Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 1 | #pragma once |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 2 | #include "http_request.h" |
| 3 | |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 4 | #include <async_resp.hpp> |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 5 | #include <boost/algorithm/string/predicate.hpp> |
Ed Tanous | 609145a | 2018-09-05 16:27:36 -0700 | [diff] [blame] | 6 | #include <boost/asio/buffer.hpp> |
Ed Tanous | 1b0044b | 2018-08-03 14:30:05 -0700 | [diff] [blame] | 7 | #include <boost/beast/websocket.hpp> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 8 | |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 9 | #include <array> |
| 10 | #include <functional> |
Ed Tanous | 1b0044b | 2018-08-03 14:30:05 -0700 | [diff] [blame] | 11 | |
| 12 | #ifdef BMCWEB_ENABLE_SSL |
| 13 | #include <boost/beast/websocket/ssl.hpp> |
| 14 | #endif |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 15 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 16 | namespace crow |
| 17 | { |
| 18 | namespace websocket |
| 19 | { |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 20 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 21 | struct Connection : std::enable_shared_from_this<Connection> |
| 22 | { |
| 23 | public: |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 24 | explicit Connection(const crow::Request& reqIn) : |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 25 | req(reqIn.req), userdataPtr(nullptr) |
| 26 | {} |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 27 | |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 28 | explicit Connection(const crow::Request& reqIn, std::string user) : |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 29 | req(reqIn.req), userName{std::move(user)}, userdataPtr(nullptr) |
| 30 | {} |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 31 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 32 | virtual void sendBinary(const std::string_view msg) = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 33 | virtual void sendBinary(std::string&& msg) = 0; |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 34 | virtual void sendText(const std::string_view msg) = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 35 | virtual void sendText(std::string&& msg) = 0; |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 36 | virtual void close(const std::string_view msg = "quit") = 0; |
Ed Tanous | ceac6f7 | 2018-12-02 11:58:47 -0800 | [diff] [blame] | 37 | virtual boost::asio::io_context& get_io_context() = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 38 | virtual ~Connection() = default; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 39 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 40 | void userdata(void* u) |
| 41 | { |
| 42 | userdataPtr = u; |
| 43 | } |
| 44 | void* userdata() |
| 45 | { |
| 46 | return userdataPtr; |
| 47 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 48 | |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 49 | const std::string& getUserName() const |
| 50 | { |
| 51 | return userName; |
| 52 | } |
| 53 | |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 54 | boost::beast::http::request<boost::beast::http::string_body> req; |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 55 | crow::Response res; |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 56 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 57 | private: |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 58 | std::string userName{}; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 59 | void* userdataPtr; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 60 | }; |
| 61 | |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 62 | template <typename Adaptor> |
| 63 | class ConnectionImpl : public Connection |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 64 | { |
| 65 | public: |
| 66 | ConnectionImpl( |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 67 | const crow::Request& reqIn, Adaptor adaptorIn, |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 68 | std::function<void(Connection&, std::shared_ptr<bmcweb::AsyncResp>)> |
| 69 | open_handler, |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 70 | std::function<void(Connection&, const std::string&, bool)> |
| 71 | message_handler, |
| 72 | std::function<void(Connection&, const std::string&)> close_handler, |
| 73 | std::function<void(Connection&)> error_handler) : |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 74 | Connection(reqIn, reqIn.session->username), |
Adriana Kobylak | 69664cf | 2019-03-12 10:49:48 -0500 | [diff] [blame] | 75 | ws(std::move(adaptorIn)), inString(), inBuffer(inString, 131088), |
