BeamMP/BeamMP-Server
1
0
Fork 0
mirror of https://github.com/BeamMP/BeamMP-Server.git synced 2025-07-01 15:26:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add preliminary work for HTTP health endpoint (#68)

Browse Source 
* Add preliminary work for HTTP health endpoint

* Http: Fix infinite loop bug in Tx509KeypairGenerator::generateKey()

* update commandline

* Add TLS Support class for use with http server

* Add preliminary HTTP Server; TLS still broken; fix in later commit

* Fix TLS handshake, due to server being unable to serve key/certfile in 'Http.h/Http.cpp'; Cause was httlib not being threadsafe due to being a blocking http library

* Run clang format

* Add option to configure http server port via ServerConfig

* TConfig: add HTTPServerPort to config parsing step

* Fix SSL Cert / Key path not auto generating when not existing

* Add health endpoint; Fix SSL Cert serial no. not refreshing when regenerating

* Switch arround status codes in /health route

* Run clang format

Co-authored-by: Lion Kortlepel <development@kortlepel.com>
This commit is contained in:
awesome_milou 2021-12-05 18:24:55 +01:00 committed by GitHub
parent b33d50361c
commit 9d283738aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 273 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deps/commandline vendored

@ -1 +0,0 @@
Subproject commit 3d11606d02b449b8afd40a7132160d2392043eb3

12
include/Common.h
View File

@ -40,6 +40,9 @@ public:
, ServerDesc("BeamMP Default Description")
, Resource("Resources")
, MapName("/levels/gridmap_v2/info.json")
, SSLKeyPath("./.ssl/HttpServer/key.pem")
, SSLCertPath("./.ssl/HttpServer/cert.pem")
, HTTPServerPort(8080)
, MaxPlayers(10)
, Private(true)
, MaxCars(1)
@ -52,6 +55,8 @@ public:
std::string Resource;
std::string MapName;
std::string Key;
std::string SSLKeyPath;
std::string SSLCertPath;
int MaxPlayers;
bool Private;
int MaxCars;
@ -61,6 +66,7 @@ public:
bool SendErrors;
bool SendErrorsMessageEnabled;
[[nodiscard]] bool HasCustomIP() const { return !CustomIP.empty(); }
int HTTPServerPort;
};
using TShutdownHandler = std::function<void()>;
@ -162,6 +168,12 @@ void RegisterThread(const std::string& str);
Application::Console().Write(_this_location + std::string("[DEBUG] ") + (x)); \
} \
} while (false)
#define beammp_event(x) \
do { \
if (Application::Settings.DebugModeEnabled) { \
Application::Console().Write(_this_location + std::string("[EVENT] ") + (x)); \
} \
}while(false)
// for those times when you just need to ignore something :^)
// explicity disables a [[nodiscard]] warning
#define beammp_ignore(x) (void)x

44
include/Http.h
View File

@ -1,8 +1,20 @@
#pragma once
#include <Common.h>
#include <IThreaded.h>
#include <filesystem>
#include <httplib.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <string>
#include <unordered_map>
namespace fs = std::filesystem;
namespace Crypto {
constexpr size_t RSA_DEFAULT_KEYLENGTH { 2048 };
}
namespace Http {
std::string GET(const std::string& host, int port, const std::string& target, unsigned int* status = nullptr);
std::string POST(const std::string& host, int port, const std::string& target, const std::string& body, const std::string& ContentType, unsigned int* status = nullptr);
@ -10,4 +22,36 @@ namespace Status {
std::string ToString(int code);
}
const std::string ErrorString = "-1";
namespace Server {
void SetupEnvironment();
// todo: Add non TLS Server Instance, this one is TLS only
class THttpServerInstance : IThreaded {
public:
THttpServerInstance();
static fs::path KeyFilePath;
static fs::path CertFilePath;
protected:
void operator()();
private:
/**
* the shared pointer is necessary because httplib is a blocking library and due lacking thread-safety
* will "forget" about its environment, when configured across multiple threads.
* So we need to able to start the server (make it "listen()") in a single Thread.
*/
std::shared_ptr<httplib::SSLServer> mHttpLibServerInstancePtr;
};
// todo: all of these functions are likely unsafe,
// todo: replace with something that's managed by a domain specific crypto library
class Tx509KeypairGenerator {
public:
static long GenerateRandomId();
static bool EnsureTLSConfigExists();
static X509* GenerateCertificate(EVP_PKEY& pkey);
static EVP_PKEY* GenerateKey();
static void GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath);
};
}
}

