Add Status page:

* Make HTTP(S) requests on websocket ports reply with Status page * Fix isWebsocketUpgrade to compare case insensitive * Make websocket upgrades with no websocket protocols configured report error * Create unit test for unauthorized requests and the status page
2025-11-19 18:45:52 +00:00 · 2016-09-14 21:01:35 -04:00
parent aca6db5601
commit e6ed9ae4d8
6 changed files with 329 additions and 53 deletions
--- a/Builds/VisualStudio2015/RippleD.vcxproj
+++ b/Builds/VisualStudio2015/RippleD.vcxproj
@@ -4752,6 +4752,10 @@
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='debug|x64'">True</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='release|x64'">True</ExcludedFromBuild>
    </ClCompile>
+    <ClCompile Include="..\..\src\test\server\ServerStatus_test.cpp">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='debug|x64'">True</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='release|x64'">True</ExcludedFromBuild>
+    </ClCompile>
    <ClCompile Include="..\..\src\test\server\Server_test.cpp">
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='debug|x64'">True</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='release|x64'">True</ExcludedFromBuild>
--- a/Builds/VisualStudio2015/RippleD.vcxproj.filters
+++ b/Builds/VisualStudio2015/RippleD.vcxproj.filters
@@ -5439,6 +5439,9 @@
    <ClCompile Include="..\..\src\test\rpc\Subscribe_test.cpp">
      <Filter>test\rpc</Filter>
    </ClCompile>
+    <ClCompile Include="..\..\src\test\server\ServerStatus_test.cpp">
+      <Filter>test\server</Filter>
+    </ClCompile>
    <ClCompile Include="..\..\src\test\server\Server_test.cpp">
      <Filter>test\server</Filter>
    </ClCompile>
--- a/src/ripple/rpc/impl/ServerHandlerImp.cpp
+++ b/src/ripple/rpc/impl/ServerHandlerImp.cpp
@@ -39,8 +39,10 @@
 #include <ripple/resource/Fees.h>
 #include <ripple/rpc/impl/Tuning.h>
 #include <ripple/rpc/RPCHandler.h>
+#include <ripple/server/SimpleWriter.h>
 #include <beast/core/detail/base64.hpp>
 #include <beast/http/headers.hpp>
+#include <beast/http/string_body.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/type_traits.hpp>
 #include <boost/optional.hpp>
@@ -50,6 +52,72 @@

 namespace ripple {

+// Returns `true` if the HTTP request is a Websockets Upgrade
+// http://en.wikipedia.org/wiki/HTTP/1.1_Upgrade_header#Use_with_WebSockets
+static
+bool
+isWebsocketUpgrade(
+    http_request_type const& request)
+{
+    if (is_upgrade(request))
+        return beast::detail::ci_equal(
+            request.headers["Upgrade"], "websocket");
+    return false;
+}
+
+static
+bool
+isStatusRequest(
+    http_request_type const& request)
+{
+    return request.version >= 11 && request.url == "/" &&
+            request.body.size() == 0 && request.method == "GET";
+}
+
+static
+Handoff
+unauthorizedResponse(
+    http_request_type const& request)
+{
+    using namespace beast::http;
+    Handoff handoff;
+    response_v1<string_body> msg;
+    msg.version = request.version;
+    msg.status = 401;
+    msg.reason = "Unauthorized";
+    msg.headers.insert("Server", BuildInfo::getFullVersionString());
+    msg.headers.insert("Content-Type", "text/html");
+    msg.body = "Invalid protocol.";
+    prepare(msg, beast::http::connection::close);
+    handoff.response = std::make_shared<SimpleWriter>(msg);
+    return handoff;
+}
+
+// VFALCO TODO Rewrite to use beast::http::headers
+static
+bool
+authorized (
+    Port const& port,
+    std::map<std::string, std::string> const& h)
+{
+    if (port.user.empty() || port.password.empty())
+        return true;
+
+    auto const it = h.find ("authorization");
+    if ((it == h.end ()) || (it->second.substr (0, 6) != "Basic "))
+        return false;
+    std::string strUserPass64 = it->second.substr (6);
+    boost::trim (strUserPass64);
+    std::string strUserPass = beast::detail::base64_decode (strUserPass64);
+    std::string::size_type nColon = strUserPass.find (":");
+    if (nColon == std::string::npos)
+        return false;
+    std::string strUser = strUserPass.substr (0, nColon);
+    std::string strPassword = strUserPass.substr (nColon + 1);
+    return strUser == port.user && strPassword == port.password;
+}
+
+
 ServerHandlerImp::ServerHandlerImp (Application& app, Stoppable& parent,
    boost::asio::io_service& io_service, JobQueue& jobQueue,
        NetworkOPs& networkOPs, Resource::Manager& resourceManager,
@@ -119,9 +187,9 @@ ServerHandlerImp::onHandoff (Session& session,
 {
    if(isWebsocketUpgrade(request))
    {
-        Handoff handoff;
        if(session.port().protocol.count("wss2") > 0)
        {
+            Handoff handoff;
            auto const ws = session.websocketUpgrade();
            auto is = std::make_shared<WSInfoSub>(m_networkOPs, ws);
            is->getConsumer() = requestInboundEndpoint(
@@ -135,7 +203,9 @@ ServerHandlerImp::onHandoff (Session& session,
        }

