From 164f717e00226a8253afc795d42167fbeef896b2 Mon Sep 17 00:00:00 2001 From: hugogogo Date: Wed, 3 Aug 2022 00:02:25 +0200 Subject: [PATCH] added informations on cgi from rfc 3875 --- README.md | 135 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 115 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 20c8b93..24f0821 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,4 @@ ---- -## questions -- mettre les fonctions specifiques a la requete, dans la class client ? -- où est-ce que j'inclus le cgi ? -- est-ce que le cgi est appellé par `/cgi-bin` ? - - non -- g rajouté `char ** env` dans client.cpp - - non -- ajouter un champ "message body" dans client ? - - non -- comment organiser la creation du message reponse (cgi ou pas) et des headers ? -- comment je gere le path `/cgi-bin/` avec la suite ? -- qu'est-ce que le cgi renvoit comme headers ? comment c'est géré ? - - https://www.rfc-editor.org/rfc/rfc3875 - --- ## man @@ -88,16 +73,126 @@ - [ ] Your server must be able to listen to multiple ports (see Configuration file) - [ ] Your server should never die. +--- +## cgi rfc +[rfc 3875](https://www.rfc-editor.org/rfc/rfc3875) + +[3.1: server responsabilities](https://www.rfc-editor.org/rfc/rfc3875#section-3.1) + +- The server [...] receives the request from the client +- selects a CGI script to handle the request +- converts the client request to a CGI request +- executes the script and converts the CGI response into a response for the client + +[3.3: script uri](https://www.rfc-editor.org/rfc/rfc3875#section-3.3) + +- the 'Script-URI' [...] MUST have the property that if the client had accessed this URI instead, then the script would have been executed + +[4: how the server prepare the cgi requests](https://www.rfc-editor.org/rfc/rfc3875#section-4) + +- the cgi receives 2 differents set of informations : + - the request meta-variables (in UNIX, by env variables) + - and the message-body + +[4.1: request meta-variables](https://www.rfc-editor.org/rfc/rfc3875#section-4.1) + +- a header field that spans multiple lines MUST be merged onto a single line + +[4.2: request message-body](https://www.rfc-editor.org/rfc/rfc3875#section-4.2) + +- unless defined otherwise, the script access request data by reading stdin + +[6: how the response from the script is returned to the server](https://www.rfc-editor.org/rfc/rfc3875#section-6) + +- The response comprises 2 parts, separated by a blank line : + - a message-header + - and a message-body +- The message-header contains one or more header fields +- The body may be NULL + +[6.2: responses types](https://www.rfc-editor.org/rfc/rfc3875#section-6.2) + +- four types of responses : + - document response + - local redirect response + - client redirect response + - client redirect response with document +- document response : + - it must return a Content-Type header field + - a Status-Header field is optional (200 is assumed if omited) + - the server must check the cgi-script output, and modifie it to comply with the protocol version +- local redirect response : + - it must return only a Location field + - it contains a local path URI and query string ('local-pathquery') + - the server must generate the response for this local-pathquery +- client redirect response : + - it must return only a Location field + - it contains an absolute URI path, to indicate the client that it should reprocess the request with this URI + - the http server must generate a 302 'Found' message +- client redirect response with document + - it must return a Location field with an absolute URI path + - it must return the Status header field, with a value of 302 'Found' + - the server must check the cgi-script output, and modifie it to comply with the protocol version + +[6.3: cgi header fields](https://www.rfc-editor.org/rfc/rfc3875#section-6.3) + +- whitespace is permitted between the ":" and the field-value +- but not between the field-name and the ":" +- the CGI script can set three differents fields : + - Content-Type + - Location + - Status +- Content-Type : + - if there is a body