github.com/q45/go@v0.0.0-20151101211701-a4fb8c13db3f/src/net/http/request.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // HTTP Request reading and parsing. 6 7 package http 8 9 import ( 10 "bufio" 11 "bytes" 12 "crypto/tls" 13 "encoding/base64" 14 "errors" 15 "fmt" 16 "io" 17 "io/ioutil" 18 "mime" 19 "mime/multipart" 20 "net/textproto" 21 "net/url" 22 "strconv" 23 "strings" 24 "sync" 25 ) 26 27 const ( 28 defaultMaxMemory = 32 << 20 // 32 MB 29 ) 30 31 // ErrMissingFile is returned by FormFile when the provided file field name 32 // is either not present in the request or not a file field. 33 var ErrMissingFile = errors.New("http: no such file") 34 35 // HTTP request parsing errors. 36 type ProtocolError struct { 37 ErrorString string 38 } 39 40 func (err *ProtocolError) Error() string { return err.ErrorString } 41 42 var ( 43 ErrHeaderTooLong = &ProtocolError{"header too long"} 44 ErrShortBody = &ProtocolError{"entity body too short"} 45 ErrNotSupported = &ProtocolError{"feature not supported"} 46 ErrUnexpectedTrailer = &ProtocolError{"trailer header without chunked transfer encoding"} 47 ErrMissingContentLength = &ProtocolError{"missing ContentLength in HEAD response"} 48 ErrNotMultipart = &ProtocolError{"request Content-Type isn't multipart/form-data"} 49 ErrMissingBoundary = &ProtocolError{"no multipart boundary param in Content-Type"} 50 ) 51 52 type badStringError struct { 53 what string 54 str string 55 } 56 57 func (e *badStringError) Error() string { return fmt.Sprintf("%s %q", e.what, e.str) } 58 59 // Headers that Request.Write handles itself and should be skipped. 60 var reqWriteExcludeHeader = map[string]bool{ 61 "Host": true, // not in Header map anyway 62 "User-Agent": true, 63 "Content-Length": true, 64 "Transfer-Encoding": true, 65 "Trailer": true, 66 } 67 68 // A Request represents an HTTP request received by a server 69 // or to be sent by a client. 70 // 71 // The field semantics differ slightly between client and server 72 // usage. In addition to the notes on the fields below, see the 73 // documentation for Request.Write and RoundTripper. 74 type Request struct { 75 // Method specifies the HTTP method (GET, POST, PUT, etc.). 76 // For client requests an empty string means GET. 77 Method string 78 79 // URL specifies either the URI being requested (for server 80 // requests) or the URL to access (for client requests). 81 // 82 // For server requests the URL is parsed from the URI 83 // supplied on the Request-Line as stored in RequestURI. For 84 // most requests, fields other than Path and RawQuery will be 85 // empty. (See RFC 2616, Section 5.1.2) 86 // 87 // For client requests, the URL's Host specifies the server to 88 // connect to, while the Request's Host field optionally 89 // specifies the Host header value to send in the HTTP 90 // request. 91 URL *url.URL 92 93 // The protocol version for incoming requests. 94 // Client requests always use HTTP/1.1. 95 Proto string // "HTTP/1.0" 96 ProtoMajor int // 1 97 ProtoMinor int // 0 98 99 // A header maps request lines to their values. 100 // If the header says 101 // 102 // accept-encoding: gzip, deflate 103 // Accept-Language: en-us 104 // Connection: keep-alive 105 // 106 // then 107 // 108 // Header = map[string][]string{ 109 // "Accept-Encoding": {"gzip, deflate"}, 110 // "Accept-Language": {"en-us"}, 111 // "Connection": {"keep-alive"}, 112 // } 113 // 114 // HTTP defines that header names are case-insensitive. 115 // The request parser implements this by canonicalizing the 116 // name, making the first character and any characters 117 // following a hyphen uppercase and the rest lowercase. 118 // 119 // For client requests certain headers are automatically 120 // added and may override values in Header. 121 // 122 // See the documentation for the Request.Write method. 123 Header Header 124 125 // Body is the request's body. 126 // 127 // For client requests a nil body means the request has no 128 // body, such as a GET request. The HTTP Client's Transport 129 // is responsible for calling the Close method. 