zammad/lib/user_agent.rb

# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'net/http'
require 'net/https'
require 'net/ftp'

class UserAgent

=begin

get http/https calls

  result = UserAgent.get('http://host/some_dir/some_file?param1=123')

  result = UserAgent.get(
    'http://host/some_dir/some_file?param1=123',
    {
      param1: 'some value',
    },
    {
      open_timeout: 4,
      read_timeout: 10,
      verify_ssl:   true,
      user:         'http basic auth username',
      password:     'http basic auth password',
      bearer_token: 'bearer token authentication',
    },
  )

returns

  result.body # as response

get json object

  result = UserAgent.get(
    'http://host/some_dir/some_file?param1=123',
    {},
    {
      json: true,
    }
  )

returns

  result.data # as json object

=end

  def self.get(url, params = {}, options = {}, count = 10)
    # Any params must be added to the URL for GET requests.
    uri  = parse_uri(url, params)
    http = get_http(uri, options)

    # prepare request
    request = Net::HTTP::Get.new(uri)

    # set headers
    request = set_headers(request, options)

    # http basic auth (if needed)
    request = set_basic_auth(request, options)

    # bearer token auth (if needed)
    request = set_bearer_token_auth(request, options)

    # add signature
    request = set_signature(request, options)

    # start http call
    begin
      total_timeout = options[:total_timeout] || 60

      handled_open_timeout(options[:open_socket_tries]) do
        Timeout.timeout(total_timeout) do
          response = http.request(request)
          return process(request, response, uri, count, params, options)
        end
      end
    rescue => e
      log(url, request, nil, options)
      Result.new(
        error:   e.inspect,
        success: false,
        code:    0,
      )
    end
  end

=begin

post http/https calls

  result = UserAgent.post(
    'http://host/some_dir/some_file',
    {
      param1: 1,
      param2: 2,
    },
    {
      open_timeout: 4,
      read_timeout: 10,
      verify_ssl:   true,
      user:         'http basic auth username',
      password:     'http basic auth password',
      bearer_token: 'bearer token authentication',
      total_timeout: 60,
    },
  )

returns

  result # result object

=end

  def self.post(url, params = {}, options = {}, count = 10)
    uri  = parse_uri(url)
    http = get_http(uri, options)

    # prepare request
    request = Net::HTTP::Post.new(uri)

    # set headers
    request = set_headers(request, options)

    # set params
    request = set_params(request, params, options)

    # http basic auth (if needed)
    request = set_basic_auth(request, options)

    # bearer token auth (if needed)
    request = set_bearer_token_auth(request, options)

    # add signature
    request = set_signature(request, options)

    # start http call
    begin
      total_timeout = options[:total_timeout] || 60

      handled_open_timeout(options[:open_socket_tries]) do
        Timeout.timeout(total_timeout) do
          response = http.request(request)
          return process(request, response, uri, count, params, options)
        end
      end
    rescue => e
      log(url, request, nil, options)
      Result.new(
        error:   e.inspect,
        success: false,
        code:    0,
      )
    end
  end

=begin

put http/https calls

  result = UserAgent.put(
    'http://host/some_dir/some_file',
    {
      param1: 1,
      param2: 2,
    },
    {
      open_timeout: 4,
      read_timeout: 10,
      verify_ssl:   true,
      user:         'http basic auth username',
      password:     'http basic auth password',
      bearer_token: 'bearer token authentication',
    },
  )

returns

  result # result object

=end

  def self.put(url, params = {}, options = {}, count = 10)
    uri  = parse_uri(url)
    http = get_http(uri, options)

    # prepare request
    request = Net::HTTP::Put.new(uri)

    # set headers
    request = set_headers(request, options)

    # set params
    request = set_params(request, params, options)

    # http basic auth (if needed)
    request = set_basic_auth(request, options)

    # bearer token auth (if needed)
    request = set_bearer_token_auth(request, options)

    # add signature
    request = set_signature(request, options)

    # start http call
    begin
      total_timeout = options[:total_timeout] || 60

      handled_open_timeout(options[:open_socket_tries]) do
        Timeout.timeout(total_timeout) do
          response = http.request(request)
          return process(request, response, uri, count, params, options)
        end
      end
    rescue => e
      log(url, request, nil, options)
      Result.new(
        error:   e.inspect,
        success: false,
        code:    0,
      )
    end
  end

