int    // 0
   100	
   101		// A header maps request lines to their values.
   102		// If the header says
   103		//
   104		//	accept-encoding: gzip, deflate
   105		//	Accept-Language: en-us
   106		//	Connection: keep-alive
   107		//
   108		// then
   109		//
   110		//	Header = map[string][]string{
   111		//		"Accept-Encoding": {"gzip, deflate"},
   112		//		"Accept-Language": {"en-us"},
   113		//		"Connection": {"keep-alive"},
   114		//	}
   115		//
   116		// HTTP defines that header names are case-insensitive.
   117		// The request parser implements this by canonicalizing the
   118		// name, making the first character and any characters
   119		// following a hyphen uppercase and the rest lowercase.
   120		//
   121		// For client requests certain headers are automatically
   122		// added and may override values in Header.
   123		//
   124		// See the documentation for the Request.Write method.
   125		Header Header
   126	
   127		// Body is the request's body.
   128		//
   129		// For client requests a nil body means the request has no
   130		// body, such as a GET request. The HTTP Client's Transport
   131		// is responsible for calling the Close method.
   132		//
   133		// For server requests the Request Body is always non-nil
   134		// but will return EOF immediately when no body is present.
   135		// The Server will close the request body. The ServeHTTP
   136		// Handler does not need to.
   137		Body io.ReadCloser
   138	
   139		// ContentLength records the length of the associated content.
   140		// The value -1 indicates that the length is unknown.
   141		// Values >= 0 indicate that the given number of bytes may
   142		// be read from Body.
   143		// For client requests, a value of 0 means unknown if Body is not nil.
   144		ContentLength int64
   145	
   146		// TransferEncoding lists the transfer encodings from outermost to
   147		// innermost. An empty list denotes the "identity" encoding.
   148		// TransferEncoding can usually be ignored; chunked encoding is
   149		// automatically added and removed as necessary when sending and
   150		// receiving requests.
   151		TransferEncoding []string
   152	
   153		// Close indicates whether to close the connection after
   154		// replying to this request (for servers) or after sending
   155		// the request (for clients).
   156		Close bool
   157	
   158		// For server requests Host specifies the host on which the
   159		// URL is sought. Per RFC 2616, this is either the value of
   160		// the "Host" header or the host name given in the URL itself.
   161		// It may be of the form "host:port".
   162		//
   163		// For client requests Host optionally overrides the Host
   164		// header to send. If empty, the Request.Write method uses
   165		// the value of URL.Host.
   166		Host string
   167	
   168		// Form contains the parsed form data, including both the URL
   169		// field's query parameters and the POST or PUT form data.
   170		// This field is only available after ParseForm is called.
   171		// The HTTP client ignores Form and uses Body instead.
   172		Form url.Values
   173	
   174		// PostForm contains the parsed form data from POST or PUT
   175		// body parameters.
   176		// This field is only available after ParseForm is called.
   177		// The HTTP client ignores PostForm and uses Body instead.
   178		PostForm url.Values
   179	
   180		// MultipartForm is the parsed multipart form, including file uploads.
   181		// This field is only available after ParseMultipartForm is called.
   182		// The HTTP client ignores MultipartForm and uses Body instead.
   183		MultipartForm *multipart.Form
   184	
   185		// Trailer specifies additional headers that are sent after the request
   186		// body.
   187		//
   188		// For server requests the Trailer map initially contains only the
   189		// trailer keys, with nil values. (The client declares which trailers it
   190		// will later send.)  While the handler is reading from Body, it must
   191		// not reference Trailer. After reading from Body returns EOF, Trailer
   192		// can be read again and will contain non-nil values, if they were sent
   193		// by the client.
   194		//
   195		// For client requests Trailer must be initialized to a map containing
   196		// the trailer keys to later send. The values may be nil or their final
   197		// values. The ContentLength must be 0 or -1, to send a chunked request.
   198		// After the HTTP request is sent the map values can be updated while
   199		// the request body is read. Once the body returns EOF, the caller must
   200		// not mutate Trailer.
   201		//
   202		// Few HTTP clients, servers, or proxies support HTTP trailers.
