Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 0f3d3a01aed4040ef73a977a958ecdf4f68111f6 / . / http / websocket.hpp
blob: 06f35d1fbcda798f81cf43d6656b19a5b14f4f94 [file] [log] [blame]
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]1#pragma once
Ed Tanous04e438c2020-10-03 08:06:26 -0700[diff] [blame]2#include "http_request.hpp"
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]3
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +0200[diff] [blame]4#include <async_resp.hpp>
Ed Tanous911ac312017-08-15 09:37:42 -0700[diff] [blame]5#include <boost/algorithm/string/predicate.hpp>
Ed Tanous609145a2018-09-05 16:27:36 -0700[diff] [blame]6#include <boost/asio/buffer.hpp>
Ed Tanous1b0044b2018-08-03 14:30:05 -0700[diff] [blame]7#include <boost/beast/websocket.hpp>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]8
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]9#include <array>
10#include <functional>
Ed Tanous1b0044b2018-08-03 14:30:05 -0700[diff] [blame]11
12#ifdef BMCWEB_ENABLE_SSL
13#include <boost/beast/websocket/ssl.hpp>
14#endif
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]15
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]16namespace crow
17{
18namespace websocket
19{
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +0200[diff] [blame]20
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]21struct Connection : std::enable_shared_from_this<Connection>
22{
23 public:
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000[diff] [blame]24 explicit Connection(const crow::Request& reqIn) :
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]25 req(reqIn.req), userdataPtr(nullptr)
26 {}
Ed Tanous911ac312017-08-15 09:37:42 -0700[diff] [blame]27
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +0100[diff] [blame]28 explicit Connection(const crow::Request& reqIn, std::string user) :
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]29 req(reqIn.req), userName{std::move(user)}, userdataPtr(nullptr)
30 {}
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +0100[diff] [blame]31
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]32 virtual void sendBinary(const std::string_view msg) = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]33 virtual void sendBinary(std::string&& msg) = 0;
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]34 virtual void sendText(const std::string_view msg) = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]35 virtual void sendText(std::string&& msg) = 0;
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]36 virtual void close(const std::string_view msg = "quit") = 0;
Ed Tanous2c70f802020-09-28 14:29:23 -0700[diff] [blame]37 virtual boost::asio::io_context& getIoContext() = 0;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]38 virtual ~Connection() = default;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]39
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]40 void userdata(void* u)
41 {
42 userdataPtr = u;
43 }
44 void* userdata()
45 {
46 return userdataPtr;
47 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]48
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +0100[diff] [blame]49 const std::string& getUserName() const
50 {
51 return userName;
52 }
53
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000[diff] [blame]54 boost::beast::http::request<boost::beast::http::string_body> req;
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +0200[diff] [blame]55 crow::Response res;
Ed Tanous911ac312017-08-15 09:37:42 -0700[diff] [blame]56
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]57 private:
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +0100[diff] [blame]58 std::string userName{};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]59 void* userdataPtr;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]60};
61
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]62template <typename Adaptor>
63class ConnectionImpl : public Connection
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]64{
65 public:
66 ConnectionImpl(
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000[diff] [blame]67 const crow::Request& reqIn, Adaptor adaptorIn,
zhanghch050f3d3a02021-10-21 14:07:57 +0800[diff] [blame^]68 std::function<void(Connection&)> openHandler,
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]69 std::function<void(Connection&, const std::string&, bool)>
Ed Tanous81ce6092020-12-17 16:54:55 +0000[diff] [blame]70 messageHandler,
71 std::function<void(Connection&, const std::string&)> closeHandler,
