godot/platform/web/export/editor_http_server.h
Fabio Alessandrelli adba870534 [NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static
functions.

- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)

This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
2023-01-28 11:08:02 +01:00

251 lines
8.1 KiB
C++

/**************************************************************************/
/* editor_http_server.h */
/**************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* https://godotengine.org */
/**************************************************************************/
/* Copyright (c) 2014-present Godot Engine contributors (see AUTHORS.md). */
/* Copyright (c) 2007-2014 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. */
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/**************************************************************************/
#ifndef WEB_EDITOR_HTTP_SERVER_H
#define WEB_EDITOR_HTTP_SERVER_H
#include "core/io/image_loader.h"
#include "core/io/stream_peer_tls.h"
#include "core/io/tcp_server.h"
#include "core/io/zip_io.h"
#include "editor/editor_paths.h"
class EditorHTTPServer : public RefCounted {
private:
Ref<TCPServer> server;
HashMap<String, String> mimes;
Ref<StreamPeerTCP> tcp;
Ref<StreamPeerTLS> tls;
Ref<StreamPeer> peer;
Ref<CryptoKey> key;
Ref<X509Certificate> cert;
bool use_tls = false;
uint64_t time = 0;
uint8_t req_buf[4096];
int req_pos = 0;
void _clear_client() {
peer = Ref<StreamPeer>();
tls = Ref<StreamPeerTLS>();
tcp = Ref<StreamPeerTCP>();
memset(req_buf, 0, sizeof(req_buf));
time = 0;
req_pos = 0;
}
void _set_internal_certs(Ref<Crypto> p_crypto) {
const String cache_path = EditorPaths::get_singleton()->get_cache_dir();
const String key_path = cache_path.path_join("html5_server.key");
const String crt_path = cache_path.path_join("html5_server.crt");
bool regen = !FileAccess::exists(key_path) || !FileAccess::exists(crt_path);
if (!regen) {
key = Ref<CryptoKey>(CryptoKey::create());
cert = Ref<X509Certificate>(X509Certificate::create());
if (key->load(key_path) != OK || cert->load(crt_path) != OK) {
regen = true;
}
}
if (regen) {
key = p_crypto->generate_rsa(2048);
key->save(key_path);
cert = p_crypto->generate_self_signed_certificate(key, "CN=godot-debug.local,O=A Game Dev,C=XXA", "20140101000000", "20340101000000");
cert->save(crt_path);
}
}
public:
EditorHTTPServer() {
mimes["html"] = "text/html";
mimes["js"] = "application/javascript";
mimes["json"] = "application/json";
mimes["pck"] = "application/octet-stream";
mimes["png"] = "image/png";
mimes["svg"] = "image/svg";
mimes["wasm"] = "application/wasm";
server.instantiate();
stop();
}
void stop() {
server->stop();
_clear_client();
}
Error listen(int p_port, IPAddress p_address, bool p_use_tls, String p_tls_key, String p_tls_cert) {
use_tls = p_use_tls;
if (use_tls) {
Ref<Crypto> crypto = Crypto::create();
if (crypto.is_null()) {
return ERR_UNAVAILABLE;
}
if (!p_tls_key.is_empty() && !p_tls_cert.is_empty()) {
key = Ref<CryptoKey>(CryptoKey::create());
Error err = key->load(p_tls_key);
ERR_FAIL_COND_V(err != OK, err);
cert = Ref<X509Certificate>(X509Certificate::create());
err = cert->load(p_tls_cert);
ERR_FAIL_COND_V(err != OK, err);
} else {
_set_internal_certs(crypto);
}
}
return server->listen(p_port, p_address);
}
bool is_listening() const {
return server->is_listening();
}
void _send_response() {
Vector<String> psa = String((char *)req_buf).split("\r\n");
int len = psa.size();
ERR_FAIL_COND_MSG(len < 4, "Not enough response headers, got: " + itos(len) + ", expected >= 4.");
Vector<String> req = psa[0].split(" ", false);
ERR_FAIL_COND_MSG(req.size() < 2, "Invalid protocol or status code.");
// Wrong protocol
ERR_FAIL_COND_MSG(req[0] != "GET" || req[2] != "HTTP/1.1", "Invalid method or HTTP version.");
const int query_index = req[1].find_char('?');
const String path = (query_index == -1) ? req[1] : req[1].substr(0, query_index);
const String req_file = path.get_file();
const String req_ext = path.get_extension();
const String cache_path = EditorPaths::get_singleton()->get_cache_dir().path_join("web");
const String filepath = cache_path.path_join(req_file);
if (!mimes.has(req_ext) || !FileAccess::exists(filepath)) {
String s = "HTTP/1.1 404 Not Found\r\n";
s += "Connection: Close\r\n";
s += "\r\n";
CharString cs = s.utf8();
peer->put_data((const uint8_t *)cs.get_data(), cs.size() - 1);
return;
}
const String ctype = mimes[req_ext];
Ref<FileAccess> f = FileAccess::open(filepath, FileAccess::READ);
ERR_FAIL_COND(f.is_null());
String s = "HTTP/1.1 200 OK\r\n";
s += "Connection: Close\r\n";
s += "Content-Type: " + ctype + "\r\n";
s += "Access-Control-Allow-Origin: *\r\n";
s += "Cross-Origin-Opener-Policy: same-origin\r\n";
s += "Cross-Origin-Embedder-Policy: require-corp\r\n";
s += "Cache-Control: no-store, max-age=0\r\n";
s += "\r\n";
CharString cs = s.utf8();
Error err = peer->put_data((const uint8_t *)cs.get_data(), cs.size() - 1);
if (err != OK) {
ERR_FAIL();
}
while (true) {
uint8_t bytes[4096];
uint64_t read = f->get_buffer(bytes, 4096);
if (read == 0) {
break;
}
err = peer->put_data(bytes, read);
if (err != OK) {
ERR_FAIL();
}
}
}
void poll() {
if (!server->is_listening()) {
return;
}
if (tcp.is_null()) {
if (!server->is_connection_available()) {
return;
}
tcp = server->take_connection();
peer = tcp;
time = OS::get_singleton()->get_ticks_usec();
}
if (OS::get_singleton()->get_ticks_usec() - time > 1000000) {
_clear_client();
return;
}
if (tcp->get_status() != StreamPeerTCP::STATUS_CONNECTED) {
return;
}
if (use_tls) {
if (tls.is_null()) {
tls = Ref<StreamPeerTLS>(StreamPeerTLS::create());
peer = tls;
tls->set_blocking_handshake_enabled(false);
if (tls->accept_stream(tcp, TLSOptions::server(key, cert)) != OK) {
_clear_client();
return;
}
}
tls->poll();
if (tls->get_status() == StreamPeerTLS::STATUS_HANDSHAKING) {
// Still handshaking, keep waiting.
return;
}
if (tls->get_status() != StreamPeerTLS::STATUS_CONNECTED) {
_clear_client();
return;
}
}
while (true) {
char *r = (char *)req_buf;
int l = req_pos - 1;
if (l > 3 && r[l] == '\n' && r[l - 1] == '\r' && r[l - 2] == '\n' && r[l - 3] == '\r') {
_send_response();
_clear_client();
return;
}
int read = 0;
ERR_FAIL_COND(req_pos >= 4096);
Error err = peer->get_partial_data(&req_buf[req_pos], 1, read);
if (err != OK) {
// Got an error
_clear_client();
return;
} else if (read != 1) {
// Busy, wait next poll
return;
}
req_pos += read;
}
}
};
#endif // WEB_EDITOR_HTTP_SERVER_H