laudom/http.sh
2
0
Fork 1
Code Issues 10 Pull requests Packages Projects Releases Wiki Activity

+ basic 'Authorization: Bearer' handling, fixes some insecure assignments

Browse source
This commit is contained in:
Dominika 2020-12-24 00:52:55 +01:00
parent 43da1a7b03
commit 65279e90bf
1 changed files with 42 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
src/server.sh
View file

@ -17,76 +17,79 @@ post=false
get=false get=false
while read param; do while read param; do
if [[ $param == $'\015' ]]; then if [[ "$param" == $'\015' ]]; then
break break
elif [[ $param == *"Content-Length:"* ]]; then elif [[ "$param" == *"Content-Length:"* ]]; then
r[content_length]=$(echo -n $param | sed 's/Content-Length: //;s/\r//') r[content_length]=$(echo -n $param | sed 's/Content-Length: //;s/\r//')
elif [[ $param == *"Content-Type:"* ]]; then elif [[ "$param" == *"Content-Type:"* ]]; then
r[content_type]=$(echo -n $param | sed 's/Content-Type: //;s/\r//') r[content_type]="$(echo -n $param | sed 's/Content-Type: //;s/\r//')"
if [[ ${r[content_type]} == *"multipart/form-data"* ]]; then if [[ "${r[content_type]}" == *"multipart/form-data"* ]]; then
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
fi fi
if [[ ${r[content_type]} == *"boundary="* ]]; then if [[ "${r[content_type]}" == *"boundary="* ]]; then
r[content_boundary]=$(echo -n ${r[content_type]} | sed -E 's/(.*)boundary=//;s/\r//;s/ //') r[content_boundary]="$(echo -n ${r[content_type]} | sed -E 's/(.*)boundary=//;s/\r//;s/ //')"
fi fi
elif [[ $param == *"Host:"* ]]; then elif [[ "$param" == *"Host:"* ]]; then
r[host]=$(printf "$param" | sed 's/Host: //;s/\r//') r[host]="$(printf "$param" | sed 's/Host: //;s/\r//;s/\\//g')"
r[host_portless]=$(echo ${r[host]} | sed -E 's/:(.*)$//') r[host_portless]="$(echo "${r[host]}" | sed -E 's/:(.*)$//')"
if [[ -f "config/${r[host]}" ]]; then if [[ -f "config/${r[host]}" ]]; then
source "config/${r[host]}" source "config/${r[host]}"
elif [[ -f "config/${r[host_portless]}" ]]; then elif [[ -f "config/${r[host_portless]}" ]]; then
source "config/${r[host_portless]}" source "config/${r[host_portless]}"
fi fi
elif [[ $param == *"Upgrade:"* && $(printf "$param" | sed 's/Upgrade: //;s/\r//') == "websocket" ]]; then elif [[ "$param" == *"Upgrade:"* && $(printf "$param" | sed 's/Upgrade: //;s/\r//') == "websocket" ]]; then
r[status]=101 r[status]=101
elif [[ $param == *"Sec-WebSocket-Key:"* ]]; then elif [[ "$param" == *"Sec-WebSocket-Key:"* ]]; then
r[websocket_key]=$(printf "$param" | sed 's/Sec-WebSocket-Key: //;s/\r//') r[websocket_key]="$(printf "$param" | sed 's/Sec-WebSocket-Key: //;s/\r//')"
elif [[ $param == *"Authorization: Basic"* ]]; then elif [[ "$param" == *"Authorization: Basic"* ]]; then
login_simple $param login_simple "$param"
elif [[ $param == *"Cookie: "* ]]; then elif [[ "$param" == *"Authorization: Bearer"* ]]; then
r[authorization]="$(printf "$param" | sed 's/Authorization: Bearer //;s/\r//')"
elif [[ "$param" == *"Cookie: "* ]]; then