   203		Trailer Header
   204	
   205		// RemoteAddr allows HTTP servers and other software to record
   206		// the network address that sent the request, usually for
   207		// logging. This field is not filled in by ReadRequest and
   208		// has no defined format. The HTTP server in this package
   209		// sets RemoteAddr to an "IP:port" address before invoking a
   210		// handler.
   211		// This field is ignored by the HTTP client.
   212		RemoteAddr string
   213	
   214		// RequestURI is the unmodified Request-URI of the
   215		// Request-Line (RFC 2616, Section 5.1) as sent by the client
   216		// to a server. Usually the URL field should be used instead.
   217		// It is an error to set this field in an HTTP client request.
   218		RequestURI string
   219	
   220		// TLS allows HTTP servers and other software to record
   221		// information about the TLS connection on which the request
   222		// was received. This field is not filled in by ReadRequest.
   223		// The HTTP server in this package sets the field for
   224		// TLS-enabled connections before invoking a handler;
   225		// otherwise it leaves the field nil.
   226		// This field is ignored by the HTTP client.
   227		TLS *tls.ConnectionState
   228	}
   229	
   230	// ProtoAtLeast reports whether the HTTP protocol used
   231	// in the request is at least major.minor.
   232	func (r *Request) ProtoAtLeast(major, minor int) bool {
   233		return r.ProtoMajor > major ||
   234			r.ProtoMajor == major && r.ProtoMinor >= minor
   235	}
   236	
   237	// UserAgent returns the client's User-Agent, if sent in the request.
   238	func (r *Request) UserAgent() string {
   239		return r.Header.Get("User-Agent")
   240	}
   241	
   242	// Cookies parses and returns the HTTP cookies sent with the request.
   243	func (r *Request) Cookies() []*Cookie {
   244		return readCookies(r.Header, "")
   245	}
   246	
   247	var ErrNoCookie = errors.New("http: named cookie not present")
   248	
   249	// Cookie returns the named cookie provided in the request or
   250	// ErrNoCookie if not found.
   251	func (r *Request) Cookie(name string) (*Cookie, error) {
   252		for _, c := range readCookies(r.Header, name) {
   253			return c, nil
   254		}
   255		return nil, ErrNoCookie
   256	}
   257	
   258	// AddCookie adds a cookie to the request.  Per RFC 6265 section 5.4,
   259	// AddCookie does not attach more than one Cookie header field.  That
   260	// means all cookies, if any, are written into the same line,
   261	// separated by semicolon.
   262	func (r *Request) AddCookie(c *Cookie) {
   263		s := fmt.Sprintf("%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value))
   264		if c := r.Header.Get("Cookie"); c != "" {
   265			r.Header.Set("Cookie", c+"; "+s)
   266		} else {
   267			r.Header.Set("Cookie", s)
   268		}
   269	}
   270	
   271	// Referer returns the referring URL, if sent in the request.
   272	//
   273	// Referer is misspelled as in the request itself, a mistake from the
   274	// earliest days of HTTP.  This value can also be fetched from the
   275	// Header map as Header["Referer"]; the benefit of making it available
   276	// as a method is that the compiler can diagnose programs that use the
   277	// alternate (correct English) spelling req.Referrer() but cannot
   278	// diagnose programs that use Header["Referrer"].
   279	func (r *Request) Referer() string {
   280		return r.Header.Get("Referer")
   281	}
   282	
   283	// multipartByReader is a sentinel value.
   284	// Its presence in Request.MultipartForm indicates that parsing of the request
   285	// body has been handed off to a MultipartReader instead of ParseMultipartFrom.
   286	var multipartByReader = &multipart.Form{
   287		Value: make(map[string][]string),
   288		File:  make(map[string][]*multipart.FileHeader),
   289	}
   290	
   291	// MultipartReader returns a MIME multipart reader if this is a
   292	// multipart/form-data POST request, else returns nil and an error.
   293	// Use this function instead of ParseMultipartForm to
   294	// process the request body as a stream.
