lib/libhttp
1
0
Fork 0
mirror of https://github.com/lammertb/libhttp.git synced 2025-12-22 04:02:04 +03:00
Code Activity

Restructure is_websocket_request (Step 3/4)

Browse Source
This commit is contained in:
bel
2016-01-09 20:46:51 +01:00
parent db2bb5f08a
commit 2e3892aa45
1 changed files with 114 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
src/civetweb.c
View File

@@ -8259,46 +8259,16 @@ SHA1Final(unsigned char digest[20], SHA1_CTX *context)
static int
send_websocket_handshake(struct mg_connection *conn)
send_websocket_handshake(struct mg_connection *conn, const char *websock_key)
{
static const char *magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
const char *protocol = NULL;
char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
SHA1_CTX sha_ctx;
int truncated;
const char *websock_key = mg_get_header(conn, "Sec-WebSocket-Key");
if (websock_key) {
/* RFC standard version:
* https://tools.ietf.org/html/rfc6455 */
/* Reply for Sec-WebSocket-Accept */
mg_snprintf(
conn, &truncated, buf, sizeof(buf), "%s%s", websock_key, magic);
} else {
/* hixie draft version:
* http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76 */
const char *key1 = mg_get_header(conn, "Sec-WebSocket-Key1");
const char *key2 = mg_get_header(conn, "Sec-WebSocket-Key2");
char key3[8];
if ((!key1) || (!key2)) {
return 0;
}
/* This version uses 8 byte body data in a GET request */
conn->content_len = 8;
if ((!key1) || (!key2) || (8 != mg_read(conn, key3, 8))) {
return 0;
}
}
const char *host = mg_get_header(conn, "Host");
if (!host) {
return 0;
}
/* Calculate Sec-WebSocket-Accept reply from Sec-WebSocket-Key. */
mg_snprintf(conn, &truncated, buf, sizeof(buf), "%s%s", websock_key, magic);
if (truncated) {
conn->must_close = 1;
return 0;
@@ -8621,6 +8591,7 @@ handle_websocket_request(struct mg_connection *conn,
mg_websocket_close_handler ws_close_handler,
void *cbData)
{
const char *websock_key = mg_get_header(conn, "Sec-WebSocket-Key");
const char *version = mg_get_header(conn, "Sec-WebSocket-Version");
int lua_websock = 0;
@@ -8629,17 +8600,55 @@ handle_websocket_request(struct mg_connection *conn,
#endif
/* Step 1: Check websocket protocol version. */
/* Step 1.1: Check Sec-WebSocket-Key. */
if (!websock_key) {
/* The RFC standard version (https://tools.ietf.org/html/rfc6455)
* requires a Sec-WebSocket-Key header.
*/
/* It could be the hixie draft version
* (http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76).
*/
const char *key1 = mg_get_header(conn, "Sec-WebSocket-Key1");
const char *key2 = mg_get_header(conn, "Sec-WebSocket-Key2");
char key3[8];
if ((key1 != NULL) && (key2 != NULL)) {
/* This version uses 8 byte body data in a GET request */
conn->content_len = 8;
if (8 == mg_read(conn, key3, 8)) {
/* This is the hixie version */
send_http_error(conn,
426,
"%s",
"Protocol upgrade to RFC 6455 required");
return;
}
}
/* This is an unknown version */
send_http_error(conn, 400, "%s", "Malformed websocket request");
return;
}
/* Step 1.2: Check websocket protocol version. */
/* The RFC version (https://tools.ietf.org/html/rfc6455) is 13. */
if (version == NULL || strcmp(version, "13") != 0) {
/* Reject wrong versions */
send_http_error(conn, 426, "%s", "Protocol upgrade required");
return;
}
/* Step 1.3: Check Host. */
const char *host = mg_get_header(conn, "Host");
if (!host) {
return 0;
}
/* Step 2: If a callback is responsible, call it. */
if (is_callback_resource) {
if (ws_connect_handler != NULL
&& ws_connect_handler(conn, cbData) != 0) {
/* C callback has returned non-zero, do not proceed with handshake.
/* C callback has returned non-zero, do not proceed with
* handshake.
