blob: 8aaabcddaa13fb1e77679eb50aec10c488261efc [file] [log] [blame]
Ed Tanous7045c8d2017-04-03 10:04:37 -07001#pragma once
Adriana Kobylak0e1cf262019-12-05 13:57:57 -06002#include "config.h"
3
Manojkiran Eda44250442020-06-16 12:51:38 +05304#include "http_response.h"
5#include "logging.h"
Manojkiran Eda44250442020-06-16 12:51:38 +05306#include "timer_queue.h"
7#include "utility.h"
8
James Feist3909dc82020-04-03 10:58:55 -07009#include "authorization.hpp"
Ed Tanous1abe55e2018-09-05 08:30:59 -070010#include "http_utility.hpp"
11
Ed Tanouse0d918b2018-03-27 17:41:04 -070012#include <boost/algorithm/string.hpp>
Ed Tanous257f5792018-03-17 14:40:09 -070013#include <boost/algorithm/string/predicate.hpp>
Ed Tanous8f626352018-12-19 14:51:54 -080014#include <boost/asio/io_context.hpp>
Ed Tanous3112a142018-11-29 15:45:10 -080015#include <boost/asio/ip/tcp.hpp>
Ed Tanousd43cd0c2020-09-30 20:46:53 -070016#include <boost/asio/ssl/stream.hpp>
Ed Tanous3112a142018-11-29 15:45:10 -080017#include <boost/beast/core/flat_static_buffer.hpp>
Manojkiran Eda44250442020-06-16 12:51:38 +053018#include <boost/beast/ssl/ssl_stream.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050019#include <boost/beast/websocket.hpp>
Ed Tanous57fce802019-05-21 13:00:34 -070020#include <json_html_serializer.hpp>
Ed Tanous52cc1122020-07-18 13:51:21 -070021#include <security_headers.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050022#include <ssl_key_handler.hpp>
23
Manojkiran Eda44250442020-06-16 12:51:38 +053024#include <atomic>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050025#include <chrono>
26#include <vector>
27
Ed Tanous1abe55e2018-09-05 08:30:59 -070028namespace crow
29{
Ed Tanous257f5792018-03-17 14:40:09 -070030
Ed Tanous1abe55e2018-09-05 08:30:59 -070031inline void prettyPrintJson(crow::Response& res)
32{
Ed Tanous57fce802019-05-21 13:00:34 -070033 json_html_util::dumpHtml(res.body(), res.jsonValue);
34
Ed Tanous93ef5802019-01-03 10:15:41 -080035 res.addHeader("Content-Type", "text/html;charset=UTF-8");
Ed Tanous257f5792018-03-17 14:40:09 -070036}
37
Ed Tanous55c7b7a2018-05-22 15:27:24 -070038#ifdef BMCWEB_ENABLE_DEBUG
Ed Tanouse0d918b2018-03-27 17:41:04 -070039static std::atomic<int> connectionCount;
Ed Tanous7045c8d2017-04-03 10:04:37 -070040#endif
Jennifer Leeacb7cfb2018-06-07 16:08:15 -070041
Adriana Kobylak0e1cf262019-12-05 13:57:57 -060042// request body limit size set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB option
43constexpr unsigned int httpReqBodyLimit =
44 1024 * 1024 * BMCWEB_HTTP_REQ_BODY_LIMIT_MB;
Jennifer Leeacb7cfb2018-06-07 16:08:15 -070045
James Feist3909dc82020-04-03 10:58:55 -070046constexpr uint64_t loggedOutPostBodyLimit = 4096;
47
48constexpr uint32_t httpHeaderLimit = 8192;
49
50// drop all connections after 1 minute, this time limit was chosen
51// arbitrarily and can be adjusted later if needed
52static constexpr const size_t loggedInAttempts =
53 (60 / timerQueueTimeoutSeconds);
54
55static constexpr const size_t loggedOutAttempts =
56 (15 / timerQueueTimeoutSeconds);
57
Ed Tanous52cc1122020-07-18 13:51:21 -070058template <typename Adaptor, typename Handler>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050059class Connection :
Ed Tanous52cc1122020-07-18 13:51:21 -070060 public std::enable_shared_from_this<Connection<Adaptor, Handler>>
Ed Tanous1abe55e2018-09-05 08:30:59 -070061{
62 public:
Ed Tanouse7d1a1c2020-09-28 09:36:35 -070063 Connection(Handler* handlerIn,
Ed Tanous1abe55e2018-09-05 08:30:59 -070064 std::function<std::string()>& get_cached_date_str_f,
Ed Tanous271584a2019-07-09 16:24:22 -070065 detail::TimerQueue& timerQueueIn, Adaptor adaptorIn) :
Ed Tanousceac6f72018-12-02 11:58:47 -080066 adaptor(std::move(adaptorIn)),
Ed Tanouse7d1a1c2020-09-28 09:36:35 -070067 handler(handlerIn), getCachedDateStr(get_cached_date_str_f),
68 timerQueue(timerQueueIn)
