X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FHTTP.pm;h=1346901ad52300fd4b9985c18ba912502ce0f649;hb=55b707d788ce13696e4411389583e720ea6dab01;hp=928c0f22469ca8bd73b74646b3d40d789ad587bf;hpb=aeaa38f620cf880a073b3a37463f0c577188df46;p=public-inbox.git diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm index 928c0f22..1346901a 100644 --- a/lib/PublicInbox/HTTP.pm +++ b/lib/PublicInbox/HTTP.pm @@ -1,89 +1,140 @@ -# Copyright (C) 2016 all contributors +# Copyright (C) 2016-2019 all contributors # License: AGPL-3.0+ # # Generic PSGI server for convenience. It aims to provide # a consistent experience for public-inbox admins so they don't have # to learn different ways to admin both NNTP and HTTP components. -# There's nothing public-inbox-specific, here. +# There's nothing which depends on public-inbox, here. # Each instance of this class represents a HTTP client socket package PublicInbox::HTTP; use strict; use warnings; -use base qw(Danga::Socket); -use fields qw(httpd env rbuf input_left); +use base qw(PublicInbox::DS); +use fields qw(httpd env input_left remote_addr remote_port forward alive); +use bytes (); # only for bytes::length use Fcntl qw(:seek); -use HTTP::Parser::XS qw(parse_http_request); # supports pure Perl fallback +use Plack::HTTPParser qw(parse_http_request); # XS or pure Perl +use Plack::Util; use HTTP::Status qw(status_message); use HTTP::Date qw(time2str); -use IO::File; -my $null_io = IO::File->new('/dev/null', '<'); +use IO::Handle; # ->write +use PublicInbox::DS qw(msg_more); +use PublicInbox::Syscall qw(EPOLLIN EPOLLONESHOT); +use PublicInbox::Tmpfile; use constant { CHUNK_START => -1, # [a-f0-9]+\r\n CHUNK_END => -2, # \r\n CHUNK_ZEND => -3, # \r\n CHUNK_MAX_HDR => 256, }; +use Errno qw(EAGAIN); + +my $pipelineq = []; +sub process_pipelineq () { + my $q = $pipelineq; + $pipelineq = []; + foreach (@$q) { + next unless $_->{sock}; + rbuf_process($_); + } +} + +# Use the same configuration parameter as git since this is primarily +# a slow-client sponge for git-http-backend +# TODO: support per-respository http.maxRequestBuffer somehow... +our $MAX_REQUEST_BUFFER = $ENV{GIT_HTTP_MAX_REQUEST_BUFFER} || + (10 * 1024 * 1024); + +open(my $null_io, '<', '/dev/null') or die "failed to open /dev/null: $!"; +my $http_date; +my $prev = 0; +sub http_date () { + my $now = time; + $now == $prev ? $http_date : ($http_date = time2str($prev = $now)); +} sub new ($$$) { my ($class, $sock, $addr, $httpd) = @_; my $self = fields::new($class); - $self->SUPER::new($sock); + my $ev = EPOLLIN; + my $wbuf; + if (ref($sock) eq 'IO::Socket::SSL' && !$sock->accept_SSL) { + return CORE::close($sock) if $! != EAGAIN; + $ev = PublicInbox::TLS::epollbit(); + $wbuf = [ \&PublicInbox::DS::accept_tls_step ]; + } + $self->SUPER::new($sock, $ev | EPOLLONESHOT); $self->{httpd} = $httpd; - $self->{rbuf} = ''; - $self->watch_read(1); + $self->{wbuf} = $wbuf if $wbuf; + ($self->{remote_addr}, $self->{remote_port}) = + PublicInbox::Daemon::host_with_port($addr); $self; } -sub event_read { # called by Danga::Socket +sub event_step { # called by PublicInbox::DS my ($self) = @_; - return event_read_input($self) if defined $self->{env}; + return unless $self->flush_write && $self->{sock}; - my $off = length($self->{rbuf}); - my $r = sysread($self->{sock}, $self->{rbuf}, 8192, $off); - if (defined $r) { - return $self->close if $r == 0; - return rbuf_process($self); - } - return if $!