1 // Copyright 2021 Ian Jackson and contributors to Hippotat
2 // SPDX-License-Identifier: GPL-3.0-or-later
3 // There is NO WARRANTY.
5 use hippotat::prelude::*;
7 #[derive(StructOpt,Debug)]
16 const METADATA_MAX_LEN: usize = MAX_OVERHEAD;
18 type AllClients = HashMap<ClientName, ClientHandles>;
20 struct ClientHandles {
21 ic: Arc<InstanceConfig>,
22 web: tokio::sync::mpsc::Sender<WebRequest>,
25 /// Sent from hyper worker pool task to client task
26 #[allow(dead_code)] // xxx
29 // initial part of body
30 // used up to and including first 2 lines of metadata
31 // end delimiter for the metadata not yet located, but in here somewhere
33 initial_remaining: usize,
35 body: hyper::body::Body,
36 boundary_finder: multipart::BoundaryFinder,
37 reply_to: tokio::sync::oneshot::Sender<WebResponse>,
41 /// Reply from client task to hyper worker pool task
42 #[allow(dead_code)] // xxx
46 data: Result<WebResponseData, AE>,
49 type WebResponseData = ();
52 all_clients: Arc<AllClients>,
53 req: hyper::Request<hyper::Body>
54 ) -> Result<hyper::Response<hyper::Body>, Void> {
55 if req.method() == Method::GET {
56 let mut resp = hyper::Response::new(hyper::Body::from("hippotat\r\n"));
57 resp.headers_mut().insert(
59 "text/plain; charset=US-ASCII".try_into().unwrap()
64 let mut warnings: Warnings = default();
68 let get_header = |hn: &str| {
69 let mut values = req.headers().get_all(hn).iter();
70 let v = values.next().ok_or_else(|| anyhow!("missing {}", hn))?;
71 if values.next().is_some() { throw!(anyhow!("multiple {}!", hn)); }
72 let v = v.to_str().context(anyhow!("interpret {} as UTF-8", hn))?;
76 let mkboundary = |b: &'_ _| format!("\n--{}", b).into_bytes();
77 let boundary = match (||{
78 let t = get_header("Content-Type")?;
79 let t: mime::Mime = t.parse().context("parse Content-Type")?;
80 if t.type_() != "multipart" { throw!(anyhow!("not multipart/")) }
81 let b = mime::BOUNDARY;
82 let b = t.get_param(b).ok_or_else(|| anyhow!("missing boundary=..."))?;
83 if t.subtype() != "form-data" {
84 warnings.add(&"Content-Type not /form-data")?;
86 let b = mkboundary(b.as_str());
91 warnings.add(&e.wrap_err("guessing boundary"))?;
96 let length_hint: usize = (||{
97 let clength = get_header("Content-Length")?;
98 let clength = clength.parse().context("parse Content-Length")?;
101 |e| { let _ = warnings.add(&e.wrap_err("parsing Content-Length")); 0 }
104 let mut body = req.into_body();
105 let initial = match read_limited_bytes(
106 METADATA_MAX_LEN, default(), length_hint, &mut body
109 Err(ReadLimitedError::Truncated { sofar,.. }) => sofar,
110 Err(ReadLimitedError::Hyper(e)) => throw!(e),
113 let boundary_finder = memmem::Finder::new(&boundary);
114 let mut boundary_iter = boundary_finder.find_iter(&initial);
116 let start = if initial.starts_with(&boundary[1..]) { boundary.len()-1 }
117 else if let Some(start) = boundary_iter.next() { start + boundary.len() }
118 else { throw!(anyhow!("initial boundary not found")) };
120 let comp = multipart::process_boundary
121 (&mut warnings, &initial[start..], PartName::m)?
