[catagits/Catalyst-Runtime.git] / lib / Catalyst / Engine / CGI.pm

package Catalyst::Engine::CGI;

use Moose;
extends 'Catalyst::Engine';

has _header_buf => (is => 'rw', clearer => '_clear_header_buf', predicate => '_has_header_buf');

=head1 NAME

Catalyst::Engine::CGI - The CGI Engine

=head1 SYNOPSIS

A script using the Catalyst::Engine::CGI module might look like:

    #!/usr/bin/perl -w

    use strict;
    use lib '/path/to/MyApp/lib';
    use MyApp;

    MyApp->run;

The application module (C<MyApp>) would use C<Catalyst>, which loads the
appropriate engine module.

=head1 DESCRIPTION

This is the Catalyst engine specialized for the CGI environment.

=head1 OVERLOADED METHODS

This class overloads some methods from C<Catalyst::Engine>.

=head2 $self->finalize_headers($c)

=cut

sub finalize_headers {
    my ( $self, $c ) = @_;

    $c->response->header( Status => $c->response->status );

    $self->_header_buf($c->response->headers->as_string("\015\012") . "\015\012");
}

=head2 $self->prepare_connection($c)

=cut

sub prepare_connection {
    my ( $self, $c ) = @_;
    local (*ENV) = $self->env || \%ENV;

    my $request = $c->request;
    $request->address( $ENV{REMOTE_ADDR} );

  PROXY_CHECK:
    {
        unless ( ref($c)->config->{using_frontend_proxy} ) {
            last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1';
            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
        }
        last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR};

        # If we are running as a backend server, the user will always appear
        # as 127.0.0.1. Select the most recent upstream IP (last in the list)
        my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/;
        $request->address($ip);
        if ( defined $ENV{HTTP_X_FORWARDED_PORT} ) {
            $ENV{SERVER_PORT} = $ENV{HTTP_X_FORWARDED_PORT};
        }
    }

    $request->hostname( $ENV{REMOTE_HOST} ) if exists $ENV{REMOTE_HOST};
    $request->protocol( $ENV{SERVER_PROTOCOL} );
    $request->user( $ENV{REMOTE_USER} );  # XXX: Deprecated. See Catalyst::Request for removal information
    $request->remote_user( $ENV{REMOTE_USER} );
    $request->method( $ENV{REQUEST_METHOD} );

    if ( $ENV{HTTPS} && uc( $ENV{HTTPS} ) eq 'ON' ) {
        $request->secure(1);
    }

    if ( $ENV{SERVER_PORT} == 443 ) {
        $request->secure(1);
    }
    binmode(STDOUT); # Ensure we are sending bytes.
}

=head2 $self->prepare_headers($c)

=cut

sub prepare_headers {
    my ( $self, $c ) = @_;
    local (*ENV) = $self->env || \%ENV;
    my $headers = $c->request->headers;
    # Read headers from %ENV
    foreach my $header ( keys %ENV ) {
        next unless $header =~ /^(?:HTTP|CONTENT|COOKIE)/i;
        ( my $field = $header ) =~ s/^HTTPS?_//;
        $headers->header( $field => $ENV{$header} );
    }
}

=head2 $self->prepare_path($c)

=cut

# Please don't touch this method without adding tests in
# t/aggregate/unit_core_engine_cgi-prepare_path.t
sub prepare_path {
    my ( $self, $c ) = @_;
    local (*ENV) = $self->env || \%ENV;

    my $scheme = $c->request->secure ? 'https' : 'http';
    my $host      = $ENV{HTTP_HOST}   || $ENV{SERVER_NAME};
    my $port      = $ENV{SERVER_PORT} || 80;

    # fix up for IIS
    if ($ENV{SERVER_SOFTWARE} && $ENV{SERVER_SOFTWARE} =~ m{IIS/[6-9]\.\d}) {
        $ENV{PATH_INFO} =~ s/^\Q$ENV{SCRIPT_NAME}\E//;
    }

    my $script_name = $ENV{SCRIPT_NAME};
    $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;

    my $base_path;
    if ( exists $ENV{REDIRECT_URL} ) {
        $base_path = $ENV{REDIRECT_URL};
        $base_path =~ s/$ENV{PATH_INFO}$//;
    }
    else {
        $base_path = $script_name || '/';
    }

    # If we are running as a backend proxy, get the true hostname
  PROXY_CHECK:
    {
        unless ( ref($c)->config->{using_frontend_proxy} ) {
            last PROXY_CHECK if $host !~ /localhost|127.0.0.1/;
            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
        }
        last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST};