in the response, a Content-Type field must be present + - if there is no Content-Type, the server must not attempt to determine one +- Location : + - the local URI path must be an absolut path, not a relative path, nor NULL + - the local URI path must, then, start with "/" + - the absolut URI start with ":" +- Status : + - a 3-digit integer code + - 4 standards : + - 200 'OK' indicates success, it's the default value + - 302 'Found' with Location header and response message-body + - 400 'Bad Request' an unknown request format, like missing CONTENT-TYPE + - 501 'Not Implemented' the script received unsupported REQUEST-METHOD + - construction: `Status:400 "explication of the error"\n` +- the cgi-script can return other header fields, concerning the response message + - the server must translate cgi-headers syntax into http-header syntax + - for exemple, newline can be encoded in different ways +- the cgi-script must not return header fields concerning client-side communication + - the server can remove such fields + - (not sure : https://www.rfc-editor.org/rfc/rfc3875#section-6.3.4) + - the server must resolve conflicts between script-header fields and themselves + +[6.3: cgi message body](https://www.rfc-editor.org/rfc/rfc3875#section-6.4) + +- the server must read it untill EOF +- the server must not modify it, except to convert charset if needed + +[7 and 8: usefull informations about implementation and security](https://www.rfc-editor.org/rfc/rfc3875#section-7) + +#### questions : +- le cgi-script doit renvoyer au moins un header suivit d'une ligne vide +- il peut dans certains cas envoyer d'autres headers +- le serveur doit verifier qu'il n'y a pas de doublons dans les headers +- le serveur doit verifier le formatage des headers (typiquement l'encodage, par exemple pour les newlines) +- ? comment on passe le body-message au script ? section 4.2 +- ? on doit gerer l'authentification ? +- ? pourquoi on doit construire un script-cgi ? section 3.3 +- ? si l'uri correspond au script-cgi, ca appel le script donc ? section 3.3 + --- ## cgi env variables -[cgi env variables](http://www.faqs.org/rfcs/rfc3875.html) +[cgi env variables](https://www.rfc-editor.org/rfc/rfc3875#section-4.1) [wikipedia variables environnements cgi](https://fr.wikipedia.org/wiki/Variables_d%27environnement_CGI) [cgi server variables on adobe](https://helpx.adobe.com/coldfusion/cfml-reference/reserved-words-and-variables/cgi-environment-cgi-scope-variables/cgi-server-variables.html) -``` + +```None AUTH_TYPE : if the srcipt is protected, the authentification method used to validate the user -CONTENT_LENGTH : length of the request content -CONTENT_TYPE : if there is attached information, as with method POST or PUT, this is the content type of the data (e.g. "text/plain", it is set by the attribute "enctype" in html
as three values : "application/x-www-form-urlencoded", "multipart/form-data", "text/plain") +CONTENT_LENGTH : length of the request body-message +CONTENT_TYPE : (Content-Type field) if there is attached information, as with method POST or PUT, this is the content type of the data (e.g. "text/plain", it is set by the attribute "enctype" in html as three values : "application/x-www-form-urlencoded", "multipart/form-data", "text/plain") GATEWAY_INTERFACE : CGI version (e.g. CGI/1.1) PATH_INFO : if any, path of the resquest in addition to the cgi script path (e.g. for cgi script path = "/usr/web/cgi-bin/script.cgi", and the url = "http://server.org/cgi-bin/script.cgi/house", the PATH-INFO would be "house") PATH_TRANSLATED : full path of the request, like path-to-cgi/PATH_INFO, null if PATH_INFO is null (e.g. for "http://server.org/cgi-bin/prog/the/path", PATH_INFO would be : "/the/path" and PATH_TRANSLATED would be : "/usr/web/cgi-bin/prog/the/path") @@ -114,7 +209,7 @@ SERVER_PROTOCOL : protocol used for the request (e.g. HTTP/1.1) SERVER_SOFTWARE : the server software you're using (e.g. Apache 1.3) ``` [redirect status for php-cgi](https://woozle.org/papers/php-cgi.html) -``` +```None REDIRECT_STATUS : for exemple, 200 ```