122 .ok_or_else(|| anyhow!(r#"no "m" component"#))?;
124 if comp.name != PartName::m { throw!(anyhow!(
125 r#"first multipart component must be name="m""#
128 let mut meta = MetadataFieldIterator::new(comp.payload);
130 let client: ClientName = meta.need_parse().context("client addr")?;
132 let mut hmac_got = [0; HMAC_L];
133 let (client_time, hmac_got_l) = (||{
134 let token: &str = meta.need_next().context(r#"find in "m""#)?;
135 let (time_t, hmac_b64) = token.split_once(' ')
136 .ok_or_else(|| anyhow!("split"))?;
137 let time_t = u64::from_str_radix(time_t, 16).context("parse time_t")?;
139 &mut base64::read::DecoderReader::new(&mut hmac_b64.as_bytes(),
141 &mut &mut hmac_got[..]
142 ).context("parse b64 token")?;
143 let l = l.try_into()?;
144 Ok::<_,AE>((time_t, l))
145 })().context("token")?;
146 let hmac_got = &hmac_got[0..hmac_got_l];
148 let client = all_clients.get(&client);
150 // We attempt to hide whether the client exists we don't try to
151 // hide the hash lookup computationgs, but we do try to hide the
152 // HMAC computation by always doing it. We hope that the compiler
153 // doesn't produce a specialised implementation for the dummy
155 let client_exists = subtle::Choice::from(client.is_some() as u8);
156 let secret = client.map(|c| c.ic.secret.0.as_bytes());
157 let secret = secret.unwrap_or(&[0x55; HMAC_B][..]);
158 let client_time_s = format!("{:x}", client_time);
159 let hmac_exp = token_hmac(secret, client_time_s.as_bytes());
160 // We also definitely want a consttime memeq for the hmac value
161 let hmac_ok = hmac_got.ct_eq(&hmac_exp);
162 //dbg!(DumpHex(&hmac_exp), client.is_some());
163 //dbg!(DumpHex(hmac_got), hmac_ok, client_exists);
164 if ! bool::from(hmac_ok & client_exists) {
165 throw!(anyhow!("xxx should be a 403 error"));
168 let client = client.unwrap();
169 let now = time_t_now();
170 let chk_skew = |a: u64, b: u64, c_ahead_behind| {
171 if let Some(a_ahead) = a.checked_sub(b) {
172 if a_ahead > client.ic.max_clock_skew.as_secs() {
173 throw!(anyhow!("too much clock skew (client {} by {})",
174 c_ahead_behind, a_ahead));
179 chk_skew(client_time, now, "ahead")?;
180 chk_skew(now, client_time, "behind")?;
182 let initial_remaining = meta.remaining_bytes_len();
184 //eprintln!("boundary={:?} start={} name={:?} client={}",
185 // boundary, start, &comp.name, &client.ic);
187 let (reply_to, reply_recv) = tokio::sync::oneshot::channel();
188 trace!("{} request xxx={}", &client.ic, initial.len());
189 let wreq = WebRequest {
193 boundary_finder: boundary_finder.into_owned(),
195 warnings: mem::take(&mut warnings),
199 client.web.try_send(wreq)
200 .map_err(|_| anyhow!("client task shut down!"))?;
202 let reply: WebResponse = reply_recv.await?;
203 warnings = reply.warnings;
210 eprintln!("error={}", e);
214 eprintln!("warnings={:?}", &warnings);
216 Ok(hyper::Response::new(hyper::Body::from("Hello World")))
219 #[allow(unused_variables)] // xxx
220 #[allow(unused_mut)] // xxx
221 async fn run_client(ic: Arc<InstanceConfig>,
222 mut web: mpsc::Receiver<WebRequest>)
226 reply_to: tokio::sync::oneshot::Sender<WebResponse>,
227 oi: OutstandingInner,
230 struct OutstandingInner {
231 target_requests_outstanding: u32,
233 let mut outstanding: VecDeque<Outstanding> = default();
234 let downbound: VecDeque<(/*xxx*/)> = default();
236 let try_send_response = |
237 reply_to: tokio::sync::oneshot::Sender<WebResponse>,
238 response: WebResponse
240 reply_to.send(response)
241 .unwrap_or_else(|_: WebResponse| () /* oh dear */ /* xxx trace? */);