3
include/TConfig.h
View File

@ -20,7 +20,8 @@ private:
void PrintDebug();
void ParseOldFormat();
bool IsDefault();
bool mFailed { false };
std::string mConfigFileName;
};

17
include/TLuaEngine.h
View File

@ -20,6 +20,9 @@
using TLuaStateId = std::string;
namespace fs = std::filesystem;
/**
* std::variant means, that TLuaArgTypes may be one of the Types listed as template args
*/
using TLuaArgTypes = std::variant<std::string, int, sol::variadic_args, bool>;
static constexpr size_t TLuaArgTypes_String = 0;
static constexpr size_t TLuaArgTypes_Int = 1;
@ -114,11 +117,21 @@ public:
void EnsureStateExists(TLuaStateId StateId, const std::string& Name, bool DontCallOnInit = false);
void RegisterEvent(const std::string& EventName, TLuaStateId StateId, const std::string& FunctionName);
template <typename... ArgsT>
/**
*
* @tparam ArgsT Template Arguments for the event (Metadata) todo: figure out what this means
* @param EventName Name of the event
* @param IgnoreId
* @param Args
* @return
*/
[[nodiscard]] std::vector<std::shared_ptr<TLuaResult>> TriggerEvent(const std::string& EventName, TLuaStateId IgnoreId, ArgsT&&... Args) {
std::unique_lock Lock(mLuaEventsMutex);
if (mLuaEvents.find(EventName) == mLuaEvents.end()) {
beammp_event(EventName);
if (mLuaEvents.find(EventName) == mLuaEvents.end()) { // if no event handler is defined for 'EventName', return immediately
return {};
}
std::vector<std::shared_ptr<TLuaResult>> Results;
for (const auto& Event : mLuaEvents.at(EventName)) {
for (const auto& Function : Event.second) {
@ -127,7 +140,7 @@ public:
}
}
}
return Results;
return Results; //
}
std::set<std::string> GetEventHandlersForState(const std::string& EventName, TLuaStateId StateId);
void CreateEventTimer(const std::string& EventName, TLuaStateId StateId, size_t IntervalMS);

