diff options
| -rw-r--r-- | CMakeLists.txt | 3 | ||||
| -rw-r--r-- | demo-json-rpc-server.c | 494 |
2 files changed, 407 insertions, 90 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index c9c5762..97c63cb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,7 +36,8 @@ configure_file (${PROJECT_SOURCE_DIR}/config.h.in ${PROJECT_BINARY_DIR}/config.h include_directories (${PROJECT_BINARY_DIR}) # Build the executables -add_executable (demo-json-rpc-server demo-json-rpc-server.c) +add_executable (demo-json-rpc-server + demo-json-rpc-server.c http-parser/http_parser.c) target_link_libraries (demo-json-rpc-server ${project_libraries}) # The files to be installed diff --git a/demo-json-rpc-server.c b/demo-json-rpc-server.c index 77c9ca5..0cae4a0 100644 --- a/demo-json-rpc-server.c +++ b/demo-json-rpc-server.c @@ -38,9 +38,7 @@ #include <jansson.h> #include <magic.h> -// FIXME: don't include the implementation, include the header and compile -// the implementation separately -#include "http-parser/http_parser.c" +#include "http-parser/http_parser.h" // --- Extensions to liberty --------------------------------------------------- @@ -129,6 +127,17 @@ tolower_ascii_strxfrm (char *dest, const char *src, size_t n) return len; } +static int +strcasecmp_ascii (const char *a, const char *b) +{ + while (*a && *b) + if (tolower_ascii (*a) != tolower_ascii (*b)) + break; + return *a - *b; +} + +// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + static void base64_encode (const void *data, size_t len, struct str *output) { @@ -169,6 +178,211 @@ base64_encode (const void *data, size_t len, struct str *output) } } +// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +// Basic tokenizer for HTTP headers, to be used in various parsers. +// The input should already be unwrapped. + +enum http_tokenizer_field +{ + HTTP_T_EOF, ///< Input error + HTTP_T_ERROR, ///< End of input + + HTTP_T_TOKEN, ///< "token" + HTTP_T_QUOTED_STRING, ///< "quoted-string" + HTTP_T_SEPARATOR ///< "separators" +}; + +struct http_tokenizer +{ + const char *input; ///< The input string + size_t input_len; ///< Length of the input + size_t offset; ///< Position in the input + + char separator; ///< The separator character + struct str string; ///< "token" / "quoted-string" content +}; + +static void +http_tokenizer_init (struct http_tokenizer *self, const char *input) +{ + memset (self, 0, sizeof *self); + self->input = input; + self->input_len = strlen (input); + + str_init (&self->string); +} + +static void +http_tokenizer_free (struct http_tokenizer *self) +{ + str_free (&self->string); +} + +static bool +http_tokenizer_is_ctl (int c) +{ + return (c >= 0 && c <= 31) || c == 127; +} + +static bool +http_tokenizer_is_char (int c) +{ + return c >= 0 && c <= 127; +} + +static enum http_tokenizer_field +http_tokenizer_quoted_string (struct http_tokenizer *self) +{ + bool quoted_pair = false; + while (self->offset < self->input_len) + { + int c = self->input[self->offset++]; + if (quoted_pair) + { + if (!http_tokenizer_is_char (c)) + return HTTP_T_ERROR; + + str_append_c (&self->string, c); + quoted_pair = false; + } + else if (c == '\\') + quoted_pair = true; + else if (c == '"') + return HTTP_T_QUOTED_STRING; + else if (http_tokenizer_is_ctl (c)) + return HTTP_T_ERROR; + else + str_append_c (&self->string, c); + } + + // Premature end of input + return HTTP_T_ERROR; +} + +static enum http_tokenizer_field +http_tokenizer_next (struct http_tokenizer *self, bool skip_lws) +{ + const char *separators = "()<>@.;:\\\"/[]?