blob: bd7b8416ae5e7df4a87a4785fa704420ff7a861a [file] [log] [blame]
Ed Tanous7045c8d2017-04-03 10:04:37 -07001#pragma once
Ed Tanous04e438c2020-10-03 08:06:26 -07002#include "http_request.hpp"
Gunnar Mills1214b7e2020-06-04 10:11:30 -05003
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +02004#include <async_resp.hpp>
Ed Tanous911ac312017-08-15 09:37:42 -07005#include <boost/algorithm/string/predicate.hpp>
Ed Tanous609145a2018-09-05 16:27:36 -07006#include <boost/asio/buffer.hpp>
Ed Tanous1b0044b2018-08-03 14:30:05 -07007#include <boost/beast/websocket.hpp>
Ed Tanous1abe55e2018-09-05 08:30:59 -07008
Gunnar Mills1214b7e2020-06-04 10:11:30 -05009#include <array>
10#include <functional>
Ed Tanous1b0044b2018-08-03 14:30:05 -070011
12#ifdef BMCWEB_ENABLE_SSL
13#include <boost/beast/websocket/ssl.hpp>
14#endif
Ed Tanous7045c8d2017-04-03 10:04:37 -070015
Ed Tanous1abe55e2018-09-05 08:30:59 -070016namespace crow
17{
18namespace websocket
19{
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +020020
Ed Tanous1abe55e2018-09-05 08:30:59 -070021struct Connection : std::enable_shared_from_this<Connection>
22{
23 public:
Jan Sowinskiee52ae12020-01-09 16:28:32 +000024 explicit Connection(const crow::Request& reqIn) :
Ed Tanous23a21a12020-07-25 04:45:05 +000025 req(reqIn.req), userdataPtr(nullptr)
26 {}
Ed Tanous911ac312017-08-15 09:37:42 -070027
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +010028 explicit Connection(const crow::Request& reqIn, std::string user) :
Ed Tanous23a21a12020-07-25 04:45:05 +000029 req(reqIn.req), userName{std::move(user)}, userdataPtr(nullptr)
30 {}
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +010031
Ed Tanousecd6a3a2022-01-07 09:18:40 -080032 Connection(const Connection&) = delete;
33 Connection(Connection&&) = delete;
34 Connection& operator=(const Connection&) = delete;
35 Connection& operator=(const Connection&&) = delete;
36
Ed Tanous9eb808c2022-01-25 10:19:23 -080037 virtual void sendBinary(std::string_view msg) = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -070038 virtual void sendBinary(std::string&& msg) = 0;
Ed Tanous9eb808c2022-01-25 10:19:23 -080039 virtual void sendText(std::string_view msg) = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -070040 virtual void sendText(std::string&& msg) = 0;
Ed Tanous9eb808c2022-01-25 10:19:23 -080041 virtual void close(std::string_view msg = "quit") = 0;
Ed Tanous2c70f802020-09-28 14:29:23 -070042 virtual boost::asio::io_context& getIoContext() = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -070043 virtual ~Connection() = default;
Ed Tanous7045c8d2017-04-03 10:04:37 -070044
Ed Tanous1abe55e2018-09-05 08:30:59 -070045 void userdata(void* u)
46 {
47 userdataPtr = u;
48 }
49 void* userdata()
50 {
51 return userdataPtr;
52 }
Ed Tanous7045c8d2017-04-03 10:04:37 -070053
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +010054 const std::string& getUserName() const
55 {
56 return userName;
57 }
58
Jan Sowinskiee52ae12020-01-09 16:28:32 +000059 boost::beast::http::request<boost::beast::http::string_body> req;
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +020060 crow::Response res;
Ed Tanous911ac312017-08-15 09:37:42 -070061
Ed Tanous1abe55e2018-09-05 08:30:59 -070062 private:
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +010063 std::string userName{};
Ed Tanous1abe55e2018-09-05 08:30:59 -070064 void* userdataPtr;
Ed Tanous7045c8d2017-04-03 10:04:37 -070065};
66
Gunnar Mills1214b7e2020-06-04 10:11:30 -050067template <typename Adaptor>
68class ConnectionImpl : public Connection
Ed Tanous1abe55e2018-09-05 08:30:59 -070069{
70 public:
71 ConnectionImpl(
Jan Sowinskiee52ae12020-01-09 16:28:32 +000072 const crow::Request& reqIn, Adaptor adaptorIn,
Gunnar Millsccd584f2021-11-16 11:36:33 -060073 std::function<void(Connection&, std::shared_ptr<bmcweb::AsyncResp>)>
74 openHandler,
Ed Tanous1abe55e2018-09-05 08:30:59 -070075 std::function<void(Connection&, const std::string&, bool)>
Ed Tanous81ce6092020-12-17 16:54:55 +000076 messageHandler,
77 std::function<void(Connection&, const std::string&)> closeHandler,
78 std::function<void(Connection&)> errorHandler) :
Nan Zhou93c02022022-02-24 18:21:07 -080079 Connection(reqIn, reqIn.session == nullptr ? std::string{}
80 : reqIn.session->username),