Ed Tanous1abe55e2018-09-05 08:30:59 -070069 {
70 parser.emplace(std::piecewise_construct, std::make_tuple());
Ed Tanous1abe55e2018-09-05 08:30:59 -070071 parser->body_limit(httpReqBodyLimit);
James Feist3909dc82020-04-03 10:58:55 -070072 parser->header_limit(httpHeaderLimit);
Ed Tanous1abe55e2018-09-05 08:30:59 -070073 req.emplace(parser->get());
Kowalski, Kamil55e43f62019-07-10 13:12:57 +020074
75#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
Ed Tanous2c70f802020-09-28 14:29:23 -070076 auto caAvailable = !std::filesystem::is_empty(
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +010077 std::filesystem::path(ensuressl::trustStorePath));
Ed Tanous2c70f802020-09-28 14:29:23 -070078 if (caAvailable && persistent_data::SessionStore::getInstance()
79 .getAuthMethodsConfig()
80 .tls)
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +010081 {
82 adaptor.set_verify_mode(boost::asio::ssl::verify_peer);
Ed Tanouse7d1a1c2020-09-28 09:36:35 -070083 std::string id = "bmcweb";
84 int ret = SSL_set_session_id_context(
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +010085 adaptor.native_handle(),
Ed Tanouse7d1a1c2020-09-28 09:36:35 -070086 reinterpret_cast<const unsigned char*>(id.c_str()),
87 static_cast<unsigned int>(id.length()));
88 if (ret == 0)
89 {
90 BMCWEB_LOG_ERROR << this << " failed to set SSL id";
91 }
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +010092 }
93
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +010094 adaptor.set_verify_callback([this](
95 bool preverified,
96 boost::asio::ssl::verify_context& ctx) {
97 // do nothing if TLS is disabled
Ed Tanous52cc1122020-07-18 13:51:21 -070098 if (!persistent_data::SessionStore::getInstance()
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +010099 .getAuthMethodsConfig()
100 .tls)
101 {
102 BMCWEB_LOG_DEBUG << this << " TLS auth_config is disabled";
Kowalski, Kamil55e43f62019-07-10 13:12:57 +0200103 return true;
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100104 }
105
106 // We always return true to allow full auth flow
107 if (!preverified)
108 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100109 BMCWEB_LOG_DEBUG << this << " TLS preverification failed.";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100110 return true;
111 }
112
113 X509_STORE_CTX* cts = ctx.native_handle();
114 if (cts == nullptr)
115 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100116 BMCWEB_LOG_DEBUG << this << " Cannot get native TLS handle.";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100117 return true;
118 }
119
120 // Get certificate
121 X509* peerCert =
122 X509_STORE_CTX_get_current_cert(ctx.native_handle());
123 if (peerCert == nullptr)
124 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100125 BMCWEB_LOG_DEBUG << this
126 << " Cannot get current TLS certificate.";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100127 return true;
128 }
129
130 // Check if certificate is OK
131 int error = X509_STORE_CTX_get_error(cts);
132 if (error != X509_V_OK)
133 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100134 BMCWEB_LOG_INFO << this << " Last TLS error is: " << error;
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100135 return true;
136 }
137 // Check that we have reached final certificate in chain
138 int32_t depth = X509_STORE_CTX_get_error_depth(cts);
139 if (depth != 0)
140
141 {
142 BMCWEB_LOG_DEBUG
143 << this << " Certificate verification in progress (depth "
144 << depth << "), waiting to reach final depth";
145 return true;
146 }
147
148 BMCWEB_LOG_DEBUG << this
149 << " Certificate verification of final depth";
150
151 // Verify KeyUsage
152 bool isKeyUsageDigitalSignature = false;
153 bool isKeyUsageKeyAgreement = false;
154
155 ASN1_BIT_STRING* usage = static_cast<ASN1_BIT_STRING*>(
Ed Tanous23a21a12020-07-25 04:45:05 +0000156 X509_get_ext_d2i(peerCert, NID_key_usage, nullptr, nullptr));