130 // 131 // For server requests the Request Body is always non-nil 132 // but will return EOF immediately when no body is present. 133 // The Server will close the request body. The ServeHTTP 134 // Handler does not need to. 135 Body io.ReadCloser 136 137 // ContentLength records the length of the associated content. 138 // The value -1 indicates that the length is unknown. 139 // Values >= 0 indicate that the given number of bytes may 140 // be read from Body. 141 // For client requests, a value of 0 means unknown if Body is not nil. 142 ContentLength int64 143 144 // TransferEncoding lists the transfer encodings from outermost to 145 // innermost. An empty list denotes the "identity" encoding. 146 // TransferEncoding can usually be ignored; chunked encoding is 147 // automatically added and removed as necessary when sending and 148 // receiving requests. 149 TransferEncoding []string 150 151 // Close indicates whether to close the connection after 152 // replying to this request (for servers) or after sending 153 // the request (for clients). 154 Close bool 155 156 // For server requests Host specifies the host on which the 157 // URL is sought. Per RFC 2616, this is either the value of 158 // the "Host" header or the host name given in the URL itself. 159 // It may be of the form "host:port". 160 // 161 // For client requests Host optionally overrides the Host 162 // header to send. If empty, the Request.Write method uses 163 // the value of URL.Host. 164 Host string 165 166 // Form contains the parsed form data, including both the URL 167 // field's query parameters and the POST or PUT form data. 168 // This field is only available after ParseForm is called. 169 // The HTTP client ignores Form and uses Body instead. 170 Form url.Values 171 172 // PostForm contains the parsed form data from POST, PATCH, 173 // or PUT body parameters. 174 // 175 // This field is only available after ParseForm is called. 176 // The HTTP client ignores PostForm and uses Body instead. 177 PostForm url.Values 178 179 // MultipartForm is the parsed multipart form, including file uploads. 180 // This field is only available after ParseMultipartForm is called. 181 // The HTTP client ignores MultipartForm and uses Body instead. 182 MultipartForm *multipart.Form 183 184 // Trailer specifies additional headers that are sent after the request 185 // body. 186 // 187 // For server requests the Trailer map initially contains only the 188 // trailer keys, with nil values. (The client declares which trailers it 189 // will later send.) While the handler is reading from Body, it must 190 // not reference Trailer. After reading from Body returns EOF, Trailer 191 // can be read again and will contain non-nil values, if they were sent 192 // by the client. 193 // 194 // For client requests Trailer must be initialized to a map containing 195 // the trailer keys to later send. The values may be nil or their final 196 // values. The ContentLength must be 0 or -1, to send a chunked request. 197 // After the HTTP request is sent the map values can be updated while 198 // the request body is read. Once the body returns EOF, the caller must 199 // not mutate Trailer. 200 // 201 // Few HTTP clients, servers, or proxies support HTTP trailers. 202 Trailer Header 203 204 // RemoteAddr allows HTTP servers and other software to record 205 // the network address that sent the request, usually for 206 // logging. This field is not filled in by ReadRequest and 207 // has no defined format. The HTTP server in this package 208 // sets RemoteAddr to an "IP:port" address before invoking a 209 // handler. 210 // This field is ignored by the HTTP client. 211 RemoteAddr string 212 213 // RequestURI is the unmodified Request-URI of the 214 // Request-Line (RFC 2616, Section 5.1) as sent by the client 215 // to a server. Usually the URL field should be used instead. 216 // It is an error to set this field in an HTTP client request. 217 RequestURI string 218 219 // TLS allows HTTP servers and other software to record 220 // information about the TLS connection on which the request 221 // was received. This field is not filled in by ReadRequest. 