        $host = $ENV{HTTP_X_FORWARDED_HOST};

        # backend could be on any port, so
        # assume frontend is on the default port
        $port = $c->request->secure ? 443 : 80;
        if ( $ENV{HTTP_X_FORWARDED_PORT} ) {
            $port = $ENV{HTTP_X_FORWARDED_PORT};
        }
    }

    # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
    # and cannot contain path-segment parameters." This means PATH_INFO
    # is always decoded, and the script can't distinguish / vs %2F.
    # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
    # Here we try to resurrect the original encoded URI from REQUEST_URI.
    my $path_info   = $ENV{PATH_INFO};
    if (my $req_uri = $ENV{REQUEST_URI}) {
        $req_uri =~ s/^\Q$base_path\E//;
        $req_uri =~ s/\?.*$//;
        if ($req_uri) {
            # Note that if REQUEST_URI doesn't start with a /, then the user
            # is probably using mod_rewrite or something to rewrite requests
            # into a sub-path of their application..
            # This means that REQUEST_URI needs information from PATH_INFO
            # prepending to it to be useful, otherwise the sub path which is
            # being redirected to becomes the app base address which is
            # incorrect.
            if (substr($req_uri, 0, 1) ne '/') {
                my ($match) = $req_uri =~ m|^([^/]+)|;
                my ($path_info_part) = $path_info =~ m|^(.*?\Q$match\E)|;
                substr($req_uri, 0, length($match), $path_info_part)
                    if $path_info_part;
            }
            $path_info = $req_uri;
        }
    }

    # set the request URI
    my $path = $base_path . ( $path_info || '' );
    $path =~ s{^/+}{};

    # Using URI directly is way too slow, so we construct the URLs manually
    my $uri_class = "URI::$scheme";

    # HTTP_HOST will include the port even if it's 80/443
    $host =~ s/:(?:80|443)$//;

    if ( $port !~ /^(?:80|443)$/ && $host !~ /:/ ) {
        $host .= ":$port";
    }

    # Escape the path
    $path =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go;
    $path =~ s/\?/%3F/g; # STUPID STUPID SPECIAL CASE

    my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
    my $uri   = $scheme . '://' . $host . '/' . $path . $query;

    $c->request->uri( bless(\$uri, $uri_class)->canonical );

    # set the base URI
    # base must end in a slash
    $base_path .= '/' unless $base_path =~ m{/$};

    my $base_uri = $scheme . '://' . $host . $base_path;

    $c->request->base( bless \$base_uri, $uri_class );
}

=head2 $self->prepare_query_parameters($c)

=cut

around prepare_query_parameters => sub {
    my $orig = shift;
    my ( $self, $c ) = @_;
    local (*ENV) = $self->env || \%ENV;

    if ( $ENV{QUERY_STRING} ) {
        $self->$orig( $c, $ENV{QUERY_STRING} );
    }
};

=head2 $self->prepare_request($c, (env => \%env))

=cut

sub prepare_request {
    my ( $self, $c, %args ) = @_;

    if ( $args{env} ) {
        $self->env( $args{env} );
    }
}

=head2 $self->prepare_write($c)

Enable autoflush on the output handle for CGI-based engines.

=cut

around prepare_write => sub {
    *STDOUT->autoflush(1);
    return shift->(@_);
};

=head2 $self->write($c, $buffer)

Writes the buffer to the client.

=cut

around write => sub {
    my $orig = shift;
    my ( $self, $c, $buffer ) = @_;

    # Prepend the headers if they have not yet been sent
    if ( $self->_has_header_buf ) {
        $buffer = $self->_clear_header_buf . $buffer;
    }

    return $self->$orig( $c, $buffer );
};

=head2 $self->read_chunk($c, $buffer, $length)

=cut

sub read_chunk { shift; shift; *STDIN->sysread(@_); }

=head2 $self->run

=cut

sub run { shift; shift->handle_request( env => \%ENV ) }

=head1 SEE ALSO

L<Catalyst>, L<Catalyst::Engine>

=head1 AUTHORS

Catalyst Contributors, see Catalyst.pm

=head1 COPYRIGHT

This library is free software. You can redistribute it and/or modify it under
the same terms as Perl itself.

