]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/webserver.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master' into circleci-docs
[thirdparty/pdns.git] / pdns / webserver.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "utility.hh"
26 #include "webserver.hh"
27 #include "misc.hh"
28 #include <thread>
29 #include "threadname.hh"
30 #include <vector>
31 #include "logger.hh"
32 #include <stdio.h>
33 #include "dns.hh"
34 #include "base64.hh"
35 #include "json.hh"
36 #include "uuid-utils.hh"
37 #include <yahttp/router.hpp>
38
39 json11::Json HttpRequest::json()
40 {
41 string err;
42 if(this->body.empty()) {
43 g_log<<Logger::Debug<<logprefix<<"JSON document expected in request body, but body was empty" << endl;
44 throw HttpBadRequestException();
45 }
46 json11::Json doc = json11::Json::parse(this->body, err);
47 if (doc.is_null()) {
48 g_log<<Logger::Debug<<logprefix<<"parsing of JSON document failed:" << err << endl;
49 throw HttpBadRequestException();
50 }
51 return doc;
52 }
53
54 bool HttpRequest::compareAuthorization(const string &expected_password)
55 {
56 // validate password
57 YaHTTP::strstr_map_t::iterator header = headers.find("authorization");
58 bool auth_ok = false;
59 if (header != headers.end() && toLower(header->second).find("basic ") == 0) {
60 string cookie = header->second.substr(6);
61
62 string plain;
63 B64Decode(cookie, plain);
64
65 vector<string> cparts;
66 stringtok(cparts, plain, ":");
67
68 // this gets rid of terminating zeros
69 auth_ok = (cparts.size()==2 && (0==strcmp(cparts[1].c_str(), expected_password.c_str())));
70 }
71 return auth_ok;
72 }
73
74 bool HttpRequest::compareHeader(const string &header_name, const string &expected_value)
75 {
76 YaHTTP::strstr_map_t::iterator header = headers.find(header_name);
77 if (header == headers.end())
78 return false;
79
80 // this gets rid of terminating zeros
81 return (0==strcmp(header->second.c_str(), expected_value.c_str()));
82 }
83
84
85 void HttpResponse::setBody(const json11::Json& document)
86 {
87 document.dump(this->body);
88 }
89
90 void HttpResponse::setErrorResult(const std::string& message, const int status_)
91 {
92 setBody(json11::Json::object { { "error", message } });
93 this->status = status_;
94 }
95
96 void HttpResponse::setSuccessResult(const std::string& message, const int status_)
97 {
98 setBody(json11::Json::object { { "result", message } });
99 this->status = status_;
100 }
101
102 static void bareHandlerWrapper(WebServer::HandlerFunction handler, YaHTTP::Request* req, YaHTTP::Response* resp)
103 {
104 // wrapper to convert from YaHTTP::* to our subclasses
105 handler(static_cast<HttpRequest*>(req), static_cast<HttpResponse*>(resp));
106 }
107
108 void WebServer::registerBareHandler(const string& url, HandlerFunction handler)
109 {
110 YaHTTP::THandlerFunction f = boost::bind(&bareHandlerWrapper, handler, _1, _2);
111 YaHTTP::Router::Any(url, f);
112 }
113
114 static bool optionsHandler(HttpRequest* req, HttpResponse* resp) {
115 if (req->method == "OPTIONS") {
116 resp->headers["access-control-allow-origin"] = "*";
117 resp->headers["access-control-allow-headers"] = "Content-Type, X-API-Key";
118 resp->headers["access-control-allow-methods"] = "GET, POST, PUT, PATCH, DELETE, OPTIONS";
119 resp->headers["access-control-max-age"] = "3600";
120 resp->status = 200;
121 resp->headers["content-type"]= "text/plain";
122 resp->body = "";
123 return true;
124 }
125 return false;
126 }
127
128 void WebServer::apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, bool allowPassword) {
129 if (optionsHandler(req, resp)) return;
130
131 resp->headers["access-control-allow-origin"] = "*";
132
133 if (d_apikey.empty()) {
134 g_log<<Logger::Error<<req->logprefix<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
135 throw HttpUnauthorizedException("X-API-Key");
136 }
137
138 bool auth_ok = req->compareHeader("x-api-key", d_apikey) || req->getvars["api-key"] == d_apikey;
139
140 if (!auth_ok && allowPassword) {
141 if (!d_webserverPassword.empty()) {
142 auth_ok = req->compareAuthorization(d_webserverPassword);
143 } else {
144 auth_ok = true;
145 }
146 }
147
148 if (!auth_ok) {
149 g_log<<Logger::Error<<req->logprefix<<"HTTP Request \"" << req->url.path << "\": Authentication by API Key failed" << endl;
150 throw HttpUnauthorizedException("X-API-Key");
151 }
152
153 resp->headers["Content-Type"] = "application/json";
154
155 // security headers
156 resp->headers["X-Content-Type-Options"] = "nosniff";
157 resp->headers["X-Frame-Options"] = "deny";
158 resp->headers["X-Permitted-Cross-Domain-Policies"] = "none";
159 resp->headers["X-XSS-Protection"] = "1; mode=block";
160 resp->headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
161
162 req->getvars.erase("_"); // jQuery cache buster
163
164 try {
165 resp->status = 200;
166 handler(req, resp);
167 } catch (ApiException &e) {
168 resp->setErrorResult(e.what(), 422);
169 return;
170 } catch (JsonException &e) {
171 resp->setErrorResult(e.what(), 422);
172 return;
173 }
174
175 if (resp->status == 204) {
176 // No Content -> no Content-Type.