={} \t"; + + str_reset (&self->string); + if (self->offset >= self->input_len) + return HTTP_T_EOF; + + int c = self->input[self->offset++]; + + if (skip_lws) + while (c == ' ' || c == '\t') + { + if (self->offset >= self->input_len) + return HTTP_T_EOF; + c = self->input[self->offset++]; + } + + if (c == '"') + return http_tokenizer_quoted_string (self); + + if (strchr (separators, c)) + { + self->separator = c; + return HTTP_T_SEPARATOR; + } + + if (!http_tokenizer_is_char (c) + || http_tokenizer_is_ctl (c)) + return HTTP_T_ERROR; + + str_append_c (&self->string, c); + while (self->offset < self->input_len) + { + c = self->input[self->offset]; + if (!http_tokenizer_is_char (c) + || http_tokenizer_is_ctl (c) + || strchr (separators, c)) + break; + + str_append_c (&self->string, c); + self->offset++; + } + return HTTP_T_TOKEN; +} + +// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +static bool +http_parse_media_type_parameter + (struct http_tokenizer *t, struct str_map *parameters) +{ + bool result = false; + char *attribute = NULL; + + if (http_tokenizer_next (t, true) != HTTP_T_TOKEN) + goto end; + attribute = xstrdup (t->string.str); + + if (http_tokenizer_next (t, false) != HTTP_T_SEPARATOR + || t->separator != '=') + goto end; + + switch (http_tokenizer_next (t, false)) + { + case HTTP_T_TOKEN: + case HTTP_T_QUOTED_STRING: + str_map_set (parameters, attribute, xstrdup (t->string.str)); + result = true; + default: + break; + } + +end: + free (attribute); + return result; +} + +/// Parser for Accept and Content-Type. @a type and @a subtype may be non-NULL +/// even if the function fails. @a parameters should be case-insensitive. +static bool +http_parse_media_type (const char *media_type, + char **type, char **subtype, struct str_map *parameters) +{ + // The parsing is strict wrt. LWS as per RFC 2616 section 3.7 + + bool result = false; + struct http_tokenizer t; + http_tokenizer_init (&t, media_type); + + if (http_tokenizer_next (&t, true) != HTTP_T_TOKEN) + goto end; + *type = xstrdup (t.string.str); + + if (http_tokenizer_next (&t, false) != HTTP_T_SEPARATOR + || t.separator != '/') + goto end; + + if (http_tokenizer_next (&t, false) != HTTP_T_TOKEN) + goto end; + *subtype = xstrdup (t.string.str); + + while (true) + switch (http_tokenizer_next (&t, true)) + { + case HTTP_T_SEPARATOR: + if (t.separator != ';') + goto end; + if (!http_parse_media_type_parameter (&t, parameters)) + goto end; + break; + case HTTP_T_EOF: + result = true; + default: + goto end; + } + +end: + http_tokenizer_free (&t); + return result; +} + // --- libev helpers ----------------------------------------------------------- static bool @@ -1065,10 +1279,11 @@ scgi_parser_push (struct scgi_parser *self, #define WS_GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11" -#define SEC_WS_KEY "Sec-WebSocket-Key" -#define SEC_WS_ACCEPT "Sec-WebSocket-Accept" -#define SEC_WS_PROTOCOL "Sec-WebSocket-Protocol" -#define SEC_WS_VERSION "Sec-WebSocket-Version" +#define SEC_WS_KEY "Sec-WebSocket-Key" +#define SEC_WS_ACCEPT "Sec-WebSocket-Accept" +#define SEC_WS_PROTOCOL "Sec-WebSocket-Protocol" +#define SEC_WS_EXTENSIONS "Sec-WebSocket-Extensions" +#define SEC_WS_VERSION "Sec-WebSocket-Version" #define WS_MAX_CONTROL_PAYLOAD_LEN 125 @@ -1290,10 +1505,6 @@ ws_parser_push (struct ws_parser *self, const void *data, size_t len) } } -// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -// TODO: something to build frames for data - // - - Server handler - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // WebSockets aren't CGI-compatible, therefore we must handle the initial HTTP @@ -1304,7 +1515,8 @@ ws_parser_push (struct ws_parser *self, const void *data, size_t len) enum ws_handler_state { WS_HANDLER_HANDSHAKE, ///< Parsing HTTP - WS_HANDLER_WEBSOCKETS ///< Parsing WebSockets frames + WS_HANDLER_OPEN, ///< Parsing WebSockets frames + WS_HANDLER_CLOSING ///< Closing the connection }; struct ws_handler @@ -1327,7 +1539,7 @@ struct ws_handler