   295	func (r *Request) MultipartReader() (*multipart.Reader, error) {
   296		if r.MultipartForm == multipartByReader {
   297			return nil, errors.New("http: MultipartReader called twice")
   298		}
   299		if r.MultipartForm != nil {
   300			return nil, errors.New("http: multipart handled by ParseMultipartForm")
   301		}
   302		r.MultipartForm = multipartByReader
   303		return r.multipartReader()
   304	}
   305	
   306	func (r *Request) multipartReader() (*multipart.Reader, error) {
   307		v := r.Header.Get("Content-Type")
   308		if v == "" {
   309			return nil, ErrNotMultipart
   310		}
   311		d, params, err := mime.ParseMediaType(v)
   312		if err != nil || d != "multipart/form-data" {
   313			return nil, ErrNotMultipart
   314		}
   315		boundary, ok := params["boundary"]
   316		if !ok {
   317			return nil, ErrMissingBoundary
   318		}
   319		return multipart.NewReader(r.Body, boundary), nil
   320	}
   321	
   322	// Return value if nonempty, def otherwise.
   323	func valueOrDefault(value, def string) string {
   324		if value != "" {
   325			return value
   326		}
   327		return def
   328	}
   329	
   330	// NOTE: This is not intended to reflect the actual Go version being used.
   331	// It was changed from "Go http package" to "Go 1.1 package http" at the
   332	// time of the Go 1.1 release because the former User-Agent had ended up
   333	// on a blacklist for some intrusion detection systems.
   334	// See https://codereview.appspot.com/7532043.
   335	const defaultUserAgent = "Go 1.1 package http"
   336	
   337	// Write writes an HTTP/1.1 request -- header and body -- in wire format.
   338	// This method consults the following fields of the request:
   339	//	Host
   340	//	URL
   341	//	Method (defaults to "GET")
   342	//	Header
   343	//	ContentLength
   344	//	TransferEncoding
   345	//	Body
   346	//
   347	// If Body is present, Content-Length is <= 0 and TransferEncoding
   348	// hasn't been set to "identity", Write adds "Transfer-Encoding:
   349	// chunked" to the header. Body is closed after it is sent.
   350	func (r *Request) Write(w io.Writer) error {
   351		return r.write(w, false, nil)
   352	}
   353	
   354	// WriteProxy is like Write but writes the request in the form
   355	// expected by an HTTP proxy.  In particular, WriteProxy writes the
   356	// initial Request-URI line of the request with an absolute URI, per
   357	// section 5.1.2 of RFC 2616, including the scheme and host.
   358	// In either case, WriteProxy also writes a Host header, using
   359	// either r.Host or r.URL.Host.
   360	func (r *Request) WriteProxy(w io.Writer) error {
   361		return r.write(w, true, nil)
   362	}
   363	
   364	// extraHeaders may be nil
   365	func (req *Request) write(w io.Writer, usingProxy bool, extraHeaders Header) error {
   366		host := req.Host
   367		if host == "" {
   368			if req.URL == nil {
   369				return errors.New("http: Request.Write on Request with no Host or URL set")
   370			}
   371			host = req.URL.Host
   372		}
   373	
   374		ruri := req.URL.RequestURI()
   375		if usingProxy && req.URL.Scheme != "" && req.URL.Opaque == "" {
   376			ruri = req.URL.Scheme + "://" + host + ruri
   377		} else if req.Method == "CONNECT" && req.URL.Path == "" {
   378			// CONNECT requests normally give just the host and port, not a full URL.
   379			ruri = host
   380		}
   381		// TODO(bradfitz): escape at least newlines in ruri?
   382	
   383		// Wrap the writer in a bufio Writer if it's not already buffered.
   384		// Don't always call NewWriter, as that forces a bytes.Buffer
   385		// and other small bufio Writers to have a minimum 4k buffer
   386		// size.
   387		var bw *bufio.Writer
   388		if _, ok := w.(io.ByteWriter); !ok {
   389			bw = bufio.NewWriter(w)
   390			w = bw
   391		}
   392	
   393		fmt.Fprintf(w, "%s %s HTTP/1.1\r\n", valueOrDefault(req.Method, "GET"), ruri)
   394	
   395		// Header lines
   396		fmt.Fprintf(w, "Host: %s\r\n", host)
   397	
   398		// Use the defaultUserAgent unless the Header contains one, which
   399		// may be blank to not send the header.