{EAGAIN}; # no need to call watch_read(1) again + # only read more requests if we've drained the write buffer, + # otherwise we can be buffering infinitely w/o backpressure - # common for clients to break connections without warning, - # would be too noisy to log here: - return $self->close; + return read_input($self) if defined $self->{env}; + my $rbuf = $self->{rbuf} // (\(my $x = '')); + $self->do_read($rbuf, 8192, bytes::length($$rbuf)) or return; + rbuf_process($self, $rbuf); } sub rbuf_process { - my ($self) = @_; + my ($self, $rbuf) = @_; + $rbuf //= $self->{rbuf} // (\(my $x = '')); my %env = %{$self->{httpd}->{env}}; # full hash copy - my $r = parse_http_request($self->{rbuf}, \%env); + my $r = parse_http_request($$rbuf, \%env); # We do not support Trailers in chunked requests, for now # (they are rarely-used and git (as of 2.7.2) does not use them) - return $self->quit(400) if $r == -1 || $env{HTTP_TRAILER}; - return $self->watch_read(1) if $r < 0; # incomplete - $self->{rbuf} = substr($self->{rbuf}, $r); + if ($r == -1 || $env{HTTP_TRAILER} || + # this length-check is necessary for PURE_PERL=1: + ($r == -2 && bytes::length($$rbuf) > 0x4000)) { + return quit($self, 400); + } + if ($r < 0) { # incomplete + $self->rbuf_idle($rbuf); + return $self->requeue; + } + $$rbuf = substr($$rbuf, $r); my $len = input_prepare($self, \%env); - $len ? event_read_input($self) : app_dispatch($self); + defined $len or return write_err($self, undef); # EMFILE/ENFILE + + $len ? read_input($self, $rbuf) : app_dispatch($self, undef, $rbuf); } -sub event_read_input ($) { - my ($self) = @_; +# IO::Handle::write returns boolean, this returns bytes written: +sub xwrite ($$$) { + my ($fh, $rbuf, $max) = @_; + my $w = bytes::length($$rbuf); + $w = $max if $w > $max; + $fh->write($$rbuf, $w) or return; + $w; +} + +sub read_input ($;$) { + my ($self, $rbuf) = @_; + $rbuf //= $self->{rbuf} // (\(my $x = '')); my $env = $self->{env}; - return event_read_input_chunked($self) if env_chunked($env); + return if $env->{REMOTE_ADDR}; # in app dispatch + return read_input_chunked($self, $rbuf) if env_chunked($env); # env->{CONTENT_LENGTH} (identity) - my $sock = $self->{sock}; - my $len = $self->{input_left}; - $self->{input_left} = undef; - my $rbuf = \($self->{rbuf}); + my $len = delete $self->{input_left}; my $input = $env->{'psgi.input'}; while ($len > 0) { if ($$rbuf ne '') { - my $w = write_in_full($input, $rbuf, $len); - return $self->write_err unless $w; + my $w = xwrite($input, $rbuf, $len); + return write_err($self, $len) unless $w; $len -= $w; die "BUG: $len < 0 (w=$w)" if $len < 0; if ($len == 0) { # next request may be pipelined @@ -92,24 +143,29 @@ sub event_read_input ($) { } $$rbuf = ''; } - my $r = sysread($sock, $$rbuf, 8192); - return $self->recv_err($r, $len) unless $r; + $self->do_read($rbuf, 8192) or return recv_err($self, $len); # continue looping if $r > 0; } - app_dispatch($self); + app_dispatch($self, $input, $rbuf); } -sub app_dispatch ($) { - my ($self) = @_; - $self->watch_read(0); +sub app_dispatch { + my ($self, $input, $rbuf) = @_; + $self->rbuf_idle($rbuf); my $env = $self->{env}; - $env->{REMOTE_ADDR} = $self->peer_ip_string; # Danga::Socket - $env->{REMOTE_PORT} = $self->{peer_port}; # set by peer_ip_string + $env->{REMOTE_ADDR} = $self->{remote_addr}; + $env->{REMOTE_PORT} = $self->{remote_port}; if (my $host = $env->{HTTP_HOST}) { - $host =~ s/:(\d+)\z// and $env->{SERVER_PORT} = $1; + $host =~ s/:([0-9]+)\z// and $env->{SERVER_PORT} = $1; $env->{SERVER_NAME} = $host; } - $env->{'psgi.input'}->seek(0, SEEK_SET); + if (defined $input) { + sysseek($input, 0, SEEK_SET) or + die "BUG: psgi.input seek failed: $!"; + } + # note: NOT $self->{sock}, we want our close (+ PublicInbox::DS::close), + # to do proper cleanup: + $env->{'psgix.io'} = $self; # for ->close or async_pass my $res = Plack::Util::run_app($self->{httpd}->{app}, $env); eval { if (ref($res) eq 'CODE') { @@ -138,162 +194,225 @@ sub response_header_write { if ($k =~ /\ATransfer-Encoding\z/i && $v =~ /\bchunked\b/i) { $chunked = 1; } - $h .