From 126fe9c8457b95b13b06eb457f7ce445b031e26b Mon Sep 17 00:00:00 2001
From: Alexander Tkachev
Date: Mon, 1 Aug 2016 12:54:54 +0600
Subject: CLOUD: Add "minimal mode" in LocalWebserver

StorageWizardDialog now runs LocalWebserver in "minimal mode" for
security reasons. In this mode server uses only those handlers which
state to support it.

There are two handlers which support minimal mode: IndexPageHandler
(which handles `code` requests needed by StorageWizardDialog) and
ResourceHandler (which provides inner resources like `style.css` or
`logo.png` from `wwwroot.zip` archive).
---
 backends/networking/sdl_net/handlers/basehandler.h |  1 +
 .../sdl_net/handlers/indexpagehandler.cpp          |  4 +++
 .../networking/sdl_net/handlers/indexpagehandler.h |  1 +
 .../sdl_net/handlers/resourcehandler.cpp           |  4 +++
 .../networking/sdl_net/handlers/resourcehandler.h  |  1 +
 backends/networking/sdl_net/localwebserver.cpp     | 33 ++++++++++++++--------
 backends/networking/sdl_net/localwebserver.h       |  4 +--
 gui/storagewizarddialog.cpp                        |  2 +-
 8 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/backends/networking/sdl_net/handlers/basehandler.h b/backends/networking/sdl_net/handlers/basehandler.h
index bf532688d7..dec5e955bd 100644
--- a/backends/networking/sdl_net/handlers/basehandler.h
+++ b/backends/networking/sdl_net/handlers/basehandler.h
@@ -33,6 +33,7 @@ public:
 	virtual ~BaseHandler() {}
 
 	virtual void handle(Client &) = 0;
+	virtual bool minimalModeSupported() { return false; }
 };
 
 } // End of namespace Networking
diff --git a/backends/networking/sdl_net/handlers/indexpagehandler.cpp b/backends/networking/sdl_net/handlers/indexpagehandler.cpp
index 1c14e7daf2..985bd6635e 100644
--- a/backends/networking/sdl_net/handlers/indexpagehandler.cpp
+++ b/backends/networking/sdl_net/handlers/indexpagehandler.cpp
@@ -58,4 +58,8 @@ void IndexPageHandler::handle(Client &client) {
 	HandlerUtils::setMessageHandler(client, _("ScummVM got the code and already connects to your cloud storage!"));
 }
 
+bool IndexPageHandler::minimalModeSupported() {
+	return true;
+}
+
 } // End of namespace Networking
diff --git a/backends/networking/sdl_net/handlers/indexpagehandler.h b/backends/networking/sdl_net/handlers/indexpagehandler.h
index ad4102ce88..8065954b27 100644
--- a/backends/networking/sdl_net/handlers/indexpagehandler.h
+++ b/backends/networking/sdl_net/handlers/indexpagehandler.h
@@ -37,6 +37,7 @@ public:
 
 	Common::String code() const;
 	virtual void handle(Client &client);
+	virtual bool minimalModeSupported();
 };
 
 } // End of namespace Networking
diff --git a/backends/networking/sdl_net/handlers/resourcehandler.cpp b/backends/networking/sdl_net/handlers/resourcehandler.cpp
index 890c2a7b95..631eb63351 100644
--- a/backends/networking/sdl_net/handlers/resourcehandler.cpp
+++ b/backends/networking/sdl_net/handlers/resourcehandler.cpp
@@ -68,4 +68,8 @@ void ResourceHandler::handle(Client &client) {
 	LocalWebserver::setClientGetHandler(client, file, 200, determineMimeType(filename));
 }
 
+bool ResourceHandler::minimalModeSupported() {
+	return true;
+}
+
 } // End of namespace Networking
diff --git a/backends/networking/sdl_net/handlers/resourcehandler.h b/backends/networking/sdl_net/handlers/resourcehandler.h
index 8a1a15875c..2ec4c5bb19 100644
--- a/backends/networking/sdl_net/handlers/resourcehandler.h
+++ b/backends/networking/sdl_net/handlers/resourcehandler.h
@@ -34,6 +34,7 @@ public:
 	virtual ~ResourceHandler();
 
 	virtual void handle(Client &client);
+	virtual bool minimalModeSupported();
 };
 
 } // End of namespace Networking
diff --git a/backends/networking/sdl_net/localwebserver.cpp b/backends/networking/sdl_net/localwebserver.cpp
index abf436958e..6557c7a88d 100644
--- a/backends/networking/sdl_net/localwebserver.cpp
+++ b/backends/networking/sdl_net/localwebserver.cpp
@@ -49,7 +49,7 @@ DECLARE_SINGLETON(Networking::LocalWebserver);
 namespace Networking {
 
