Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 1 | #pragma once |
Ed Tanous | 04e438c | 2020-10-03 08:06:26 -0700 | [diff] [blame] | 2 | #include "http_request.hpp" |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 3 | |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 4 | #include <async_resp.hpp> |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 5 | #include <boost/algorithm/string/predicate.hpp> |
Ed Tanous | 609145a | 2018-09-05 16:27:36 -0700 | [diff] [blame] | 6 | #include <boost/asio/buffer.hpp> |
Ed Tanous | 1b0044b | 2018-08-03 14:30:05 -0700 | [diff] [blame] | 7 | #include <boost/beast/websocket.hpp> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 8 | |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 9 | #include <array> |
| 10 | #include <functional> |
Ed Tanous | 1b0044b | 2018-08-03 14:30:05 -0700 | [diff] [blame] | 11 | |
| 12 | #ifdef BMCWEB_ENABLE_SSL |
| 13 | #include <boost/beast/websocket/ssl.hpp> |
| 14 | #endif |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 15 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 16 | namespace crow |
| 17 | { |
| 18 | namespace websocket |
| 19 | { |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 20 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 21 | struct Connection : std::enable_shared_from_this<Connection> |
| 22 | { |
| 23 | public: |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 24 | explicit Connection(const crow::Request& reqIn) : |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 25 | req(reqIn.req), userdataPtr(nullptr) |
| 26 | {} |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 27 | |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 28 | explicit Connection(const crow::Request& reqIn, std::string user) : |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 29 | req(reqIn.req), userName{std::move(user)}, userdataPtr(nullptr) |
| 30 | {} |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 31 | |
Ed Tanous | ecd6a3a | 2022-01-07 09:18:40 -0800 | [diff] [blame] | 32 | Connection(const Connection&) = delete; |
| 33 | Connection(Connection&&) = delete; |
| 34 | Connection& operator=(const Connection&) = delete; |
| 35 | Connection& operator=(const Connection&&) = delete; |
| 36 | |
Ed Tanous | 9eb808c | 2022-01-25 10:19:23 -0800 | [diff] [blame] | 37 | virtual void sendBinary(std::string_view msg) = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 38 | virtual void sendBinary(std::string&& msg) = 0; |
Ed Tanous | 9eb808c | 2022-01-25 10:19:23 -0800 | [diff] [blame] | 39 | virtual void sendText(std::string_view msg) = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 40 | virtual void sendText(std::string&& msg) = 0; |
Ed Tanous | 9eb808c | 2022-01-25 10:19:23 -0800 | [diff] [blame] | 41 | virtual void close(std::string_view msg = "quit") = 0; |
Ed Tanous | 2c70f80 | 2020-09-28 14:29:23 -0700 | [diff] [blame] | 42 | virtual boost::asio::io_context& getIoContext() = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 43 | virtual ~Connection() = default; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 44 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 45 | void userdata(void* u) |
| 46 | { |
| 47 | userdataPtr = u; |
| 48 | } |
| 49 | void* userdata() |
| 50 | { |
| 51 | return userdataPtr; |
| 52 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 53 | |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 54 | const std::string& getUserName() const |
| 55 | { |
| 56 | return userName; |
| 57 | } |
| 58 | |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 59 | boost::beast::http::request<boost::beast::http::string_body> req; |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 60 | crow::Response res; |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 61 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 62 | private: |