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100157
158 if (usage == nullptr)
159 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100160 BMCWEB_LOG_DEBUG << this << " TLS usage is null";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100161 return true;
162 }
163
164 for (int i = 0; i < usage->length; i++)
165 {
166 if (KU_DIGITAL_SIGNATURE & usage->data[i])
167 {
168 isKeyUsageDigitalSignature = true;
169 }
170 if (KU_KEY_AGREEMENT & usage->data[i])
171 {
172 isKeyUsageKeyAgreement = true;
173 }
174 }
175
176 if (!isKeyUsageDigitalSignature || !isKeyUsageKeyAgreement)
177 {
178 BMCWEB_LOG_DEBUG << this
179 << " Certificate ExtendedKeyUsage does "
180 "not allow provided certificate to "
181 "be used for user authentication";
182 return true;
183 }
Zbigniew Kurzynski09d02f82020-03-30 13:41:42 +0200184 ASN1_BIT_STRING_free(usage);
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100185
186 // Determine that ExtendedKeyUsage includes Client Auth
187
Ed Tanous23a21a12020-07-25 04:45:05 +0000188 stack_st_ASN1_OBJECT* extUsage =
189 static_cast<stack_st_ASN1_OBJECT*>(X509_get_ext_d2i(
190 peerCert, NID_ext_key_usage, nullptr, nullptr));
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100191
192 if (extUsage == nullptr)
193 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100194 BMCWEB_LOG_DEBUG << this << " TLS extUsage is null";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100195 return true;
196 }
197
198 bool isExKeyUsageClientAuth = false;
199 for (int i = 0; i < sk_ASN1_OBJECT_num(extUsage); i++)
200 {
201 if (NID_client_auth ==
202 OBJ_obj2nid(sk_ASN1_OBJECT_value(extUsage, i)))
203 {
204 isExKeyUsageClientAuth = true;
205 break;
206 }
207 }
Zbigniew Kurzynski09d02f82020-03-30 13:41:42 +0200208 sk_ASN1_OBJECT_free(extUsage);
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100209
210 // Certificate has to have proper key usages set
211 if (!isExKeyUsageClientAuth)
212 {
213 BMCWEB_LOG_DEBUG << this
214 << " Certificate ExtendedKeyUsage does "
215 "not allow provided certificate to "
216 "be used for user authentication";
217 return true;
218 }
219 std::string sslUser;
220 // Extract username contained in CommonName
221 sslUser.resize(256, '\0');
222
223 int status = X509_NAME_get_text_by_NID(
224 X509_get_subject_name(peerCert), NID_commonName, sslUser.data(),
225 static_cast<int>(sslUser.size()));
226
227 if (status == -1)
228 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100229 BMCWEB_LOG_DEBUG
230 << this << " TLS cannot get username to create session";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100231 return true;
232 }
233
234 size_t lastChar = sslUser.find('\0');
235 if (lastChar == std::string::npos || lastChar == 0)
236 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100237 BMCWEB_LOG_DEBUG << this << " Invalid TLS user name";
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100238 return true;
239 }
240 sslUser.resize(lastChar);
241
Ed Tanous52cc1122020-07-18 13:51:21 -0700242 session =
243 persistent_data::SessionStore::getInstance()
244 .generateUserSession(
245 sslUser, persistent_data::PersistenceType::TIMEOUT);
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100246 if (auto sp = session.lock())
247 {
248 BMCWEB_LOG_DEBUG << this
249 << " Generating TLS session: " << sp->uniqueId;
250 }
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100251 return true;
252 });
Kowalski, Kamil55e43f62019-07-10 13:12:57 +0200253#endif // BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
254
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700255#ifdef BMCWEB_ENABLE_DEBUG
Ed Tanous1abe55e2018-09-05 08:30:59 -0700256 connectionCount++;
257 BMCWEB_LOG_DEBUG << this << " Connection open, total "
258 << connectionCount;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700259#endif
