1 /*
2 * Copyright 2022 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 package io.netty.example.http2.file;
17
18 import io.netty.buffer.ByteBuf;
19 import io.netty.buffer.Unpooled;
20 import io.netty.channel.ChannelDuplexHandler;
21 import io.netty.channel.ChannelFuture;
22 import io.netty.channel.ChannelHandlerContext;
23 import io.netty.channel.ChannelProgressiveFuture;
24 import io.netty.channel.ChannelProgressiveFutureListener;
25 import io.netty.handler.codec.http.HttpHeaderNames;
26 import io.netty.handler.codec.http.HttpResponseStatus;
27 import io.netty.handler.codec.http2.DefaultHttp2DataFrame;
28 import io.netty.handler.codec.http2.DefaultHttp2Headers;
29 import io.netty.handler.codec.http2.DefaultHttp2HeadersFrame;
30 import io.netty.handler.codec.http2.Http2DataChunkedInput;
31 import io.netty.handler.codec.http2.Http2DataFrame;
32 import io.netty.handler.codec.http2.Http2FrameStream;
33 import io.netty.handler.codec.http2.Http2Headers;
34 import io.netty.handler.codec.http2.Http2HeadersFrame;
35 import io.netty.handler.stream.ChunkedFile;
36 import io.netty.util.CharsetUtil;
37 import io.netty.util.internal.SystemPropertyUtil;
38
39 import javax.activation.MimetypesFileTypeMap;
40 import java.io.File;
41 import java.io.FileNotFoundException;
42 import java.io.RandomAccessFile;
43 import java.io.UnsupportedEncodingException;
44 import java.net.URLDecoder;
45 import java.text.SimpleDateFormat;
46 import java.util.Calendar;
47 import java.util.Date;
48 import java.util.GregorianCalendar;
49 import java.util.Locale;
50 import java.util.TimeZone;
51 import java.util.regex.Pattern;
52
53 import static io.netty.handler.codec.http.HttpMethod.GET;
54 import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN;
55 import static io.netty.handler.codec.http.HttpResponseStatus.FOUND;
56 import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR;
57 import static io.netty.handler.codec.http.HttpResponseStatus.METHOD_NOT_ALLOWED;
58 import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND;
59 import static io.netty.handler.codec.http.HttpResponseStatus.NOT_MODIFIED;
60 import static io.netty.handler.codec.http.HttpResponseStatus.OK;
61
62 /**
63 * A simple handler that serves incoming HTTP requests to send their respective
64 * HTTP responses. It also implements {@code 'If-Modified-Since'} header to
65 * take advantage of browser cache, as described in
66 * <a href="https://tools.ietf.org/html/rfc2616#section-14.25">RFC 2616</a>.
67 *
68 * <h3>How Browser Caching Works</h3>
69 * <p>
70 * Web browser caching works with HTTP headers as illustrated by the following
71 * sample:
72 * <ol>
73 * <li>Request #1 returns the content of {@code /file1.txt}.</li>
74 * <li>Contents of {@code /file1.txt} is cached by the browser.</li>
75 * <li>Request #2 for {@code /file1.txt} does not return the contents of the
76 * file again. Rather, a 304 Not Modified is returned. This tells the
77 * browser to use the contents stored in its cache.</li>
78 * <li>The server knows the file has not been modified because the
79 * {@code If-Modified-Since} date is the same as the file's last
80 * modified date.</li>
81 * </ol>
82 *
83 * <pre>
84 * Request #1 Headers
85 * ===================
86 * GET /file1.txt HTTP/1.1
87 *
88 * Response #1 Headers
89 * ===================
90 * HTTP/1.1 200 OK
91 * Date: Tue, 01 Mar 2011 22:44:26 GMT
92 * Last-Modified: Wed, 30 Jun 2010 21:36:48 GMT
93 * Expires: Tue, 01 Mar 2012 22:44:26 GMT
94 * Cache-Control: private, max-age=31536000
95 *
96 * Request #2 Headers
97 * ===================
98 * GET /file1.txt HTTP/1.1
99 * If-Modified-Since: Wed, 30 Jun 2010 21:36:48 GMT
100 *
101 * Response #2 Headers
102 * ===================
103 * HTTP/1.1 304 Not Modified
104 * Date: Tue, 01 Mar 2011 22:44:28 GMT
105 *
106 * </pre>
107 */
108 public class Http2StaticFileServerHandler extends ChannelDuplexHandler {
109
110 public static final String HTTP_DATE_FORMAT = "EEE, dd MMM yyyy HH:mm:ss zzz";
111 public static final String HTTP_DATE_GMT_TIMEZONE = "GMT";
112 public static final int HTTP_CACHE_SECONDS = 60;
113
114 private Http2FrameStream stream;
115
116 @Override