 LocalWebserver::LocalWebserver(): _set(nullptr), _serverSocket(nullptr), _timerStarted(false),
-	_stopOnIdle(false), _clients(0), _idlingFrames(0), _serverPort(DEFAULT_SERVER_PORT) {
+	_stopOnIdle(false), _minimalMode(false), _clients(0), _idlingFrames(0), _serverPort(DEFAULT_SERVER_PORT) {
 	addPathHandler("/", &_indexPageHandler);
 	addPathHandler("/files", &_filesPageHandler);
 	addPathHandler("/create", &_createDirectoryHandler);
@@ -83,7 +83,7 @@ void LocalWebserver::stopTimer() {
 	_timerStarted = false;
 }
 
-void LocalWebserver::start() {
+void LocalWebserver::start(bool useMinimalMode) {
 	_handleMutex.lock();
 	_serverPort = getPort();
 	_stopOnIdle = false;
@@ -91,6 +91,7 @@ void LocalWebserver::start() {
 		_handleMutex.unlock();
 		return;
 	}
+	_minimalMode = useMinimalMode;
 	startTimer();
 
 	// Create a listening TCP socket
@@ -211,18 +212,28 @@ void LocalWebserver::handleClient(uint32 i) {
 	case READING_HEADERS:
 		_client[i].readHeaders();
 		break;
-	case READ_HEADERS: //decide what to do next with that client
-		//if GET, check whether we know a handler for such URL
-		//if PUT, check whether we know a handler for that URL
-		if (_pathHandlers.contains(_client[i].path()))
-			_pathHandlers[_client[i].path()]->handle(_client[i]);
-		else if (_defaultHandler)
-			_defaultHandler->handle(_client[i]); //try default handler
+	case READ_HEADERS: {
+		// decide what to do next with that client
+		// check whether we know a handler for such URL
+		BaseHandler *handler = nullptr;
+		if (_pathHandlers.contains(_client[i].path())) {
+			handler = _pathHandlers[_client[i].path()];
+		} else {
+			// try default handler
+			handler = _defaultHandler;
+		}
+
+		// if server's in "minimal mode", only handlers which support it are used
+		if (handler && (!_minimalMode || handler->minimalModeSupported()))
+			handler->handle(_client[i]);
 
 		if (_client[i].state() == BEING_HANDLED || _client[i].state() == INVALID)
 			break;
-		//if no handler, answer with default BAD REQUEST
-		//fallthrough
+
+		// if no handler, answer with default BAD REQUEST
+		// fallthrough
+	}
+
 	case BAD_REQUEST:
 		setClientGetHandler(_client[i], "<html><head><title>ScummVM - Bad Request</title></head><body>BAD REQUEST</body></html>", 400);
 		break;
diff --git a/backends/networking/sdl_net/localwebserver.h b/backends/networking/sdl_net/localwebserver.h
index 5f5f7ef9fc..c6cf8485c3 100644
--- a/backends/networking/sdl_net/localwebserver.h
+++ b/backends/networking/sdl_net/localwebserver.h
@@ -60,7 +60,7 @@ class LocalWebserver : public Common::Singleton<LocalWebserver> {
 	TCPsocket _serverSocket;
 	Client _client[MAX_CONNECTIONS];
 	int _clients;
-	bool _timerStarted, _stopOnIdle;
+	bool _timerStarted, _stopOnIdle, _minimalMode;
 	Common::HashMap<Common::String, BaseHandler*> _pathHandlers;
 	BaseHandler *_defaultHandler;
 	IndexPageHandler _indexPageHandler;
@@ -90,7 +90,7 @@ public:
 	LocalWebserver();
 	virtual ~LocalWebserver();
 
-	void start();
+	void start(bool useMinimalMode = false);
 	void stop();
 	void stopOnIdle();
 
diff --git a/gui/storagewizarddialog.cpp b/gui/storagewizarddialog.cpp
index dd1a3aae37..60f31d1e38 100644
--- a/gui/storagewizarddialog.cpp
+++ b/gui/storagewizarddialog.cpp
@@ -132,7 +132,7 @@ void StorageWizardDialog::open() {
 #ifdef USE_SDL_NET
 	if (Cloud::CloudManager::couldUseLocalServer()) {
 		_stopServerOnClose = !LocalServer.isRunning();
-		LocalServer.start();
+		LocalServer.start(true); // using "minimal mode" (no "/files", "/download", etc available)
 		LocalServer.indexPageHandler().setTarget(this);
 	}
 #endif
-- 
cgit v1.2.3