BeamMP/BeamMP-Server
1
0
Fork 0
mirror of https://github.com/BeamMP/BeamMP-Server.git synced 2026-02-16 02:30:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add preliminary work for HTTP health endpoint (#68)

Browse Source 
* Add preliminary work for HTTP health endpoint

* Http: Fix infinite loop bug in Tx509KeypairGenerator::generateKey()

* update commandline

* Add TLS Support class for use with http server

* Add preliminary HTTP Server; TLS still broken; fix in later commit

* Fix TLS handshake, due to server being unable to serve key/certfile in 'Http.h/Http.cpp'; Cause was httlib not being threadsafe due to being a blocking http library

* Run clang format

* Add option to configure http server port via ServerConfig

* TConfig: add HTTPServerPort to config parsing step

* Fix SSL Cert / Key path not auto generating when not existing

* Add health endpoint; Fix SSL Cert serial no. not refreshing when regenerating

* Switch arround status codes in /health route

* Run clang format

Co-authored-by: Lion Kortlepel <development@kortlepel.com>
This commit is contained in:
awesome_milou
2021-12-05 18:24:55 +01:00
committed by GitHub
parent b33d50361c
commit 9d283738aa
11 changed files with 273 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
src/Http.cpp
View File

@@ -1,11 +1,13 @@
#include "Http.h"
#include "Common.h"
#include "CustomAssert.h"
#include <map>
#include <httplib.h>
#include <random>
#include <stdexcept>
fs::path Http::Server::THttpServerInstance::KeyFilePath;
fs::path Http::Server::THttpServerInstance::CertFilePath;
// TODO: Add sentry error handling back
std::string Http::GET(const std::string& host, int port, const std::string& target, unsigned int* status) {
@@ -115,10 +117,163 @@ static std::map<size_t, const char*> Map = {
{ 530, "(CDN) 1XXX Internal Error" },
};
std::string Http::Status::ToString(int code) {
if (Map.find(code) != Map.end()) {
return Map.at(code);
std::string Http::Status::ToString(int Code) {
if (Map.find(Code) != Map.end()) {
return Map.at(Code);
} else {
return std::to_string(code);
return std::to_string(Code);
}
}
long Http::Server::Tx509KeypairGenerator::GenerateRandomId() {
std::random_device R;
std::default_random_engine E1(R());
std::uniform_int_distribution<long> UniformDist(0, ULONG_MAX);
return UniformDist(E1);
}
// Http::Server::THttpServerInstance::THttpServerInstance() { }
EVP_PKEY* Http::Server::Tx509KeypairGenerator::GenerateKey() {
/**
* Allocate memory for the pkey
*/
EVP_PKEY* PKey = EVP_PKEY_new();
if (PKey == nullptr) {
beammp_error("Could not allocate memory for X.509 private key (PKEY) generation.");
throw std::runtime_error { std::string { "X.509 PKEY allocation error" } };
}
BIGNUM* E = BN_new();
beammp_assert(E); // TODO: replace all these asserts with beammp_errors
unsigned char three = 3;
BIGNUM* EErr = BN_bin2bn(&three, sizeof(three), E);
beammp_assert(EErr);
RSA* Rsa = RSA_new();
beammp_assert(Rsa);
int Ret = RSA_generate_key_ex(Rsa, Crypto::RSA_DEFAULT_KEYLENGTH, E, nullptr);
beammp_assert(Ret == 1);
BN_free(E);
if (!EVP_PKEY_assign_RSA(PKey, Rsa)) {
EVP_PKEY_free(PKey);
beammp_error(std::string("Could not generate " + std::to_string(Crypto::RSA_DEFAULT_KEYLENGTH) + "-bit RSA key."));
throw std::runtime_error { std::string("X.509 RSA key generation error") };
}
// todo: figure out if returning by reference instead of passing pointers is a security breach
return PKey;
}
X509* Http::Server::Tx509KeypairGenerator::GenerateCertificate(EVP_PKEY& PKey) {
X509* X509 = X509_new();
if (X509 == nullptr) {
X509_free(X509);
beammp_error("Could not allocate memory for X.509 certificate generation.");
throw std::runtime_error { std::string("X.509 certificate generation error") };
}
/**Set the metadata of the certificate*/
ASN1_INTEGER_set(X509_get_serialNumber(X509), GenerateRandomId());
/**Set the cert validity to a year*/
X509_gmtime_adj(X509_get_notBefore(X509), 0);
X509_gmtime_adj(X509_get_notAfter(X509), 31536000L);
/**Set the public key of the cert*/