=cut
no Moose;

1;
Commit	Line	Data
fc7ec1d9	1	package Catalyst::Engine::CGI;
fc7ec1d9	2
7fa2c9c1	3	use Moose;
7fa2c9c1	4	extends 'Catalyst::Engine';
e2fd5b5f	5
02570318	6	has _header_buf => (is => 'rw', clearer => '_clear_header_buf', predicate => '_has_header_buf');
84528885	7
fc7ec1d9	8	=head1 NAME
	9
	10	Catalyst::Engine::CGI - The CGI Engine
	11
	12	=head1 SYNOPSIS
	13
23f9d934	14	A script using the Catalyst::Engine::CGI module might look like:
23f9d934	15
9a33da6a	16	#!/usr/bin/perl -w
	17
	18	use strict;
	19	use lib '/path/to/MyApp/lib';
	20	use MyApp;
	21
	22	MyApp->run;
	23
23f9d934	24	The application module (C<MyApp>) would use C<Catalyst>, which loads the
23f9d934	25	appropriate engine module.
fc7ec1d9	26
	27	=head1 DESCRIPTION
	28
fbcc39ad	29	This is the Catalyst engine specialized for the CGI environment.
e2fd5b5f	30
23f9d934	31	=head1 OVERLOADED METHODS
fc7ec1d9	32
fbcc39ad	33	This class overloads some methods from C<Catalyst::Engine>.
fc7ec1d9	34
b5ecfcf0	35	=head2 $self->finalize_headers($c)
fc7ec1d9	36
	37	=cut
	38
fbcc39ad	39	sub finalize_headers {
fbcc39ad	40	my ( $self, $c ) = @_;
06e1b616	41
fbcc39ad	42	$c->response->header( Status => $c->response->status );
06e1b616	43
02570318	44	$self->_header_buf($c->response->headers->as_string("\015\012") . "\015\012");
fc7ec1d9	45	}
fc7ec1d9	46
b5ecfcf0	47	=head2 $self->prepare_connection($c)
fc7ec1d9	48
	49	=cut
	50
fbcc39ad	51	sub prepare_connection {
fbcc39ad	52	my ( $self, $c ) = @_;
b5ecfcf0	53	local (*ENV) = $self->env \|\| \%ENV;
4f5ebacd	54
7fa2c9c1	55	my $request = $c->request;
7fa2c9c1	56	$request->address( $ENV{REMOTE_ADDR} );
4f5ebacd	57
4f5ebacd	58	PROXY_CHECK:
fbcc39ad	59	{
df960201	60	unless ( ref($c)->config->{using_frontend_proxy} ) {
fbcc39ad	61	last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1';
df960201	62	last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
5b387dfc	63	}
fbcc39ad	64	last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR};
4f5ebacd	65
fbcc39ad	66	# If we are running as a backend server, the user will always appear
	67	# as 127.0.0.1. Select the most recent upstream IP (last in the list)
	68	my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/;
7fa2c9c1	69	$request->address($ip);
64d1c3cd	70	if ( defined $ENV{HTTP_X_FORWARDED_PORT} ) {
	71	$ENV{SERVER_PORT} = $ENV{HTTP_X_FORWARDED_PORT};
	72	}
fc7ec1d9	73	}
08cf3dd6	74
8fc0d39e	75	$request->hostname( $ENV{REMOTE_HOST} ) if exists $ENV{REMOTE_HOST};
7fa2c9c1	76	$request->protocol( $ENV{SERVER_PROTOCOL} );
8026359e	77	$request->user( $ENV{REMOTE_USER} ); # XXX: Deprecated. See Catalyst::Request for removal information
8026359e	78	$request->remote_user( $ENV{REMOTE_USER} );
7fa2c9c1	79	$request->method( $ENV{REQUEST_METHOD} );
fbcc39ad	80
fbcc39ad	81	if ( $ENV{HTTPS} && uc( $ENV{HTTPS} ) eq 'ON' ) {
7fa2c9c1	82	$request->secure(1);
5b387dfc	83	}
bfde09a2	84
fbcc39ad	85	if ( $ENV{SERVER_PORT} == 443 ) {
7fa2c9c1	86	$request->secure(1);
fbcc39ad	87	}
afdffc63	88	binmode(STDOUT); # Ensure we are sending bytes.
fc7ec1d9	89	}
fc7ec1d9	90
b5ecfcf0	91	=head2 $self->prepare_headers($c)
fc7ec1d9	92
	93	=cut
	94
fbcc39ad	95	sub prepare_headers {
fbcc39ad	96	my ( $self, $c ) = @_;
b5ecfcf0	97	local (*ENV) = $self->env \|\| \%ENV;
7fa2c9c1	98	my $headers = $c->request->headers;
fbcc39ad	99	# Read headers from %ENV
c82ed742	100	foreach my $header ( keys %ENV ) {
