1 //
2 // Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
3 //
4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6 //
7 // Official repository: https://github.com/boostorg/beast
8 //
9
10 //------------------------------------------------------------------------------
11 //
12 // Example: HTTP SSL server, stackless coroutine
13 //
14 //------------------------------------------------------------------------------
15
16 #include "example/common/server_certificate.hpp"
17
18 #include <boost/beast/core.hpp>
19 #include <boost/beast/http.hpp>
20 #include <boost/beast/ssl.hpp>
21 #include <boost/beast/version.hpp>
22 #include <boost/asio/coroutine.hpp>
23 #include <boost/asio/dispatch.hpp>
24 #include <boost/asio/strand.hpp>
25 #include <boost/config.hpp>
26 #include <algorithm>
27 #include <cstdlib>
28 #include <functional>
29 #include <iostream>
30 #include <memory>
31 #include <string>
32 #include <thread>
33 #include <vector>
34
35 namespace beast = boost::beast; // from <boost/beast.hpp>
36 namespace http = beast::http; // from <boost/beast/http.hpp>
37 namespace net = boost::asio; // from <boost/asio.hpp>
38 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
39 using tcp = boost::asio::ip::tcp; // from <boost/asio/ip/tcp.hpp>
40
41 // Return a reasonable mime type based on the extension of a file.
42 beast::string_view
mime_type(beast::string_view path)43 mime_type(beast::string_view path)
44 {
45 using beast::iequals;
46 auto const ext = [&path]
47 {
48 auto const pos = path.rfind(".");
49 if(pos == beast::string_view::npos)
50 return beast::string_view{};
51 return path.substr(pos);
52 }();
53 if(iequals(ext, ".htm")) return "text/html";
54 if(iequals(ext, ".html")) return "text/html";
55 if(iequals(ext, ".php")) return "text/html";
56 if(iequals(ext, ".css")) return "text/css";
57 if(iequals(ext, ".txt")) return "text/plain";
58 if(iequals(ext, ".js")) return "application/javascript";
59 if(iequals(ext, ".json")) return "application/json";
60 if(iequals(ext, ".xml")) return "application/xml";
61 if(iequals(ext, ".swf")) return "application/x-shockwave-flash";
62 if(iequals(ext, ".flv")) return "video/x-flv";
63 if(iequals(ext, ".png")) return "image/png";
64 if(iequals(ext, ".jpe")) return "image/jpeg";
65 if(iequals(ext, ".jpeg")) return "image/jpeg";
66 if(iequals(ext, ".jpg")) return "image/jpeg";
67 if(iequals(ext, ".gif")) return "image/gif";
68 if(iequals(ext, ".bmp")) return "image/bmp";
69 if(iequals(ext, ".ico")) return "image/vnd.microsoft.icon";
70 if(iequals(ext, ".tiff")) return "image/tiff";
71 if(iequals(ext, ".tif")) return "image/tiff";
72 if(iequals(ext, ".svg")) return "image/svg+xml";
73 if(iequals(ext, ".svgz")) return "image/svg+xml";
74 return "application/text";
75 }
76
77 // Append an HTTP rel-path to a local filesystem path.
78 // The returned path is normalized for the platform.
79 std::string
path_cat(beast::string_view base,beast::string_view path)80 path_cat(
81 beast::string_view base,
82 beast::string_view path)
83 {
84 if(base.empty())
85 return std::string(path);
86 std::string result(base);
87 #ifdef BOOST_MSVC
88 char constexpr path_separator = '\\';
89 if(result.back() == path_separator)
90 result.resize(result.size() - 1);
91 result.append(path.data(), path.size());
92 for(auto& c : result)
93 if(c == '/')
94 c = path_separator;
95 #else
96 char constexpr path_separator = '/';
97 if(result.back() == path_separator)
98 result.resize(result.size() - 1);
99 result.append(path.data(), path.size());
100 #endif
101 return result;
102 }
103
104 // This function produces an HTTP response for the given
105 // request. The type of the response object depends on the
106 // contents of the request, so the interface requires the
107 // caller to pass a generic lambda for receiving the response.