X509_set_pubkey(X509, &PKey);
X509_NAME* Name = X509_get_subject_name(X509);
/**Set cert metadata*/
X509_NAME_add_entry_by_txt(Name, "C", MBSTRING_ASC, (unsigned char*)"GB", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "O", MBSTRING_ASC, (unsigned char*)"BeamMP Ltd.", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "CN", MBSTRING_ASC, (unsigned char*)"localhost", -1, -1, 0);
X509_set_issuer_name(X509, Name);
// TODO: Hashing with sha256 might cause problems, check later
if (!X509_sign(X509, &PKey, EVP_sha1())) {
X509_free(X509);
beammp_error("Could not sign X.509 certificate.");
throw std::runtime_error { std::string("X.509 certificate signing error") };
}
return X509;
}
void Http::Server::Tx509KeypairGenerator::GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath) {
// todo: generate directories for ssl keys
FILE* KeyFile = std::fopen(KeyFilePath.c_str(), "wb");
if (!KeyFile) {
beammp_error("Could not create file 'key.pem', check your permissions");
throw std::runtime_error("Could not create file 'key.pem'");
}
EVP_PKEY* PKey = Http::Server::Tx509KeypairGenerator::GenerateKey();
bool WriteOpResult = PEM_write_PrivateKey(KeyFile, PKey, nullptr, nullptr, 0, nullptr, nullptr);
fclose(KeyFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'key.pem', check your permissions");
throw std::runtime_error("Could not write to file 'key.pem'");
}
FILE* CertFile = std::fopen(CertFilePath.c_str(), "wb"); // x509 file
if (!CertFile) {
beammp_error("Could not create file 'cert.pem', check your permissions");
throw std::runtime_error("Could not create file 'cert.pem'");
}
X509* x509 = Http::Server::Tx509KeypairGenerator::GenerateCertificate(*PKey);
WriteOpResult = PEM_write_X509(CertFile, x509);
fclose(CertFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'cert.pem', check your permissions");
throw std::runtime_error("Could not write to file 'cert.pem'");
}
EVP_PKEY_free(PKey);
X509_free(x509);
return;
}
bool Http::Server::Tx509KeypairGenerator::EnsureTLSConfigExists() {
if (fs::is_regular_file(Application::Settings.SSLKeyPath)
&& fs::is_regular_file(Application::Settings.SSLCertPath)) {
return true;
} else {
return false;
}
}
void Http::Server::SetupEnvironment() {
auto parent = fs::path(Application::Settings.SSLKeyPath).parent_path();
if (!fs::exists(parent))
fs::create_directories(parent);
Application::TSettings defaultSettings {};
if (!Tx509KeypairGenerator::EnsureTLSConfigExists()) {
beammp_warn(std::string("No default TLS Key / Cert found. "
"IF YOU HAVE NOT MODIFIED THE SSLKeyPath OR SSLCertPath VALUES "
"THIS IS NORMAL ON FIRST STARTUP! BeamMP will generate it's own certs in the default directory "
"(Check for permissions or corrupted key-/certfile)"));
Tx509KeypairGenerator::GenerateAndWriteToDisk(defaultSettings.SSLKeyPath, defaultSettings.SSLCertPath);
Http::Server::THttpServerInstance::KeyFilePath = defaultSettings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = defaultSettings.SSLCertPath;
} else {
Http::Server::THttpServerInstance::KeyFilePath = Application::Settings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = Application::Settings.SSLCertPath;
}
}
Http::Server::THttpServerInstance::THttpServerInstance() {
Start();
}
void Http::Server::THttpServerInstance::operator()() {
// todo: make this IP agnostic so people can set their own IP
this->mHttpLibServerInstancePtr = std::make_shared<httplib::SSLServer>(Application::Settings.SSLCertPath.c_str(), Application::Settings.SSLKeyPath.c_str());
this->mHttpLibServerInstancePtr->Get("/", [](const httplib::Request&, httplib::Response& res) {
res.set_content("<!DOCTYPE html><article><h1>Hello World!</h1><section><p>BeamMP Server can now serve HTTP requests!</p></section></article></html>", "text/html");
});
this->mHttpLibServerInstancePtr->Get("/health", [](const httplib::Request& req, httplib::Response& res) {
res.set_content("0", "text/plain");
res.status = 200;
});
this->mHttpLibServerInstancePtr->listen("0.0.0.0", Application::Settings.HTTPServerPort);
}