        if(session.port().protocol.count("wss") > 0)
-            return handoff; // Pass to websocket
+            return {}; // Pass to websocket
+
+        return unauthorizedResponse(request);
    }

    if(session.port().protocol.count("peer") > 0)
@@ -144,6 +214,9 @@ ServerHandlerImp::onHandoff (Session& session,
            std::move(request), remote_address);
    }

+    if (session.port().protocol.count("wss2") > 0 && isStatusRequest(request))
+        return statusResponse(request);
+
    // Pass to legacy onRequest
    return {};
 }
@@ -155,22 +228,30 @@ ServerHandlerImp::onHandoff (Session& session,
            boost::asio::ip::tcp::endpoint remote_address) ->
    Handoff
 {
-    Handoff handoff;
-    if(session.port().protocol.count("ws2") > 0 &&
-        isWebsocketUpgrade (request))
+    if(isWebsocketUpgrade(request))
    {
-        auto const ws = session.websocketUpgrade();
-        auto is = std::make_shared<WSInfoSub>(m_networkOPs, ws);
-        is->getConsumer() = requestInboundEndpoint(
-            m_resourceManager,
-                beast::IPAddressConversion::from_asio(remote_address),
-                    session.port(), is->user());
-        ws->appDefined = std::move(is);
-        ws->run();
-        handoff.moved = true;
+        if (session.port().protocol.count("ws2") > 0)
+        {
+            Handoff handoff;
+            auto const ws = session.websocketUpgrade();
+            auto is = std::make_shared<WSInfoSub>(m_networkOPs, ws);
+            is->getConsumer() = requestInboundEndpoint(
+                m_resourceManager, beast::IPAddressConversion::from_asio(
+                    remote_address), session.port(), is->user());
+            ws->appDefined = std::move(is);
+            ws->run();
+            handoff.moved = true;
+            return handoff;
+        }
+
+        return unauthorizedResponse(request);
    }
+
+    if (session.port().protocol.count("ws2") > 0 && isStatusRequest(request))
+        return statusResponse(request);
+
    // Otherwise pass to legacy onRequest or websocket
-    return handoff;
+    return {};
 }

 static inline
@@ -616,36 +697,40 @@ ServerHandlerImp::processRequest (Port const& port,