108 template<
109 class Body, class Allocator,
110 class Send>
111 void
handle_request(beast::string_view doc_root,http::request<Body,http::basic_fields<Allocator>> && req,Send && send)112 handle_request(
113 beast::string_view doc_root,
114 http::request<Body, http::basic_fields<Allocator>>&& req,
115 Send&& send)
116 {
117 // Returns a bad request response
118 auto const bad_request =
119 [&req](beast::string_view why)
120 {
121 http::response<http::string_body> res{http::status::bad_request, req.version()};
122 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
123 res.set(http::field::content_type, "text/html");
124 res.keep_alive(req.keep_alive());
125 res.body() = std::string(why);
126 res.prepare_payload();
127 return res;
128 };
129
130 // Returns a not found response
131 auto const not_found =
132 [&req](beast::string_view target)
133 {
134 http::response<http::string_body> res{http::status::not_found, req.version()};
135 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
136 res.set(http::field::content_type, "text/html");
137 res.keep_alive(req.keep_alive());
138 res.body() = "The resource '" + std::string(target) + "' was not found.";
139 res.prepare_payload();
140 return res;
141 };
142
143 // Returns a server error response
144 auto const server_error =
145 [&req](beast::string_view what)
146 {
147 http::response<http::string_body> res{http::status::internal_server_error, req.version()};
148 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
149 res.set(http::field::content_type, "text/html");
150 res.keep_alive(req.keep_alive());
151 res.body() = "An error occurred: '" + std::string(what) + "'";
152 res.prepare_payload();
153 return res;
154 };
155
156 // Make sure we can handle the method
157 if( req.method() != http::verb::get &&
158 req.method() != http::verb::head)
159 return send(bad_request("Unknown HTTP-method"));
160
161 // Request path must be absolute and not contain "..".
162 if( req.target().empty() ||
163 req.target()[0] != '/' ||
164 req.target().find("..") != beast::string_view::npos)
165 return send(bad_request("Illegal request-target"));
166
167 // Build the path to the requested file
168 std::string path = path_cat(doc_root, req.target());
169 if(req.target().back() == '/')
170 path.append("index.html");
171
172 // Attempt to open the file
173 beast::error_code ec;
174 http::file_body::value_type body;
175 body.open(path.c_str(), beast::file_mode::scan, ec);
176
177 // Handle the case where the file doesn't exist
178 if(ec == beast::errc::no_such_file_or_directory)
179 return send(not_found(req.target()));
180
181 // Handle an unknown error
182 if(ec)
183 return send(server_error(ec.message()));
184
185 // Cache the size since we need it after the move
186 auto const size = body.size();
187
188 // Respond to HEAD request
189 if(req.method() == http::verb::head)
190 {
191 http::response<http::empty_body> res{http::status::ok, req.version()};
192 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
193 res.set(http::field::content_type, mime_type(path));
194 res.content_length(size);
195 res.keep_alive(req.keep_alive());
196 return send(std::move(res));
197 }
198
199 // Respond to GET request
200 http::response<http::file_body> res{
201 std::piecewise_construct,
202 std::make_tuple(std::move(body)),
203 std::make_tuple(http::status::ok, req.version())};
204 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
205 res.set(http::field::content_type, mime_type(path));
206 res.content_length(size);
207 res.keep_alive(req.keep_alive());
208 return send(std::move(res));
209 }
210
211 //------------------------------------------------------------------------------
212
213 // Report a failure
214 void
fail(beast::error_code ec,char const * what)215 fail(beast::error_code ec, char const* what)
216 {
217 // ssl::error::stream_truncated, also known as an SSL "short read",
218 // indicates the peer closed the connection without performing the
219 // required closing handshake (for example, Google does this to
220 // improve performance). Generally this can be a security issue,
221 // but if your communication protocol is self-terminated (as
222 // it is with both HTTP and WebSocket) then you may simply
223 // ignore the lack of close_notify.
224 //
225 // https://github.com/boostorg/beast/issues/38
226 //
227 // https://security.stackexchange.com/questions/91435/how-to-handle-a-malicious-ssl-tls-shutdown
228 //
229 // When a short read would cut off the end of an HTTP message,
230 // Beast returns the error beast::http::error::partial_message.
231 // Therefore, if we see a short read here, it has occurred
232 // after the message has been completed, so it is safe to ignore it.
233
234 if(ec == net::ssl::error::stream_truncated)
235 return;
236
237 std::cerr << what << ": " << ec.message() << "\n";
238 }
239
240 // Handles an HTTP server connection
241 class session
242 : public boost::asio::coroutine
243 , public std::enable_shared_from_this<session>
244 {
245 // This is the C++11 equivalent of a generic lambda.
246 // The function object is used to send an HTTP message.