Ed Tanouse05aec52022-01-25 10:28:56 -080081 ws(std::move(adaptorIn)), inBuffer(inString, 131088),
Ed Tanous81ce6092020-12-17 16:54:55 +000082 openHandler(std::move(openHandler)),
83 messageHandler(std::move(messageHandler)),
84 closeHandler(std::move(closeHandler)),
85 errorHandler(std::move(errorHandler)), session(reqIn.session)
Ed Tanous1abe55e2018-09-05 08:30:59 -070086 {
dhineskumare02bdd962021-07-08 16:06:49 +053087 /* Turn on the timeouts on websocket stream to server role */
88 ws.set_option(boost::beast::websocket::stream_base::timeout::suggested(
89 boost::beast::role_type::server));
Ed Tanous1abe55e2018-09-05 08:30:59 -070090 BMCWEB_LOG_DEBUG << "Creating new connection " << this;
Ed Tanous7045c8d2017-04-03 10:04:37 -070091 }
Ed Tanous7045c8d2017-04-03 10:04:37 -070092
Ed Tanous2c70f802020-09-28 14:29:23 -070093 boost::asio::io_context& getIoContext() override
Ed Tanous1abe55e2018-09-05 08:30:59 -070094 {
Ed Tanous271584a2019-07-09 16:24:22 -070095 return static_cast<boost::asio::io_context&>(
96 ws.get_executor().context());
Ed Tanous911ac312017-08-15 09:37:42 -070097 }
Ed Tanous7045c8d2017-04-03 10:04:37 -070098
Ed Tanous1abe55e2018-09-05 08:30:59 -070099 void start()
100 {
101 BMCWEB_LOG_DEBUG << "starting connection " << this;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700102
Ed Tanousfe5b2162019-05-22 14:28:16 -0700103 using bf = boost::beast::http::field;
104
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000105 std::string_view protocol = req[bf::sec_websocket_protocol];
Ed Tanous7045c8d2017-04-03 10:04:37 -0700106
Ed Tanousd4d77e32020-08-18 00:07:28 -0700107 ws.set_option(boost::beast::websocket::stream_base::decorator(
James Feistf8aa3d22020-04-08 18:32:33 -0700108 [session{session}, protocol{std::string(protocol)}](
Ed Tanous1abe55e2018-09-05 08:30:59 -0700109 boost::beast::websocket::response_type& m) {
James Feistf8aa3d22020-04-08 18:32:33 -0700110
111#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION
Ed Tanousa90daf12021-01-15 14:18:01 -0800112 if (session != nullptr)
James Feistf8aa3d22020-04-08 18:32:33 -0700113 {
Ed Tanousa90daf12021-01-15 14:18:01 -0800114 // use protocol for csrf checking
115 if (session->cookieAuth &&
116 !crow::utility::constantTimeStringCompare(
117 protocol, session->csrfToken))
118 {
119 BMCWEB_LOG_ERROR << "Websocket CSRF error";
120 m.result(boost::beast::http::status::unauthorized);
121 return;
122 }
James Feistf8aa3d22020-04-08 18:32:33 -0700123 }
124#endif
Ed Tanous1abe55e2018-09-05 08:30:59 -0700125 if (!protocol.empty())
126 {
Ed Tanousfe5b2162019-05-22 14:28:16 -0700127 m.insert(bf::sec_websocket_protocol, protocol);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700128 }
Ed Tanousfe5b2162019-05-22 14:28:16 -0700129
130 m.insert(bf::strict_transport_security, "max-age=31536000; "
131 "includeSubdomains; "
132 "preload");
133 m.insert(bf::pragma, "no-cache");
134 m.insert(bf::cache_control, "no-Store,no-Cache");
135 m.insert("Content-Security-Policy", "default-src 'self'");
136 m.insert("X-XSS-Protection", "1; "
137 "mode=block");
138 m.insert("X-Content-Type-Options", "nosniff");
Ed Tanousd4d77e32020-08-18 00:07:28 -0700139 }));
140
141 // Perform the websocket upgrade
142 ws.async_accept(req, [this, self(shared_from_this())](
143 boost::system::error_code ec) {
144 if (ec)
145 {
146 BMCWEB_LOG_ERROR << "Error in ws.async_accept " << ec;
147 return;
148 }
149 acceptDone();
150 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700151 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700152
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500153 void sendBinary(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700154 {
155 ws.binary(true);
156 outBuffer.emplace_back(msg);
157 doWrite();
158 }
159
160 void sendBinary(std::string&& msg) override
161 {
162 ws.binary(true);
163 outBuffer.emplace_back(std::move(msg));
164 doWrite();
165 }
166
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500167 void sendText(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700168 {
169 ws.text(true);
170 outBuffer.emplace_back(msg);
171 doWrite();
172 }
173
174 void sendText(std::string&& msg) override
175 {
176 ws.text(true);
177 outBuffer.emplace_back(std::move(msg));
178 doWrite();
179 }
180