   400		userAgent := defaultUserAgent
   401		if req.Header != nil {
   402			if ua := req.Header["User-Agent"]; len(ua) > 0 {
   403				userAgent = ua[0]
   404			}
   405		}
   406		if userAgent != "" {
   407			fmt.Fprintf(w, "User-Agent: %s\r\n", userAgent)
   408		}
   409	
   410		// Process Body,ContentLength,Close,Trailer
   411		tw, err := newTransferWriter(req)
   412		if err != nil {
   413			return err
   414		}
   415		err = tw.WriteHeader(w)
   416		if err != nil {
   417			return err
   418		}
   419	
   420		err = req.Header.WriteSubset(w, reqWriteExcludeHeader)
   421		if err != nil {
   422			return err
   423		}
   424	
   425		if extraHeaders != nil {
   426			err = extraHeaders.Write(w)
   427			if err != nil {
   428				return err
   429			}
   430		}
   431	
   432		io.WriteString(w, "\r\n")
   433	
   434		// Write body and trailer
   435		err = tw.WriteBody(w)
   436		if err != nil {
   437			return err
   438		}
   439	
   440		if bw != nil {
   441			return bw.Flush()
   442		}
   443		return nil
   444	}
   445	
   446	// ParseHTTPVersion parses a HTTP version string.
   447	// "HTTP/1.0" returns (1, 0, true).
   448	func ParseHTTPVersion(vers string) (major, minor int, ok bool) {
   449		const Big = 1000000 // arbitrary upper bound
   450		switch vers {
   451		case "HTTP/1.1":
   452			return 1, 1, true
   453		case "HTTP/1.0":
   454			return 1, 0, true
   455		}
   456		if !strings.HasPrefix(vers, "HTTP/") {
   457			return 0, 0, false
   458		}
   459		dot := strings.Index(vers, ".")
   460		if dot < 0 {
   461			return 0, 0, false
   462		}
   463		major, err := strconv.Atoi(vers[5:dot])
   464		if err != nil || major < 0 || major > Big {
   465			return 0, 0, false
   466		}
   467		minor, err = strconv.Atoi(vers[dot+1:])
   468		if err != nil || minor < 0 || minor > Big {
   469			return 0, 0, false
   470		}
   471		return major, minor, true
   472	}
   473	
   474	// NewRequest returns a new Request given a method, URL, and optional body.
   475	//
   476	// If the provided body is also an io.Closer, the returned
   477	// Request.Body is set to body and will be closed by the Client
   478	// methods Do, Post, and PostForm, and Transport.RoundTrip.
   479	func NewRequest(method, urlStr string, body io.Reader) (*Request, error) {
   480		u, err := url.Parse(urlStr)
   481		if err != nil {
   482			return nil, err
   483		}
   484		rc, ok := body.(io.ReadCloser)
   485		if !ok && body != nil {
   486			rc = ioutil.NopCloser(body)
   487		}
   488		req := &Request{
   489			Method:     method,
   490			URL:        u,
   491			Proto:      "HTTP/1.1",
   492			ProtoMajor: 1,
   493			ProtoMinor: 1,
   494			Header:     make(Header),
   495			Body:       rc,
   496			Host:       u.Host,
   497		}
   498		if body != nil {
   499			switch v := body.(type) {
   500			case *bytes.Buffer:
   501				req.ContentLength = int64(v.Len())
   502			case *bytes.Reader:
   503				req.ContentLength = int64(v.Len())
   504			case *strings.Reader:
   505				req.ContentLength = int64(v.Len())
   506			}
   507		}
   508	
   509		return req, nil
   510	}
   511	
   512	// SetBasicAuth sets the request's Authorization header to use HTTP
   513	// Basic Authentication with the provided username and password.
   514	//
   515	// With HTTP Basic Authentication the provided username and password
   516	// are not encrypted.
   517	func (r *Request) SetBasicAuth(username, password string) {
   518		r.Header.Set("Authorization", "Basic "+basicAuth(username, password))
   519	}
   520	
   521	// parseRequestLine parses "GET /foo HTTP/1.1" into its three parts.