169
src/Http.cpp
View File

@ -1,11 +1,13 @@
#include "Http.h"
#include "Common.h"
#include "CustomAssert.h"
#include <map>
#include <httplib.h>
#include <random>
#include <stdexcept>
fs::path Http::Server::THttpServerInstance::KeyFilePath;
fs::path Http::Server::THttpServerInstance::CertFilePath;
// TODO: Add sentry error handling back
std::string Http::GET(const std::string& host, int port, const std::string& target, unsigned int* status) {
@ -115,10 +117,163 @@ static std::map<size_t, const char*> Map = {
{ 530, "(CDN) 1XXX Internal Error" },
};
std::string Http::Status::ToString(int code) {
if (Map.find(code) != Map.end()) {
return Map.at(code);
std::string Http::Status::ToString(int Code) {
if (Map.find(Code) != Map.end()) {
return Map.at(Code);
} else {
return std::to_string(code);
return std::to_string(Code);
}
}
long Http::Server::Tx509KeypairGenerator::GenerateRandomId() {
std::random_device R;
std::default_random_engine E1(R());
std::uniform_int_distribution<long> UniformDist(0, ULONG_MAX);
return UniformDist(E1);
}
// Http::Server::THttpServerInstance::THttpServerInstance() { }
EVP_PKEY* Http::Server::Tx509KeypairGenerator::GenerateKey() {
/**
* Allocate memory for the pkey
*/
EVP_PKEY* PKey = EVP_PKEY_new();
if (PKey == nullptr) {
beammp_error("Could not allocate memory for X.509 private key (PKEY) generation.");
throw std::runtime_error { std::string { "X.509 PKEY allocation error" } };
}
BIGNUM* E = BN_new();
beammp_assert(E); // TODO: replace all these asserts with beammp_errors
unsigned char three = 3;
BIGNUM* EErr = BN_bin2bn(&three, sizeof(three), E);
beammp_assert(EErr);
RSA* Rsa = RSA_new();
beammp_assert(Rsa);
int Ret = RSA_generate_key_ex(Rsa, Crypto::RSA_DEFAULT_KEYLENGTH, E, nullptr);
beammp_assert(Ret == 1);
BN_free(E);
if (!EVP_PKEY_assign_RSA(PKey, Rsa)) {
EVP_PKEY_free(PKey);
beammp_error(std::string("Could not generate " + std::to_string(Crypto::RSA_DEFAULT_KEYLENGTH) + "-bit RSA key."));
throw std::runtime_error { std::string("X.509 RSA key generation error") };
}
// todo: figure out if returning by reference instead of passing pointers is a security breach
return PKey;
}
X509* Http::Server::Tx509KeypairGenerator::GenerateCertificate(EVP_PKEY& PKey) {
X509* X509 = X509_new();
if (X509 == nullptr) {
X509_free(X509);
beammp_error("Could not allocate memory for X.509 certificate generation.");
throw std::runtime_error { std::string("X.509 certificate generation error") };
}
/**Set the metadata of the certificate*/
ASN1_INTEGER_set(X509_get_serialNumber(X509), GenerateRandomId());
/**Set the cert validity to a year*/
X509_gmtime_adj(X509_get_notBefore(X509), 0);
X509_gmtime_adj(X509_get_notAfter(X509), 31536000L);
/**Set the public key of the cert*/
X509_set_pubkey(X509, &PKey);
X509_NAME* Name = X509_get_subject_name(X509);
/**Set cert metadata*/
X509_NAME_add_entry_by_txt(Name, "C", MBSTRING_ASC, (unsigned char*)"GB", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "O", MBSTRING_ASC, (unsigned char*)"BeamMP Ltd.", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "CN", MBSTRING_ASC, (unsigned char*)"localhost", -1, -1, 0);
X509_set_issuer_name(X509, Name);
// TODO: Hashing with sha256 might cause problems, check later
if (!X509_sign(X509, &PKey, EVP_sha1())) {
X509_free(X509);
beammp_error("Could not sign X.509 certificate.");
throw std::runtime_error { std::string("X.509 certificate signing error") };
}
return X509;
}
void Http::Server::Tx509KeypairGenerator::GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath) {
// todo: generate directories for ssl keys
FILE* KeyFile = std::fopen(KeyFilePath.c_str(), "wb");
if (!KeyFile) {
beammp_error("Could not create file 'key.pem', check your permissions");
throw std::runtime_error("Could not create file 'key.pem'");
}
EVP_PKEY* PKey = Http::Server::Tx509KeypairGenerator::GenerateKey();
bool WriteOpResult = PEM_write_PrivateKey(KeyFile, PKey, nullptr, nullptr, 0, nullptr, nullptr);
fclose(KeyFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'key.pem', check your permissions");
throw std::runtime_error("Could not write to file 'key.pem'");
}
FILE* CertFile = std::fopen(CertFilePath.c_str(), "wb"); // x509 file
if (!CertFile) {
beammp_error("Could not create file 'cert.pem', check your permissions");
throw std::runtime_error("Could not create file 'cert.pem'");
}
X509* x509 = Http::Server::Tx509KeypairGenerator::GenerateCertificate(*PKey);
WriteOpResult = PEM_write_X509(CertFile, x509);
fclose(CertFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'cert.pem', check your permissions");
throw std::runtime_error("Could not write to file 'cert.pem'");
}
EVP_PKEY_free(PKey);
X509_free(x509);
return;
}
bool Http::Server::Tx509KeypairGenerator::EnsureTLSConfigExists() {
if (fs::is_regular_file(Application::Settings.SSLKeyPath)
&& fs::is_regular_file(Application::Settings.SSLCertPath)) {
return true;
} else {
return false;
}
}
void Http::Server::SetupEnvironment() {
auto parent = fs::path(Application::Settings.SSLKeyPath).parent_path();
if (!fs::exists(parent))
fs::create_directories(parent);
Application::TSettings defaultSettings {};
if (!Tx509KeypairGenerator::EnsureTLSConfigExists()) {
beammp_warn(std::string("No default TLS Key / Cert found. "
"IF YOU HAVE NOT MODIFIED THE SSLKeyPath OR SSLCertPath VALUES "
"THIS IS NORMAL ON FIRST STARTUP! BeamMP will generate it's own certs in the default directory "
"(Check for permissions or corrupted key-/certfile)"));
Tx509KeypairGenerator::GenerateAndWriteToDisk(defaultSettings.SSLKeyPath, defaultSettings.SSLCertPath);
Http::Server::THttpServerInstance::KeyFilePath = defaultSettings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = defaultSettings.SSLCertPath;
} else {
Http::Server::THttpServerInstance::KeyFilePath = Application::Settings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = Application::Settings.SSLCertPath;
}
}
Http::Server::THttpServerInstance::THttpServerInstance() {
Start();
}
void Http::Server::THttpServerInstance::operator()() {
// todo: make this IP agnostic so people can set their own IP
this->mHttpLibServerInstancePtr = std::make_shared<httplib::SSLServer>(Application::Settings.SSLCertPath.c_str(), Application::Settings.SSLKeyPath.c_str());
this->mHttpLibServerInstancePtr->Get("/", [](const httplib::Request&, httplib::Response& res) {
res.set_content("<!DOCTYPE html><article><h1>Hello World!</h1><section><p>BeamMP Server can now serve HTTP requests!</p></section></article></html>", "text/html");
});
this->mHttpLibServerInstancePtr->Get("/health", [](const httplib::Request& req, httplib::Response& res) {
res.set_content("0", "text/plain");
res.status = 200;
});
this->mHttpLibServerInstancePtr->listen("0.0.0.0", Application::Settings.HTTPServerPort);
}