117 public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
118 if (msg instanceof Http2HeadersFrame) {
119 Http2HeadersFrame headersFrame = (Http2HeadersFrame) msg;
120 this.stream = headersFrame.stream();
121
122 if (!GET.toString().equals(headersFrame.headers().method().toString())) {
123 sendError(ctx, METHOD_NOT_ALLOWED);
124 return;
125 }
126
127 final String uri = headersFrame.headers().path().toString();
128 final String path = sanitizeUri(uri);
129 if (path == null) {
130 sendError(ctx, FORBIDDEN);
131 return;
132 }
133
134 File file = new File(path);
135 if (file.isHidden() || !file.exists()) {
136 sendError(ctx, NOT_FOUND);
137 return;
138 }
139
140 if (file.isDirectory()) {
141 if (uri.endsWith("/")) {
142 sendListing(ctx, file, uri);
143 } else {
144 sendRedirect(ctx, uri + '/');
145 }
146 return;
147 }
148
149 if (!file.isFile()) {
150 sendError(ctx, FORBIDDEN);
151 return;
152 }
153
154 // Cache Validation
155 CharSequence ifModifiedSince = headersFrame.headers().get(HttpHeaderNames.IF_MODIFIED_SINCE);
156 if (ifModifiedSince != null && !ifModifiedSince.toString().isEmpty()) {
157 SimpleDateFormat dateFormatter = new SimpleDateFormat(HTTP_DATE_FORMAT, Locale.US);
158 Date ifModifiedSinceDate = dateFormatter.parse(ifModifiedSince.toString());
159
160 // Only compare up to the second because the datetime format we send to the client
161 // does not have milliseconds
162 long ifModifiedSinceDateSeconds = ifModifiedSinceDate.getTime() / 1000;
163 long fileLastModifiedSeconds = file.lastModified() / 1000;
164 if (ifModifiedSinceDateSeconds == fileLastModifiedSeconds) {
165 sendNotModified(ctx);
166 return;
167 }
168 }
169
170 RandomAccessFile raf;
171 try {
172 raf = new RandomAccessFile(file, "r");
173 } catch (FileNotFoundException ignore) {
174 sendError(ctx, NOT_FOUND);
175 return;
176 }
177 long fileLength = raf.length();
178
179 Http2Headers headers = new DefaultHttp2Headers();
180 headers.status("200");
181 headers.setLong(HttpHeaderNames.CONTENT_LENGTH, fileLength);
182
183 setContentTypeHeader(headers, file);
184 setDateAndCacheHeaders(headers, file);
185
186 // Write the initial line and the header.
187 ctx.writeAndFlush(new DefaultHttp2HeadersFrame(headers).stream(stream));
188
189 // Write the content.
190 ChannelFuture sendFileFuture;
191 sendFileFuture = ctx.writeAndFlush(new Http2DataChunkedInput(
192 new ChunkedFile(raf, 0, fileLength, 8192), stream), ctx.newProgressivePromise());
193
194 sendFileFuture.addListener(new ChannelProgressiveFutureListener() {
195 @Override
196 public void operationProgressed(ChannelProgressiveFuture future, long progress, long total) {
197 if (total < 0) { // total unknown
198 System.err.println(future.channel() + " Transfer progress: " + progress);
199 } else {
200 System.err.println(future.channel() + " Transfer progress: " + progress + " / " + total);
201 }
202 }
203
204 @Override
205 public void operationComplete(ChannelProgressiveFuture future) {
206 System.err.println(future.channel() + " Transfer complete.");
207 }
208 });
209 } else {
210 // Unsupported message type
211 System.out.println("Unsupported message type: " + msg);
212 }
213 }
214
215 @Override
216 public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
217 cause.printStackTrace();
218 if (ctx.channel().isActive()) {
219 sendError(ctx, INTERNAL_SERVER_ERROR);
220 }
221 }
222
223 private static final Pattern INSECURE_URI = Pattern.compile(".*[<>&\"].*");
224
225 private static String sanitizeUri(String uri) throws UnsupportedEncodingException {
226 // Decode the path.
227 uri = URLDecoder.decode(uri, "UTF-8");
228
229 if (uri.isEmpty() || uri.charAt(0) != '/') {
230 return null;
231 }
232
233 // Convert file separators.
234 uri = uri.replace('/', File.separatorChar);
235
236 // Simplistic dumb security check.
237 // You will have to do something serious in the production environment.
238 if (uri.contains(File.separator + '.') ||
239 uri.contains('.' + File.separator) ||
240 uri.charAt(0) == '.' || uri.charAt(uri.length() - 1) == '.' ||
241 INSECURE_URI.matcher(uri).matches()) {
242 return null;
243 }
244
245 // Convert to absolute path.