fbcc39ad	101	next unless $header =~ /^(?:HTTP\|CONTENT\|COOKIE)/i;
fbcc39ad	102	( my $field = $header ) =~ s/^HTTPS?_//;
7fa2c9c1	103	$headers->header( $field => $ENV{$header} );
fbcc39ad	104	}
fbcc39ad	105	}
316bf0f0	106
b5ecfcf0	107	=head2 $self->prepare_path($c)
316bf0f0	108
fbcc39ad	109	=cut
316bf0f0	110
eb3abf96	111	# Please don't touch this method without adding tests in
eb3abf96	112	# t/aggregate/unit_core_engine_cgi-prepare_path.t
fbcc39ad	113	sub prepare_path {
fbcc39ad	114	my ( $self, $c ) = @_;
b5ecfcf0	115	local (*ENV) = $self->env \|\| \%ENV;
fbcc39ad	116
4f5ebacd	117	my $scheme = $c->request->secure ? 'https' : 'http';
294f78ca	118	my $host = $ENV{HTTP_HOST} \|\| $ENV{SERVER_NAME};
294f78ca	119	my $port = $ENV{SERVER_PORT} \|\| 80;
a4900102	120
	121	# fix up for IIS
	122	if ($ENV{SERVER_SOFTWARE} && $ENV{SERVER_SOFTWARE} =~ m{IIS/[6-9]\.\d}) {
	123	$ENV{PATH_INFO} =~ s/^\Q$ENV{SCRIPT_NAME}\E//;
	124	}
	125
8bf285ed	126	my $script_name = $ENV{SCRIPT_NAME};
	127	$script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
	128
0bcb98c7	129	my $base_path;
	130	if ( exists $ENV{REDIRECT_URL} ) {
	131	$base_path = $ENV{REDIRECT_URL};
	132	$base_path =~ s/$ENV{PATH_INFO}$//;
	133	}
	134	else {
8bf285ed	135	$base_path = $script_name \|\| '/';
0bcb98c7	136	}
4f5ebacd	137
fbcc39ad	138	# If we are running as a backend proxy, get the true hostname
4f5ebacd	139	PROXY_CHECK:
fbcc39ad	140	{
df960201	141	unless ( ref($c)->config->{using_frontend_proxy} ) {
fbcc39ad	142	last PROXY_CHECK if $host !~ /localhost\|127.0.0.1/;
df960201	143	last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
316bf0f0	144	}
fbcc39ad	145	last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST};
316bf0f0	146
fbcc39ad	147	$host = $ENV{HTTP_X_FORWARDED_HOST};
4f5ebacd	148
4f5ebacd	149	# backend could be on any port, so
fbcc39ad	150	# assume frontend is on the default port
fbcc39ad	151	$port = $c->request->secure ? 443 : 80;
64d1c3cd	152	if ( $ENV{HTTP_X_FORWARDED_PORT} ) {
	153	$port = $ENV{HTTP_X_FORWARDED_PORT};
	154	}
316bf0f0	155	}
316bf0f0	156
8bf285ed	157	# RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
	158	# and cannot contain path-segment parameters." This means PATH_INFO
	159	# is always decoded, and the script can't distinguish / vs %2F.
	160	# See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
	161	# Here we try to resurrect the original encoded URI from REQUEST_URI.
	162	my $path_info = $ENV{PATH_INFO};
	163	if (my $req_uri = $ENV{REQUEST_URI}) {
eb3abf96	164	$req_uri =~ s/^\Q$base_path\E//;
8bf285ed	165	$req_uri =~ s/\?.*$//;
b760ac3d	166	if ($req_uri) {
	167	# Note that if REQUEST_URI doesn't start with a /, then the user
	168	# is probably using mod_rewrite or something to rewrite requests
	169	# into a sub-path of their application..
	170	# This means that REQUEST_URI needs information from PATH_INFO
	171	# prepending to it to be useful, otherwise the sub path which is
	172	# being redirected to becomes the app base address which is
	173	# incorrect.
	174	if (substr($req_uri, 0, 1) ne '/') {
	175	my ($match) = $req_uri =~ m\|^([^/]+)\|;
6e5e5aaf	176	my ($path_info_part) = $path_info =~ m\|^(.*?\Q$match\E)\|;
f54950f5	177	substr($req_uri, 0, length($match), $path_info_part)
f54950f5	178	if $path_info_part;
b760ac3d	179	}
	180	$path_info = $req_uri;
	181	}
8bf285ed	182	}
8bf285ed	183
8d3c800b	184	# set the request URI