Ed Tanous1abe55e2018-09-05 08:30:59 -0700260 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700261
Ed Tanous1abe55e2018-09-05 08:30:59 -0700262 ~Connection()
263 {
264 res.completeRequestHandler = nullptr;
265 cancelDeadlineTimer();
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700266#ifdef BMCWEB_ENABLE_DEBUG
Ed Tanous1abe55e2018-09-05 08:30:59 -0700267 connectionCount--;
268 BMCWEB_LOG_DEBUG << this << " Connection closed, total "
269 << connectionCount;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700270#endif
Ed Tanous7045c8d2017-04-03 10:04:37 -0700271 }
272
Ed Tanousceac6f72018-12-02 11:58:47 -0800273 Adaptor& socket()
Ed Tanous1abe55e2018-09-05 08:30:59 -0700274 {
Ed Tanousceac6f72018-12-02 11:58:47 -0800275 return adaptor;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700276 }
277
Ed Tanous1abe55e2018-09-05 08:30:59 -0700278 void start()
279 {
Ed Tanous7045c8d2017-04-03 10:04:37 -0700280
James Feist3909dc82020-04-03 10:58:55 -0700281 startDeadline(0);
Ed Tanousceac6f72018-12-02 11:58:47 -0800282 // TODO(ed) Abstract this to a more clever class with the idea of an
283 // asynchronous "start"
284 if constexpr (std::is_same_v<Adaptor,
285 boost::beast::ssl_stream<
286 boost::asio::ip::tcp::socket>>)
287 {
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000288 adaptor.async_handshake(boost::asio::ssl::stream_base::server,
289 [this, self(shared_from_this())](
290 const boost::system::error_code& ec) {
291 if (ec)
292 {
293 return;
294 }
295 doReadHeaders();
296 });
Ed Tanousceac6f72018-12-02 11:58:47 -0800297 }
298 else
299 {
300 doReadHeaders();
301 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700302 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700303
Ed Tanous1abe55e2018-09-05 08:30:59 -0700304 void handle()
305 {
306 cancelDeadlineTimer();
James Feist3909dc82020-04-03 10:58:55 -0700307
Ed Tanous1abe55e2018-09-05 08:30:59 -0700308 bool isInvalidRequest = false;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700309
Ed Tanous1abe55e2018-09-05 08:30:59 -0700310 // Check for HTTP version 1.1.
311 if (req->version() == 11)
312 {
313 if (req->getHeaderValue(boost::beast::http::field::host).empty())
314 {
315 isInvalidRequest = true;
Ed Tanousde5c9f32019-03-26 09:17:55 -0700316 res.result(boost::beast::http::status::bad_request);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700317 }
318 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700319
Sunitha Harishe4360082020-09-28 02:10:59 -0500320 // Copy the client's IP address
321 req->ipAddress =
322 boost::beast::get_lowest_layer(adaptor).remote_endpoint().address();
323
Ed Tanouse278c182019-03-13 16:23:37 -0700324 BMCWEB_LOG_INFO << "Request: "
325 << " " << this << " HTTP/" << req->version() / 10 << "."
326 << req->version() % 10 << ' ' << req->methodString()
327 << " " << req->target();
Ed Tanous7045c8d2017-04-03 10:04:37 -0700328
Ed Tanous1abe55e2018-09-05 08:30:59 -0700329 needToCallAfterHandlers = false;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700330
Ed Tanous1abe55e2018-09-05 08:30:59 -0700331 if (!isInvalidRequest)
332 {
333 res.completeRequestHandler = [] {};
Ed Tanouse278c182019-03-13 16:23:37 -0700334 res.isAliveHelper = [this]() -> bool { return isAlive(); };
Ed Tanous7045c8d2017-04-03 10:04:37 -0700335
Ed Tanouse278c182019-03-13 16:23:37 -0700336 req->ioService = static_cast<decltype(req->ioService)>(
337 &adaptor.get_executor().context());
Kowalski, Kamil55e43f62019-07-10 13:12:57 +0200338
Ed Tanous1abe55e2018-09-05 08:30:59 -0700339 if (!res.completed)
340 {
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000341 needToCallAfterHandlers = true;
342 res.completeRequestHandler = [self(shared_from_this())] {
Wludzik, Jozefc7d34222020-10-19 12:59:41 +0200343 boost::asio::post(self->adaptor.get_executor(),
344 [self] { self->completeRequest(); });