=begin

delete http/https calls

  result = UserAgent.delete(
    'http://host/some_dir/some_file',
    {
      open_timeout: 4,
      read_timeout: 10,
      verify_ssl:   true,
      user:         'http basic auth username',
      password:     'http basic auth password',
      bearer_token: 'bearer token authentication',
    },
  )

returns

  result # result object

=end

  def self.delete(url, params = {}, options = {}, count = 10)
    uri  = parse_uri(url)
    http = get_http(uri, options)

    # prepare request
    request = Net::HTTP::Delete.new(uri)

    # set headers
    request = set_headers(request, options)

    # http basic auth (if needed)
    request = set_basic_auth(request, options)

    # bearer token auth (if needed)
    request = set_bearer_token_auth(request, options)

    # add signature
    request = set_signature(request, options)

    # start http call
    begin
      total_timeout = options[:total_timeout] || 60
      handled_open_timeout(options[:open_socket_tries]) do
        Timeout.timeout(total_timeout) do
          response = http.request(request)
          return process(request, response, uri, count, params, options)
        end
      end
    rescue => e
      log(url, request, nil, options)
      Result.new(
        error:   e.inspect,
        success: false,
        code:    0,
      )
    end
  end

=begin

perform get http/https/ftp calls

  result = UserAgent.request('ftp://host/some_dir/some_file.bin')

  result = UserAgent.request('http://host/some_dir/some_file.bin')

  result = UserAgent.request('https://host/some_dir/some_file.bin')

  # get request
  result = UserAgent.request(
    'http://host/some_dir/some_file?param1=123',
    {
      open_timeout: 4,
      read_timeout: 10,
    },
  )

returns

  result # result object

=end

  def self.request(url, options = {})

    uri = parse_uri(url)
    case uri.scheme.downcase
    when %r{ftp}
      ftp(uri, options)
    when %r{http|https}
      get(url, {}, options)
    end

  end

  def self.get_http(uri, options)

    proxy = options['proxy'] || Setting.get('proxy')
    proxy_no = options['proxy_no'] || Setting.get('proxy_no') || ''
    proxy_no = proxy_no.split(',').map(&:strip) || []
    proxy_no.push('localhost', '127.0.0.1', '::1')
    if proxy.present? && proxy_no.exclude?(uri.host.downcase)
      if proxy =~ %r{^(.+?):(.+?)$}
        proxy_host = $1
        proxy_port = $2
      end

      if proxy_host.blank? || proxy_port.blank?
        raise "Invalid proxy address: #{proxy} - expect e.g. proxy.example.com:3128"
      end

      proxy_username = options['proxy_username'] || Setting.get('proxy_username')
      if proxy_username.blank?
        proxy_username = nil
      end
      proxy_password = options['proxy_password'] || Setting.get('proxy_password')
      if proxy_password.blank?
        proxy_password = nil
      end

      http = Net::HTTP::Proxy(proxy_host, proxy_port, proxy_username, proxy_password).new(uri.host, uri.port)
    else
      http = Net::HTTP.new(uri.host, uri.port)
    end

    http.open_timeout = options[:open_timeout] || 4
    http.read_timeout = options[:read_timeout] || 10

    if uri.scheme == 'https'
      http.use_ssl = true

      if options.fetch(:verify_ssl, true)
        Certificate::ApplySSLCertificates.ensure_fresh_ssl_context
      else
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      end
    end

    # http.set_debug_output($stdout) if options[:debug]

    http
  end

  def self.set_basic_auth(request, options)

    # http basic auth (if needed)
    if options[:user].present? && options[:password].present?
      request.basic_auth options[:user], options[:password]
    end
    request
  end

  def self.set_bearer_token_auth(request, options)
    request.tap do |req|
      next if options[:bearer_token].blank?

      req['Authorization'] = "Bearer #{options[:bearer_token]}"
    end
  end

  def self.parse_uri(url, params = {})
    uri = URI.parse(url)
    uri.query = [uri.query, URI.encode_www_form(params)].join('&') if params.present?
    uri
  end

  def self.set_params(request, params, options)
    if options[:json]
      if !request.is_a?(Net::HTTP::Get) # GET requests pass params in query, see 'parse_uri'.
        request.add_field('Content-Type', 'application/json; charset=utf-8')
        if params.present?
          request.body = params.to_json
        end
      end
    elsif params.present?
      request.set_form_data(params)
    end
    request
  end

  def self.set_headers(request, options)
    defaults = { 'User-Agent' => __('Zammad User Agent') }
    headers  = defaults.merge(options.fetch(:headers, {}))

    headers.each do |header, value|
      request[header] = value
    end

    request
  end

  def self.set_signature(request, options)
    return request if options[:signature_token].blank?
    return request if request.body.blank?