247 struct send_lambda
248 {
249 session& self_;
250
251 explicit
send_lambdasession::send_lambda252 send_lambda(session& self)
253 : self_(self)
254 {
255 }
256
257 template<bool isRequest, class Body, class Fields>
258 void
operator ()session::send_lambda259 operator()(http::message<isRequest, Body, Fields>&& msg) const
260 {
261 // The lifetime of the message has to extend
262 // for the duration of the async operation so
263 // we use a shared_ptr to manage it.
264 auto sp = std::make_shared<
265 http::message<isRequest, Body, Fields>>(std::move(msg));
266
267 // Store a type-erased version of the shared
268 // pointer in the class to keep it alive.
269 self_.res_ = sp;
270
271 // Write the response
272 http::async_write(
273 self_.stream_,
274 *sp,
275 std::bind(
276 &session::loop,
277 self_.shared_from_this(),
278 std::placeholders::_1,
279 std::placeholders::_2,
280 sp->need_eof()));
281 }
282 };
283
284 beast::ssl_stream<beast::tcp_stream> stream_;
285 beast::flat_buffer buffer_;
286 std::shared_ptr<std::string const> doc_root_;
287 http::request<http::string_body> req_;
288 std::shared_ptr<void> res_;
289 send_lambda lambda_;
290
291 public:
292 // Take ownership of the socket
293 explicit
session(tcp::socket && socket,ssl::context & ctx,std::shared_ptr<std::string const> const & doc_root)294 session(
295 tcp::socket&& socket,
296 ssl::context& ctx,
297 std::shared_ptr<std::string const> const& doc_root)
298 : stream_(std::move(socket), ctx)
299 , doc_root_(doc_root)
300 , lambda_(*this)
301 {
302 }
303
304 // Start the asynchronous operation
305 void
run()306 run()
307 {
308 // We need to be executing within a strand to perform async operations
309 // on the I/O objects in this session.Although not strictly necessary
310 // for single-threaded contexts, this example code is written to be
311 // thread-safe by default.
312 net::dispatch(stream_.get_executor(),
313 beast::bind_front_handler(&session::loop,
314 shared_from_this(),
315 beast::error_code{},
316 0,
317 false));
318 }
319
320 #include <boost/asio/yield.hpp>
321
322 void
loop(beast::error_code ec,std::size_t bytes_transferred,bool close)323 loop(
324 beast::error_code ec,
325 std::size_t bytes_transferred,
326 bool close)
327 {
328 boost::ignore_unused(bytes_transferred);
329 reenter(*this)
330 {
331 // Set the timeout.
332 beast::get_lowest_layer(stream_).expires_after(std::chrono::seconds(30));
333
334 // Perform the SSL handshake
335 yield stream_.async_handshake(
336 ssl::stream_base::server,
337 std::bind(
338 &session::loop,
339 shared_from_this(),
340 std::placeholders::_1,
341 0,
342 false));
343 if(ec)
344 return fail(ec, "handshake");
345
346 for(;;)
347 {
348 // Set the timeout.
349 beast::get_lowest_layer(stream_).expires_after(std::chrono::seconds(30));
350
351 // Make the request empty before reading,
352 // otherwise the operation behavior is undefined.
353 req_ = {};
354
355 // Read a request
356 yield http::async_read(stream_, buffer_, req_,
357 std::bind(
358 &session::loop,
359 shared_from_this(),
360 std::placeholders::_1,
361 std::placeholders::_2,
362 false));
363 if(ec == http::error::end_of_stream)
364 {
365 // The remote host closed the connection
366 break;
367 }
368 if(ec)
369 return fail(ec, "read");
370
371 // Send the response
372 yield handle_request(*doc_root_, std::move(req_), lambda_);
373 if(ec)
374 return fail(ec, "write");
375 if(close)
376 {
377 // This means we should close the connection, usually because
378 // the response indicated the "Connection: close" semantic.
379 break;
380 }
381
382 // We're done with the response so delete it
383 res_ = nullptr;
384 }
385
386 // Set the timeout.