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000345 };
Ed Tanous1abe55e2018-09-05 08:30:59 -0700346 if (req->isUpgrade() &&
347 boost::iequals(
348 req->getHeaderValue(boost::beast::http::field::upgrade),
349 "websocket"))
350 {
351 handler->handleUpgrade(*req, res, std::move(adaptor));
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000352 // delete lambda with self shared_ptr
353 // to enable connection destruction
354 res.completeRequestHandler = nullptr;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700355 return;
356 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700357 handler->handle(*req, res);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700358 }
359 else
360 {
361 completeRequest();
362 }
363 }
364 else
365 {
366 completeRequest();
367 }
368 }
Ed Tanouse0d918b2018-03-27 17:41:04 -0700369
Ed Tanouse278c182019-03-13 16:23:37 -0700370 bool isAlive()
371 {
372
373 if constexpr (std::is_same_v<Adaptor,
374 boost::beast::ssl_stream<
375 boost::asio::ip::tcp::socket>>)
376 {
377 return adaptor.next_layer().is_open();
378 }
379 else
380 {
381 return adaptor.is_open();
382 }
383 }
384 void close()
385 {
Ed Tanouse278c182019-03-13 16:23:37 -0700386 if constexpr (std::is_same_v<Adaptor,
387 boost::beast::ssl_stream<
388 boost::asio::ip::tcp::socket>>)
389 {
390 adaptor.next_layer().close();
Kowalski, Kamil55e43f62019-07-10 13:12:57 +0200391#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
392 if (auto sp = session.lock())
393 {
Zbigniew Kurzynski009c2a42019-11-14 13:37:15 +0100394 BMCWEB_LOG_DEBUG << this
395 << " Removing TLS session: " << sp->uniqueId;
Kowalski, Kamil55e43f62019-07-10 13:12:57 +0200396 persistent_data::SessionStore::getInstance().removeSession(sp);
397 }
398#endif // BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
Ed Tanouse278c182019-03-13 16:23:37 -0700399 }
400 else
401 {
402 adaptor.close();
403 }
404 }
405
Ed Tanous1abe55e2018-09-05 08:30:59 -0700406 void completeRequest()
407 {
408 BMCWEB_LOG_INFO << "Response: " << this << ' ' << req->url << ' '
409 << res.resultInt() << " keepalive=" << req->keepAlive();
Ed Tanous7045c8d2017-04-03 10:04:37 -0700410
Ed Tanous52cc1122020-07-18 13:51:21 -0700411 addSecurityHeaders(res);
412
Ed Tanous1abe55e2018-09-05 08:30:59 -0700413 if (needToCallAfterHandlers)
414 {
James Feist3909dc82020-04-03 10:58:55 -0700415 crow::authorization::cleanupTempSession(*req);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700416 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700417
Ed Tanouse278c182019-03-13 16:23:37 -0700418 if (!isAlive())
Ed Tanous1abe55e2018-09-05 08:30:59 -0700419 {
420 // BMCWEB_LOG_DEBUG << this << " delete (socket is closed) " <<
421 // isReading
422 // << ' ' << isWriting;
423 // delete this;
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000424
425 // delete lambda with self shared_ptr
426 // to enable connection destruction
427 res.completeRequestHandler = nullptr;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700428 return;
429 }
430 if (res.body().empty() && !res.jsonValue.empty())
431 {
432 if (http_helpers::requestPrefersHtml(*req))
433 {
434 prettyPrintJson(res);
435 }
436 else
437 {
438 res.jsonMode();
Jason M. Bills193ad2f2018-09-26 15:08:52 -0700439 res.body() = res.jsonValue.dump(2, ' ', true);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700440 }
441 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700442
Ed Tanous1abe55e2018-09-05 08:30:59 -0700443 if (res.resultInt() >= 400 && res.body().empty())
444 {
445 res.body() = std::string(res.reason());
446 }
Ed Tanous6295bec2019-09-03 10:11:01 -0700447
448 if (res.result() == boost::beast::http::status::no_content)
449 {
450 // Boost beast throws if content is provided on a no-content
451 // response. Ideally, this would never happen, but in the case that
452 // it does, we don't want to throw.