Przemyslaw Czarnowski | 250b0eb | 2020-02-24 10:23:56 +0100 | [diff] [blame] | 63 | std::string userName{}; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 64 | void* userdataPtr; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 65 | }; |
| 66 | |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 67 | template <typename Adaptor> |
| 68 | class ConnectionImpl : public Connection |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 69 | { |
| 70 | public: |
| 71 | ConnectionImpl( |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 72 | const crow::Request& reqIn, Adaptor adaptorIn, |
Ed Tanous | 8a59281 | 2022-06-04 09:06:59 -0700 | [diff] [blame] | 73 | std::function<void(Connection&)> openHandlerIn, |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 74 | std::function<void(Connection&, const std::string&, bool)> |
Ed Tanous | 8a59281 | 2022-06-04 09:06:59 -0700 | [diff] [blame] | 75 | messageHandlerIn, |
| 76 | std::function<void(Connection&, const std::string&)> closeHandlerIn, |
| 77 | std::function<void(Connection&)> errorHandlerIn) : |
Nan Zhou | 93c0202 | 2022-02-24 18:21:07 -0800 | [diff] [blame] | 78 | Connection(reqIn, reqIn.session == nullptr ? std::string{} |
| 79 | : reqIn.session->username), |
Ed Tanous | e05aec5 | 2022-01-25 10:28:56 -0800 | [diff] [blame] | 80 | ws(std::move(adaptorIn)), inBuffer(inString, 131088), |
Ed Tanous | 8a59281 | 2022-06-04 09:06:59 -0700 | [diff] [blame] | 81 | openHandler(std::move(openHandlerIn)), |
| 82 | messageHandler(std::move(messageHandlerIn)), |
| 83 | closeHandler(std::move(closeHandlerIn)), |
| 84 | errorHandler(std::move(errorHandlerIn)), session(reqIn.session) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 85 | { |
dhineskumare | 02bdd96 | 2021-07-08 16:06:49 +0530 | [diff] [blame] | 86 | /* Turn on the timeouts on websocket stream to server role */ |
| 87 | ws.set_option(boost::beast::websocket::stream_base::timeout::suggested( |
| 88 | boost::beast::role_type::server)); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 89 | BMCWEB_LOG_DEBUG << "Creating new connection " << this; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 90 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 91 | |
Ed Tanous | 2c70f80 | 2020-09-28 14:29:23 -0700 | [diff] [blame] | 92 | boost::asio::io_context& getIoContext() override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 93 | { |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 94 | return static_cast<boost::asio::io_context&>( |
| 95 | ws.get_executor().context()); |
Ed Tanous | 911ac31 | 2017-08-15 09:37:42 -0700 | [diff] [blame] | 96 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 97 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 98 | void start() |
| 99 | { |
| 100 | BMCWEB_LOG_DEBUG << "starting connection " << this; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 101 | |
Ed Tanous | fe5b216 | 2019-05-22 14:28:16 -0700 | [diff] [blame] | 102 | using bf = boost::beast::http::field; |
| 103 | |
Jan Sowinski | ee52ae1 | 2020-01-09 16:28:32 +0000 | [diff] [blame] | 104 | std::string_view protocol = req[bf::sec_websocket_protocol]; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 105 | |
Ed Tanous | d4d77e3 | 2020-08-18 00:07:28 -0700 | [diff] [blame] | 106 | ws.set_option(boost::beast::websocket::stream_base::decorator( |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 107 | [session{session}, protocol{std::string(protocol)}]( |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 108 | boost::beast::websocket::response_type& m) { |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 109 | |
| 110 | #ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 111 | if (session != nullptr) |
| 112 | { |
| 113 | // use protocol for csrf checking |