222 // The HTTP server in this package sets the field for 223 // TLS-enabled connections before invoking a handler; 224 // otherwise it leaves the field nil. 225 // This field is ignored by the HTTP client. 226 TLS *tls.ConnectionState 227 228 // Cancel is an optional channel whose closure indicates that the client 229 // request should be regarded as canceled. Not all implementations of 230 // RoundTripper may support Cancel. 231 // 232 // For server requests, this field is not applicable. 233 Cancel <-chan struct{} 234 } 235 236 // ProtoAtLeast reports whether the HTTP protocol used 237 // in the request is at least major.minor. 238 func (r *Request) ProtoAtLeast(major, minor int) bool { 239 return r.ProtoMajor > major || 240 r.ProtoMajor == major && r.ProtoMinor >= minor 241 } 242 243 // UserAgent returns the client's User-Agent, if sent in the request. 244 func (r *Request) UserAgent() string { 245 return r.Header.Get("User-Agent") 246 } 247 248 // Cookies parses and returns the HTTP cookies sent with the request. 249 func (r *Request) Cookies() []*Cookie { 250 return readCookies(r.Header, "") 251 } 252 253 // ErrNoCookie is returned by Request's Cookie method when a cookie is not found. 254 var ErrNoCookie = errors.New("http: named cookie not present") 255 256 // Cookie returns the named cookie provided in the request or 257 // ErrNoCookie if not found. 258 func (r *Request) Cookie(name string) (*Cookie, error) { 259 for _, c := range readCookies(r.Header, name) { 260 return c, nil 261 } 262 return nil, ErrNoCookie 263 } 264 265 // AddCookie adds a cookie to the request. Per RFC 6265 section 5.4, 266 // AddCookie does not attach more than one Cookie header field. That 267 // means all cookies, if any, are written into the same line, 268 // separated by semicolon. 269 func (r *Request) AddCookie(c *Cookie) { 270 s := fmt.Sprintf("%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value)) 271 if c := r.Header.Get("Cookie"); c != "" { 272 r.Header.Set("Cookie", c+"; "+s) 273 } else { 274 r.Header.Set("Cookie", s) 275 } 276 } 277 278 // Referer returns the referring URL, if sent in the request. 279 // 280 // Referer is misspelled as in the request itself, a mistake from the 281 // earliest days of HTTP. This value can also be fetched from the 282 // Header map as Header["Referer"]; the benefit of making it available 283 // as a method is that the compiler can diagnose programs that use the 284 // alternate (correct English) spelling req.Referrer() but cannot 285 // diagnose programs that use Header["Referrer"]. 286 func (r *Request) Referer() string { 287 return r.Header.Get("Referer") 288 } 289 290 // multipartByReader is a sentinel value. 291 // Its presence in Request.MultipartForm indicates that parsing of the request 292 // body has been handed off to a MultipartReader instead of ParseMultipartFrom. 293 var multipartByReader = &multipart.Form{ 294 Value: make(map[string][]string), 295 File: make(map[string][]*multipart.FileHeader), 296 } 297 298 // MultipartReader returns a MIME multipart reader if this is a 299 // multipart/form-data POST request, else returns nil and an error. 300 // Use this function instead of ParseMultipartForm to 301 // process the request body as a stream. 302 func (r *Request) MultipartReader() (*multipart.Reader, error) { 303 if r.MultipartForm == multipartByReader { 304 return nil, errors.New("http: MultipartReader called twice") 305 } 306 if r.MultipartForm != nil { 307 return nil, errors.New("http: multipart handled by ParseMultipartForm") 308 } 309 r.MultipartForm = multipartByReader 310 return r.multipartReader() 311 } 312 313 func (r *Request) multipartReader() (*multipart.Reader, error) { 314 v := r.Header.Get("Content-Type") 315 if v == "" { 316 return nil, ErrNotMultipart 317 } 318 d, params, err := mime.ParseMediaType(v) 319 if err != nil || d != "multipart/form-data" { 320 return nil, ErrNotMultipart 321 } 322 boundary, ok := params["boundary"] 323 if !ok { 324 return nil, ErrMissingBoundary 325 } 326 return multipart.NewReader(r.Body, boundary), nil 327 } 328 329 // Return value if nonempty, def otherwise. 