#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <microhttpd.h>

#define PORT 8888

static const char *HTML_PAGE =
  "<!DOCTYPE html><html><body>"
  "<h2>File Upload Server</h2>"
  "<form method='POST' action='/upload' enctype='multipart/form-data'>"
  "<input type='file' name='file'><br><br>"
  "<input type='submit' value='Upload'>"
  "</form></body></html>";

struct upload_ctx {
  struct MHD_PostProcessor *pp;
};

static enum MHD_Result
field_cb (void *cls, enum MHD_ValueKind kind,
          const char *key, const char *filename,
          const char *content_type, const char *transfer_encoding,
          const char *data, uint64_t off, size_t size)
{
  (void)cls; (void)kind; (void)off;
  (void)content_type; (void)transfer_encoding;
  if (filename)
    printf ("[SERVER] File received: '%s' (%zu bytes)\n", filename, size);
  else
    printf ("[SERVER] Field: key='%s' data='%.*s'\n", key, (int)size, data);
  return MHD_YES;
}

static enum MHD_Result
handler (void *cls,
         struct MHD_Connection *connection,
         const char *url,
         const char *method,
         const char *version,
         const char *upload_data,
         size_t *upload_data_size,
         void **con_cls)
{
  (void)cls; (void)version;

  if (NULL == *con_cls)
  {
    struct upload_ctx *ctx = calloc (1, sizeof (struct upload_ctx));
    if (0 == strcmp (method, "POST") && 0 == strcmp (url, "/upload"))
    {
      ctx->pp = MHD_create_post_processor (connection, 65536, field_cb, NULL);
      if (NULL == ctx->pp)
        printf ("[SERVER] !! post processor NULL — upload BYPASSED !!\n");
      else
        printf ("[SERVER] post processor created OK\n");
    }
    *con_cls = ctx;
    return MHD_YES;
  }

  struct upload_ctx *ctx = *con_cls;

  if (0 == strcmp (method, "POST") && *upload_data_size > 0)
  {
    if (ctx->pp)
      MHD_post_process (ctx->pp, upload_data, *upload_data_size);
    *upload_data_size = 0;
    return MHD_YES;
  }

  const char *body;
  unsigned int status;

  if (0 == strcmp (url, "/") || 0 == strcmp (url, "/index.html"))
  {
    body   = HTML_PAGE;
    status = MHD_HTTP_OK;
  }
  else if (0 == strcmp (url, "/upload") && 0 == strcmp (method, "POST"))
  {
    body   = "<html><body><h3>Upload complete.</h3><a href='/'>Back</a></body></html>";
    status = MHD_HTTP_OK;
    printf ("[SERVER] Response: 200 OK\n\n");
  }
  else
  {
    body   = "Not found";
    status = MHD_HTTP_NOT_FOUND;
  }

  struct MHD_Response *response =
    MHD_create_response_from_buffer (strlen (body), (void *)body,
                                     MHD_RESPMEM_PERSISTENT);
  MHD_add_response_header (response, "Content-Type", "text/html");
  enum MHD_Result ret = MHD_queue_response (connection, status, response);
  MHD_destroy_response (response);

  if (ctx->pp) MHD_destroy_post_processor (ctx->pp);
  free (ctx);
  *con_cls = NULL;
  return ret;
}

int main (void)
{
  struct MHD_Daemon *d =
    MHD_start_daemon (MHD_USE_INTERNAL_POLLING_THREAD,
                      PORT, NULL, NULL,
                      &handler, NULL,
                      MHD_OPTION_END);
  if (! d) { fprintf (stderr, "Failed to start\n"); return 1; }
  printf ("=== Vulnerable File Upload Server ===\n");
  printf ("Open http://127.0.0.1:%d in your browser\n\n", PORT);
  getchar ();
  MHD_stop_daemon (d);
  return 0;
}