| 114 | if (session->cookieAuth && |
| 115 | !crow::utility::constantTimeStringCompare( |
| 116 | protocol, session->csrfToken)) |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 117 | { |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 118 | BMCWEB_LOG_ERROR << "Websocket CSRF error"; |
| 119 | m.result(boost::beast::http::status::unauthorized); |
| 120 | return; |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 121 | } |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 122 | } |
James Feist | f8aa3d2 | 2020-04-08 18:32:33 -0700 | [diff] [blame] | 123 | #endif |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 124 | if (!protocol.empty()) |
| 125 | { |
| 126 | m.insert(bf::sec_websocket_protocol, protocol); |
| 127 | } |
Ed Tanous | fe5b216 | 2019-05-22 14:28:16 -0700 | [diff] [blame] | 128 | |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 129 | m.insert(bf::strict_transport_security, "max-age=31536000; " |
| 130 | "includeSubdomains; " |
| 131 | "preload"); |
| 132 | m.insert(bf::pragma, "no-cache"); |
| 133 | m.insert(bf::cache_control, "no-Store,no-Cache"); |
| 134 | m.insert("Content-Security-Policy", "default-src 'self'"); |
| 135 | m.insert("X-XSS-Protection", "1; " |
| 136 | "mode=block"); |
| 137 | m.insert("X-Content-Type-Options", "nosniff"); |
| 138 | })); |
Ed Tanous | d4d77e3 | 2020-08-18 00:07:28 -0700 | [diff] [blame] | 139 | |
| 140 | // Perform the websocket upgrade |
| 141 | ws.async_accept(req, [this, self(shared_from_this())]( |
| 142 | boost::system::error_code ec) { |
| 143 | if (ec) |
| 144 | { |
| 145 | BMCWEB_LOG_ERROR << "Error in ws.async_accept " << ec; |
| 146 | return; |
| 147 | } |
| 148 | acceptDone(); |
| 149 | }); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 150 | } |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 151 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 152 | void sendBinary(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 153 | { |
| 154 | ws.binary(true); |
| 155 | outBuffer.emplace_back(msg); |
| 156 | doWrite(); |
| 157 | } |
| 158 | |
| 159 | void sendBinary(std::string&& msg) override |
| 160 | { |
| 161 | ws.binary(true); |
| 162 | outBuffer.emplace_back(std::move(msg)); |
| 163 | doWrite(); |
| 164 | } |
| 165 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 166 | void sendText(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 167 | { |
| 168 | ws.text(true); |
| 169 | outBuffer.emplace_back(msg); |
| 170 | doWrite(); |
| 171 | } |
| 172 | |
| 173 | void sendText(std::string&& msg) override |
| 174 | { |
| 175 | ws.text(true); |
| 176 | outBuffer.emplace_back(std::move(msg)); |
| 177 | doWrite(); |
| 178 | } |
| 179 | |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 180 | void close(const std::string_view msg) override |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 181 | { |
| 182 | ws.async_close( |
Wludzik, Jozef | f6a0d63 | 2020-07-16 15:16:02 +0200 | [diff] [blame] | 183 | {boost::beast::websocket::close_code::normal, msg}, |
Ed Tanous | 43b761d | 2019-02-13 20:10:56 -0800 | [diff] [blame] | 184 | [self(shared_from_this())](boost::system::error_code ec) { |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 185 | if (ec == boost::asio::error::operation_aborted) |
| 186 | { |
| 187 | return; |
| 188 | } |
| 189 | if (ec) |
| 190 | { |
| 191 | BMCWEB_LOG_ERROR << "Error closing websocket " << ec; |
| 192 | return; |
| 193 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 194 | }); |
| 195 | } |
| 196 | |
| 197 | void acceptDone() |
| 198 | { |
| 199 | BMCWEB_LOG_DEBUG << "Websocket accepted connection"; |
| 200 | |
Nan Zhou | 72374eb | 2022-01-27 17:06:51 -0800 | [diff] [blame] | 201 | doRead(); |
Iwona Klimaszewska | c0a1c8a | 2019-07-12 18:26:38 +0200 | [diff] [blame] | 202 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 203 | if (openHandler) |