330 func valueOrDefault(value, def string) string { 331 if value != "" { 332 return value 333 } 334 return def 335 } 336 337 // NOTE: This is not intended to reflect the actual Go version being used. 338 // It was changed at the time of Go 1.1 release because the former User-Agent 339 // had ended up on a blacklist for some intrusion detection systems. 340 // See https://codereview.appspot.com/7532043. 341 const defaultUserAgent = "Go-http-client/1.1" 342 343 // Write writes an HTTP/1.1 request, which is the header and body, in wire format. 344 // This method consults the following fields of the request: 345 // Host 346 // URL 347 // Method (defaults to "GET") 348 // Header 349 // ContentLength 350 // TransferEncoding 351 // Body 352 // 353 // If Body is present, Content-Length is <= 0 and TransferEncoding 354 // hasn't been set to "identity", Write adds "Transfer-Encoding: 355 // chunked" to the header. Body is closed after it is sent. 356 func (r *Request) Write(w io.Writer) error { 357 return r.write(w, false, nil, nil) 358 } 359 360 // WriteProxy is like Write but writes the request in the form 361 // expected by an HTTP proxy. In particular, WriteProxy writes the 362 // initial Request-URI line of the request with an absolute URI, per 363 // section 5.1.2 of RFC 2616, including the scheme and host. 364 // In either case, WriteProxy also writes a Host header, using 365 // either r.Host or r.URL.Host. 366 func (r *Request) WriteProxy(w io.Writer) error { 367 return r.write(w, true, nil, nil) 368 } 369 370 // extraHeaders may be nil 371 // waitForContinue may be nil 372 func (req *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitForContinue func() bool) error { 373 // Find the target host. Prefer the Host: header, but if that 374 // is not given, use the host from the request URL. 375 // 376 // Clean the host, in case it arrives with unexpected stuff in it. 377 host := cleanHost(req.Host) 378 if host == "" { 379 if req.URL == nil { 380 return errors.New("http: Request.Write on Request with no Host or URL set") 381 } 382 host = cleanHost(req.URL.Host) 383 } 384 385 // According to RFC 6874, an HTTP client, proxy, or other 386 // intermediary must remove any IPv6 zone identifier attached 387 // to an outgoing URI. 388 host = removeZone(host) 389 390 ruri := req.URL.RequestURI() 391 if usingProxy && req.URL.Scheme != "" && req.URL.Opaque == "" { 392 ruri = req.URL.Scheme + "://" + host + ruri 393 } else if req.Method == "CONNECT" && req.URL.Path == "" { 394 // CONNECT requests normally give just the host and port, not a full URL. 395 ruri = host 396 } 397 // TODO(bradfitz): escape at least newlines in ruri? 398 399 // Wrap the writer in a bufio Writer if it's not already buffered. 400 // Don't always call NewWriter, as that forces a bytes.Buffer 401 // and other small bufio Writers to have a minimum 4k buffer 402 // size. 403 var bw *bufio.Writer 404 if _, ok := w.(io.ByteWriter); !ok { 405 bw = bufio.NewWriter(w) 406 w = bw 407 } 408 409 _, err := fmt.Fprintf(w, "%s %s HTTP/1.1\r\n", valueOrDefault(req.Method, "GET"), ruri) 410 if err != nil { 411 return err 412 } 413 414 // Header lines 415 _, err = fmt.Fprintf(w, "Host: %s\r\n", host) 416 if err != nil { 417 return err 418 } 419 420 // Use the defaultUserAgent unless the Header contains one, which 421 // may be blank to not send the header. 422 userAgent := defaultUserAgent 423 if req.Header != nil { 424 if ua := req.Header["User-Agent"]; len(ua) > 0 { 425 userAgent = ua[0] 426 } 427 } 428 if userAgent != "" { 429 _, err = fmt.Fprintf(w, "User-Agent: %s\r\n", userAgent) 430 if err != nil { 431 return err 432 } 433 } 434 435 // Process Body,ContentLength,Close,Trailer 436 tw, err := newTransferWriter(req) 437 if err != nil { 438 return err 439 } 440 err = tw.WriteHeader(w) 441 if err != nil { 442 return err 443 } 444 445 err = req.Header.WriteSubset(w, reqWriteExcludeHeader) 446 if err != nil { 447 return err 448 } 449 450 if extraHeaders != nil { 451 err = extraHeaders.Write(w) 452 if err != nil { 453 return err 454 } 455 } 456 457 _, err = io.WriteString(w, "\r\n") 458 if err != nil { 459 return err 460 } 461 462 // Flush and wait for 100-continue if expected. 