25
src/TConfig.cpp
View File

@ -1,3 +1,4 @@
#include "Common.h"
#define TOML11_PRESERVE_COMMENTS_BY_DEFAULT
#include <toml11/toml.hpp> // header-only version of TOML++
@ -20,6 +21,9 @@ static constexpr std::string_view StrResourceFolder = "ResourceFolder";
static constexpr std::string_view StrAuthKey = "AuthKey";
static constexpr std::string_view StrSendErrors = "SendErrors";
static constexpr std::string_view StrSendErrorsMessageEnabled = "SendErrorsShowMessage";
static constexpr std::string_view StrSSLKeyPath = "SSLKeyPath";
static constexpr std::string_view StrSSLCertPath = "SSLCertPath";
static constexpr std::string_view StrHTTPServerPort = "HTTPServerPort";
void WriteSendErrors(const std::string& name) {
std::ofstream CfgFile { name, std::ios::out | std::ios::app };
@ -43,7 +47,15 @@ TConfig::TConfig(const std::string& ConfigFileName)
ParseFromFile(mConfigFileName);
}
}
/**
* @brief Writes out the loaded application state into ServerConfig.toml
*
* This writes out the current state of application settings that are
* applied to the server instance (i.e. the current application settings loaded in the server).
* If the state of the application settings changes during runtime,
* call this function whenever something about the config changes
* whether it is in TConfig.cpp or the configuration file.
*/
void TConfig::FlushToFile() {
auto data = toml::parse(mConfigFileName);
data["General"] = toml::table();
@ -59,6 +71,9 @@ void TConfig::FlushToFile() {
data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
data["General"][StrSendErrors.data()] = Application::Settings.SendErrors;
data["General"][StrSendErrorsMessageEnabled.data()] = Application::Settings.SendErrorsMessageEnabled;
data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;
std::ofstream Stream(mConfigFileName);
Stream << data << std::flush;
}
@ -93,6 +108,9 @@ void TConfig::CreateConfigFile(std::string_view name) {
data["General"][StrMap.data()] = Application::Settings.MapName;
data["General"][StrDescription.data()] = Application::Settings.ServerDesc;
data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;
std::ofstream ofs { std::string(name) };
if (ofs.good()) {
@ -124,6 +142,9 @@ void TConfig::ParseFromFile(std::string_view name) {
Application::Settings.ServerDesc = data["General"][StrDescription.data()].as_string();
Application::Settings.Resource = data["General"][StrResourceFolder.data()].as_string();
Application::Settings.Key = data["General"][StrAuthKey.data()].as_string();
Application::Settings.SSLKeyPath = data["General"][StrSSLKeyPath.data()].as_string();
Application::Settings.SSLCertPath = data["General"][StrSSLCertPath.data()].as_string();
Application::Settings.HTTPServerPort = data["General"][StrHTTPServerPort.data()].as_integer();
if (!data["General"][StrSendErrors.data()].is_boolean()
|| !data["General"][StrSendErrorsMessageEnabled.data()].is_boolean()) {
WriteSendErrors(std::string(name));
@ -154,6 +175,8 @@ void TConfig::PrintDebug() {
beammp_debug(std::string(StrName) + ": \"" + Application::Settings.ServerName + "\"");
beammp_debug(std::string(StrDescription) + ": \"" + Application::Settings.ServerDesc + "\"");
beammp_debug(std::string(StrResourceFolder) + ": \"" + Application::Settings.Resource + "\"");
beammp_debug(std::string(StrSSLKeyPath) + ": \"" + Application::Settings.SSLKeyPath + "\"");
beammp_debug(std::string(StrSSLCertPath) + ": \"" + Application::Settings.SSLCertPath + "\"");
// special!
beammp_debug("Key Length: " + std::to_string(Application::Settings.Key.length()) + "");
}