Ed Tanous | ceac6f7 | 2018-12-02 11:58:47 -0800 | [diff] [blame] | 76 | openHandler(std::move(open_handler)), |
Ed Tanous | 55c7b7a | 2018-05-22 15:27:24 -0700 | [diff] [blame] | 77 | messageHandler(std::move(message_handler)), |
| 78 | closeHandler(std::move(close_handler)), |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 79 | errorHandler(std::move(error_handler)), session(reqIn.session) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 80 | { |
| 81 | BMCWEB_LOG_DEBUG << "Creating new connection " << this; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 82 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 83 | |
Ed Tanous | ceac6f7 | 2018-12-02 11:58:47 -0800 | [diff] [blame] | 84 | boost::asio::io_context& get_io_context() override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 85 | { |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 86 | return static_cast<boost::asio::io_context&>( |
| 87 | ws.get_executor().context()); |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 88 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 89 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 90 | void start() |
| 91 | { |
| 92 | BMCWEB_LOG_DEBUG << "starting connection " << this; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 93 | |
Ed Tanous | fe5b216 | 2019-05-22 14:28:16 -0700 | [diff] [blame] | 94 | using bf = boost::beast::http::field; |
| 95 | |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 96 | std::string_view protocol = req[bf::sec_websocket_protocol]; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 97 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 98 | // Perform the websocket upgrade |
| 99 | ws.async_accept_ex( |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 100 | req, |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 101 | [session{session}, protocol{std::string(protocol)}]( |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 102 | boost::beast::websocket::response_type& m) { |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 103 | |
| 104 | #ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION |
| 105 | // use protocol for csrf checking |
| 106 | if (session->cookieAuth && |
| 107 | !crow::utility::constantTimeStringCompare( |
| 108 | protocol, session->csrfToken)) |
| 109 | { |
| 110 | BMCWEB_LOG_ERROR << "Websocket CSRF error"; |
| 111 | m.result(boost::beast::http::status::unauthorized); |
| 112 | return; |
| 113 | } |
| 114 | #endif |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 115 | if (!protocol.empty()) |
| 116 | { |
Ed Tanous | fe5b216 | 2019-05-22 14:28:16 -0700 | [diff] [blame] | 117 | m.insert(bf::sec_websocket_protocol, protocol); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 118 | } |
Ed Tanous | fe5b216 | 2019-05-22 14:28:16 -0700 | [diff] [blame] | 119 | |
| 120 | m.insert(bf::strict_transport_security, "max-age=31536000; " |
| 121 | "includeSubdomains; " |
| 122 | "preload"); |
| 123 | m.insert(bf::pragma, "no-cache"); |
| 124 | m.insert(bf::cache_control, "no-Store,no-Cache"); |
| 125 | m.insert("Content-Security-Policy", "default-src 'self'"); |
| 126 | m.insert("X-XSS-Protection", "1; " |
| 127 | "mode=block"); |
| 128 | m.insert("X-Content-Type-Options", "nosniff"); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 129 | }, |
| 130 | [this, self(shared_from_this())](boost::system::error_code ec) { |
| 131 | if (ec) |
| 132 | { |
| 133 | BMCWEB_LOG_ERROR << "Error in ws.async_accept " << ec; |
| 134 | return; |
| 135 | } |
| 136 | acceptDone(); |
| 137 | }); |
| 138 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 139 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 140 | void sendBinary(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 141 | { |
| 142 | ws.binary(true); |
| 143 | outBuffer.emplace_back(msg); |
| 144 | doWrite(); |
| 145 | } |
| 146 | |
| 147 | void sendBinary(std::string&& msg) override |
| 148 | { |
| 149 | ws.binary(true); |
| 150 | outBuffer.emplace_back(std::move(msg)); |
| 151 | doWrite(); |
| 152 | } |
| 153 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 154 | void sendText(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 155 | { |
| 156 | ws.text(true); |
| 157 | outBuffer.emplace_back(msg); |
| 158 | doWrite(); |
| 159 | } |
| 160 | |
| 161 | void sendText(std::string&& msg) override |
| 162 | { |
| 163 | ws.text(true); |
| 164 | outBuffer.emplace_back(std::move(msg)); |
| 165 | doWrite(); |
| 166 | } |
| 167 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 168 | void close(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 169 | { |
| 170 | ws.async_close( |
Wludzik, Jozef | f6a0d63 | 2020-07-16 15:16:02 +0200 | [diff] [blame] | 171 | {boost::beast::websocket::close_code::normal, msg}, |