25
src/TConfig.cpp
View File

@@ -1,3 +1,4 @@
#include "Common.h"
#define TOML11_PRESERVE_COMMENTS_BY_DEFAULT
#include <toml11/toml.hpp> // header-only version of TOML++
@@ -20,6 +21,9 @@ static constexpr std::string_view StrResourceFolder = "ResourceFolder";
static constexpr std::string_view StrAuthKey = "AuthKey";
static constexpr std::string_view StrSendErrors = "SendErrors";
static constexpr std::string_view StrSendErrorsMessageEnabled = "SendErrorsShowMessage";
static constexpr std::string_view StrSSLKeyPath = "SSLKeyPath";
static constexpr std::string_view StrSSLCertPath = "SSLCertPath";
static constexpr std::string_view StrHTTPServerPort = "HTTPServerPort";
void WriteSendErrors(const std::string& name) {
std::ofstream CfgFile { name, std::ios::out | std::ios::app };
@@ -43,7 +47,15 @@ TConfig::TConfig(const std::string& ConfigFileName)
ParseFromFile(mConfigFileName);
}
}
/**
* @brief Writes out the loaded application state into ServerConfig.toml
*
* This writes out the current state of application settings that are
* applied to the server instance (i.e. the current application settings loaded in the server).
* If the state of the application settings changes during runtime,
* call this function whenever something about the config changes
* whether it is in TConfig.cpp or the configuration file.
*/
void TConfig::FlushToFile() {
auto data = toml::parse(mConfigFileName);
data["General"] = toml::table();
@@ -59,6 +71,9 @@ void TConfig::FlushToFile() {
data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
data["General"][StrSendErrors.data()] = Application::Settings.SendErrors;
data["General"][StrSendErrorsMessageEnabled.data()] = Application::Settings.SendErrorsMessageEnabled;
data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;
std::ofstream Stream(mConfigFileName);
Stream << data << std::flush;
}
@@ -93,6 +108,9 @@ void TConfig::CreateConfigFile(std::string_view name) {
data["General"][StrMap.data()] = Application::Settings.MapName;
data["General"][StrDescription.data()] = Application::Settings.ServerDesc;
data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;
std::ofstream ofs { std::string(name) };
if (ofs.good()) {
@@ -124,6 +142,9 @@ void TConfig::ParseFromFile(std::string_view name) {
Application::Settings.ServerDesc = data["General"][StrDescription.data()].as_string();
Application::Settings.Resource = data["General"][StrResourceFolder.data()].as_string();
Application::Settings.Key = data["General"][StrAuthKey.data()].as_string();
Application::Settings.SSLKeyPath = data["General"][StrSSLKeyPath.data()].as_string();
Application::Settings.SSLCertPath = data["General"][StrSSLCertPath.data()].as_string();
Application::Settings.HTTPServerPort = data["General"][StrHTTPServerPort.data()].as_integer();
if (!data["General"][StrSendErrors.data()].is_boolean()
|| !data["General"][StrSendErrorsMessageEnabled.data()].is_boolean()) {
WriteSendErrors(std::string(name));
@@ -154,6 +175,8 @@ void TConfig::PrintDebug() {
beammp_debug(std::string(StrName) + ": \"" + Application::Settings.ServerName + "\"");
beammp_debug(std::string(StrDescription) + ": \"" + Application::Settings.ServerDesc + "\"");
beammp_debug(std::string(StrResourceFolder) + ": \"" + Application::Settings.Resource + "\"");
beammp_debug(std::string(StrSSLKeyPath) + ": \"" + Application::Settings.SSLKeyPath + "\"");
beammp_debug(std::string(StrSSLCertPath) + ": \"" + Application::Settings.SSLCertPath + "\"");
// special!
beammp_debug("Key Length: " + std::to_string(Application::Settings.Key.length()) + "");
}