8
src/TConsole.cpp
View File

@ -106,8 +106,8 @@ void TConsole::ChangeToLuaConsole(const std::string& LuaStateId) {
} else {
Application::Console().WriteRaw("Entered Lua console. To exit, type `exit()`");
}
mCachedRegularHistory = mCommandline.history();
mCommandline.set_history(mCachedLuaHistory);
//mCachedRegularHistory = mCommandline.history();
//mCommandline.set_history(mCachedLuaHistory);
mCommandline.set_prompt("lua> ");
}
}
@ -120,8 +120,8 @@ void TConsole::ChangeToRegularConsole() {
} else {
Application::Console().WriteRaw("Left Lua console.");
}
mCachedLuaHistory = mCommandline.history();
mCommandline.set_history(mCachedRegularHistory);
//mCachedLuaHistory = mCommandline.history();
//mCommandline.set_history(mCachedRegularHistory);
mCommandline.set_prompt("> ");
mStateId = mDefaultStateId;
}

2
src/THeartbeatThread.cpp
View File

@ -6,6 +6,7 @@
#include <sstream>
void THeartbeatThread::operator()() {
return;/*
RegisterThread("Heartbeat");
std::string Body;
std::string T;
@ -82,6 +83,7 @@ void THeartbeatThread::operator()() {
//SocketIO::Get().SetAuthenticated(isAuth);
}
*/
}
std::string THeartbeatThread::GenerateCall() {

2
src/TNetwork.cpp
View File

@ -211,7 +211,7 @@ void TNetwork::Authentication(const TConnection& ClientConnection) {
beammp_trace("This thread is ip " + std::string(str));
Client->SetIdentifier("ip", str);
std::string Rc;
std::string Rc; //TODO: figure out why this is not default constructed
beammp_info("Identifying new ClientConnection...");
Rc = TCPRcv(*Client);

8
src/main.cpp
View File

@ -17,7 +17,7 @@
#include <iostream>
#include <thread>
#define CPPHTTPLIB_OPENSSL_SUPPORT 1
static const std::string sCommandlineArguments = R"(
USAGE:
BeamMP-Server [arguments]
@ -155,6 +155,12 @@ int BeamMPServerMain(MainArguments Arguments) {
Application::Console().InitializeLuaConsole(LuaEngine);
Application::CheckForUpdates();
Http::Server::SetupEnvironment();
Http::Server::THttpServerInstance HttpServerInstance {};
beammp_debug("cert.pem is " + std::to_string(fs::file_size("cert.pem")) + " bytes");
beammp_debug("key.pem is " + std::to_string(fs::file_size("key.pem")) + " bytes");
RegisterThread("Main(Waiting)");
while (!Shutdown) {