   522	func parseRequestLine(line string) (method, requestURI, proto string, ok bool) {
   523		s1 := strings.Index(line, " ")
   524		s2 := strings.Index(line[s1+1:], " ")
   525		if s1 < 0 || s2 < 0 {
   526			return
   527		}
   528		s2 += s1 + 1
   529		return line[:s1], line[s1+1 : s2], line[s2+1:], true
   530	}
   531	
   532	var textprotoReaderPool sync.Pool
   533	
   534	func newTextprotoReader(br *bufio.Reader) *textproto.Reader {
   535		if v := textprotoReaderPool.Get(); v != nil {
   536			tr := v.(*textproto.Reader)
   537			tr.R = br
   538			return tr
   539		}
   540		return textproto.NewReader(br)
   541	}
   542	
   543	func putTextprotoReader(r *textproto.Reader) {
   544		r.R = nil
   545		textprotoReaderPool.Put(r)
   546	}
   547	
   548	// ReadRequest reads and parses a request from b.
   549	func ReadRequest(b *bufio.Reader) (req *Request, err error) {
   550	
   551		tp := newTextprotoReader(b)
   552		req = new(Request)
   553	
   554		// First line: GET /index.html HTTP/1.0
   555		var s string
   556		if s, err = tp.ReadLine(); err != nil {
   557			return nil, err
   558		}
   559		defer func() {
   560			putTextprotoReader(tp)
   561			if err == io.EOF {
   562				err = io.ErrUnexpectedEOF
   563			}
   564		}()
   565	
   566		var ok bool
   567		req.Method, req.RequestURI, req.Proto, ok = parseRequestLine(s)
   568		if !ok {
   569			return nil, &badStringError{"malformed HTTP request", s}
   570		}
   571		rawurl := req.RequestURI
   572		if req.ProtoMajor, req.ProtoMinor, ok = ParseHTTPVersion(req.Proto); !ok {
   573			return nil, &badStringError{"malformed HTTP version", req.Proto}
   574		}
   575	
   576		// CONNECT requests are used two different ways, and neither uses a full URL:
   577		// The standard use is to tunnel HTTPS through an HTTP proxy.
   578		// It looks like "CONNECT www.google.com:443 HTTP/1.1", and the parameter is
   579		// just the authority section of a URL. This information should go in req.URL.Host.
   580		//
   581		// The net/rpc package also uses CONNECT, but there the parameter is a path
   582		// that starts with a slash. It can be parsed with the regular URL parser,
   583		// and the path will end up in req.URL.Path, where it needs to be in order for
   584		// RPC to work.
   585		justAuthority := req.Method == "CONNECT" && !strings.HasPrefix(rawurl, "/")
   586		if justAuthority {
   587			rawurl = "http://" + rawurl
   588		}
   589	
   590		if req.URL, err = url.ParseRequestURI(rawurl); err != nil {
   591			return nil, err
   592		}
   593	
   594		if justAuthority {
   595			// Strip the bogus "http://" back off.
   596			req.URL.Scheme = ""
   597		}
   598	
   599		// Subsequent lines: Key: value.
   600		mimeHeader, err := tp.ReadMIMEHeader()
   601		if err != nil {
   602			return nil, err
   603		}
   604		req.Header = Header(mimeHeader)
   605	
   606		// RFC2616: Must treat
   607		//	GET /index.html HTTP/1.1
   608		//	Host: www.google.com
   609		// and
   610		//	GET http://www.google.com/index.html HTTP/1.1
   611		//	Host: doesntmatter
   612		// the same.  In the second case, any Host line is ignored.
   613		req.Host = req.URL.Host
   614		if req.Host == "" {
   615			req.Host = req.Header.get("Host")
   616		}
   617		delete(req.Header, "Host")
   618	
   619		fixPragmaCacheControl(req.Header)
   620	
   621		err = readTransfer(req, b)
   622		if err != nil {
   623			return nil, err
   624		}
   625	
   626		return req, nil
   627	}
   628	
   629	// MaxBytesReader is similar to io.LimitReader but is intended for
   630	// limiting the size of incoming request bodies. In contrast to
   631	// io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a
   632	// non-EOF error for a Read beyond the limit, and Closes the
   633	// underlying reader when its Close method is called.