177 resp->headers.erase("Content-Type");
178 }
179 }
180
181 void WebServer::registerApiHandler(const string& url, HandlerFunction handler, bool allowPassword) {
182 HandlerFunction f = boost::bind(&WebServer::apiWrapper, this, handler, _1, _2, allowPassword);
183 registerBareHandler(url, f);
184 }
185
186 void WebServer::webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
187 if (!d_webserverPassword.empty()) {
188 bool auth_ok = req->compareAuthorization(d_webserverPassword);
189 if (!auth_ok) {
190 g_log<<Logger::Debug<<req->logprefix<<"HTTP Request \"" << req->url.path << "\": Web Authentication failed" << endl;
191 throw HttpUnauthorizedException("Basic");
192 }
193 }
194
195 handler(req, resp);
196 }
197
198 void WebServer::registerWebHandler(const string& url, HandlerFunction handler) {
199 HandlerFunction f = boost::bind(&WebServer::webWrapper, this, handler, _1, _2);
200 registerBareHandler(url, f);
201 }
202
203 static void *WebServerConnectionThreadStart(const WebServer* webServer, std::shared_ptr<Socket> client) {
204 setThreadName("pdns-r/webhndlr");
205 webServer->serveConnection(client);
206 return nullptr;
207 }
208
209 void WebServer::handleRequest(HttpRequest& req, HttpResponse& resp) const
210 {
211 // set default headers
212 resp.headers["Content-Type"] = "text/html; charset=utf-8";
213
214 try {
215 if (!req.complete) {
216 g_log<<Logger::Debug<<req.logprefix<<"Incomplete request" << endl;
217 throw HttpBadRequestException();
218 }
219
220 g_log<<Logger::Debug<<req.logprefix<<"Handling request \"" << req.url.path << "\"" << endl;
221
222 YaHTTP::strstr_map_t::iterator header;
223
224 if ((header = req.headers.find("accept")) != req.headers.end()) {
225 // json wins over html
226 if (header->second.find("application/json") != std::string::npos) {
227 req.accept_json = true;
228 } else if (header->second.find("text/html") != std::string::npos) {
229 req.accept_html = true;
230 }
231 }
232
233 YaHTTP::THandlerFunction handler;
234 if (!YaHTTP::Router::Route(&req, handler)) {
235 g_log<<Logger::Debug<<req.logprefix<<"No route found for \"" << req.url.path << "\"" << endl;
236 throw HttpNotFoundException();
237 }
238
239 try {
240 handler(&req, &resp);
241 g_log<<Logger::Debug<<req.logprefix<<"Result for \"" << req.url.path << "\": " << resp.status << ", body length: " << resp.body.size() << endl;
242 }
243 catch(HttpException&) {
244 throw;
245 }
246 catch(PDNSException &e) {
247 g_log<<Logger::Error<<req.logprefix<<"HTTP ISE for \""<< req.url.path << "\": Exception: " << e.reason << endl;
248 throw HttpInternalServerErrorException();
249 }
250 catch(std::exception &e) {
251 g_log<<Logger::Error<<req.logprefix<<"HTTP ISE for \""<< req.url.path << "\": STL Exception: " << e.what() << endl;
252 throw HttpInternalServerErrorException();
253 }
254 catch(...) {
255 g_log<<Logger::Error<<req.logprefix<<"HTTP ISE for \""<< req.url.path << "\": Unknown Exception" << endl;
256 throw HttpInternalServerErrorException();
257 }
258 }
259 catch(HttpException &e) {
260 resp = e.response();
261 // TODO rm this logline?