 //------------------------------------------------------------------------------

-// Returns `true` if the HTTP request is a Websockets Upgrade
-// http://en.wikipedia.org/wiki/HTTP/1.1_Upgrade_header#Use_with_WebSockets
-bool
-ServerHandlerImp::isWebsocketUpgrade (http_request_type const& request)
+/*  This response is used with load balancing.
+    If the server is overloaded, status 500 is reported. Otherwise status 200
+    is reported, meaning the server can accept more connections.
+*/
+Handoff
+ServerHandlerImp::statusResponse(
+    http_request_type const& request) const
 {
-    if (is_upgrade(request))
-        return request.headers["Upgrade"] == "websocket";
-    return false;
-}
-
-// VFALCO TODO Rewrite to use beast::http::headers
-bool
-ServerHandlerImp::authorized (Port const& port,
-    std::map<std::string, std::string> const& h)
-{
-    if (port.user.empty() || port.password.empty())
-        return true;
-
-    auto const it = h.find ("authorization");
-    if ((it == h.end ()) || (it->second.substr (0, 6) != "Basic "))
-        return false;
-    std::string strUserPass64 = it->second.substr (6);
-    boost::trim (strUserPass64);
-    std::string strUserPass = beast::detail::base64_decode (strUserPass64);
-    std::string::size_type nColon = strUserPass.find (":");
-    if (nColon == std::string::npos)
-        return false;
-    std::string strUser = strUserPass.substr (0, nColon);
-    std::string strPassword = strUserPass.substr (nColon + 1);
-    return strUser == port.user && strPassword == port.password;
+    using namespace beast::http;
+    Handoff handoff;
+    response_v1<string_body> msg;
+    std::string reason;
+    if (app_.serverOkay(reason))
+    {
+        msg.status = 200;
+        msg.reason = "OK";
+        msg.body = "<!DOCTYPE html><html><head><title>" + systemName() +
+            " Test page for rippled</title></head><body><h1>" +
+                systemName() + " Test</h1><p>This page shows rippled http(s) "
+                    "connectivity is working.</p></body></html>";
+    }
+    else
+    {
+        msg.status = 500;
+        msg.reason = "Internal Server Error";
+        msg.body = "<HTML><BODY>Server cannot accept clients: " +
+            reason + "</BODY></HTML>";
+    }
+    msg.version = request.version;
+    msg.headers.insert("Server", BuildInfo::getFullVersionString());
+    msg.headers.insert("Content-Type", "text/html");
+    prepare(msg, beast::http::connection::close);
+    handoff.response = std::make_shared<SimpleWriter>(msg);
+    return handoff;
 }

 //------------------------------------------------------------------------------
--- a/src/ripple/rpc/impl/ServerHandlerImp.h
+++ b/src/ripple/rpc/impl/ServerHandlerImp.h
@@ -149,8 +149,7 @@ public:
    void
    onStopped (Server&);

-    //--------------------------------------------------------------------------
-
+private:
    Json::Value
    processSession(
        std::shared_ptr<WSSession> const& session,
@@ -167,13 +166,10 @@ public:
        std::shared_ptr<JobCoro> jobCoro,
        std::string forwardedFor, std::string user);

-private:
-    bool
-    isWebsocketUpgrade (http_request_type const& request);
+    Handoff
+    statusResponse(http_request_type const& request) const;
+

-    bool
-    authorized (Port const& port,
-        std::map<std::string, std::string> const& h);
 };