    signature = OpenSSL::HMAC.hexdigest('sha1', options[:signature_token], request.body)
    request['X-Hub-Signature'] = "sha1=#{signature}"

    request
  end

  def self.log(url, request, response, options)
    return if !options[:log]

    # request
    request_data = {
      content:          '',
      content_type:     request['Content-Type'],
      content_encoding: request['Content-Encoding'],
      source:           request['User-Agent'] || request['Server'],
    }
    request.each_header do |key, value|
      request_data[:content] += "#{key}: #{value}\n"
    end
    body = request.body
    if body
      request_data[:content] += "\n#{body}"
    end

    # response
    response_data = {
      code:             0,
      content:          '',
      content_type:     nil,
      content_encoding: nil,
      source:           nil,
    }
    if response
      response_data[:code] = response.code
      response_data[:content_type] = response['Content-Type']
      response_data[:content_encoding] = response['Content-Encoding']
      response_data[:source] = response['User-Agent'] || response['Server']
      response.each_header do |key, value|
        response_data[:content] += "#{key}: #{value}\n"
      end
      body = response.body
      if body
        response_data[:content] += "\n#{body}"
      end
    end

    record = {
      direction: 'out',
      facility:  options[:log][:facility],
      url:       url,
      status:    response_data[:code],
      ip:        nil,
      request:   request_data,
      response:  response_data,
      method:    request.method,
    }
    HttpLog.create(record)
  end

  def self.process(request, response, uri, count, params, options) # rubocop:disable Metrics/ParameterLists
    log(uri.to_s, request, response, options)

    if !response
      return Result.new(
        error:   "Can't connect to #{uri}, got no response!",
        success: false,
        code:    0,
      )
    end

    case response
    when Net::HTTPNotFound
      return Result.new(
        error:   "No such file #{uri}, 404!",
        success: false,
        code:    response.code,
        header:  response.each_header.to_h,
      )
    when Net::HTTPClientError
      return Result.new(
        error:   "Client Error: #{response.inspect}!",
        success: false,
        code:    response.code,
        body:    response.body,
        header:  response.each_header.to_h,
      )
    when Net::HTTPInternalServerError
      return Result.new(
        error:   "Server Error: #{response.inspect}!",
        success: false,
        code:    response.code,
        header:  response.each_header.to_h,
      )
    when Net::HTTPRedirection
      raise __('Too many redirections for the original URL, halting.') if count <= 0

      url = response['location']
      return get(url, params, options, count - 1)
    when Net::HTTPSuccess
      data = nil
      if options[:json] && !options[:jsonParseDisable] && response.body
        data = JSON.parse(response.body)
      end
      return Result.new(
        data:         data,
        body:         response.body,
        content_type: response['Content-Type'],
        success:      true,
        code:         response.code,
        header:       response.each_header.to_h,
      )
    end

    raise "Unable to process http call '#{response.inspect}'"
  end

  def self.ftp(uri, options)
    host       = uri.host
    filename   = File.basename(uri.path)
    remote_dir = File.dirname(uri.path)

    temp_file = Tempfile.new("download-#{filename}")
    temp_file.binmode

    begin
      Net::FTP.open(host) do |ftp|
        ftp.passive = true
        if options[:user] && options[:password]
          ftp.login(options[:user], options[:password])
        else
          ftp.login
        end
        ftp.chdir(remote_dir) if remote_dir != '.'

        begin
          ftp.getbinaryfile(filename, temp_file)
        rescue => e
          return Result.new(
            error:   e.inspect,
            success: false,
            code:    '550',
          )
        end
      end
    rescue => e
      return Result.new(
        error:   e.inspect,
        success: false,
        code:    0,
      )
    end

    contents = temp_file.read
    temp_file.close
    Result.new(
      body:    contents,
      success: true,
      code:    '200',
    )
  end

  def self.handled_open_timeout(tries)
    tries ||= 1

    tries.times do |index|
      yield
    rescue Net::OpenTimeout
      raise if (index + 1) == tries
    end
  end

  class Result

    attr_reader :error, :body, :data, :code, :content_type, :header

    def initialize(options)
      @success      = options[:success]
      @body         = options[:body]
      @data         = options[:data]
      @code         = options[:code]
      @content_type = options[:content_type]
      @error        = options[:error]
      @header       = options[:header]
    end

    def success?
      return true if @success

      false
    end
  end
end