*/
/* Note that C callbacks are no longer called when Lua is
* responsible, so C can no longer filter callbacks for Lua. */
@@ -8680,7 +8689,7 @@ handle_websocket_request(struct mg_connection *conn,
}
/* Step 5: The websocket connection has been accepted */
if (!send_websocket_handshake(conn)) {
if (!send_websocket_handshake(conn, websock_key)) {
send_http_error(conn, 500, "%s", "Websocket handshake failed");
return;
}
@@ -8728,7 +8737,8 @@ is_websocket_protocol(const struct mg_connection *conn)
upgrade = mg_get_header(conn, "Upgrade");
if (upgrade == NULL) {
return 0; /* fail early, don't waste time checking other header fields
return 0; /* fail early, don't waste time checking other header
* fields
*/
}
if (!mg_strcasestr(upgrade, "websocket")) {
@@ -8747,7 +8757,7 @@ is_websocket_protocol(const struct mg_connection *conn)
* "Sec-WebSocket-Version" are also required.
* Don't check them here, since even an unsupported websocket protocol
* request still IS a websocket request (in contrast to a standard HTTP
* request). It will fail later in the websocket handshake.
* request). It will fail later in handle_websocket_request.
*/
return 1;
@@ -9400,7 +9410,8 @@ handle_request(struct mg_connection *conn)
ri->local_uri, uri_len, (char *)ri->local_uri, uri_len + 1, 0);
}
/* 1.3. clean URIs, so a path like allowed_dir/../forbidden_file is not
/* 1.3. clean URIs, so a path like allowed_dir/../forbidden_file is
* not
* possible */
remove_double_dots_and_double_slashes((char *)ri->local_uri);
@@ -9451,9 +9462,11 @@ handle_request(struct mg_connection *conn)
/* request not yet handled by a handler or redirect, so the request
* is processed here */
/* 5. interpret the url to find out how the request must be handled */
/* 5. interpret the url to find out how the request must be handled
*/
/* 5.1. first test, if the request targets the regular http(s)://
* protocol namespace or the websocket ws(s):// protocol namespace. */
* protocol namespace or the websocket ws(s):// protocol namespace.
*/
is_websocket_request = is_websocket_protocol(conn);
/* 5.2. check if the request will be handled by a callback */
@@ -9465,7 +9478,8 @@ handle_request(struct mg_connection *conn)
&ws_data_handler,
&ws_close_handler,
&callback_data)) {
/* 5.2.1. A callback will handle this request. All requests handled
/* 5.2.1. A callback will handle this request. All requests
* handled
* by a callback have to be considered as requests to a script
* resource. */
is_callback_resource = 1;
@@ -9507,7 +9521,8 @@ handle_request(struct mg_connection *conn)
}
#if !defined(NO_FILES)
/* 6.1.2. Check if put authorization for static files is available.
/* 6.1.2. Check if put authorization for static files is
* available.
*/
if (!is_authorized_for_put(conn)) {
send_authorization_request(conn);
@@ -9532,15 +9547,18 @@ handle_request(struct mg_connection *conn)
if (!is_websocket_request) {
i = callback_handler(conn, callback_data);
if (i > 0) {
/* Do nothing, callback has served the request. Store the
* return value as status code for the log and discard all
/* Do nothing, callback has served the request. Store
* the
* return value as status code for the log and discard
* all
* data from the client not used by the callback. */
conn->status_code = i;
discard_unread_request_data(conn);
} else {
/* TODO (high): what if the handler did NOT handle the
* request */
/* The last version did handle this as a file request, but
/* The last version did handle this as a file request,
* but
* since a file request is not always a script resource,
* the authorization check might be different */
interpret_uri(conn,
@@ -9553,7 +9571,8 @@ handle_request(struct mg_connection *conn)
&is_put_or_delete_request);
callback_handler = NULL;
/* TODO (very low): goto is deprecated but for the moment,
/* TODO (very low): goto is deprecated but for the
* moment,
* a goto is simpler than some curious loop. */
/* The situation "callback does not handle the request"
* needs to be reconsidered anyway. */
@@ -9607,7 +9626,8 @@ handle_request(struct mg_connection *conn)
#endif
#if defined(NO_FILES)
/* 9a. In case the server uses only callbacks, this uri is unknown.
/* 9a. In case the server uses only callbacks, this uri is
* unknown.