246 return SystemPropertyUtil.get("user.dir") + File.separator + uri;
247 }
248
249 private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*");
250
251 private void sendListing(ChannelHandlerContext ctx, File dir, String dirPath) {
252 StringBuilder buf = new StringBuilder()
253 .append("<!DOCTYPE html>\r\n")
254 .append("<html><head><meta charset='utf-8' /><title>")
255 .append("Listing of: ")
256 .append(dirPath)
257 .append("</title></head><body>\r\n")
258
259 .append("<h3>Listing of: ")
260 .append(dirPath)
261 .append("</h3>\r\n")
262
263 .append("<ul>")
264 .append("<li><a href=\"../\">..</a></li>\r\n");
265
266 File[] files = dir.listFiles();
267 if (files != null) {
268 for (File f : files) {
269 if (f.isHidden() || !f.canRead()) {
270 continue;
271 }
272
273 String name = f.getName();
274 if (!ALLOWED_FILE_NAME.matcher(name).matches()) {
275 continue;
276 }
277
278 buf.append("<li><a href=\"")
279 .append(name)
280 .append("\">")
281 .append(name)
282 .append("</a></li>\r\n");
283 }
284 }
285
286 buf.append("</ul></body></html>\r\n");
287
288 ByteBuf buffer = ctx.alloc().buffer(buf.length());
289 buffer.writeCharSequence(buf.toString(), CharsetUtil.UTF_8);
290
291 Http2Headers headers = new DefaultHttp2Headers();
292 headers.status(OK.toString());
293 headers.add(HttpHeaderNames.CONTENT_TYPE, "text/html; charset=UTF-8");
294
295 ctx.write(new DefaultHttp2HeadersFrame(headers).stream(stream));
296 ctx.writeAndFlush(new DefaultHttp2DataFrame(buffer, true).stream(stream));
297 }
298
299 private void sendRedirect(ChannelHandlerContext ctx, String newUri) {
300 Http2Headers headers = new DefaultHttp2Headers();
301 headers.status(FOUND.toString());
302 headers.add(HttpHeaderNames.LOCATION, newUri);
303
304 ctx.writeAndFlush(new DefaultHttp2HeadersFrame(headers, true).stream(stream));
305 }
306
307 private void sendError(ChannelHandlerContext ctx, HttpResponseStatus status) {
308 Http2Headers headers = new DefaultHttp2Headers();
309 headers.status(status.toString());
310 headers.add(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
311
312 Http2HeadersFrame headersFrame = new DefaultHttp2HeadersFrame(headers);
313 headersFrame.stream(stream);
314
315 Http2DataFrame dataFrame = new DefaultHttp2DataFrame(
316 Unpooled.copiedBuffer("Failure: " + status + "\r\n", CharsetUtil.UTF_8), true);
317 dataFrame.stream(stream);
318
319 ctx.write(headersFrame);
320 ctx.writeAndFlush(dataFrame);
321 }
322
323 /**
324 * When file timestamp is the same as what the browser is sending up, send a "304 Not Modified"
325 *
326 * @param ctx Context
327 */
328 private void sendNotModified(ChannelHandlerContext ctx) {
329 Http2Headers headers = new DefaultHttp2Headers();
330 headers.status(NOT_MODIFIED.toString());
331 setDateHeader(headers);
332
333 ctx.writeAndFlush(new DefaultHttp2HeadersFrame(headers, true).stream(stream));
334 }
335
336 /**
337 * Sets the Date header for the HTTP response
338 *
339 * @param headers Http2 Headers
340 */
341 private static void setDateHeader(Http2Headers headers) {
342 SimpleDateFormat dateFormatter = new SimpleDateFormat(HTTP_DATE_FORMAT, Locale.US);
343 dateFormatter.setTimeZone(TimeZone.getTimeZone(HTTP_DATE_GMT_TIMEZONE));
344
345 Calendar time = new GregorianCalendar();
346 headers.set(HttpHeaderNames.DATE, dateFormatter.format(time.getTime()));
347 }
348
349 /**
350 * Sets the Date and Cache headers for the HTTP Response
351 *
352 * @param headers Http2 Headers
353 * @param fileToCache file to extract content type
354 */
355 private static void setDateAndCacheHeaders(Http2Headers headers, File fileToCache) {
356 SimpleDateFormat dateFormatter = new SimpleDateFormat(HTTP_DATE_FORMAT, Locale.US);
357 dateFormatter.setTimeZone(TimeZone.getTimeZone(HTTP_DATE_GMT_TIMEZONE));
358
359 // Date header
360 Calendar time = new GregorianCalendar();
361 headers.set(HttpHeaderNames.DATE, dateFormatter.format(time.getTime()));
362
363 // Add cache headers
364 time.add(Calendar.SECOND, HTTP_CACHE_SECONDS);
365 headers.set(HttpHeaderNames.EXPIRES, dateFormatter.format(time.getTime()));
366 headers.set(HttpHeaderNames.CACHE_CONTROL, "private, max-age=" + HTTP_CACHE_SECONDS);
367 headers.set(HttpHeaderNames.LAST_MODIFIED, dateFormatter.format(new Date(fileToCache.lastModified())));
368 }
369
370 /**
371 * Sets the content type header for the HTTP Response
372 *
373 * @param headers Http2 Headers
374 * @param file file to extract content type
375 */
376 private static void setContentTypeHeader(Http2Headers headers, File file) {
377 MimetypesFileTypeMap mimeTypesMap = new MimetypesFileTypeMap();
378 headers.set(HttpHeaderNames.CONTENT_TYPE, mimeTypesMap.getContentType(file.getPath()));
379 }
380 }
以上源码来自: 即时通讯网 - 即时通讯开发者社区!