72 std::function<void(Connection&)> errorHandler) :
Przemyslaw Czarnowski250b0eb2020-02-24 10:23:56 +0100[diff] [blame]73 Connection(reqIn, reqIn.session->username),
Adriana Kobylak69664cf2019-03-12 10:49:48 -0500[diff] [blame]74 ws(std::move(adaptorIn)), inString(), inBuffer(inString, 131088),
Ed Tanous81ce6092020-12-17 16:54:55 +0000[diff] [blame]75 openHandler(std::move(openHandler)),
76 messageHandler(std::move(messageHandler)),
77 closeHandler(std::move(closeHandler)),
78 errorHandler(std::move(errorHandler)), session(reqIn.session)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]79 {
dhineskumare02bdd962021-07-08 16:06:49 +0530[diff] [blame]80 /* Turn on the timeouts on websocket stream to server role */
81 ws.set_option(boost::beast::websocket::stream_base::timeout::suggested(
82 boost::beast::role_type::server));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]83 BMCWEB_LOG_DEBUG << "Creating new connection " << this;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]84 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]85
Ed Tanous2c70f802020-09-28 14:29:23 -0700[diff] [blame]86 boost::asio::io_context& getIoContext() override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]87 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]88 return static_cast<boost::asio::io_context&>(
89 ws.get_executor().context());
Ed Tanous911ac312017-08-15 09:37:42 -0700[diff] [blame]90 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]91
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]92 void start()
93 {
94 BMCWEB_LOG_DEBUG << "starting connection " << this;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]95
Ed Tanousfe5b2162019-05-22 14:28:16 -0700[diff] [blame]96 using bf = boost::beast::http::field;
97
Jan Sowinskiee52ae12020-01-09 16:28:32 +0000[diff] [blame]98 std::string_view protocol = req[bf::sec_websocket_protocol];
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]99
Ed Tanousd4d77e32020-08-18 00:07:28 -0700[diff] [blame]100 ws.set_option(boost::beast::websocket::stream_base::decorator(
James Feistf8aa3d22020-04-08 18:32:33 -0700[diff] [blame]101 [session{session}, protocol{std::string(protocol)}](
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]102 boost::beast::websocket::response_type& m) {
James Feistf8aa3d22020-04-08 18:32:33 -0700[diff] [blame]103
104#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION
Ed Tanousa90daf12021-01-15 14:18:01 -0800[diff] [blame]105 if (session != nullptr)
James Feistf8aa3d22020-04-08 18:32:33 -0700[diff] [blame]106 {
Ed Tanousa90daf12021-01-15 14:18:01 -0800[diff] [blame]107 // use protocol for csrf checking
108 if (session->cookieAuth &&
109 !crow::utility::constantTimeStringCompare(
110 protocol, session->csrfToken))
111 {
112 BMCWEB_LOG_ERROR << "Websocket CSRF error";
113 m.result(boost::beast::http::status::unauthorized);
114 return;
115 }
James Feistf8aa3d22020-04-08 18:32:33 -0700[diff] [blame]116 }
117#endif
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]118 if (!protocol.empty())
119 {
Ed Tanousfe5b2162019-05-22 14:28:16 -0700[diff] [blame]120 m.insert(bf::sec_websocket_protocol, protocol);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]121 }
Ed Tanousfe5b2162019-05-22 14:28:16 -0700[diff] [blame]122
123 m.insert(bf::strict_transport_security, "max-age=31536000; "
124 "includeSubdomains; "
125 "preload");
126 m.insert(bf::pragma, "no-cache");
127 m.insert(bf::cache_control, "no-Store,no-Cache");
128 m.insert("Content-Security-Policy", "default-src 'self'");
129 m.insert("X-XSS-Protection", "1; "
130 "mode=block");
131 m.insert("X-Content-Type-Options", "nosniff");
Ed Tanousd4d77e32020-08-18 00:07:28 -0700[diff] [blame]132 }));
133
134 // Perform the websocket upgrade
135 ws.async_accept(req, [this, self(shared_from_this())](
136 boost::system::error_code ec) {
137 if (ec)
138 {
139 BMCWEB_LOG_ERROR << "Error in ws.async_accept " << ec;
140 return;
141 }
142 acceptDone();
143 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]144 }
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]145
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]146 void sendBinary(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]147 {
148 ws.binary(true);
149 outBuffer.emplace_back(msg);
150 doWrite();
151 }
152
153 void sendBinary(std::string&& msg) override
154 {
155 ws.binary(true);
156 outBuffer.emplace_back(std::move(msg));
157 doWrite();
158 }
159
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]160 void sendText(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]161 {