262 g_log<<Logger::Debug<<req.logprefix<<"Error result for \"" << req.url.path << "\": " << resp.status << endl;
263 string what = YaHTTP::Utility::status2text(resp.status);
264 if(req.accept_html) {
265 resp.headers["Content-Type"] = "text/html; charset=utf-8";
266 resp.body = "<!html><title>" + what + "</title><h1>" + what + "</h1>";
267 } else if (req.accept_json) {
268 resp.headers["Content-Type"] = "application/json";
269 if (resp.body.empty()) {
270 resp.setErrorResult(what, resp.status);
271 }
272 } else {
273 resp.headers["Content-Type"] = "text/plain; charset=utf-8";
274 resp.body = what;
275 }
276 }
277
278 // always set these headers
279 resp.headers["Server"] = "PowerDNS/" VERSION;
280 resp.headers["Connection"] = "close";
281
282 if (req.method == "HEAD") {
283 resp.body = "";
284 } else {
285 resp.headers["Content-Length"] = std::to_string(resp.body.size());
286 }
287 }
288
289 void WebServer::logRequest(const HttpRequest& req, const ComboAddress& remote) const {
290 if (d_loglevel >= WebServer::LogLevel::Detailed) {
291 auto logprefix = req.logprefix;
292 g_log<<Logger::Notice<<logprefix<<"Request details:"<<endl;
293
294 bool first = true;
295 for (const auto& r : req.getvars) {
296 if (first) {
297 first = false;
298 g_log<<Logger::Notice<<logprefix<<" GET params:"<<endl;
299 }
300 g_log<<Logger::Notice<<logprefix<<" "<<r.first<<": "<<r.second<<endl;
301 }
302
303 first = true;
304 for (const auto& r : req.postvars) {
305 if (first) {
306 first = false;
307 g_log<<Logger::Notice<<logprefix<<" POST params:"<<endl;
308 }
309 g_log<<Logger::Notice<<logprefix<<" "<<r.first<<": "<<r.second<<endl;
310 }
311
312 first = true;
313 for (const auto& h : req.headers) {
314 if (first) {
315 first = false;
316 g_log<<Logger::Notice<<logprefix<<" Headers:"<<endl;
317 }
318 g_log<<Logger::Notice<<logprefix<<" "<<h.first<<": "<<h.second<<endl;
319 }
320
321 if (req.body.empty()) {
322 g_log<<Logger::Notice<<logprefix<<" No body"<<endl;
323 } else {
324 g_log<<Logger::Notice<<logprefix<<" Full body: "<<endl;
325 g_log<<Logger::Notice<<logprefix<<" "<<req.body<<endl;
326 }
327 }
328 }
329
330 void WebServer::logResponse(const HttpResponse& resp, const ComboAddress& remote, const string& logprefix) const {
331 if (d_loglevel >= WebServer::LogLevel::Detailed) {
332 g_log<<Logger::Notice<<logprefix<<"Response details:"<<endl;
333 bool first = true;
334 for (const auto& h : resp.headers) {
335 if (first) {
336 first = false;
337 g_log<<Logger::Notice<<logprefix<<" Headers:"<<endl;
338 }
339 g_log<<Logger::Notice<<logprefix<<" "<<h.first<<": "<<h.second<<endl;
340 }
341 if (resp.body.empty()) {
342 g_log<<Logger::Notice<<logprefix<<" No body"<<endl;
343 } else {
344 g_log<<Logger::Notice<<logprefix<<" Full body: "<<endl;
345 g_log<<Logger::Notice<<logprefix<<" "<<resp.body<<endl;
346 }
347 }
348 }
349
350 void WebServer::serveConnection(std::shared_ptr<Socket> client) const {
351 const string logprefix = d_logprefix + to_string(getUniqueID()) + " ";
352
353 HttpRequest req(logprefix);
354 HttpResponse resp;
355 ComboAddress remote;
356 string reply;
357
358 try {
359 YaHTTP::AsyncRequestLoader yarl;
360 yarl.initialize(&req);
361 int timeout = 5;
362 client->setNonBlocking();
363
364 try {
365 while(!req.complete) {
366 int bytes;
367 char buf[1024];
368 bytes = client->readWithTimeout(buf, sizeof(buf), timeout);