8bf285ed	185	my $path = $base_path . ( $path_info \|\| '' );
fbcc39ad	186	$path =~ s{^/+}{};
b0ad47c1	187
933ba403	188	# Using URI directly is way too slow, so we construct the URLs manually
933ba403	189	my $uri_class = "URI::$scheme";
b0ad47c1	190
de19de2e	191	# HTTP_HOST will include the port even if it's 80/443
de19de2e	192	$host =~ s/:(?:80\|443)$//;
b0ad47c1	193
de19de2e	194	if ( $port !~ /^(?:80\|443)$/ && $host !~ /:/ ) {
933ba403	195	$host .= ":$port";
933ba403	196	}
b0ad47c1	197
933ba403	198	# Escape the path
	199	$path =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go;
	200	$path =~ s/\?/%3F/g; # STUPID STUPID SPECIAL CASE
b0ad47c1	201
933ba403	202	my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
	203	my $uri = $scheme . '://' . $host . '/' . $path . $query;
	204
ca78941c	205	$c->request->uri( bless(\$uri, $uri_class)->canonical );
933ba403	206
8d3c800b	207	# set the base URI
	208	# base must end in a slash
	209	$base_path .= '/' unless $base_path =~ m{/$};
b0ad47c1	210
8d3c800b	211	my $base_uri = $scheme . '://' . $host . $base_path;
8d3c800b	212
67936fd7	213	$c->request->base( bless \$base_uri, $uri_class );
e7c0c583	214	}
fc7ec1d9	215
b5ecfcf0	216	=head2 $self->prepare_query_parameters($c)
fc7ec1d9	217
	218	=cut
	219
4090e3bb	220	around prepare_query_parameters => sub {
4090e3bb	221	my $orig = shift;
fbcc39ad	222	my ( $self, $c ) = @_;
b5ecfcf0	223	local (*ENV) = $self->env \|\| \%ENV;
b5ecfcf0	224
f8109766	225	if ( $ENV{QUERY_STRING} ) {
4090e3bb	226	$self->$orig( $c, $ENV{QUERY_STRING} );
f8109766	227	}
4090e3bb	228	};
e7c0c583	229
b5ecfcf0	230	=head2 $self->prepare_request($c, (env => \%env))
84528885	231
	232	=cut
	233
	234	sub prepare_request {
	235	my ( $self, $c, %args ) = @_;
	236
	237	if ( $args{env} ) {
b5ecfcf0	238	$self->env( $args{env} );
84528885	239	}
	240	}
	241
b5ecfcf0	242	=head2 $self->prepare_write($c)
bfde09a2	243
fbcc39ad	244	Enable autoflush on the output handle for CGI-based engines.
bfde09a2	245
fbcc39ad	246	=cut
e7c0c583	247
4090e3bb	248	around prepare_write => sub {
4f5ebacd	249	*STDOUT->autoflush(1);
4090e3bb	250	return shift->(@_);
4090e3bb	251	};
e7c0c583	252
e512dd24	253	=head2 $self->write($c, $buffer)
	254
	255	Writes the buffer to the client.
	256
	257	=cut
	258
4090e3bb	259	around write => sub {
4090e3bb	260	my $orig = shift;
e512dd24	261	my ( $self, $c, $buffer ) = @_;
	262
	263	# Prepend the headers if they have not yet been sent
02570318	264	if ( $self->_has_header_buf ) {
02570318	265	$buffer = $self->_clear_header_buf . $buffer;
e512dd24	266	}
7fa2c9c1	267
4090e3bb	268	return $self->$orig( $c, $buffer );
4090e3bb	269	};
e512dd24	270
b5ecfcf0	271	=head2 $self->read_chunk($c, $buffer, $length)
e7c0c583	272
fbcc39ad	273	=cut
e7c0c583	274
4f5ebacd	275	sub read_chunk { shift; shift; *STDIN->sysread(@_); }
e7c0c583	276
b5ecfcf0	277	=head2 $self->run
bfde09a2	278
fbcc39ad	279	=cut
bfde09a2	280
0c913601	281	sub run { shift; shift->handle_request( env => \%ENV ) }
fc7ec1d9	282
fc7ec1d9	283	=head1 SEE ALSO
fc7ec1d9	284
2f381252	285	L<Catalyst>, L<Catalyst::Engine>
fbcc39ad	286
	287	=head1 AUTHORS
	288
2f381252	289	Catalyst Contributors, see Catalyst.pm
fc7ec1d9	290
	291	=head1 COPYRIGHT
	292
536bee89	293	This library is free software. You can redistribute it and/or modify it under
fc7ec1d9	294	the same terms as Perl itself.
	295
	296	=cut
4090e3bb	297	no Moose;
fc7ec1d9	298
fc7ec1d9	299	1;