 }
--- a/src/test/server/ServerStatus_test.cpp
+++ b/src/test/server/ServerStatus_test.cpp
@@ -0,0 +1,187 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of rippled: https://github.com/ripple/rippled
+    Copyright (c) 2012, 2013 Ripple Labs Inc.
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose  with  or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL ,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#include <BeastConfig.h>
+#include <ripple/rpc/ServerHandler.h>
+#include <ripple/test/jtx.h>
+#include <beast/core/to_string.hpp>
+#include <beast/http.hpp>
+#include <beast/websocket/detail/mask.hpp>
+#include <boost/asio.hpp>
+#include <boost/asio/ssl.hpp>
+
+namespace ripple {
+namespace test {
+
+class ServerStatus_test : public beast::unit_test::suite
+{
+public:
+    void
+    testUnauthorizedRequest()
+    {
+        using namespace jtx;
+        Env env(*this, []()
+            {
+                auto p = std::make_unique<Config>();
+                setupConfigForUnitTests(*p);
+                p->section("port_ws").set("protocol", "http,https");
+                return p;
+            }());
+        auto const port = env.app().config()["port_ws"].
+            get<std::uint16_t>("port");
+        if(! BEAST_EXPECT(port))
+            return;
+
+        using namespace boost::asio;
+        using namespace beast::http;
+        io_service ios;
+        ip::tcp::resolver r{ios};
+        beast::streambuf sb;
+        response_v1<string_body> resp;
+        boost::system::error_code ec;
+
+        beast::websocket::detail::maskgen maskgen;
+        request_v1<empty_body> req;
+        req.url = "/";
+        req.version = 11;
+        req.method = "GET";
+        req.headers.insert("Host", "127.0.0.1:" + to_string(*port));
+        req.headers.insert("Upgrade", "websocket");
+        std::string key = beast::websocket::detail::make_sec_ws_key(maskgen);
+        req.headers.insert("Sec-WebSocket-Key", key);
+        req.headers.insert("Sec-WebSocket-Version", "13");
+        prepare(req, connection::upgrade);
+
+        // non secure socket
+        {
+            ip::tcp::socket sock{ios};
+            connect(sock, r.resolve(
+                ip::tcp::resolver::query{"127.0.0.1", to_string(*port)}), ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            write(sock, req, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            read(sock, sb, resp, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            BEAST_EXPECT(resp.status == 401);
+        }
+
+        // secure socket
+        {
+            ssl::context ctx{ssl::context::sslv23};
+            ctx.set_verify_mode(ssl::verify_none);
+            ssl::stream<ip::tcp::socket> ss{ios, ctx};
+            connect(ss.next_layer(), r.resolve(
+                ip::tcp::resolver::query{"127.0.0.1", to_string(*port)}));
+            ss.handshake(ssl::stream_base::client, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            write(ss, req, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            read(ss, sb, resp, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            BEAST_EXPECT(resp.status == 401);
+        }
+    }
+
+    void
+    testStatusRequest()
+    {
+        using namespace jtx;
+        Env env(*this, []()
+            {
+                auto p = std::make_unique<Config>();
+                setupConfigForUnitTests(*p);
+                p->section("port_ws").set("protocol", "ws2,wss2");
+                return p;
+            }());
+        auto const port = env.app().config()["port_ws"].
+            get<std::uint16_t>("port");
+        if(! BEAST_EXPECT(port))
+            return;
+
+        using namespace boost::asio;
+        using namespace beast::http;
+        io_service ios;
+        ip::tcp::resolver r{ios};
+        beast::streambuf sb;
+        response_v1<string_body> resp;
+        boost::system::error_code ec;
+
+        request_v1<empty_body> req;
+        req.url = "/";
+        req.version = 11;
+        req.method = "GET";
+        req.headers.insert("Host", "127.0.0.1:" + to_string(*port));
+        req.headers.insert("User-Agent", "test");
+        prepare(req);
+
+        // Request the status page on a non secure socket
+        {
+            ip::tcp::socket sock{ios};
+            connect(sock, r.resolve(
+                ip::tcp::resolver::query{"127.0.0.1", to_string(*port)}), ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            write(sock, req, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            read(sock, sb, resp, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            BEAST_EXPECT(resp.status == 200);
+        }
+
+        // Request the status page on a secure socket
+        {
+            ssl::context ctx{ssl::context::sslv23};
+            ctx.set_verify_mode(ssl::verify_none);
+            ssl::stream<ip::tcp::socket> ss{ios, ctx};
+            connect(ss.next_layer(), r.resolve(
+                ip::tcp::resolver::query{"127.0.0.1", to_string(*port)}));
+            ss.handshake(ssl::stream_base::client, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            write(ss, req, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            read(ss, sb, resp, ec);
+            if(! BEAST_EXPECTS(! ec, ec.message()))
+                return;
+            BEAST_EXPECT(resp.status == 200);
+        }
+    };
+
+    void
+    run()
+    {
+        testUnauthorizedRequest();
+        testStatusRequest();
+    };
+};
+
+BEAST_DEFINE_TESTSUITE(ServerStatus, server, ripple);
+
+} // test
+} // ripple
+
--- a/src/unity/server_test_unity.cpp
+++ b/src/unity/server_test_unity.cpp
@@ -18,4 +18,5 @@
 */
 //==============================================================================

-#include <test/server/Server_test.cpp>
+#include <test/server/Server_test.cpp>
+#include <test/server/ServerStatus_test.cpp>