= "$k: $v\r\n"; } my $conn = $env->{HTTP_CONNECTION} || ''; - my $alive = (defined($len) || $chunked) && - ($proto eq 'HTTP/1.1' && $conn !~ /\bclose\b/i) || - ($conn =~ /\bkeep-alive\b/i); - - $h .= 'Connection: ' . ($alive ? 'keep-alive' : 'close'); - $h .= "\r\nDate: " . time2str(time) . "\r\n\r\n"; + my $term = defined($len) || $chunked; + my $prot_persist = ($proto eq 'HTTP/1.1') && ($conn !~ /\bclose\b/i); + my $alive; + if (!$term && $prot_persist) { # auto-chunk + $chunked = $alive = 2; + $h .= "Transfer-Encoding: chunked\r\n"; + # no need for "Connection: keep-alive" with HTTP/1.1 + } elsif ($term && ($prot_persist || ($conn =~ /\bkeep-alive\b/i))) { + $alive = 1; + $h .= "Connection: keep-alive\r\n"; + } else { + $alive = 0; + $h .= "Connection: close\r\n"; + } + $h .= 'Date: ' . http_date() . "\r\n\r\n"; if (($len || $chunked) && $env->{REQUEST_METHOD} ne 'HEAD') { - more($self, $h); + msg_more($self, $h); } else { - $self->write($h); + $self->write(\$h); } - ($alive, $chunked); + $alive; } -sub response_write { - my ($self, $env, $res) = @_; - my ($alive, $chunked) = response_header_write($self, $env, $res); - my $write = sub { $self->write($_[0]) }; - my $close = sub { - if ($alive) { - $self->event_write; # watch for readability if done - } else { - $self->write(sub { $self->close }); - } - $self->{env} = undef; - }; +# middlewares such as Deflater may write empty strings +sub chunked_write ($$) { + my $self = $_[0]; + return if $_[1] eq ''; + msg_more($self, sprintf("%x\r\n", bytes::length($_[1]))); + msg_more($self, $_[1]); - if (defined $res->[2]) { - Plack::Util::foreach($res->[2], $write); - $close->(); - } else { - # this is returned to the calling application: - Plack::Util::inline_object(write => $write, close => $close); - } + # use $self->write(\"\n\n") if you care about real-time + # streaming responses, public-inbox WWW does not. + msg_more($self, "\r\n"); } -use constant MSG_MORE => ($^O eq 'linux') ? 0x8000 : 0; -sub more ($$) { +sub identity_write ($$) { my $self = $_[0]; - if (MSG_MORE && !$self->{write_buf_size}) { - my $n = send($self->{sock}, $_[1], MSG_MORE); - if (defined $n) { - my $dlen = length($_[1]); - return 1 if $n == $dlen; # all done! - $_[1] = substr($_[1], $n, $dlen - $n); - # fall through to normal write: - } + $self->write(\($_[1])) if $_[1] ne ''; +} + +sub next_request ($) { + my ($self) = @_; + if ($self->{rbuf}) { + # avoid recursion for pipelined requests + PublicInbox::DS::requeue(\&process_pipelineq) if !@$pipelineq; + push @$pipelineq, $self; + } else { # wait for next request + $self->requeue; } - $self->write($_[1]); } -# overrides existing Danga::Socket method -sub event_write { +sub response_done { + my ($self, $alive) = @_; + delete $self->{env}; # we're no longer busy + $self->write(\"0\r\n\r\n") if $alive == 2; + $self->write($alive ? \&next_request : \&close); +} + +sub getline_pull { my ($self) = @_; - # only continue watching for readability when we are done writing: - return if $self->write(undef) != 1; + my $forward = $self->{forward}; + + # limit our own running time for fairness with other + # clients and to avoid buffering too much: + my $buf = eval { + local $/ = \8192; + $forward->getline; + } if $forward; + + if (defined $buf) { + # may close in PublicInbox::DS::write + if ($self->{alive} == 2) { + chunked_write($self, $buf); + } else { + identity_write($self, $buf); + } + + if ($self->{sock}) { + my $wbuf = $self->{wbuf} //= []; + push @$wbuf, \&getline_pull; + + # wbuf may be populated by {chunked,identity}_write() + # above, no need to rearm if so: + $self->requeue if scalar(@$wbuf) == 1; + return; # likely + } + } elsif ($@) { + err($self, "response ->getline error: $@"); + $self->close; + } + # avoid recursion + if (delete $self->{forward}) { + eval { $forward->close }; + if ($@) { + err($self, "response ->close error: $@"); + $self->close; # idempotent + } + } + response_done($self, delete $self->{alive}); +} - if ($self->{rbuf} eq '') { - $self->watch_read(1); +sub response_write { + my ($self, $env, $res) = @_; + my $alive = response_header_write($self, $env, $res); + if (defined(my $body = $res->[2])) { + if (ref $body eq 'ARRAY') { + if ($alive == 2) { + chunked_write($self, $_) for @$body; + } else { + identity_write($self, $_) for @$body; + } + response_done($self, $alive); + } else { + $self->{forward} = $body; + $self->{alive} = $alive; + getline_pull($self); # kick-off! + } + # these are returned to the calling application: + } elsif ($alive == 2) { + bless [ $self, $alive ], 'PublicInbox::HTTP::Chunked'; } else { - # avoid recursion - Danga::Socket->AddTimer(0, sub { rbuf_process($self) }); + bless [ $self, $alive ], 'PublicInbox::HTTP::Identity'; } } +sub input_tmpfile ($) { + my $input = tmpfile('http.input', $_[0]->{sock}) or return; + $input->autoflush(1); + $input; +} + sub input_prepare { my ($self, $env) = @_; - my $input = $null_io; + my $input; my $len = $env->{CONTENT_LENGTH}; if ($len) { - $input = IO::File->new_tmpfile; + if ($len > $MAX_REQUEST_BUFFER) { + quit($self, 413); + return; + } + $input = input_tmpfile($self); } elsif (env_chunked($env)) { - $input = IO::File->new_tmpfile; $len = CHUNK_START; + $input = input_tmpfile($self); + } else { + $input = $null_io; } - binmode $input; + + # TODO: expire idle clients on ENFILE / EMFILE + return unless $input; + $env->{'psgi.input'} = $input; $self->{env} = $env; - $self->{input_left} = $len; + $self->{input_left} = $len || 0; } sub env_chunked { ($_[0]->{HTTP_TRANSFER_ENCODING} || '') =~ /\bchunked\b/i } +sub err ($$) { + eval { $_[0]->{httpd}->{env}->{'psgi.errors'}->print($_[1]."\n") }; +} + sub write_err { - my ($self) = @_; - my $err = $self->{env}->{'psgi.errors'}; + my ($self, $len) = @_; my $msg = $! || '(zero write)'; - $err->print("error buffering to input: $msg\n"); - $self->quit(500); + $msg .= " ($len bytes remaining)" if defined $len; + err($self, "error buffering to input: $msg"); + quit($self, 500); } sub recv_err { - my ($self, $r, $len) = @_; - return $self->close if (defined $r && $r == 0); - if ($!{EAGAIN}) { + my ($self, $len) = @_; + if ($! == EAGAIN) { # epoll/kevent watch already set by do_read $self->{input_left} = $len; - return; - } - my $err = $self->{env}->{'psgi.errors'}; - $err->print("error reading for input: $! ($len bytes remaining)\n"); - $self->quit(500); -} - -sub write_in_full { - my ($fh, $rbuf, $len) = @_; - my $rv = 0; - my $off = 0; - while ($len > 0) { - my $w = syswrite($fh, $$rbuf, $len, $off); - return ($rv ? $rv : $w) unless $w; # undef or 0 - $rv += $w; - $off += $w; - $len -= $w; + } else { + err($self, "error reading input: $! ($len bytes remaining)"); } - $rv } -sub event_read_input_chunked { # unlikely... - my ($self) = @_; +sub read_input_chunked { # unlikely... + my ($self, $rbuf) = @_; + $rbuf //= $self->{rbuf} // (\(my $x = '')); my $input = $self->{env}->{'psgi.input'}; - my $sock = $self->{sock}; - my $len = $self->{input_left}; - $self->{input_left} = undef; - my $rbuf = \($self->{rbuf}); + my $len = delete $self->{input_left}; while (1) { # chunk start if ($len == CHUNK_ZEND) { - return app_dispatch($self) if $$rbuf =~ s/\A\r\n//s; - return $self->quit(400) if length($$rbuf) > 2; + $$rbuf =~ s/\A\r\n//s and + return app_dispatch($self, $input, $rbuf); + + return quit($self, 400) if bytes::length($$rbuf) > 2; } if ($len == CHUNK_END) { if ($$rbuf =~ s/\A\r\n//s) { $len = CHUNK_START; - } elsif (length($$rbuf) > 2) { - return $self->quit(400); + } elsif (bytes::length($$rbuf) > 2) { + return quit($self, 400); } } if ($len == CHUNK_START) { if ($$rbuf =~ s/\A([a-f0-9]+).*?\r\n//i) { $len = hex $1; - } elsif (length($$rbuf) > CHUNK_MAX_HDR) { - return $self->quit(400); + if (($len + -s $input) > $MAX_REQUEST_BUFFER) { + return quit($self, 413); + } + } elsif (bytes::length($$rbuf) > CHUNK_MAX_HDR) { + return quit($self, 400); } # will break from loop since $len >= 0 } if ($len < 0) { # chunk header is trickled, read more - my $off = length($$rbuf); - my $r = sysread($sock, $$rbuf, 8192, $off); - return $self->recv_err($r, $len) unless $r; + $self->do_read($rbuf, 8192, bytes::length($$rbuf)) or + return recv_err($self, $len); # (implicit) goto chunk_start if $r > 0; } $len = CHUNK_ZEND if $len == 0; @@ -301,8 +420,8 @@ sub event_read_input_chunked { # unlikely... # drain the current chunk until ($len <= 0) { if ($$rbuf ne '') { - my $w = write_in_full($input, $rbuf, $len); - return $self->write_err unless $w; + my $w = xwrite($input, $rbuf, $len); + return write_err($self, "$len chunk") if !$w; $len -= $w; if ($len == 0) { # we may have leftover data to parse @@ -317,8 +436,8 @@ sub event_read_input_chunked { # unlikely... } if ($$rbuf eq '') { # read more of current chunk - my $r = sysread($sock, $$rbuf, 8192); - return $self->recv_err($r, $len) unless $r; + $self->do_read($rbuf, 8192) or + return recv_err($self, $len); } } } @@ -327,19 +446,49 @@ sub event_read_input_chunked { # unlikely... sub quit { my ($self, $status) = @_; my $h = "HTTP/1.1 $status " . status_message($status) . "\r\n\r\n"; - $self->write($h); + $self->write(\$h); $self->close; } -# callbacks for Danga::Socket - -sub event_hup { $_[0]->close } -sub event_err { $_[0]->close } +sub close { + my $self = $_[0]; + delete $self->{env}; # prevent circular references + if (my $forward = delete $self->{forward}) { + eval { $forward->close }; + err($self, "forward ->close error: $@") if $@; + } + $self->SUPER::close; # PublicInbox::DS::close +} # for graceful shutdown in PublicInbox::Daemon: sub busy () { my ($self) = @_; - ($self->{rbuf} ne '' || $self->{env} || $self->{write_buf_size}); + ($self->{rbuf} || $self->{env} || $self->{wbuf}); +} + +# Chunked and Identity packages are used for writing responses. +# They may be exposed to the PSGI application when the PSGI app +# returns a CODE ref for "push"-based responses +package PublicInbox::HTTP::Chunked; +use strict; + +sub write { + # ([$http], $buf) = @_; + PublicInbox::HTTP::chunked_write($_[0]->[0], $_[1]) +} + +sub close { + # $_[0] = [$http, $alive] + PublicInbox::HTTP::response_done(@{$_[0]}); +} + +package PublicInbox::HTTP::Identity; +use strict; +our @ISA = qw(PublicInbox::HTTP::Chunked); + +sub write { + # ([$http], $buf) = @_; + PublicInbox::HTTP::identity_write($_[0]->[0], $_[1]); } 1;