463 if waitForContinue != nil { 464 if bw, ok := w.(*bufio.Writer); ok { 465 err = bw.Flush() 466 if err != nil { 467 return err 468 } 469 } 470 471 if !waitForContinue() { 472 req.closeBody() 473 return nil 474 } 475 } 476 477 // Write body and trailer 478 err = tw.WriteBody(w) 479 if err != nil { 480 return err 481 } 482 483 if bw != nil { 484 return bw.Flush() 485 } 486 return nil 487 } 488 489 // cleanHost strips anything after '/' or ' '. 490 // Ideally we'd clean the Host header according to the spec: 491 // https://tools.ietf.org/html/rfc7230#section-5.4 (Host = uri-host [ ":" port ]") 492 // https://tools.ietf.org/html/rfc7230#section-2.7 (uri-host -> rfc3986's host) 493 // https://tools.ietf.org/html/rfc3986#section-3.2.2 (definition of host) 494 // But practically, what we are trying to avoid is the situation in 495 // issue 11206, where a malformed Host header used in the proxy context 496 // would create a bad request. So it is enough to just truncate at the 497 // first offending character. 498 func cleanHost(in string) string { 499 if i := strings.IndexAny(in, " /"); i != -1 { 500 return in[:i] 501 } 502 return in 503 } 504 505 // removeZone removes IPv6 zone identifer from host. 506 // E.g., "[fe80::1%en0]:8080" to "[fe80::1]:8080" 507 func removeZone(host string) string { 508 if !strings.HasPrefix(host, "[") { 509 return host 510 } 511 i := strings.LastIndex(host, "]") 512 if i < 0 { 513 return host 514 } 515 j := strings.LastIndex(host[:i], "%") 516 if j < 0 { 517 return host 518 } 519 return host[:j] + host[i:] 520 } 521 522 // ParseHTTPVersion parses a HTTP version string. 523 // "HTTP/1.0" returns (1, 0, true). 524 func ParseHTTPVersion(vers string) (major, minor int, ok bool) { 525 const Big = 1000000 // arbitrary upper bound 526 switch vers { 527 case "HTTP/1.1": 528 return 1, 1, true 529 case "HTTP/1.0": 530 return 1, 0, true 531 } 532 if !strings.HasPrefix(vers, "HTTP/") { 533 return 0, 0, false 534 } 535 dot := strings.Index(vers, ".") 536 if dot < 0 { 537 return 0, 0, false 538 } 539 major, err := strconv.Atoi(vers[5:dot]) 540 if err != nil || major < 0 || major > Big { 541 return 0, 0, false 542 } 543 minor, err = strconv.Atoi(vers[dot+1:]) 544 if err != nil || minor < 0 || minor > Big { 545 return 0, 0, false 546 } 547 return major, minor, true 548 } 549 550 // NewRequest returns a new Request given a method, URL, and optional body. 551 // 552 // If the provided body is also an io.Closer, the returned 553 // Request.Body is set to body and will be closed by the Client 554 // methods Do, Post, and PostForm, and Transport.RoundTrip. 555 // 556 // NewRequest returns a Request suitable for use with Client.Do or 557 // Transport.RoundTrip. 558 // To create a request for use with testing a Server Handler use either 559 // ReadRequest or manually update the Request fields. See the Request 560 // type's documentation for the difference between inbound and outbound 561 // request fields. 562 func NewRequest(method, urlStr string, body io.Reader) (*Request, error) { 563 u, err := url.Parse(urlStr) 564 if err != nil { 565 return nil, err 566 } 567 rc, ok := body.(io.ReadCloser) 568 if !ok && body != nil { 569 rc = ioutil.NopCloser(body) 570 } 571 req := &Request{ 572 Method: method, 573 URL: u, 574 Proto: "HTTP/1.1", 575 ProtoMajor: 1, 576 ProtoMinor: 1, 577 Header: make(Header), 578 Body: rc, 579 Host: u.Host, 580 } 581 if body != nil { 582 switch v := body.(type) { 583 case *bytes.Buffer: 584 req.ContentLength = int64(v.Len()) 585 case *bytes.Reader: 586 req.ContentLength = int64(v.Len()) 587 case *strings.Reader: 588 req.ContentLength = int64(v.Len()) 589 } 590 } 591 592 return req, nil 593 } 594 595 // BasicAuth returns the username and password provided in the request's 596 // Authorization header, if the request uses HTTP Basic Authentication. 597 // See RFC 2617, Section 2. 598 func (r *Request) BasicAuth() (username, password string, ok bool) { 599 auth := r.Header.Get("Authorization") 600 if auth == "" { 601 return 602 } 603 return parseBasicAuth(auth) 604 } 605 606 // parseBasicAuth parses an HTTP Basic Authentication string. 