8
src/TConsole.cpp
View File

@@ -106,8 +106,8 @@ void TConsole::ChangeToLuaConsole(const std::string& LuaStateId) {
} else {
Application::Console().WriteRaw("Entered Lua console. To exit, type `exit()`");
}
mCachedRegularHistory = mCommandline.history();
mCommandline.set_history(mCachedLuaHistory);
//mCachedRegularHistory = mCommandline.history();
//mCommandline.set_history(mCachedLuaHistory);
mCommandline.set_prompt("lua> ");
}
}
@@ -120,8 +120,8 @@ void TConsole::ChangeToRegularConsole() {
} else {
Application::Console().WriteRaw("Left Lua console.");
}
mCachedLuaHistory = mCommandline.history();
mCommandline.set_history(mCachedRegularHistory);
//mCachedLuaHistory = mCommandline.history();
//mCommandline.set_history(mCachedRegularHistory);
mCommandline.set_prompt("> ");
mStateId = mDefaultStateId;
}

2
src/THeartbeatThread.cpp
View File

@@ -6,6 +6,7 @@
#include <sstream>
void THeartbeatThread::operator()() {
return;/*
RegisterThread("Heartbeat");
std::string Body;
std::string T;
@@ -82,6 +83,7 @@ void THeartbeatThread::operator()() {
//SocketIO::Get().SetAuthenticated(isAuth);
}
*/
}
std::string THeartbeatThread::GenerateCall() {

2
src/TNetwork.cpp
View File

@@ -211,7 +211,7 @@ void TNetwork::Authentication(const TConnection& ClientConnection) {
beammp_trace("This thread is ip " + std::string(str));
Client->SetIdentifier("ip", str);
std::string Rc;
std::string Rc; //TODO: figure out why this is not default constructed
beammp_info("Identifying new ClientConnection...");
Rc = TCPRcv(*Client);

8
src/main.cpp
View File

@@ -17,7 +17,7 @@
#include <iostream>
#include <thread>
#define CPPHTTPLIB_OPENSSL_SUPPORT 1
static const std::string sCommandlineArguments = R"(
USAGE:
BeamMP-Server [arguments]
@@ -155,6 +155,12 @@ int BeamMPServerMain(MainArguments Arguments) {
Application::Console().InitializeLuaConsole(LuaEngine);
Application::CheckForUpdates();
Http::Server::SetupEnvironment();
Http::Server::THttpServerInstance HttpServerInstance {};
beammp_debug("cert.pem is " + std::to_string(fs::file_size("cert.pem")) + " bytes");
beammp_debug("key.pem is " + std::to_string(fs::file_size("key.pem")) + " bytes");
RegisterThread("Main(Waiting)");
while (!Shutdown) {