nim-chronos/chronos/apps/http/shttpserver.nim

#
#        Chronos HTTP/S server implementation
#             (c) Copyright 2021-Present
#         Status Research & Development GmbH
#
#              Licensed under either of
#  Apache License, version 2.0, (LICENSE-APACHEv2)
#              MIT license (LICENSE-MIT)

{.push raises: [].}

import httpserver
import ../../asyncloop, ../../asyncsync
import ../../streams/[asyncstream, tlsstream]
export asyncloop, asyncsync, httpserver, asyncstream, tlsstream

type
  SecureHttpServer* = object of HttpServer
    secureFlags*: set[TLSFlags]
    tlsPrivateKey: TLSPrivateKey
    tlsCertificate: TLSCertificate

  SecureHttpServerRef* = ref SecureHttpServer

  SecureHttpConnection* = object of HttpConnection
    tlsStream*: TLSAsyncStream

  SecureHttpConnectionRef* = ref SecureHttpConnection

proc closeSecConnection(conn: HttpConnectionRef) {.async: (raises: []).} =
  if conn.state == HttpState.Alive:
    conn.state = HttpState.Closing
    var pending: seq[Future[void]]
    pending.add(conn.writer.closeWait())
    pending.add(conn.reader.closeWait())
    pending.add(conn.mainReader.closeWait())
    pending.add(conn.mainWriter.closeWait())
    pending.add(conn.transp.closeWait())
    await noCancel(allFutures(pending))
    reset(cast[SecureHttpConnectionRef](conn)[])
    untrackCounter(HttpServerSecureConnectionTrackerName)
    conn.state = HttpState.Closed

proc new(ht: typedesc[SecureHttpConnectionRef], server: SecureHttpServerRef,
         transp: StreamTransport): Result[SecureHttpConnectionRef, string] =
  var res = SecureHttpConnectionRef()
  HttpConnection(res[]).init(HttpServerRef(server), transp)
  let tlsStream =
    try:
      newTLSServerAsyncStream(res.mainReader, res.mainWriter,
                              server.tlsPrivateKey,
                              server.tlsCertificate,
                              minVersion = TLSVersion.TLS12,
                              flags = server.secureFlags)
    except TLSStreamError as exc:
      return err(exc.msg)
  res.tlsStream = tlsStream
  res.reader = AsyncStreamReader(tlsStream.reader)
  res.writer = AsyncStreamWriter(tlsStream.writer)
  res.closeCb = closeSecConnection
  trackCounter(HttpServerSecureConnectionTrackerName)
  ok(res)

proc createSecConnection(server: HttpServerRef,
                         transp: StreamTransport): Future[HttpConnectionRef] {.
     async: (raises: [CancelledError, HttpConnectionError]).} =
  let
    secureServ = cast[SecureHttpServerRef](server)
    sconn = SecureHttpConnectionRef.new(secureServ, transp).valueOr:
      raiseHttpConnectionError(error)

  try:
    await handshake(sconn.tlsStream)
    HttpConnectionRef(sconn)
  except CancelledError as exc:
    await HttpConnectionRef(sconn).closeWait()
    raise exc
  except AsyncStreamError as exc:
    await HttpConnectionRef(sconn).closeWait()
    let msg = "Unable to establish secure connection, reason: " & $exc.msg
    raiseHttpConnectionError(msg)

proc new*(htype: typedesc[SecureHttpServerRef],
          address: TransportAddress,
          processCallback: HttpProcessCallback,
          tlsPrivateKey: TLSPrivateKey,
          tlsCertificate: TLSCertificate,
          serverFlags: set[HttpServerFlags] = {},
          socketFlags: set[ServerFlags] = {ReuseAddr},
          serverUri = Uri(),
          serverIdent = "",
          secureFlags: set[TLSFlags] = {},
          maxConnections: int = -1,
          bufferSize: int = 4096,
          backlogSize: int = DefaultBacklogSize,
          httpHeadersTimeout = 10.seconds,
          maxHeadersSize: int = 8192,
          maxRequestBodySize: int = 1_048_576,
          dualstack = DualStackType.Auto
         ): HttpResult[SecureHttpServerRef] =

  doAssert(not(isNil(tlsPrivateKey)), "TLS private key must not be nil!")
  doAssert(not(isNil(tlsCertificate)), "TLS certificate must not be nil!")