607 // "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true). 608 func parseBasicAuth(auth string) (username, password string, ok bool) { 609 const prefix = "Basic " 610 if !strings.HasPrefix(auth, prefix) { 611 return 612 } 613 c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) 614 if err != nil { 615 return 616 } 617 cs := string(c) 618 s := strings.IndexByte(cs, ':') 619 if s < 0 { 620 return 621 } 622 return cs[:s], cs[s+1:], true 623 } 624 625 // SetBasicAuth sets the request's Authorization header to use HTTP 626 // Basic Authentication with the provided username and password. 627 // 628 // With HTTP Basic Authentication the provided username and password 629 // are not encrypted. 630 func (r *Request) SetBasicAuth(username, password string) { 631 r.Header.Set("Authorization", "Basic "+basicAuth(username, password)) 632 } 633 634 // parseRequestLine parses "GET /foo HTTP/1.1" into its three parts. 635 func parseRequestLine(line string) (method, requestURI, proto string, ok bool) { 636 s1 := strings.Index(line, " ") 637 s2 := strings.Index(line[s1+1:], " ") 638 if s1 < 0 || s2 < 0 { 639 return 640 } 641 s2 += s1 + 1 642 return line[:s1], line[s1+1 : s2], line[s2+1:], true 643 } 644 645 var textprotoReaderPool sync.Pool 646 647 func newTextprotoReader(br *bufio.Reader) *textproto.Reader { 648 if v := textprotoReaderPool.Get(); v != nil { 649 tr := v.(*textproto.Reader) 650 tr.R = br 651 return tr 652 } 653 return textproto.NewReader(br) 654 } 655 656 func putTextprotoReader(r *textproto.Reader) { 657 r.R = nil 658 textprotoReaderPool.Put(r) 659 } 660 661 // ReadRequest reads and parses an incoming request from b. 662 func ReadRequest(b *bufio.Reader) (req *Request, err error) { 663 664 tp := newTextprotoReader(b) 665 req = new(Request) 666 667 // First line: GET /index.html HTTP/1.0 668 var s string 669 if s, err = tp.ReadLine(); err != nil { 670 return nil, err 671 } 672 defer func() { 673 putTextprotoReader(tp) 674 if err == io.EOF { 675 err = io.ErrUnexpectedEOF 676 } 677 }() 678 679 var ok bool 680 req.Method, req.RequestURI, req.Proto, ok = parseRequestLine(s) 681 if !ok { 682 return nil, &badStringError{"malformed HTTP request", s} 683 } 684 rawurl := req.RequestURI 685 if req.ProtoMajor, req.ProtoMinor, ok = ParseHTTPVersion(req.Proto); !ok { 686 return nil, &badStringError{"malformed HTTP version", req.Proto} 687 } 688 689 // CONNECT requests are used two different ways, and neither uses a full URL: 690 // The standard use is to tunnel HTTPS through an HTTP proxy. 691 // It looks like "CONNECT www.google.com:443 HTTP/1.1", and the parameter is 692 // just the authority section of a URL. This information should go in req.URL.Host. 693 // 694 // The net/rpc package also uses CONNECT, but there the parameter is a path 695 // that starts with a slash. It can be parsed with the regular URL parser, 696 // and the path will end up in req.URL.Path, where it needs to be in order for 697 // RPC to work. 698 justAuthority := req.Method == "CONNECT" && !strings.HasPrefix(rawurl, "/") 699 if justAuthority { 700 rawurl = "http://" + rawurl 701 } 702 703 if req.URL, err = url.ParseRequestURI(rawurl); err != nil { 704 return nil, err 705 } 706 707 if justAuthority { 708 // Strip the bogus "http://" back off. 709 req.URL.Scheme = "" 710 } 711 712 // Subsequent lines: Key: value. 713 mimeHeader, err := tp.ReadMIMEHeader() 714 if err != nil { 715 return nil, err 716 } 717 req.Header = Header(mimeHeader) 718 719 // RFC2616: Must treat 720 // GET /index.html HTTP/1.1 721 // Host: www.google.com 722 // and 723 // GET http://www.google.com/index.html HTTP/1.1 724 // Host: doesntmatter 725 // the same. In the second case, any Host line is ignored. 726 req.Host = req.URL.Host 727 if req.Host == "" { 728 req.Host = req.Header.get("Host") 729 } 730 delete(req.Header, "Host") 731 732 fixPragmaCacheControl(req.Header) 733 734 req.Close = shouldClose(req.ProtoMajor, req.ProtoMinor, req.Header, false) 735 736 err = readTransfer(req, b) 737 if err != nil { 738 return nil, err 739 } 740 741 return req, nil 742 } 743 744 // MaxBytesReader is similar to io.LimitReader but is intended for 745 // limiting the size of incoming request bodies. In contrast to 746 // io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a 747 // non-EOF error for a Read beyond the limit, and closes the 748 // underlying reader when its Close method is called. 