| 204 | { |
zhanghch05 | 7772638 | 2021-10-21 14:07:57 +0800 | [diff] [blame] | 205 | openHandler(*this); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 206 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 207 | } |
| 208 | |
| 209 | void doRead() |
| 210 | { |
Adriana Kobylak | ae29b8c | 2019-04-24 11:19:18 -0500 | [diff] [blame] | 211 | ws.async_read(inBuffer, |
| 212 | [this, self(shared_from_this())]( |
Ed Tanous | 81ce609 | 2020-12-17 16:54:55 +0000 | [diff] [blame] | 213 | boost::beast::error_code ec, std::size_t bytesRead) { |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 214 | if (ec) |
| 215 | { |
| 216 | if (ec != boost::beast::websocket::error::closed) |
| 217 | { |
| 218 | BMCWEB_LOG_ERROR << "doRead error " << ec; |
| 219 | } |
| 220 | if (closeHandler) |
| 221 | { |
| 222 | std::string_view reason = ws.reason().reason; |
| 223 | closeHandler(*this, std::string(reason)); |
| 224 | } |
| 225 | return; |
| 226 | } |
| 227 | if (messageHandler) |
| 228 | { |
| 229 | messageHandler(*this, inString, ws.got_text()); |
| 230 | } |
| 231 | inBuffer.consume(bytesRead); |
| 232 | inString.clear(); |
| 233 | doRead(); |
| 234 | }); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 235 | } |
| 236 | |
| 237 | void doWrite() |
| 238 | { |
| 239 | // If we're already doing a write, ignore the request, it will be picked |
| 240 | // up when the current write is complete |
| 241 | if (doingWrite) |
| 242 | { |
| 243 | return; |
| 244 | } |
| 245 | |
| 246 | if (outBuffer.empty()) |
| 247 | { |
| 248 | // Done for now |
| 249 | return; |
| 250 | } |
| 251 | doingWrite = true; |
Ed Tanous | cb13a39 | 2020-07-25 19:02:03 +0000 | [diff] [blame] | 252 | ws.async_write(boost::asio::buffer(outBuffer.front()), |
| 253 | [this, self(shared_from_this())]( |
| 254 | boost::beast::error_code ec, std::size_t) { |
Ed Tanous | 002d39b | 2022-05-31 08:59:27 -0700 | [diff] [blame] | 255 | doingWrite = false; |
| 256 | outBuffer.erase(outBuffer.begin()); |
| 257 | if (ec == boost::beast::websocket::error::closed) |
| 258 | { |
| 259 | // Do nothing here. doRead handler will call the |
| 260 | // closeHandler. |
| 261 | close("Write error"); |
| 262 | return; |
| 263 | } |
| 264 | if (ec) |
| 265 | { |
| 266 | BMCWEB_LOG_ERROR << "Error in ws.async_write " << ec; |
| 267 | return; |
| 268 | } |
| 269 | doWrite(); |
| 270 | }); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 271 | } |
| 272 | |
| 273 | private: |
Ed Tanous | 2aee6ca | 2021-02-01 09:52:17 -0800 | [diff] [blame] | 274 | boost::beast::websocket::stream<Adaptor, false> ws; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 275 | |
Ed Tanous | 609145a | 2018-09-05 16:27:36 -0700 | [diff] [blame] | 276 | std::string inString; |
| 277 | boost::asio::dynamic_string_buffer<std::string::value_type, |
| 278 | std::string::traits_type, |
| 279 | std::string::allocator_type> |
| 280 | inBuffer; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 281 | std::vector<std::string> outBuffer; |
| 282 | bool doingWrite = false; |
| 283 | |
zhanghch05 | 7772638 | 2021-10-21 14:07:57 +0800 | [diff] [blame] | 284 | std::function<void(Connection&)> openHandler; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 285 | std::function<void(Connection&, const std::string&, bool)> messageHandler; |
| 286 | std::function<void(Connection&, const std::string&)> closeHandler; |
| 287 | std::function<void(Connection&)> errorHandler; |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 288 | std::shared_ptr<persistent_data::UserSession> session; |
Ed Tanous | 7045c8d | 2017-04-03 10:04:37 -0700 | [diff] [blame] | 289 | }; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 290 | } // namespace websocket |
| 291 | } // namespace crow |