   634	//
   635	// MaxBytesReader prevents clients from accidentally or maliciously
   636	// sending a large request and wasting server resources.
   637	func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser {
   638		return &maxBytesReader{w: w, r: r, n: n}
   639	}
   640	
   641	type maxBytesReader struct {
   642		w       ResponseWriter
   643		r       io.ReadCloser // underlying reader
   644		n       int64         // max bytes remaining
   645		stopped bool
   646	}
   647	
   648	func (l *maxBytesReader) Read(p []byte) (n int, err error) {
   649		if l.n <= 0 {
   650			if !l.stopped {
   651				l.stopped = true
   652				if res, ok := l.w.(*response); ok {
   653					res.requestTooLarge()
   654				}
   655			}
   656			return 0, errors.New("http: request body too large")
   657		}
   658		if int64(len(p)) > l.n {
   659			p = p[:l.n]
   660		}
   661		n, err = l.r.Read(p)
   662		l.n -= int64(n)
   663		return
   664	}
   665	
   666	func (l *maxBytesReader) Close() error {
   667		return l.r.Close()
   668	}
   669	
   670	func copyValues(dst, src url.Values) {
   671		for k, vs := range src {
   672			for _, value := range vs {
   673				dst.Add(k, value)
   674			}
   675		}
   676	}
   677	
   678	func parsePostForm(r *Request) (vs url.Values, err error) {
   679		if r.Body == nil {
   680			err = errors.New("missing form body")
   681			return
   682		}
   683		ct := r.Header.Get("Content-Type")
   684		// RFC 2616, section 7.2.1 - empty type
   685		//   SHOULD be treated as application/octet-stream
   686		if ct == "" {
   687			ct = "application/octet-stream"
   688		}
   689		ct, _, err = mime.ParseMediaType(ct)
   690		switch {
   691		case ct == "application/x-www-form-urlencoded":
   692			var reader io.Reader = r.Body
   693			maxFormSize := int64(1<<63 - 1)
   694			if _, ok := r.Body.(*maxBytesReader); !ok {
   695				maxFormSize = int64(10 << 20) // 10 MB is a lot of text.
   696				reader = io.LimitReader(r.Body, maxFormSize+1)
   697			}
   698			b, e := ioutil.ReadAll(reader)
   699			if e != nil {
   700				if err == nil {
   701					err = e
   702				}
   703				break
   704			}
   705			if int64(len(b)) > maxFormSize {
   706				err = errors.New("http: POST too large")
   707				return
   708			}
   709			vs, e = url.ParseQuery(string(b))
   710			if err == nil {
   711				err = e
   712			}
   713		case ct == "multipart/form-data":
   714			// handled by ParseMultipartForm (which is calling us, or should be)
   715			// TODO(bradfitz): there are too many possible
   716			// orders to call too many functions here.
   717			// Clean this up and write more tests.
   718			// request_test.go contains the start of this,
   719			// in TestParseMultipartFormOrder and others.
   720		}
   721		return
   722	}
   723	
   724	// ParseForm parses the raw query from the URL and updates r.Form.
   725	//
   726	// For POST or PUT requests, it also parses the request body as a form and
   727	// put the results into both r.PostForm and r.Form.
   728	// POST and PUT body parameters take precedence over URL query string values
   729	// in r.Form.
   730	//
   731	// If the request Body's size has not already been limited by MaxBytesReader,
   732	// the size is capped at 10MB.
   733	//
   734	// ParseMultipartForm calls ParseForm automatically.
   735	// It is idempotent.
   736	func (r *Request) ParseForm() error {
   737		var err error
   738		if r.PostForm == nil {
   739			if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" {
   740				r.PostForm, err = parsePostForm(r)
   741			}
   742			if r.PostForm == nil {
   743				r.PostForm = make(url.Values)
   744			}
   745		}
   746		if r.Form == nil {
   747			if len(r.PostForm) > 0 {
   748				r.Form = make(url.Values)
   749				copyValues(r.Form, r.PostForm)
   750			}
   751			var newValues url.Values
   752			if r.URL != nil {
   753				var e error
   754				newValues, e = url.ParseQuery(r.URL.RawQuery)
   755				if err == nil {
   756					err = e
   757				}
   758			}
   759			if newValues == nil {
   760				newValues = make(url.Values)
   761			}
   762			if r.Form == nil {
   763				r.Form = newValues
   764			} else {
   765				copyValues(r.Form, newValues)
   766			}
   767		}
   768		return err
   769	}
   770	
   771	// ParseMultipartForm parses a request body as multipart/form-data.