* Then, all request handling ends here. */
send_http_error(conn, 404, "%s", "Not Found");
@@ -9751,13 +9771,15 @@ handle_file_based_request(struct mg_connection *conn,
strlen(
conn->ctx->config[LUA_SERVER_PAGE_EXTENSIONS]),
path) > 0) {
/* Lua server page: an SSI like page containing mostly plain html code
/* Lua server page: an SSI like page containing mostly plain html
* code
* plus some tags with server generated contents. */
handle_lsp_request(conn, path, file, NULL);
} else if (match_prefix(conn->ctx->config[LUA_SCRIPT_EXTENSIONS],
strlen(conn->ctx->config[LUA_SCRIPT_EXTENSIONS]),
path) > 0) {
/* Lua in-server module script: a CGI like script used to generate the
/* Lua in-server module script: a CGI like script used to generate
* the
* entire reply. */
mg_exec_lua_script(conn, path, NULL);
#endif
@@ -9839,7 +9861,8 @@ parse_port_string(const struct vec *vec, struct socket *so)
&& mg_inet_pton(
AF_INET6, buf, &so->lsa.sin6, sizeof(so->lsa.sin6))) {
/* IPv6 address, examples: see above */
/* so->lsa.sin6.sin6_family = AF_INET6; already set by mg_inet_pton */
/* so->lsa.sin6.sin6_family = AF_INET6; already set by mg_inet_pton
*/
so->lsa.sin6.sin6_port = htons((uint16_t)port);
#endif
} else if (sscanf(vec->ptr, "%u%n", &port, &len) == 1) {
@@ -9851,7 +9874,8 @@ parse_port_string(const struct vec *vec, struct socket *so)
len = 0;
}
/* sscanf and the option splitting code ensure the following condition */
/* sscanf and the option splitting code ensure the following condition
*/
if ((len < 0) && ((unsigned)len > (unsigned)vec->len)) {
return 0;
}
@@ -10163,7 +10187,8 @@ log_access(const struct mg_connection *conn)
/* Verify given socket address against the ACL.
* Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed. */
* Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
*/
static int
check_acl(struct mg_context *ctx, uint32_t remote_ip)
{
@@ -10283,7 +10308,8 @@ ssl_id_callback(void)
struct mg_workerTLS *tls =
(struct mg_workerTLS *)pthread_getspecific(sTlsKey);
if (tls == NULL) {
/* SSL called from an unknown thread: Create some thread index. */
/* SSL called from an unknown thread: Create some thread index.
*/
tls = (struct mg_workerTLS *)mg_malloc(sizeof(struct mg_workerTLS));
tls->is_master = -2; /* -2 means "3rd party thread" */
tls->thread_idx = (unsigned)mg_atomic_inc(&thread_idx_max);
@@ -10611,13 +10637,13 @@ set_ssl_option(struct mg_context *ctx)
ca_file = ctx->config[SSL_CA_FILE];
if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_path)
!= 1) {
mg_cry(
fc(ctx),
"SSL_CTX_load_verify_locations error: %s "
"ssl_verify_peer requires setting "
"either ssl_ca_path or ssl_ca_file. Is any of them present in "
"the .conf file?",
ssl_error());
mg_cry(fc(ctx),
"SSL_CTX_load_verify_locations error: %s "
"ssl_verify_peer requires setting "
"either ssl_ca_path or ssl_ca_file. Is any of them "
"present in "
"the .conf file?",
ssl_error());
return 0;
}
@@ -10768,7 +10794,8 @@ close_socket_gracefully(struct mg_connection *conn)
return;
}
/* Set linger option to avoid socket hanging out after close. This prevent
/* Set linger option to avoid socket hanging out after close. This
* prevent
* ephemeral port exhaust problem under high QPS. */
linger.l_onoff = 1;
linger.l_linger = 1;
@@ -10789,7 +10816,8 @@ close_socket_gracefully(struct mg_connection *conn)
set_non_blocking_mode(conn->client.sock);
#if defined(_WIN32)
/* Read and discard pending incoming data. If we do not do that and close
/* Read and discard pending incoming data. If we do not do that and
* close
* the socket, the data in the send buffer may be discarded. This
* behaviour is seen on Windows, when client keeps sending data
* when server decides to close the connection; then when client
@@ -10832,7 +10860,8 @@ close_connection(struct mg_connection *conn)
#ifndef NO_SSL
if (conn->ssl != NULL) {
/* Run SSL_shutdown twice to ensure completly close SSL connection */
/* Run SSL_shutdown twice to ensure completly close SSL connection
*/
SSL_shutdown(conn->ssl);
SSL_free(conn->ssl);
conn->ssl = NULL;
@@ -10963,10 +10992,12 @@ mg_connect_client_impl(const struct mg_client_options *client_options,
/* TODO: Check ssl_verify_peer and ssl_ca_path here.