162 ws.text(true);
163 outBuffer.emplace_back(msg);
164 doWrite();
165 }
166
167 void sendText(std::string&& msg) override
168 {
169 ws.text(true);
170 outBuffer.emplace_back(std::move(msg));
171 doWrite();
172 }
173
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]174 void close(const std::string_view msg) override
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]175 {
176 ws.async_close(
Wludzik, Jozeff6a0d632020-07-16 15:16:02 +0200[diff] [blame]177 {boost::beast::websocket::close_code::normal, msg},
Ed Tanous43b761d2019-02-13 20:10:56 -0800[diff] [blame]178 [self(shared_from_this())](boost::system::error_code ec) {
Ed Tanousceac6f72018-12-02 11:58:47 -0800[diff] [blame]179 if (ec == boost::asio::error::operation_aborted)
180 {
181 return;
182 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]183 if (ec)
184 {
185 BMCWEB_LOG_ERROR << "Error closing websocket " << ec;
186 return;
187 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]188 });
189 }
190
191 void acceptDone()
192 {
193 BMCWEB_LOG_DEBUG << "Websocket accepted connection";
194
zhanghch0591995f32021-10-20 18:43:55 +0800[diff] [blame]195 doRead();
Iwona Klimaszewskac0a1c8a2019-07-12 18:26:38 +0200[diff] [blame]196
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]197 if (openHandler)
198 {
zhanghch050f3d3a02021-10-21 14:07:57 +0800[diff] [blame^]199 openHandler(*this);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]200 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]201 }
202
203 void doRead()
204 {
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]205 ws.async_read(inBuffer,
206 [this, self(shared_from_this())](
Ed Tanous81ce6092020-12-17 16:54:55 +0000[diff] [blame]207 boost::beast::error_code ec, std::size_t bytesRead) {
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]208 if (ec)
209 {
210 if (ec != boost::beast::websocket::error::closed)
211 {
212 BMCWEB_LOG_ERROR << "doRead error " << ec;
213 }
214 if (closeHandler)
215 {
216 std::string_view reason = ws.reason().reason;
217 closeHandler(*this, std::string(reason));
218 }
219 return;
220 }
221 if (messageHandler)
222 {
223 messageHandler(*this, inString, ws.got_text());
224 }
Ed Tanous81ce6092020-12-17 16:54:55 +0000[diff] [blame]225 inBuffer.consume(bytesRead);
Adriana Kobylakae29b8c2019-04-24 11:19:18 -0500[diff] [blame]226 inString.clear();
227 doRead();
228 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]229 }
230
231 void doWrite()
232 {
233 // If we're already doing a write, ignore the request, it will be picked
234 // up when the current write is complete
235 if (doingWrite)
236 {
237 return;
238 }
239
240 if (outBuffer.empty())
241 {
242 // Done for now
243 return;
244 }
245 doingWrite = true;
Ed Tanouscb13a392020-07-25 19:02:03 +0000[diff] [blame]246 ws.async_write(boost::asio::buffer(outBuffer.front()),
247 [this, self(shared_from_this())](
248 boost::beast::error_code ec, std::size_t) {
249 doingWrite = false;
250 outBuffer.erase(outBuffer.begin());
251 if (ec == boost::beast::websocket::error::closed)
252 {
253 // Do nothing here. doRead handler will call the
254 // closeHandler.
255 close("Write error");
256 return;
257 }
258 if (ec)
259 {
260 BMCWEB_LOG_ERROR << "Error in ws.async_write "
261 << ec;
262 return;
263 }
264 doWrite();
265 });
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]266 }
267
268 private:
Ed Tanous2aee6ca2021-02-01 09:52:17 -0800[diff] [blame]269 boost::beast::websocket::stream<Adaptor, false> ws;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]270
Ed Tanous609145a2018-09-05 16:27:36 -0700[diff] [blame]271 std::string inString;
272 boost::asio::dynamic_string_buffer<std::string::value_type,
273 std::string::traits_type,
274 std::string::allocator_type>
275 inBuffer;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]276 std::vector<std::string> outBuffer;
277 bool doingWrite = false;
278
zhanghch050f3d3a02021-10-21 14:07:57 +0800[diff] [blame^]279 std::function<void(Connection&)> openHandler;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]280 std::function<void(Connection&, const std::string&, bool)> messageHandler;
281 std::function<void(Connection&, const std::string&)> closeHandler;
282 std::function<void(Connection&)> errorHandler;
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]283 std::shared_ptr<persistent_data::UserSession> session;
Ed Tanous7045c8d2017-04-03 10:04:37 -0700[diff] [blame]284};
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]285} // namespace websocket
286} // namespace crow