Ed Tanous | 43b761d | 2019-02-13 20:10:56 -0800 | [diff] [blame] | 172 | [self(shared_from_this())](boost::system::error_code ec) { |
Ed Tanous | ceac6f7 | 2018-12-02 11:58:47 -0800 | [diff] [blame] | 173 | if (ec == boost::asio::error::operation_aborted) |
| 174 | { |
| 175 | return; |
| 176 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 177 | if (ec) |
| 178 | { |
| 179 | BMCWEB_LOG_ERROR << "Error closing websocket " << ec; |
| 180 | return; |
| 181 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 182 | }); |
| 183 | } |
| 184 | |
| 185 | void acceptDone() |
| 186 | { |
| 187 | BMCWEB_LOG_DEBUG << "Websocket accepted connection"; |
| 188 | |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 189 | auto asyncResp = std::make_shared<bmcweb::AsyncResp>( |
| 190 | res, [this, self(shared_from_this())]() { doRead(); }); |
| 191 | |
| 192 | asyncResp->res.result(boost::beast::http::status::ok); |
| 193 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 194 | if (openHandler) |
| 195 | { |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 196 | openHandler(*this, asyncResp); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 197 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 198 | } |
| 199 | |
| 200 | void doRead() |
| 201 | { |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 202 | ws.async_read(inBuffer, |
| 203 | [this, self(shared_from_this())]( |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 204 | boost::beast::error_code ec, std::size_t bytes_read) { |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 205 | if (ec) |
| 206 | { |
| 207 | if (ec != boost::beast::websocket::error::closed) |
| 208 | { |
| 209 | BMCWEB_LOG_ERROR << "doRead error " << ec; |
| 210 | } |
| 211 | if (closeHandler) |
| 212 | { |
| 213 | std::string_view reason = ws.reason().reason; |
| 214 | closeHandler(*this, std::string(reason)); |
| 215 | } |
| 216 | return; |
| 217 | } |
| 218 | if (messageHandler) |
| 219 | { |
| 220 | messageHandler(*this, inString, ws.got_text()); |
| 221 | } |
| 222 | inBuffer.consume(bytes_read); |
| 223 | inString.clear(); |
| 224 | doRead(); |
| 225 | }); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 226 | } |
| 227 | |
| 228 | void doWrite() |
| 229 | { |
| 230 | // If we're already doing a write, ignore the request, it will be picked |
| 231 | // up when the current write is complete |
| 232 | if (doingWrite) |
| 233 | { |
| 234 | return; |
| 235 | } |
| 236 | |
| 237 | if (outBuffer.empty()) |
| 238 | { |
| 239 | // Done for now |
| 240 | return; |
| 241 | } |
| 242 | doingWrite = true; |
Ed Tanous | cb13a39 | 2020-07-25 19:02:03 +0000 | [diff] [blame] | 243 | ws.async_write(boost::asio::buffer(outBuffer.front()), |
| 244 | [this, self(shared_from_this())]( |
| 245 | boost::beast::error_code ec, std::size_t) { |
| 246 | doingWrite = false; |
| 247 | outBuffer.erase(outBuffer.begin()); |
| 248 | if (ec == boost::beast::websocket::error::closed) |
| 249 | { |
| 250 | // Do nothing here. doRead handler will call the |
| 251 | // closeHandler. |
| 252 | close("Write error"); |
| 253 | return; |
| 254 | } |
| 255 | if (ec) |
| 256 | { |
| 257 | BMCWEB_LOG_ERROR << "Error in ws.async_write " |
| 258 | << ec; |
| 259 | return; |
| 260 | } |
| 261 | doWrite(); |
| 262 | }); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 263 | } |
| 264 | |
| 265 | private: |
Ed Tanous | ceac6f7 | 2018-12-02 11:58:47 -0800 | [diff] [blame] | 266 | boost::beast::websocket::stream<Adaptor> ws; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 267 | |
Ed Tanous | 609145a | 2018-09-05 16:27:36 -0700 | [diff] [blame] | 268 | std::string inString; |
| 269 | boost::asio::dynamic_string_buffer<std::string::value_type, |
| 270 | std::string::traits_type, |
| 271 | std::string::allocator_type> |
| 272 | inBuffer; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 273 | std::vector<std::string> outBuffer; |
| 274 | bool doingWrite = false; |
| 275 | |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 276 | std::function<void(Connection&, std::shared_ptr<bmcweb::AsyncResp>)> |
| 277 | openHandler; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 278 | std::function<void(Connection&, const std::string&, bool)> messageHandler; |
| 279 | std::function<void(Connection&, const std::string&)> closeHandler; |
| 280 | std::function<void(Connection&)> errorHandler; |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 281 | std::shared_ptr<persistent_data::UserSession> session; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 282 | }; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 283 | } // namespace websocket |
| 284 | } // namespace crow |