  let serverUri =
    if len(serverUri.hostname) > 0:
      serverUri
    else:
      try:
        parseUri("https://" & $address & "/")
      except TransportAddressError as exc:
        return err(exc.msg)

  let serverInstance =
    try:
      createStreamServer(address, flags = socketFlags, bufferSize = bufferSize,
                         backlog = backlogSize, dualstack = dualstack)
    except TransportOsError as exc:
      return err(exc.msg)

  let res = SecureHttpServerRef(
    address: address,
    instance: serverInstance,
    processCallback: processCallback,
    createConnCallback: createSecConnection,
    baseUri: serverUri,
    serverIdent: serverIdent,
    flags: serverFlags + {HttpServerFlags.Secure},
    socketFlags: socketFlags,
    maxConnections: maxConnections,
    bufferSize: bufferSize,
    backlogSize: backlogSize,
    headersTimeout: httpHeadersTimeout,
    maxHeadersSize: maxHeadersSize,
    maxRequestBodySize: maxRequestBodySize,
    # semaphore:
    #   if maxConnections > 0:
    #     newAsyncSemaphore(maxConnections)
    #   else:
    #     nil
    lifetime: newFuture[void]("http.server.lifetime"),
    connections: initOrderedTable[string, HttpConnectionHolderRef](),
    tlsCertificate: tlsCertificate,
    tlsPrivateKey: tlsPrivateKey,
    secureFlags: secureFlags
  )
  ok(res)
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`#`
			`# Chronos HTTP/S server implementation`
			`# (c) Copyright 2021-Present`
			`# Status Research & Development GmbH`
			`#`
			`# Licensed under either of`
			`# Apache License, version 2.0, (LICENSE-APACHEv2)`
			`# MIT license (LICENSE-MIT)`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00
			`{.push raises: [].}`

Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`import httpserver`
			`import ../../asyncloop, ../../asyncsync`
			`import ../../streams/[asyncstream, tlsstream]`
Export async-related imports to allow partial imports. (#218) 2021-08-26 11:22:29 +00:00			`export asyncloop, asyncsync, httpserver, asyncstream, tlsstream`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00
			`type`
			`SecureHttpServer* = object of HttpServer`
			`secureFlags*: set[TLSFlags]`
			`tlsPrivateKey: TLSPrivateKey`
			`tlsCertificate: TLSCertificate`

			`SecureHttpServerRef* = ref SecureHttpServer`

			`SecureHttpConnection* = object of HttpConnection`
			`tlsStream*: TLSAsyncStream`

			`SecureHttpConnectionRef* = ref SecureHttpConnection`

Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`proc closeSecConnection(conn: HttpConnectionRef) {.async: (raises: []).} =`
Trackers refactoring. (#416) * Refactor chronos trackers to be more simple. * Refactor trackers. Add HTTP server trackers. Refactor HTTP main processing loop. * Compatibility fixes. Add checkLeaks(). * Fix posix test issue. * Add httpdebug module which introduces HTTP connection dumping helpers. Add tests for it. * Recover and deprecate old version of Trackers. * Make public iterators to iterate over all tracker counters available. Fix asynctests to use public iterators instead private one. 2023-07-14 10:35:08 +00:00			`if conn.state == HttpState.Alive:`
			`conn.state = HttpState.Closing`
			`var pending: seq[Future[void]]`
			`pending.add(conn.writer.closeWait())`
			`pending.add(conn.reader.closeWait())`
Cancellation fixes and tests. (#445) * Add callTick and stream cancellation tests. * Fix stepsAsync() test. * Cancellation changes. * Update and add more cancellation tests. * Fix Posix shutdown call to handle ENOTCONN error. * With new changes to to cancellation its now possible. * Refactor testsoon.nim to not produce artifacts after tests are finished. * Debugging MacOS issue. * Adjust flaky test times. * Fix issue. * Add test for issue #334 which was also addressed in this PR. Avoid `break` in problematic test. * Add noCancelWait() call which prohibits cancellation. Fix closeWait() calls to use noCancelWait() predicate. Adding sleep to flaky MacOS test. * Remove all debugging echoes. * Fix cancelAndWait() which now could perform multiple attempts to cancel target Future (mustCancel behavior). * Fix issues revealed by switch to different cancelAndWait(). * Address review comments. * Fix testutils compilation warning. * Rename callTick() to internalCallTick(). * Add some documentation comments. * Disable flaky ratelimit test. * Rename noCancelWait() to noCancel(). Address review comments. 2023-09-15 16:38:39 +00:00			`pending.add(conn.mainReader.closeWait())`
			`pending.add(conn.mainWriter.closeWait())`
			`pending.add(conn.transp.closeWait())`
			`await noCancel(allFutures(pending))`
Unroll `defer`s and remove `break`s. (#440) * Unpack `finally/defer` blocks and introduce explicit cleaning of objects. Add request query to debug information. * Unroll one more loop to avoid `break`. Add test for query debug string. * Fix cancellation behavior. * Address review comments. 2023-08-09 07:57:49 +00:00			`reset(cast[SecureHttpConnectionRef](conn)[])`
Trackers refactoring. (#416) * Refactor chronos trackers to be more simple. * Refactor trackers. Add HTTP server trackers. Refactor HTTP main processing loop. * Compatibility fixes. Add checkLeaks(). * Fix posix test issue. * Add httpdebug module which introduces HTTP connection dumping helpers. Add tests for it. * Recover and deprecate old version of Trackers. * Make public iterators to iterate over all tracker counters available. Fix asynctests to use public iterators instead private one. 2023-07-14 10:35:08 +00:00			`untrackCounter(HttpServerSecureConnectionTrackerName)`
			`conn.state = HttpState.Closed`

Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`proc new(ht: typedesc[SecureHttpConnectionRef], server: SecureHttpServerRef,`
			`transp: StreamTransport): Result[SecureHttpConnectionRef, string] =`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`var res = SecureHttpConnectionRef()`
			`HttpConnection(res[]).init(HttpServerRef(server), transp)`
			`let tlsStream =`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`try:`
			`newTLSServerAsyncStream(res.mainReader, res.mainWriter,`
			`server.tlsPrivateKey,`
			`server.tlsCertificate,`
			`minVersion = TLSVersion.TLS12,`
			`flags = server.secureFlags)`
			`except TLSStreamError as exc:`
			`return err(exc.msg)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`res.tlsStream = tlsStream`
			`res.reader = AsyncStreamReader(tlsStream.reader)`
			`res.writer = AsyncStreamWriter(tlsStream.writer)`
Trackers refactoring. (#416) * Refactor chronos trackers to be more simple. * Refactor trackers. Add HTTP server trackers. Refactor HTTP main processing loop. * Compatibility fixes. Add checkLeaks(). * Fix posix test issue. * Add httpdebug module which introduces HTTP connection dumping helpers. Add tests for it. * Recover and deprecate old version of Trackers. * Make public iterators to iterate over all tracker counters available. Fix asynctests to use public iterators instead private one. 2023-07-14 10:35:08 +00:00			`res.closeCb = closeSecConnection`
			`trackCounter(HttpServerSecureConnectionTrackerName)`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`ok(res)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00
			`proc createSecConnection(server: HttpServerRef,`
			`transp: StreamTransport): Future[HttpConnectionRef] {.`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`async: (raises: [CancelledError, HttpConnectionError]).} =`
			`let`
			`secureServ = cast[SecureHttpServerRef](server)`
			`sconn = SecureHttpConnectionRef.new(secureServ, transp).valueOr:`
			`raiseHttpConnectionError(error)`

Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`try:`
			`await handshake(sconn.tlsStream)`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`HttpConnectionRef(sconn)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`except CancelledError as exc:`
			`await HttpConnectionRef(sconn).closeWait()`
			`raise exc`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`except AsyncStreamError as exc:`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`await HttpConnectionRef(sconn).closeWait()`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`let msg = "Unable to establish secure connection, reason: " & $exc.msg`
			`raiseHttpConnectionError(msg)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00
			`proc new*(htype: typedesc[SecureHttpServerRef],`
			`address: TransportAddress,`
			`processCallback: HttpProcessCallback,`
			`tlsPrivateKey: TLSPrivateKey,`
			`tlsCertificate: TLSCertificate,`
			`serverFlags: set[HttpServerFlags] = {},`
			`socketFlags: set[ServerFlags] = {ReuseAddr},`
			`serverUri = Uri(),`
			`serverIdent = "",`
			`secureFlags: set[TLSFlags] = {},`
			`maxConnections: int = -1,`
			`bufferSize: int = 4096,`
Increase backlog defaults to maximum possible values. (#428) 2023-07-31 19:40:00 +00:00			`backlogSize: int = DefaultBacklogSize,`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`httpHeadersTimeout = 10.seconds,`
			`maxHeadersSize: int = 8192,`
IPv4/IPv6 dualstack (#456) * Initial commit. * Fix tests. * Fix linux compilation issue. * Add getDomain() implementation. Add getDomain() tests. Add datagram tests. * Fix style errors. * Deprecate NetFlag. Deprecate new flags in ServerFlags. Add isAvailable(). Fix setDualstack() to ignore errors on `Auto`. Updatetests. * Deprecate some old procedures. Improve datagram transport a bit. * Address review comments, and fix tests. * Fix setDescriptorBlocking() issue. Recover connect() dualstack behavior. Add test for connect() IPv6-[IPv4 mapped] addresses. * Fix alignment code issue. Fix TcpNoDelay was not available on Windows. * Add dualstack support to HTTP/HTTPS client/server. 2023-10-30 13:27:50 +00:00			`maxRequestBodySize: int = 1_048_576,`
			`dualstack = DualStackType.Auto`
Asyncraises HTTP client/server. (#476) * Fixes. * Make httpcommon no-raises. * Make httpbodyrw no-raises. * Make multipart no-raises. * Make httpdebug no-raises. * Make httpagent no-raises. * Make httpclient no-raises. * Make httpserver/shttpserver no-raises. * fix prepend/remove when E is noraises --------- Co-authored-by: Jacek Sieka <jacek@status.im> 2023-11-21 10:01:44 +00:00			`): HttpResult[SecureHttpServerRef] =`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00
			`doAssert(not(isNil(tlsPrivateKey)), "TLS private key must not be nil!")`
			`doAssert(not(isNil(tlsCertificate)), "TLS certificate must not be nil!")`