387 beast::get_lowest_layer(stream_).expires_after(std::chrono::seconds(30));
388
389 // Perform the SSL shutdown
390 yield stream_.async_shutdown(
391 std::bind(
392 &session::loop,
393 shared_from_this(),
394 std::placeholders::_1,
395 0,
396 false));
397 if(ec)
398 return fail(ec, "shutdown");
399
400 // At this point the connection is closed gracefully
401 }
402 }
403
404 #include <boost/asio/unyield.hpp>
405 };
406
407 //------------------------------------------------------------------------------
408
409 // Accepts incoming connections and launches the sessions
410 class listener
411 : public boost::asio::coroutine
412 , public std::enable_shared_from_this<listener>
413 {
414 net::io_context& ioc_;
415 ssl::context& ctx_;
416 tcp::acceptor acceptor_;
417 tcp::socket socket_;
418 std::shared_ptr<std::string const> doc_root_;
419
420 public:
listener(net::io_context & ioc,ssl::context & ctx,tcp::endpoint endpoint,std::shared_ptr<std::string const> const & doc_root)421 listener(
422 net::io_context& ioc,
423 ssl::context& ctx,
424 tcp::endpoint endpoint,
425 std::shared_ptr<std::string const> const& doc_root)
426 : ioc_(ioc)
427 , ctx_(ctx)
428 , acceptor_(net::make_strand(ioc))
429 , socket_(net::make_strand(ioc))
430 , doc_root_(doc_root)
431 {
432 beast::error_code ec;
433
434 // Open the acceptor
435 acceptor_.open(endpoint.protocol(), ec);
436 if(ec)
437 {
438 fail(ec, "open");
439 return;
440 }
441
442 // Allow address reuse
443 acceptor_.set_option(net::socket_base::reuse_address(true), ec);
444 if(ec)
445 {
446 fail(ec, "set_option");
447 return;
448 }
449
450 // Bind to the server address
451 acceptor_.bind(endpoint, ec);
452 if(ec)
453 {
454 fail(ec, "bind");
455 return;
456 }
457
458 // Start listening for connections
459 acceptor_.listen(
460 net::socket_base::max_listen_connections, ec);
461 if(ec)
462 {
463 fail(ec, "listen");
464 return;
465 }
466 }
467
468 // Start accepting incoming connections
469 void
run()470 run()
471 {
472 loop();
473 }
474
475 private:
476
477 #include <boost/asio/yield.hpp>
478
479 void
loop(beast::error_code ec={})480 loop(beast::error_code ec = {})
481 {
482 reenter(*this)
483 {
484 for(;;)
485 {
486 yield acceptor_.async_accept(
487 socket_,
488 std::bind(
489 &listener::loop,
490 shared_from_this(),
491 std::placeholders::_1));
492 if(ec)
493 {
494 fail(ec, "accept");
495 }
496 else
497 {
498 // Create the session and run it
499 std::make_shared<session>(
500 std::move(socket_),
501 ctx_,
502 doc_root_)->run();
503 }
504
505 // Make sure each session gets its own strand
506 socket_ = tcp::socket(net::make_strand(ioc_));
507 }
508 }
509 }
510
511 #include <boost/asio/unyield.hpp>
512 };
513
514 //------------------------------------------------------------------------------
515
main(int argc,char * argv[])516 int main(int argc, char* argv[])
517 {
518 // Check command line arguments.
519 if (argc != 5)
520 {
521 std::cerr <<
522 "Usage: http-server-stackless-ssl <address> <port> <doc_root> <threads>\n" <<
523 "Example:\n" <<
524 " http-server-stackless-ssl 0.0.0.0 8080 . 1\n";
525 return EXIT_FAILURE;
526 }
527 auto const address = net::ip::make_address(argv[1]);
528 auto const port = static_cast<unsigned short>(std::atoi(argv[2]));
529 auto const doc_root = std::make_shared<std::string>(argv[3]);
530 auto const threads = std::max<int>(1, std::atoi(argv[4]));
531
532 // The io_context is required for all I/O
533 net::io_context ioc{threads};
534
535 // The SSL context is required, and holds certificates
536 ssl::context ctx{ssl::context::tlsv12};
537
538 // This holds the self-signed certificate used by the server
539 load_server_certificate(ctx);
540
541 // Create and launch a listening port
542 std::make_shared<listener>(
543 ioc,
544 ctx,
545 tcp::endpoint{address, port},
546 doc_root)->run();
547
548 // Run the I/O service on the requested number of threads
549 std::vector<std::thread> v;
550 v.reserve(threads - 1);
551 for(auto i = threads - 1; i > 0; --i)
552 v.emplace_back(
553 [&ioc]
554 {
555 ioc.run();
556 });
557 ioc.run();
558
559 return EXIT_SUCCESS;
560 }
561