unsigned ping_interval; ///< Ping interval in seconds uint64_t max_payload_len; ///< Maximum length of any message - // TODO: bool closing; // XXX: rather a { OPEN, CLOSING } state? + // TODO: handshake_timeout // TODO: a close timer // TODO: a ping timer (when no pong is received by the second time the @@ -1361,8 +1573,8 @@ struct ws_handler }; static void -ws_handler_send_control (struct ws_handler *self, enum ws_opcode opcode, - const void *data, size_t len) +ws_handler_send_control (struct ws_handler *self, + enum ws_opcode opcode, const void *data, size_t len) { if (len > WS_MAX_CONTROL_PAYLOAD_LEN) { @@ -1392,6 +1604,33 @@ ws_handler_fail (struct ws_handler *self, enum ws_status reason) // ignore frames up to a corresponding close from the client. // Read the RFC once again to see if we can really process the frames. +// TODO: add support for fragmented responses +static void +ws_handler_send (struct ws_handler *self, + enum ws_opcode opcode, const void *data, size_t len) +{ + struct str header; + str_init (&header); + str_pack_u8 (&header, 0x80 | (opcode & 0x0F)); + + if (len > UINT16_MAX) + { + str_pack_u8 (&header, 127); + str_pack_u64 (&header, len); + } + else if (len > 125) + { + str_pack_u8 (&header, 126); + str_pack_u16 (&header, len); + } + else + str_pack_u8 (&header, len); + + self->write_cb (self->user_data, header.str, header.len); + self->write_cb (self->user_data, data, len); + str_free (&header); +} + static bool ws_handler_on_frame_header (void *user_data, const struct ws_parser *parser) { @@ -1529,9 +1768,19 @@ ws_handler_free (struct ws_handler *self) static void ws_handler_on_header_read (struct ws_handler *self) { - // TODO: some headers can appear more than once, concatenate their values; - // for example "Sec-WebSocket-Version" - str_map_set (&self->headers, self->field.str, self->value.str); + const char *field = self->field.str; + bool can_concat = + !strcasecmp_ascii (field, SEC_WS_PROTOCOL) || + !strcasecmp_ascii (field, SEC_WS_EXTENSIONS); + + const char *current = str_map_find (&self->headers, field); + if (can_concat && current) + str_map_set (&self->headers, field, + xstrdup_printf ("%s, %s", current, self->value.str)); + else + // If the field cannot be concatenated, just overwrite the last value. + // Maybe we should issue a warning or something. + str_map_set (&self->headers, field, xstrdup (self->value.str)); } static int @@ -1576,48 +1825,104 @@ ws_handler_on_url (http_parser *parser, const char *at, size_t len) return 0; } +#define HTTP_101_SWITCHING_PROTOCOLS "101 Switching Protocols" +#define HTTP_400_BAD_REQUEST "400 Bad Request" +#define HTTP_405_METHOD_NOT_ALLOWED "405 Method Not Allowed" +#define HTTP_505_VERSION_NOT_SUPPORTED "505 HTTP Version Not Supported" + +static void +ws_handler_http_responsev (struct ws_handler *self, + const char *status, char *const *fields) +{ + hard_assert (status != NULL); + + struct str response; + str_init (&response); + str_append_printf (&response, "HTTP/1.1 %s\r\n", status); + + while (*fields) + str_append_printf (&response, "%s\r\n", *fields++); + + str_append (&response, "Server: " + PROGRAM_NAME "/" PROGRAM_VERSION "\r\n\r\n"); + self->write_cb (self->user_data, response.str, response.len); + str_free (&response); +} + +static void +ws_handler_http_response (struct ws_handler *self, const char *status, ...) +{ + struct str_vector v; + str_vector_init (&v); + + va_list ap; + va_start (ap, status); + + const char *s; + while ((s = va_arg (ap, const char *))) + str_vector_add (&v, s); + + va_end (ap); + + ws_handler_http_responsev (self, status, v.vector); + str_vector_free (&v); +} + +#define FAIL_HANDSHAKE(status, ...) \ + BLOCK_START \ + ws_handler_http_response (self, (status), __VA_ARGS__); \ + return false; \ + BLOCK_END + static bool ws_handler_finish_handshake (struct ws_handler *self) { - // TODO: probably factor this block out into its own function - // TODO: check if everything seems to be right - if (self->hp.method != HTTP_GET - || self->hp.http_major != 1 - || self->hp.http_minor != 1) - ; // TODO: error (maybe send a frame depending on conditions) - // ...mostly just 400 Bad Request + if (self->hp.http_major != 1 || self->hp.http_minor != 1) + FAIL_HANDSHAKE (HTTP_505_VERSION_NOT_SUPPORTED, NULL); + if (self->hp.method != HTTP_GET) + FAIL_HANDSHAKE (HTTP_405_METHOD_NOT_ALLOWED, "Allow: GET", NULL); - const char *upgrade = str_map_find (&self->headers, "Upgrade"); + // Reject weird URLs specifying the schema and the host + struct http_parser_url url; + if (http_parser_parse_url (self->url.str, self->url.len, false, &url) + || (url.field_set & (1 << UF_SCHEMA | 1 << UF_HOST | 1 << UF_PORT))) + FAIL_HANDSHAKE (HTTP_400_BAD_REQUEST, NULL); + const char *upgrade = str_map_find (&self->headers, "Upgrade"); + // TODO: we should ideally check that this is a 16-byte base64-encoded value const char *key = str_map_find (&self->headers, SEC_WS_KEY); const char *version = str_map_find (&self->headers, SEC_WS_VERSION); const char *protocol = str_map_find (&self->headers, SEC_WS_PROTOCOL); - if (!upgrade || strcmp (upgrade, "websocket") - || !version || strcmp (version, "13")) - ; // TODO: error - // ... if the version doesn't match, we must send back a header indicating - // the version we do support + if (!upgrade || strcmp (upgrade, "websocket") || !version) + FAIL_HANDSHAKE (HTTP_400_BAD_REQUEST, NULL); + if (strcmp (version, "13")) + FAIL_HANDSHAKE (HTTP_400_BAD_REQUEST, SEC_WS_VERSION ": 13", NULL); - struct str response; - str_init (&response); - str_append (&response, "HTTP/1.1 101 Switching Protocols\r\n"); - str_append (&response, "Upgrade: websocket\r\n"); - str_append (&response, "Connection: Upgrade\r\n"); + struct str_vector fields; + str_vector_init (&fields); - // TODO: prepare the rest of the headers + str_vector_add_args (&fields, + "Upgrade: websocket", + "Connection: Upgrade", + NULL); - // TODO: we should ideally check that this is a 16-byte base64-encoded value char *response_key = ws_encode_response_key (key); - str_append_printf (&response, SEC_WS_ACCEPT ": %s\r\n", response_key); + str_vector_add_owned (&fields, + xstrdup_printf (SEC_WS_ACCEPT ": %s", response_key)); free (response_key); - str_append (&response, "\r\n"); - self->write_cb (self->user_data, response.str, response.len); - str_free (&response); + // TODO: check and set Sec-Websocket-{Extensions,Protocol} + + ws_handler_http_responsev (self, + HTTP_101_SWITCHING_PROTOCOLS, fields.vector); + + str_vector_free (&fields); // XXX: maybe we should start it earlier so that the handshake can // timeout as well. ws_handler_connected()? + // + // But it should rather be named "connect_timer" ev_timer_start (EV_DEFAULT_ &self->ping_timer); return true; } @@ -1625,8 +1930,13 @@ ws_handler_finish_handshake (struct ws_handler *self) static bool ws_handler_push (struct ws_handler *self, const void *data, size_t len) { - if (self->state == WS_HANDLER_WEBSOCKETS) + if (self->state != WS_HANDLER_HANDSHAKE) + { + // TODO: handle the case of len == 0: + // OPEN: "on_close" WS_STATUS_ABNORMAL + // CLOSING: just close the connection return ws_parser_push (&self->parser, data, len); + } // The handshake hasn't been done yet, process HTTP headers static const http_parser_settings http_settings = @@ -1637,33 +1947,37 @@ ws_handler_push (struct ws_handler *self, const void *data, size_t len) .on_url = ws_handler_on_url, }; + // NOTE: the HTTP parser unfolds values and removes preceeding whitespace, + // but otherwise doesn't touch the values