453 BMCWEB_LOG_CRITICAL
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100454 << this << " Response content provided but code was no-content";
Ed Tanous6295bec2019-09-03 10:11:01 -0700455 res.body().clear();
456 }
457
Ed Tanous1abe55e2018-09-05 08:30:59 -0700458 res.addHeader(boost::beast::http::field::date, getCachedDateStr());
459
460 res.keepAlive(req->keepAlive());
461
462 doWrite();
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000463
464 // delete lambda with self shared_ptr
465 // to enable connection destruction
466 res.completeRequestHandler = nullptr;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700467 }
468
469 private:
470 void doReadHeaders()
471 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700472 BMCWEB_LOG_DEBUG << this << " doReadHeaders";
473
474 // Clean up any previous Connection.
475 boost::beast::http::async_read_header(
Ed Tanousceac6f72018-12-02 11:58:47 -0800476 adaptor, buffer, *parser,
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000477 [this,
478 self(shared_from_this())](const boost::system::error_code& ec,
479 std::size_t bytes_transferred) {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700480 BMCWEB_LOG_ERROR << this << " async_read_header "
481 << bytes_transferred << " Bytes";
482 bool errorWhileReading = false;
483 if (ec)
484 {
485 errorWhileReading = true;
486 BMCWEB_LOG_ERROR
487 << this << " Error while reading: " << ec.message();
488 }
489 else
490 {
491 // if the adaptor isn't open anymore, and wasn't handed to a
492 // websocket, treat as an error
Ed Tanouse278c182019-03-13 16:23:37 -0700493 if (!isAlive() && !req->isUpgrade())
Ed Tanous1abe55e2018-09-05 08:30:59 -0700494 {
495 errorWhileReading = true;
496 }
497 }
498
James Feist3909dc82020-04-03 10:58:55 -0700499 cancelDeadlineTimer();
500
Ed Tanous1abe55e2018-09-05 08:30:59 -0700501 if (errorWhileReading)
502 {
Ed Tanouse278c182019-03-13 16:23:37 -0700503 close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700504 BMCWEB_LOG_DEBUG << this << " from read(1)";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700505 return;
506 }
507
James Feist3909dc82020-04-03 10:58:55 -0700508 if (!req)
509 {
510 close();
511 return;
512 }
513
Ed Tanousdc7a7932020-08-17 15:04:58 -0700514 // Note, despite the bmcweb coding policy on use of exceptions
515 // for error handling, this one particular use of exceptions is
516 // deemed acceptible, as it solved a significant error handling
517 // problem that resulted in seg faults, the exact thing that the
518 // exceptions rule is trying to avoid. If at some point,
519 // boost::urls makes the parser object public (or we port it
520 // into bmcweb locally) this will be replaced with
521 // parser::parse, which returns a status code
James Feist5a7e8772020-07-22 09:08:38 -0700522
Ed Tanousdc7a7932020-08-17 15:04:58 -0700523 try
524 {
525 req->urlView = boost::urls::url_view(req->target());
526 req->url = req->urlView.encoded_path();
527 }
Ed Tanous92ccb882020-08-18 10:36:33 -0700528 catch (std::exception& p)
Ed Tanousdc7a7932020-08-17 15:04:58 -0700529 {
Ed Tanous3bcc0152020-08-25 07:47:29 -0700530 BMCWEB_LOG_ERROR << p.what();
Ed Tanousdc7a7932020-08-17 15:04:58 -0700531 }
Ed Tanous92ccb882020-08-18 10:36:33 -0700532
James Feist6964c982020-07-28 16:10:23 -0700533 crow::authorization::authenticate(*req, res, session);
James Feist3909dc82020-04-03 10:58:55 -0700534
535 bool loggedIn = req && req->session;
536 if (loggedIn)
537 {
538 startDeadline(loggedInAttempts);
539 BMCWEB_LOG_DEBUG << "Starting slow deadline";
540
James Feist5a7e8772020-07-22 09:08:38 -0700541 req->urlParams = req->urlView.params();
542
543#ifdef BMCWEB_ENABLE_DEBUG
544 std::string paramList = "";
545 for (const auto param : req->urlParams)
546 {
547 paramList += param->key() + " " + param->value() + " ";
548 }
549 BMCWEB_LOG_DEBUG << "QueryParams: " << paramList;
550#endif
James Feist3909dc82020-04-03 10:58:55 -0700551 }
552 else
553 {
554 const boost::optional<uint64_t> contentLength =
555 parser->content_length();
556 if (contentLength &&
557 *contentLength > loggedOutPostBodyLimit)