749 // 750 // MaxBytesReader prevents clients from accidentally or maliciously 751 // sending a large request and wasting server resources. 752 func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser { 753 return &maxBytesReader{w: w, r: r, n: n} 754 } 755 756 type maxBytesReader struct { 757 w ResponseWriter 758 r io.ReadCloser // underlying reader 759 n int64 // max bytes remaining 760 stopped bool 761 sawEOF bool 762 } 763 764 func (l *maxBytesReader) tooLarge() (n int, err error) { 765 if !l.stopped { 766 l.stopped = true 767 if res, ok := l.w.(*response); ok { 768 res.requestTooLarge() 769 } 770 } 771 return 0, errors.New("http: request body too large") 772 } 773 774 func (l *maxBytesReader) Read(p []byte) (n int, err error) { 775 toRead := l.n 776 if l.n == 0 { 777 if l.sawEOF { 778 return l.tooLarge() 779 } 780 // The underlying io.Reader may not return (0, io.EOF) 781 // at EOF if the requested size is 0, so read 1 byte 782 // instead. The io.Reader docs are a bit ambiguous 783 // about the return value of Read when 0 bytes are 784 // requested, and {bytes,strings}.Reader gets it wrong 785 // too (it returns (0, nil) even at EOF). 786 toRead = 1 787 } 788 if int64(len(p)) > toRead { 789 p = p[:toRead] 790 } 791 n, err = l.r.Read(p) 792 if err == io.EOF { 793 l.sawEOF = true 794 } 795 if l.n == 0 { 796 // If we had zero bytes to read remaining (but hadn't seen EOF) 797 // and we get a byte here, that means we went over our limit. 798 if n > 0 { 799 return l.tooLarge() 800 } 801 return 0, err 802 } 803 l.n -= int64(n) 804 if l.n < 0 { 805 l.n = 0 806 } 807 return 808 } 809 810 func (l *maxBytesReader) Close() error { 811 return l.r.Close() 812 } 813 814 func copyValues(dst, src url.Values) { 815 for k, vs := range src { 816 for _, value := range vs { 817 dst.Add(k, value) 818 } 819 } 820 } 821 822 func parsePostForm(r *Request) (vs url.Values, err error) { 823 if r.Body == nil { 824 err = errors.New("missing form body") 825 return 826 } 827 ct := r.Header.Get("Content-Type") 828 // RFC 2616, section 7.2.1 - empty type 829 // SHOULD be treated as application/octet-stream 830 if ct == "" { 831 ct = "application/octet-stream" 832 } 833 ct, _, err = mime.ParseMediaType(ct) 834 switch { 835 case ct == "application/x-www-form-urlencoded": 836 var reader io.Reader = r.Body 837 maxFormSize := int64(1<<63 - 1) 838 if _, ok := r.Body.(*maxBytesReader); !ok { 839 maxFormSize = int64(10 << 20) // 10 MB is a lot of text. 840 reader = io.LimitReader(r.Body, maxFormSize+1) 841 } 842 b, e := ioutil.ReadAll(reader) 843 if e != nil { 844 if err == nil { 845 err = e 846 } 847 break 848 } 849 if int64(len(b)) > maxFormSize { 850 err = errors.New("http: POST too large") 851 return 852 } 853 vs, e = url.ParseQuery(string(b)) 854 if err == nil { 855 err = e 856 } 857 case ct == "multipart/form-data": 858 // handled by ParseMultipartForm (which is calling us, or should be) 859 // TODO(bradfitz): there are too many possible 860 // orders to call too many functions here. 861 // Clean this up and write more tests. 862 // request_test.go contains the start of this, 863 // in TestParseMultipartFormOrder and others. 864 } 865 return 866 } 867 868 // ParseForm parses the raw query from the URL and updates r.Form. 869 // 870 // For POST or PUT requests, it also parses the request body as a form and 871 // put the results into both r.PostForm and r.Form. 872 // POST and PUT body parameters take precedence over URL query string values 873 // in r.Form. 874 // 875 // If the request Body's size has not already been limited by MaxBytesReader, 876 // the size is capped at 10MB. 877 // 878 // ParseMultipartForm calls ParseForm automatically. 879 // It is idempotent. 