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500181 void close(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700182 {
183 ws.async_close(
Wludzik, Jozeff6a0d632020-07-16 15:16:02 +0200184 {boost::beast::websocket::close_code::normal, msg},
Ed Tanous43b761d2019-02-13 20:10:56 -0800185 [self(shared_from_this())](boost::system::error_code ec) {
Ed Tanousceac6f72018-12-02 11:58:47 -0800186 if (ec == boost::asio::error::operation_aborted)
187 {
188 return;
189 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700190 if (ec)
191 {
192 BMCWEB_LOG_ERROR << "Error closing websocket " << ec;
193 return;
194 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700195 });
196 }
197
198 void acceptDone()
199 {
200 BMCWEB_LOG_DEBUG << "Websocket accepted connection";
201
Nan Zhou72374eb2022-01-27 17:06:51 -0800202 auto asyncResp = std::make_shared<bmcweb::AsyncResp>();
Gunnar Millsccd584f2021-11-16 11:36:33 -0600203
204 asyncResp->res.result(boost::beast::http::status::ok);
Nan Zhou72374eb2022-01-27 17:06:51 -0800205 doRead();
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +0200206
Ed Tanous1abe55e2018-09-05 08:30:59 -0700207 if (openHandler)
208 {
Gunnar Millsccd584f2021-11-16 11:36:33 -0600209 openHandler(*this, asyncResp);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700210 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700211 }
212
213 void doRead()
214 {
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500215 ws.async_read(inBuffer,
216 [this, self(shared_from_this())](
Ed Tanous81ce6092020-12-17 16:54:55 +0000217 boost::beast::error_code ec, std::size_t bytesRead) {
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500218 if (ec)
219 {
220 if (ec != boost::beast::websocket::error::closed)
221 {
222 BMCWEB_LOG_ERROR << "doRead error " << ec;
223 }
224 if (closeHandler)
225 {
226 std::string_view reason = ws.reason().reason;
227 closeHandler(*this, std::string(reason));
228 }
229 return;
230 }
231 if (messageHandler)
232 {
233 messageHandler(*this, inString, ws.got_text());
234 }
Ed Tanous81ce6092020-12-17 16:54:55 +0000235 inBuffer.consume(bytesRead);
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500236 inString.clear();
237 doRead();
238 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700239 }
240
241 void doWrite()
242 {
243 // If we're already doing a write, ignore the request, it will be picked
244 // up when the current write is complete
245 if (doingWrite)
246 {
247 return;
248 }
249
250 if (outBuffer.empty())
251 {
252 // Done for now
253 return;
254 }
255 doingWrite = true;
Ed Tanouscb13a392020-07-25 19:02:03 +0000256 ws.async_write(boost::asio::buffer(outBuffer.front()),
257 [this, self(shared_from_this())](
258 boost::beast::error_code ec, std::size_t) {
259 doingWrite = false;
260 outBuffer.erase(outBuffer.begin());
261 if (ec == boost::beast::websocket::error::closed)
262 {
263 // Do nothing here. doRead handler will call the
264 // closeHandler.
265 close("Write error");
266 return;
267 }
268 if (ec)
269 {
270 BMCWEB_LOG_ERROR << "Error in ws.async_write "
271 << ec;
272 return;
273 }
274 doWrite();
275 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700276 }
277
278 private:
Ed Tanous2aee6ca2021-02-01 09:52:17 -0800279 boost::beast::websocket::stream<Adaptor, false> ws;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700280
Ed Tanous609145a2018-09-05 16:27:36 -0700281 std::string inString;
282 boost::asio::dynamic_string_buffer<std::string::value_type,
283 std::string::traits_type,
284 std::string::allocator_type>
285 inBuffer;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700286 std::vector<std::string> outBuffer;
287 bool doingWrite = false;
288
Gunnar Millsccd584f2021-11-16 11:36:33 -0600289 std::function<void(Connection&, std::shared_ptr<bmcweb::AsyncResp>)>
290 openHandler;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700291 std::function<void(Connection&, const std::string&, bool)> messageHandler;
292 std::function<void(Connection&, const std::string&)> closeHandler;
293 std::function<void(Connection&)> errorHandler;
Ed Tanous52cc1122020-07-18 13:51:21 -0700294 std::shared_ptr<persistent_data::UserSession> session;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700295};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700296} // namespace websocket
297} // namespace crow