558 {
559 BMCWEB_LOG_DEBUG << "Content length greater than limit "
560 << *contentLength;
561 close();
562 return;
563 }
564
565 startDeadline(loggedOutAttempts);
566 BMCWEB_LOG_DEBUG << "Starting quick deadline";
567 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700568 doRead();
569 });
570 }
571
572 void doRead()
573 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700574 BMCWEB_LOG_DEBUG << this << " doRead";
575
576 boost::beast::http::async_read(
Ed Tanousceac6f72018-12-02 11:58:47 -0800577 adaptor, buffer, *parser,
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000578 [this,
579 self(shared_from_this())](const boost::system::error_code& ec,
580 std::size_t bytes_transferred) {
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100581 BMCWEB_LOG_DEBUG << this << " async_read " << bytes_transferred
Ed Tanous1abe55e2018-09-05 08:30:59 -0700582 << " Bytes";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700583
584 bool errorWhileReading = false;
585 if (ec)
586 {
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100587 BMCWEB_LOG_ERROR
588 << this << " Error while reading: " << ec.message();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700589 errorWhileReading = true;
590 }
591 else
592 {
James Feist3909dc82020-04-03 10:58:55 -0700593 if (isAlive())
594 {
595 cancelDeadlineTimer();
596 bool loggedIn = req && req->session;
597 if (loggedIn)
598 {
599 startDeadline(loggedInAttempts);
600 }
601 else
602 {
603 startDeadline(loggedOutAttempts);
604 }
605 }
606 else
Ed Tanous1abe55e2018-09-05 08:30:59 -0700607 {
608 errorWhileReading = true;
609 }
610 }
611 if (errorWhileReading)
612 {
613 cancelDeadlineTimer();
Ed Tanouse278c182019-03-13 16:23:37 -0700614 close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700615 BMCWEB_LOG_DEBUG << this << " from read(1)";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700616 return;
617 }
618 handle();
619 });
620 }
621
622 void doWrite()
623 {
James Feist3909dc82020-04-03 10:58:55 -0700624 bool loggedIn = req && req->session;
625 if (loggedIn)
626 {
627 startDeadline(loggedInAttempts);
628 }
629 else
630 {
631 startDeadline(loggedOutAttempts);
632 }
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100633 BMCWEB_LOG_DEBUG << this << " doWrite";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700634 res.preparePayload();
635 serializer.emplace(*res.stringResponse);
636 boost::beast::http::async_write(
Ed Tanousceac6f72018-12-02 11:58:47 -0800637 adaptor, *serializer,
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000638 [this,
639 self(shared_from_this())](const boost::system::error_code& ec,
640 std::size_t bytes_transferred) {
Zbigniew Kurzynski2658d982019-11-19 18:01:08 +0100641 BMCWEB_LOG_DEBUG << this << " async_write " << bytes_transferred
Ed Tanous1abe55e2018-09-05 08:30:59 -0700642 << " bytes";
643
James Feist54d8bb12020-07-20 13:28:59 -0700644 cancelDeadlineTimer();
645
Ed Tanous1abe55e2018-09-05 08:30:59 -0700646 if (ec)
647 {
648 BMCWEB_LOG_DEBUG << this << " from write(2)";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700649 return;
650 }
Ed Tanousceac6f72018-12-02 11:58:47 -0800651 if (!res.keepAlive())
Ed Tanous1abe55e2018-09-05 08:30:59 -0700652 {
Ed Tanouse278c182019-03-13 16:23:37 -0700653 close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700654 BMCWEB_LOG_DEBUG << this << " from write(1)";
Ed Tanous1abe55e2018-09-05 08:30:59 -0700655 return;
656 }
657
658 serializer.reset();
659 BMCWEB_LOG_DEBUG << this << " Clearing response";
660 res.clear();
661 parser.emplace(std::piecewise_construct, std::make_tuple());
Gunnar Millsded2a1e2020-07-24 09:46:33 -0500662 parser->body_limit(httpReqBodyLimit); // reset body limit for
663 // newly created parser
Ed Tanous1abe55e2018-09-05 08:30:59 -0700664 buffer.consume(buffer.size());
665
666 req.emplace(parser->get());
667 doReadHeaders();
668 });
669 }
670
Ed Tanous1abe55e2018-09-05 08:30:59 -0700671 void cancelDeadlineTimer()
672 {
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000673 if (timerCancelKey)
674 {
675 BMCWEB_LOG_DEBUG << this << " timer cancelled: " << &timerQueue