369 if (bytes > 0) {
370 string data = string(buf, bytes);
371 req.complete = yarl.feed(data);
372 } else {
373 // read error OR EOF
374 break;
375 }
376 }
377 yarl.finalize();
378 } catch (YaHTTP::ParseError &e) {
379 // request stays incomplete
380 g_log<<Logger::Warning<<logprefix<<"Unable to parse request: "<<e.what()<<endl;
381 }
382
383 if (d_loglevel >= WebServer::LogLevel::None) {
384 client->getRemote(remote);
385 }
386
387 logRequest(req, remote);
388
389 WebServer::handleRequest(req, resp);
390 ostringstream ss;
391 resp.write(ss);
392 reply = ss.str();
393
394 logResponse(resp, remote, logprefix);
395
396 client->writenWithTimeout(reply.c_str(), reply.size(), timeout);
397 }
398 catch(PDNSException &e) {
399 g_log<<Logger::Error<<logprefix<<"HTTP Exception: "<<e.reason<<endl;
400 }
401 catch(std::exception &e) {
402 if(strstr(e.what(), "timeout")==0)
403 g_log<<Logger::Error<<logprefix<<"HTTP STL Exception: "<<e.what()<<endl;
404 }
405 catch(...) {
406 g_log<<Logger::Error<<logprefix<<"Unknown exception"<<endl;
407 }
408
409 if (d_loglevel >= WebServer::LogLevel::Normal) {
410 g_log<<Logger::Notice<<logprefix<<remote<<" \""<<req.method<<" "<<req.url.path<<" HTTP/"<<req.versionStr(req.version)<<"\" "<<resp.status<<" "<<reply.size()<<endl;
411 }
412 }
413
414 WebServer::WebServer(const string &listenaddress, int port) :
415 d_listenaddress(listenaddress),
416 d_port(port),
417 d_server(nullptr)
418 {
419 }
420
421 void WebServer::bind()
422 {
423 try {
424 d_server = createServer();
425 g_log<<Logger::Warning<<d_logprefix<<"Listening for HTTP requests on "<<d_server->d_local.toStringWithPort()<<endl;
426 }
427 catch(NetworkError &e) {
428 g_log<<Logger::Error<<d_logprefix<<"Listening on HTTP socket failed: "<<e.what()<<endl;
429 d_server = nullptr;
430 }
431 }
432
433 void WebServer::go()
434 {
435 if(!d_server)
436 return;
437 try {
438 while(true) {
439 try {
440 auto client = d_server->accept();
441 if (!client) {
442 continue;
443 }
444 if (client->acl(d_acl)) {
445 std::thread webHandler(WebServerConnectionThreadStart, this, client);
446 webHandler.detach();
447 } else {
448 ComboAddress remote;
449 if (client->getRemote(remote))
450 g_log<<Logger::Error<<d_logprefix<<"Webserver closing socket: remote ("<< remote.toString() <<") does not match the set ACL("<<d_acl.toString()<<")"<<endl;
451 }
452 }
453 catch(PDNSException &e) {
454 g_log<<Logger::Error<<d_logprefix<<"PDNSException while accepting a connection in main webserver thread: "<<e.reason<<endl;
455 }
456 catch(std::exception &e) {
457 g_log<<Logger::Error<<d_logprefix<<"STL Exception while accepting a connection in main webserver thread: "<<e.what()<<endl;
458 }
459 catch(...) {
460 g_log<<Logger::Error<<d_logprefix<<"Unknown exception while accepting a connection in main webserver thread"<<endl;
461 }
462 }
463 }
464 catch(PDNSException &e) {
465 g_log<<Logger::Error<<d_logprefix<<"PDNSException in main webserver thread: "<<e.reason<<endl;
466 }
467 catch(std::exception &e) {
468 g_log<<Logger::Error<<d_logprefix<<"STL Exception in main webserver thread: "<<e.what()<<endl;
469 }
470 catch(...) {
471 g_log<<Logger::Error<<d_logprefix<<"Unknown exception in main webserver thread"<<endl;
472 }
473 _exit(1);
474 }
Unnamed repository; edit this file 'description' to name the repository.