246 if ! downbound.is_empty() {
247 outstanding.pop_front()
248 } else if let Some((i,_)) = outstanding.iter().enumerate().find({
249 |(_,o)| outstanding.len() > o.oi.target_requests_outstanding.sat()
251 Some(outstanding.remove(i).unwrap())
256 let response = WebResponse {
262 try_send_response(ret.reply_to, response);
269 initial, initial_remaining, length_hint, mut body,
271 reply_to, mut warnings,
272 } = req.ok_or_else(|| anyhow!("webservers all shut down!"))?;
276 let initial_used = initial.len() - initial_remaining;
278 let whole_request = read_limited_bytes(
279 ic.max_batch_up.sat(),
283 ).await.context("read request body")?;
285 let (meta, mut comps) =
286 multipart::ComponentIterator::resume_mid_component(
287 &whole_request[initial_used..],
289 ).context("resume parsing body, after auth checks")?;
291 let mut meta = MetadataFieldIterator::new(&meta);
294 { $v:ident, ( $( $badcmp:tt )? ), $ret:expr,
295 let $server:ident, $client:ident $($code:tt)*
299 let $client $($code)*
301 if $client $badcmp $server {
302 throw!(anyhow!("mismatch: client={:?} {} server={:?}",
303 $client, stringify!($badcmp), $server));
307 })().context(stringify!($v))?;
313 target_requests_outstanding, ( != ), client,
314 let server, client: u32 = meta.need_parse()?;
318 http_timeout, ( > ), client,
319 let server, client = Duration::from_secs(meta.need_parse()?);
323 max_batch_down, (), min(client, server),
324 let server, client: u32 = meta.parse()?.unwrap_or(server);
328 max_batch_up, ( > ), client,
329 let server, client = meta.parse()?.unwrap_or(server);
332 while let Some(comp) = comps.next(&mut warnings, PartName::d)? {
333 if comp.name != PartName::d {
334 warnings.add(&format_args!("unexpected part {:?}", comp.name))?;
336 dbg!(comp.name, DumpHex(comp.payload));
339 let oi = OutstandingInner {
340 target_requests_outstanding,
344 Ok(oi) => outstanding.push_back(Outstanding { reply_to, oi }),
346 try_send_response(reply_to, WebResponse {
355 //Err(anyhow!("xxx"))
360 let opts = Opts::from_args();
366 let (global, ipif) = config::startup(
367 "hippotatd", LinkEnd::Server,
368 &opts.config, &opts.log, |ics|
370 let global = config::InstanceConfigGlobal::from(&ics);
371 let ipif = Ipif::start(&global.ipif, None)?;
373 let all_clients: AllClients = ics.into_iter().map(|ic| {
374 let ic = Arc::new(ic);
376 let (web_send, web_recv) = mpsc::channel(
377 5 // xxx should me max_requests_outstanding but that's
378 // marked client-only so needs rework
381 let ic_ = ic.clone();
382 tasks.push((tokio::spawn(async move {
383 run_client(ic_, web_recv).await.void_unwrap_err()
384 }), format!("client {}", &ic)));
392 let all_clients = Arc::new(all_clients);
394 for addr in &global.addrs {
395 let all_clients_ = all_clients.clone();
396 let make_service = hyper::service::make_service_fn(move |_conn| {
397 let all_clients_ = all_clients_.clone();
398 async { Ok::<_, Void>( hyper::service::service_fn(move |req| {
399 handle(all_clients_.clone(), req)
403 let addr = SocketAddr::new(*addr, global.port);
404 let server = hyper::Server::try_bind(&addr)
406 .http1_preserve_header_case(true)
407 .serve(make_service);
408 info!("listening on {}", &addr);
409 let task = tokio::task::spawn(async move {
411 Ok(()) => anyhow!("shut down?!"),
415 tasks.push((task, format!("http server {}", addr)));
421 let died = future::select_all(
422 tasks.iter_mut().map(|e| &mut e.0)
424 error!("xxx {:?}", &died);
426 ipif.quitting(None).await;
~ian / hippotat.git / blob