			`let serverUri =`
			`if len(serverUri.hostname) > 0:`
			`serverUri`
			`else:`
			`try:`
			`parseUri("https://" & $address & "/")`
			`except TransportAddressError as exc:`
			`return err(exc.msg)`

			`let serverInstance =`
			`try:`
			`createStreamServer(address, flags = socketFlags, bufferSize = bufferSize,`
IPv4/IPv6 dualstack (#456) * Initial commit. * Fix tests. * Fix linux compilation issue. * Add getDomain() implementation. Add getDomain() tests. Add datagram tests. * Fix style errors. * Deprecate NetFlag. Deprecate new flags in ServerFlags. Add isAvailable(). Fix setDualstack() to ignore errors on `Auto`. Updatetests. * Deprecate some old procedures. Improve datagram transport a bit. * Address review comments, and fix tests. * Fix setDescriptorBlocking() issue. Recover connect() dualstack behavior. Add test for connect() IPv6-[IPv4 mapped] addresses. * Fix alignment code issue. Fix TcpNoDelay was not available on Windows. * Add dualstack support to HTTP/HTTPS client/server. 2023-10-30 13:27:50 +00:00			`backlog = backlogSize, dualstack = dualstack)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`except TransportOsError as exc:`
			`return err(exc.msg)`

Workaround exception tracking issue. (#293) * Workaround exception tracking issue. * Fix SecureHttpServerRef too. 2022-07-04 09:31:18 +00:00			`let res = SecureHttpServerRef(`
			`address: address,`
			`instance: serverInstance,`
			`processCallback: processCallback,`
			`createConnCallback: createSecConnection,`
			`baseUri: serverUri,`
			`serverIdent: serverIdent,`
Trackers refactoring. (#416) * Refactor chronos trackers to be more simple. * Refactor trackers. Add HTTP server trackers. Refactor HTTP main processing loop. * Compatibility fixes. Add checkLeaks(). * Fix posix test issue. * Add httpdebug module which introduces HTTP connection dumping helpers. Add tests for it. * Recover and deprecate old version of Trackers. * Make public iterators to iterate over all tracker counters available. Fix asynctests to use public iterators instead private one. 2023-07-14 10:35:08 +00:00			`flags: serverFlags + {HttpServerFlags.Secure},`
Workaround exception tracking issue. (#293) * Workaround exception tracking issue. * Fix SecureHttpServerRef too. 2022-07-04 09:31:18 +00:00			`socketFlags: socketFlags,`
			`maxConnections: maxConnections,`
			`bufferSize: bufferSize,`
			`backlogSize: backlogSize,`
			`headersTimeout: httpHeadersTimeout,`
			`maxHeadersSize: maxHeadersSize,`
			`maxRequestBodySize: maxRequestBodySize,`
			`# semaphore:`
			`# if maxConnections > 0:`
			`# newAsyncSemaphore(maxConnections)`
			`# else:`
			`# nil`
			`lifetime: newFuture[void]("http.server.lifetime"),`
Trackers refactoring. (#416) * Refactor chronos trackers to be more simple. * Refactor trackers. Add HTTP server trackers. Refactor HTTP main processing loop. * Compatibility fixes. Add checkLeaks(). * Fix posix test issue. * Add httpdebug module which introduces HTTP connection dumping helpers. Add tests for it. * Recover and deprecate old version of Trackers. * Make public iterators to iterate over all tracker counters available. Fix asynctests to use public iterators instead private one. 2023-07-14 10:35:08 +00:00			`connections: initOrderedTable[string, HttpConnectionHolderRef](),`
Workaround exception tracking issue. (#293) * Workaround exception tracking issue. * Fix SecureHttpServerRef too. 2022-07-04 09:31:18 +00:00			`tlsCertificate: tlsCertificate,`
			`tlsPrivateKey: tlsPrivateKey,`
			`secureFlags: secureFlags`
			`)`
Split HTTPS and HTTP servers. (#165) * Split HTTPS and HTTP servers. * Fix review commens 2021-03-17 13:40:40 +00:00			`ok(res)`