676 << ' ' << *timerCancelKey;
677 timerQueue.cancel(*timerCancelKey);
678 timerCancelKey.reset();
679 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700680 }
681
James Feist3909dc82020-04-03 10:58:55 -0700682 void startDeadline(size_t timerIterations)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700683 {
684 cancelDeadlineTimer();
685
James Feist3909dc82020-04-03 10:58:55 -0700686 if (timerIterations)
687 {
688 timerIterations--;
689 }
Jan Sowinski2b5e08e2020-01-09 17:16:02 +0100690
James Feist3909dc82020-04-03 10:58:55 -0700691 timerCancelKey =
James Feistbe5dfca2020-07-22 08:54:59 -0700692 timerQueue.add([self(shared_from_this()), timerIterations,
693 readCount{parser->get().body().size()}] {
James Feist3909dc82020-04-03 10:58:55 -0700694 // Mark timer as not active to avoid canceling it during
695 // Connection destructor which leads to double free issue
696 self->timerCancelKey.reset();
697 if (!self->isAlive())
698 {
699 return;
700 }
Jan Sowinski2b5e08e2020-01-09 17:16:02 +0100701
James Feistbe5dfca2020-07-22 08:54:59 -0700702 bool loggedIn = self->req && self->req->session;
703 // allow slow uploads for logged in users
704 if (loggedIn && self->parser->get().body().size() > readCount)
705 {
706 BMCWEB_LOG_DEBUG << self.get()
707 << " restart timer - read in progress";
708 self->startDeadline(timerIterations);
709 return;
710 }
711
James Feist3909dc82020-04-03 10:58:55 -0700712 // Threshold can be used to drop slow connections
713 // to protect against slow-rate DoS attack
714 if (timerIterations)
715 {
James Feistbe5dfca2020-07-22 08:54:59 -0700716 BMCWEB_LOG_DEBUG << self.get() << " restart timer";
James Feist3909dc82020-04-03 10:58:55 -0700717 self->startDeadline(timerIterations);
718 return;
719 }
720
721 self->close();
722 });
James Feistcb6cb492020-04-03 13:36:17 -0700723
724 if (!timerCancelKey)
725 {
726 close();
727 return;
728 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700729 BMCWEB_LOG_DEBUG << this << " timer added: " << &timerQueue << ' '
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000730 << *timerCancelKey;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700731 }
732
733 private:
734 Adaptor adaptor;
735 Handler* handler;
736
Ed Tanousa24526d2018-12-10 15:17:59 -0800737 // Making this a std::optional allows it to be efficiently destroyed and
Ed Tanous1abe55e2018-09-05 08:30:59 -0700738 // re-created on Connection reset
Ed Tanousa24526d2018-12-10 15:17:59 -0800739 std::optional<
Ed Tanous1abe55e2018-09-05 08:30:59 -0700740 boost::beast::http::request_parser<boost::beast::http::string_body>>
741 parser;
742
Ed Tanous3112a142018-11-29 15:45:10 -0800743 boost::beast::flat_static_buffer<8192> buffer;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700744
Ed Tanousa24526d2018-12-10 15:17:59 -0800745 std::optional<boost::beast::http::response_serializer<
Ed Tanous1abe55e2018-09-05 08:30:59 -0700746 boost::beast::http::string_body>>
747 serializer;
748
Ed Tanousa24526d2018-12-10 15:17:59 -0800749 std::optional<crow::Request> req;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700750 crow::Response res;
Ed Tanous52cc1122020-07-18 13:51:21 -0700751
752 std::weak_ptr<persistent_data::UserSession> session;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700753
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000754 std::optional<size_t> timerCancelKey;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700755
Ed Tanous1abe55e2018-09-05 08:30:59 -0700756 bool needToCallAfterHandlers{};
757 bool needToStartReadAfterComplete{};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700758
Ed Tanous1abe55e2018-09-05 08:30:59 -0700759 std::function<std::string()>& getCachedDateStr;
760 detail::TimerQueue& timerQueue;
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000761
762 using std::enable_shared_from_this<
Ed Tanous52cc1122020-07-18 13:51:21 -0700763 Connection<Adaptor, Handler>>::shared_from_this;
Ed Tanous3112a142018-11-29 15:45:10 -0800764};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700765} // namespace crow