SSL_CTX_set_verify call is needed to switch off server
* certificate checking, which is off by default in OpenSSL and on
* certificate checking, which is off by default in OpenSSL and
on
* in yaSSL. */
// TODO: SSL_CTX_set_verify(conn->client_ssl_ctx, SSL_VERIFY_PEER,
// TODO: SSL_CTX_set_verify(conn->client_ssl_ctx,
// SSL_VERIFY_PEER,
// verify_ssl_server);
if (client_options->client_cert) {
@@ -11120,7 +11151,8 @@ get_rel_url_at_current_server(const char *uri, const struct mg_connection *conn)
char *hostend = NULL;
char *portbegin, *portend;
/* DNS is case insensitive, so use case insensitive string compare here */
/* DNS is case insensitive, so use case insensitive string compare here
*/
domain = conn->ctx->config[AUTHENTICATION_DOMAIN];
if (!domain) {
return 0;
@@ -11203,7 +11235,8 @@ getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len, int *err)
conn->request_len =
read_request(NULL, conn, conn->buf, conn->buf_size, &conn->data_len);
/* assert(conn->request_len < 0 || conn->data_len >= conn->request_len); */
/* assert(conn->request_len < 0 || conn->data_len >= conn->request_len);
*/
if (conn->request_len >= 0 && conn->data_len < conn->request_len) {
mg_snprintf(conn,
NULL, /* No truncation check for ebuf */
@@ -11626,10 +11659,12 @@ process_new_connection(struct mg_connection *conn)
ri->remote_user = NULL;
}
/* NOTE(lsm): order is important here. should_keep_alive() call is
/* NOTE(lsm): order is important here. should_keep_alive() call
* is
* using parsed request, which will be invalid after memmove's
* below.
* Therefore, memorize should_keep_alive() result now for later use
* Therefore, memorize should_keep_alive() result now for later
* use
* in loop exit condition. */
keep_alive = conn->ctx->stop_flag == 0 && keep_alive_enabled
&& conn->content_len >= 0 && should_keep_alive(conn);
@@ -11731,7 +11766,8 @@ worker_thread_run(void *thread_func_param)
conn->ctx = ctx;
conn->request_info.user_data = ctx->user_data;
/* Allocate a mutex for this connection to allow communication both
* within the request handler and from elsewhere in the application */
* within the request handler and from elsewhere in the application
*/
(void)pthread_mutex_init(&conn->mutex, &pthread_mutex_attr);
/* Call consume_socket() even when ctx->stop_flag > 0, to let it
@@ -11879,9 +11915,11 @@ accept_new_connection(const struct socket *listener, struct mg_context *ctx)
strerror(ERRNO));
}
/* Set TCP keep-alive. This is needed because if HTTP-level keep-alive
/* Set TCP keep-alive. This is needed because if HTTP-level
* keep-alive
* is enabled, and client resets the connection, server won't get
* TCP FIN or RST and will keep the connection open forever. With TCP
* TCP FIN or RST and will keep the connection open forever. With
* TCP
* keep-alive, next keep-alive handshake will figure out that the
* client is down and will close the server end.
* Thanks to Igor Klopov who suggested the patch. */
@@ -12052,7 +12090,8 @@ free_context(struct mg_context *ctx)
ctx->callbacks.exit_context(ctx);
}
/* All threads exited, no sync is needed. Destroy thread mutex and condvars
/* All threads exited, no sync is needed. Destroy thread mutex and
* condvars
*/
(void)pthread_mutex_destroy(&ctx->thread_mutex);
(void)pthread_cond_destroy(&ctx->thread_cond);
@@ -12233,7 +12272,8 @@ mg_start(const struct mg_callbacks *callbacks,
#endif
if (0 != pthread_key_create(&sTlsKey, tls_dtor)) {
/* Fatal error - abort start. However, this situation should never
/* Fatal error - abort start. However, this situation should
* never
* occur in practice. */
mg_atomic_dec(&sTlsInit);
mg_cry(fc(ctx), "Cannot initialize thread local storage");