880 func (r *Request) ParseForm() error { 881 var err error 882 if r.PostForm == nil { 883 if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" { 884 r.PostForm, err = parsePostForm(r) 885 } 886 if r.PostForm == nil { 887 r.PostForm = make(url.Values) 888 } 889 } 890 if r.Form == nil { 891 if len(r.PostForm) > 0 { 892 r.Form = make(url.Values) 893 copyValues(r.Form, r.PostForm) 894 } 895 var newValues url.Values 896 if r.URL != nil { 897 var e error 898 newValues, e = url.ParseQuery(r.URL.RawQuery) 899 if err == nil { 900 err = e 901 } 902 } 903 if newValues == nil { 904 newValues = make(url.Values) 905 } 906 if r.Form == nil { 907 r.Form = newValues 908 } else { 909 copyValues(r.Form, newValues) 910 } 911 } 912 return err 913 } 914 915 // ParseMultipartForm parses a request body as multipart/form-data. 916 // The whole request body is parsed and up to a total of maxMemory bytes of 917 // its file parts are stored in memory, with the remainder stored on 918 // disk in temporary files. 919 // ParseMultipartForm calls ParseForm if necessary. 920 // After one call to ParseMultipartForm, subsequent calls have no effect. 921 func (r *Request) ParseMultipartForm(maxMemory int64) error { 922 if r.MultipartForm == multipartByReader { 923 return errors.New("http: multipart handled by MultipartReader") 924 } 925 if r.Form == nil { 926 err := r.ParseForm() 927 if err != nil { 928 return err 929 } 930 } 931 if r.MultipartForm != nil { 932 return nil 933 } 934 935 mr, err := r.multipartReader() 936 if err != nil { 937 return err 938 } 939 940 f, err := mr.ReadForm(maxMemory) 941 if err != nil { 942 return err 943 } 944 for k, v := range f.Value { 945 r.Form[k] = append(r.Form[k], v...) 946 } 947 r.MultipartForm = f 948 949 return nil 950 } 951 952 // FormValue returns the first value for the named component of the query. 953 // POST and PUT body parameters take precedence over URL query string values. 954 // FormValue calls ParseMultipartForm and ParseForm if necessary and ignores 955 // any errors returned by these functions. 956 // If key is not present, FormValue returns the empty string. 957 // To access multiple values of the same key, call ParseForm and 958 // then inspect Request.Form directly. 959 func (r *Request) FormValue(key string) string { 960 if r.Form == nil { 961 r.ParseMultipartForm(defaultMaxMemory) 962 } 963 if vs := r.Form[key]; len(vs) > 0 { 964 return vs[0] 965 } 966 return "" 967 } 968 969 // PostFormValue returns the first value for the named component of the POST 970 // or PUT request body. URL query parameters are ignored. 971 // PostFormValue calls ParseMultipartForm and ParseForm if necessary and ignores 972 // any errors returned by these functions. 973 // If key is not present, PostFormValue returns the empty string. 974 func (r *Request) PostFormValue(key string) string { 975 if r.PostForm == nil { 976 r.ParseMultipartForm(defaultMaxMemory) 977 } 978 if vs := r.PostForm[key]; len(vs) > 0 { 979 return vs[0] 980 } 981 return "" 982 } 983 984 // FormFile returns the first file for the provided form key. 985 // FormFile calls ParseMultipartForm and ParseForm if necessary. 986 func (r *Request) FormFile(key string) (multipart.File, *multipart.FileHeader, error) { 987 if r.MultipartForm == multipartByReader { 988 return nil, nil, errors.New("http: multipart handled by MultipartReader") 989 } 990 if r.MultipartForm == nil { 991 err := r.ParseMultipartForm(defaultMaxMemory) 992 if err != nil { 993 return nil, nil, err 994 } 995 } 996 if r.MultipartForm != nil && r.MultipartForm.File != nil { 997 if fhs := r.MultipartForm.File[key]; len(fhs) > 0 { 998 f, err := fhs[0].Open() 999 return f, fhs[0], err 1000 } 1001 } 1002 return nil, nil, ErrMissingFile 1003 } 1004 1005 func (r *Request) expectsContinue() bool { 1006 return hasToken(r.Header.get("Expect"), "100-continue") 1007 } 1008 1009 func (r *Request) wantsHttp10KeepAlive() bool { 1010 if r.ProtoMajor != 1 || r.ProtoMinor != 0 { 1011 return false 1012 } 1013 return hasToken(r.Header.get("Connection"), "keep-alive") 1014 } 1015 1016 func (r *Request) wantsClose() bool { 1017 return hasToken(r.Header.get("Connection"), "close") 1018 } 1019 1020 func (r *Request) closeBody() { 1021 if r.Body != nil { 1022 r.Body.Close() 1023 } 1024 }