   772	// The whole request body is parsed and up to a total of maxMemory bytes of
   773	// its file parts are stored in memory, with the remainder stored on
   774	// disk in temporary files.
   775	// ParseMultipartForm calls ParseForm if necessary.
   776	// After one call to ParseMultipartForm, subsequent calls have no effect.
   777	func (r *Request) ParseMultipartForm(maxMemory int64) error {
   778		if r.MultipartForm == multipartByReader {
   779			return errors.New("http: multipart handled by MultipartReader")
   780		}
   781		if r.Form == nil {
   782			err := r.ParseForm()
   783			if err != nil {
   784				return err
   785			}
   786		}
   787		if r.MultipartForm != nil {
   788			return nil
   789		}
   790	
   791		mr, err := r.multipartReader()
   792		if err != nil {
   793			return err
   794		}
   795	
   796		f, err := mr.ReadForm(maxMemory)
   797		if err != nil {
   798			return err
   799		}
   800		for k, v := range f.Value {
   801			r.Form[k] = append(r.Form[k], v...)
   802		}
   803		r.MultipartForm = f
   804	
   805		return nil
   806	}
   807	
   808	// FormValue returns the first value for the named component of the query.
   809	// POST and PUT body parameters take precedence over URL query string values.
   810	// FormValue calls ParseMultipartForm and ParseForm if necessary.
   811	// To access multiple values of the same key use ParseForm.
   812	func (r *Request) FormValue(key string) string {
   813		if r.Form == nil {
   814			r.ParseMultipartForm(defaultMaxMemory)
   815		}
   816		if vs := r.Form[key]; len(vs) > 0 {
   817			return vs[0]
   818		}
   819		return ""
   820	}
   821	
   822	// PostFormValue returns the first value for the named component of the POST
   823	// or PUT request body. URL query parameters are ignored.
   824	// PostFormValue calls ParseMultipartForm and ParseForm if necessary.
   825	func (r *Request) PostFormValue(key string) string {
   826		if r.PostForm == nil {
   827			r.ParseMultipartForm(defaultMaxMemory)
   828		}
   829		if vs := r.PostForm[key]; len(vs) > 0 {
   830			return vs[0]
   831		}
   832		return ""
   833	}
   834	
   835	// FormFile returns the first file for the provided form key.
   836	// FormFile calls ParseMultipartForm and ParseForm if necessary.
   837	func (r *Request) FormFile(key string) (multipart.File, *multipart.FileHeader, error) {
   838		if r.MultipartForm == multipartByReader {
   839			return nil, nil, errors.New("http: multipart handled by MultipartReader")
   840		}
   841		if r.MultipartForm == nil {
   842			err := r.ParseMultipartForm(defaultMaxMemory)
   843			if err != nil {
   844				return nil, nil, err
   845			}
   846		}
   847		if r.MultipartForm != nil && r.MultipartForm.File != nil {
   848			if fhs := r.MultipartForm.File[key]; len(fhs) > 0 {
   849				f, err := fhs[0].Open()
   850				return f, fhs[0], err
   851			}
   852		}
   853		return nil, nil, ErrMissingFile
   854	}
   855	
   856	func (r *Request) expectsContinue() bool {
   857		return hasToken(r.Header.get("Expect"), "100-continue")
   858	}
   859	
   860	func (r *Request) wantsHttp10KeepAlive() bool {
   861		if r.ProtoMajor != 1 || r.ProtoMinor != 0 {
   862			return false
   863		}
   864		return hasToken(r.Header.get("Connection"), "keep-alive")
   865	}
   866	
   867	func (r *Request) wantsClose() bool {
   868		return hasToken(r.Header.get("Connection"), "close")
   869	}
   870	
   871	func (r *Request) closeBody() {
   872		if r.Body != nil {
   873			r.Body.Close()
   874		}
   875	}
   876	

View as plain text