for i in $(echo $param | sed -E 's/Cookie: //;s/\;//g;s/%/\\x/g'); do for i in $(echo $param | sed -E 's/Cookie: //;s/\;//g;s/%/\\x/g'); do
name=$(echo $i | sed -E 's/\=(.*)$//') name="$(echo $i | sed -E 's/\=(.*)$//')"
value=$(echo $i | sed -E 's/^(.*)\=//') value="$(echo $i | sed -E 's/^(.*)\=//')"
cookies[$name]=$(echo -e $value) cookies[$name]="$(echo -e $value)"
done done
elif [[ $param == *"GET "* ]]; then elif [[ "$param" == *"GET "* ]]; then
r[url]=$(echo -ne "$(echo -n $param | sed -E 's/GET //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g')") r[url]="$(echo -ne "$(echo -n $param | sed -E 's/GET //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g')")"
data=$(echo ${r[url]} | sed -E 's/^(.*)\?//;s/\&/ /g') data="$(echo ${r[url]} | sed -E 's/^(.*)\?//;s/\&/ /g')"
if [[ $data != ${r[url]} ]]; then if [[ "$data" != "${r[url]}" ]]; then
declare -A get_data declare -A get_data
for i in $data; do for i in $data; do
name=$(echo $i | sed -E 's/\=(.*)$//') name="$(echo $i | sed -E 's/\=(.*)$//')"
value=$(echo $i | sed "s/$name\=//") value="$(echo $i | sed "s/$name\=//")"
get_data[$name]=$value get_data[$name]="$value"
done done
fi fi
elif [[ $param == *"POST "* ]]; then elif [[ "$param" == *"POST "* ]]; then
r[url]=$(echo -ne "$(echo -n $param | sed -E 's/POST //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g')") r[url]="$(echo -ne "$(echo -n $param | sed -E 's/POST //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g')")"
r[post]=true r[post]=true
# below shamelessly copied from GET, should be moved to a function # below shamelessly copied from GET, should be moved to a function
data=$(echo ${r[url]} | sed -E 's/^(.*)\?//;s/\&/ /g') data="$(echo ${r[url]} | sed -E 's/^(.*)\?//;s/\&/ /g')"
if [[ $data != ${r[url]} ]]; then if [[ "$data" != "${r[url]}" ]]; then
declare -A post_data declare -A post_data
for i in $data; do for i in $data; do
name=$(echo $i | sed -E 's/\=(.*)$//') name="$(echo $i | sed -E 's/\=(.*)$//')"
value=$(echo $i | sed "s/$name\=//") value="$(echo $i | sed "s/$name\=//")"
post_data[$name]=$value post_data[$name]="$value"
done done
fi fi
fi fi
done done
r[uri]=$(realpath "${cfg[namespace]}/${cfg[root]}$(echo ${r[url]} | sed -E 's/\?(.*)$//')") r[uri]="$(realpath "${cfg[namespace]}/${cfg[root]}$(echo ${r[url]} | sed -E 's/\?(.*)$//')")"
[[ -d "${r[uri]}/" ]] && pwd="${r[uri]}" || pwd=$(dirname "${r[uri]}") [[ -d "${r[uri]}/" ]] && pwd="${r[uri]}" || pwd=$(dirname "${r[uri]}")
if [[ $NCAT_LOCAL_PORT == '' ]]; then if [[ $NCAT_LOCAL_PORT == '' ]]; then
@ -162,10 +165,10 @@ if [[ ${r[post]} == true && ${r[status]} == 200 ]]; then
read -N ${r[content_length]} data read -N ${r[content_length]} data
declare -A post_data declare -A post_data
for i in $(echo $data | sed -s 's/\&/ /g;'); do for i in $(echo "$data" | sed -s 's/\&/ /g;'); do
name=$(echo $i | sed -E 's/\=(.*)$//') name="$(echo $i | sed -E 's/\=(.*)$//')"
param=$(echo $i | sed "s/$name\=//") param="$(echo $i | sed "s/$name\=//")"
post_data[$name]=$param post_data[$name]="$param"
done done
fi fi
fi fi