or the following whitespace; + // we might want to strip at least the trailing whitespace size_t n_parsed = http_parser_execute (&self->hp, &http_settings, data, len); if (self->hp.upgrade) { + // The handshake hasn't been finished, yet there is more data + // to be processed after the headers already if (len - n_parsed) - { - // TODO: error: the handshake hasn't been finished, yet there - // is more data to process after the headers - } + FAIL_HANDSHAKE (HTTP_400_BAD_REQUEST, NULL); if (!ws_handler_finish_handshake (self)) return false; - self->state = WS_HANDLER_WEBSOCKETS; + self->state = WS_HANDLER_OPEN; return true; } - if (n_parsed != len || HTTP_PARSER_ERRNO (&self->hp) != HPE_OK) + enum http_errno err = HTTP_PARSER_ERRNO (&self->hp); + if (n_parsed != len || err != HPE_OK) { - // TODO: error - // print_debug (..., http_errno_description - // (HTTP_PARSER_ERRNO (&self->hp)); - // NOTE: if == HPE_CB_headers_complete, "Upgrade" is missing - return false; - } + if (err == HPE_CB_headers_complete) + print_debug ("WS handshake failed: %s", "missing `Upgrade' field"); + else + print_debug ("WS handshake failed: %s", + http_errno_description (err)); + FAIL_HANDSHAKE (HTTP_400_BAD_REQUEST, NULL); + } return true; } @@ -1776,45 +2090,37 @@ json_rpc_response (json_t *id, json_t *result, json_t *error) // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - static bool -try_advance (const char **p, const char *text) +validate_json_rpc_content_type (const char *content_type) { - size_t len = strlen (text); - if (strncmp (*p, text, len)) - return false; + char *type = NULL; + char *subtype = NULL; - *p += len; - return true; -} + struct str_map parameters; + str_map_init (¶meters); + parameters.free = free; + parameters.key_xfrm = tolower_ascii_strxfrm; -static bool -validate_json_rpc_content_type (const char *type) -{ - const char *content_types[] = - { - "application/json-rpc", // obsolete - "application/json" - }; - const char *tails[] = - { - "; charset=utf-8", - "; charset=UTF-8", - "" - }; + bool result = http_parse_media_type + (content_type, &type, &subtype, ¶meters); + if (!result) + goto end; - bool found = false; - for (size_t i = 0; i < N_ELEMENTS (content_types); i++) - if ((found = try_advance (&type, content_types[i]))) - break; - if (!found) - return false; + if (strcasecmp_ascii (type, "application") + || (strcasecmp_ascii (subtype, "json") && + strcasecmp_ascii (subtype, "json-rpc" /* obsolete */))) + result = false; - for (size_t i = 0; i < N_ELEMENTS (tails); i++) - if ((found = try_advance (&type, tails[i]))) - break; - if (!found) - return false; + const char *charset = str_map_find (¶meters, "charset"); + if (charset && strcasecmp_ascii (charset, "UTF-8")) + result = false; + + // Currently ignoring all unknown parametrs - return !*type; +end: + free (type); + free (subtype); + str_map_free (¶meters); + return result; } // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2588,10 +2894,17 @@ client_ws_on_message (void *user_data, struct client *client = user_data; struct client_ws *self = client->impl_data; + if (type != WS_OPCODE_TEXT) + { + ws_handler_fail (&self->handler, WS_STATUS_UNACCEPTABLE); + return false; + } + struct str response; str_init (&response); process_json_rpc (client->ctx, data, len, &response); - // TODO: send the response + ws_handler_send (&self->handler, + WS_OPCODE_TEXT, response.str, response.len); str_free (&response); return true; } @@ -2607,6 +2920,9 @@ client_ws_init (struct client *client) self->handler.on_message = client_ws_on_message; self->handler.user_data = client; // TODO: configure the handler some more, e.g. regarding the protocol + + // One mebibyte seems to be a reasonable value + self->handler.max_payload_len = 1 << 10; } static void |