Add preliminary work for HTTP health endpoint (#68)

* Add preliminary work for HTTP health endpoint * Http: Fix infinite loop bug in Tx509KeypairGenerator::generateKey() * update commandline * Add TLS Support class for use with http server * Add preliminary HTTP Server; TLS still broken; fix in later commit * Fix TLS handshake, due to server being unable to serve key/certfile in 'Http.h/Http.cpp'; Cause was httlib not being threadsafe due to being a blocking http library * Run clang format * Add option to configure http server port via ServerConfig * TConfig: add HTTPServerPort to config parsing step * Fix SSL Cert / Key path not auto generating when not existing * Add health endpoint; Fix SSL Cert serial no. not refreshing when regenerating * Switch arround status codes in /health route * Run clang format Co-authored-by: Lion Kortlepel <development@kortlepel.com>
2025-07-01 23:35:41 +00:00 · 2021-12-05 18:24:55 +01:00 · 2021-12-05 18:24:55 +01:00 · 9d283738aa
commit 9d283738aa
parent b33d50361c
11 changed files with 273 additions and 18 deletions
--- a/deps/commandline
+++ b/deps/commandline
@ -1 +0,0 @@
-Subproject commit 3d11606d02b449b8afd40a7132160d2392043eb3
--- a/include/Common.h
+++ b/include/Common.h
@ -40,6 +40,9 @@ public:
            , ServerDesc("BeamMP Default Description")
            , Resource("Resources")
            , MapName("/levels/gridmap_v2/info.json")
+            , SSLKeyPath("./.ssl/HttpServer/key.pem")
+            , SSLCertPath("./.ssl/HttpServer/cert.pem")
+            , HTTPServerPort(8080)
            , MaxPlayers(10)
            , Private(true)
            , MaxCars(1)
@ -52,6 +55,8 @@ public:
        std::string Resource;
        std::string MapName;
        std::string Key;
+        std::string SSLKeyPath;
+        std::string SSLCertPath;
        int MaxPlayers;
        bool Private;
        int MaxCars;
@ -61,6 +66,7 @@ public:
        bool SendErrors;
        bool SendErrorsMessageEnabled;
        [[nodiscard]] bool HasCustomIP() const { return !CustomIP.empty(); }
+        int HTTPServerPort;
    };

    using TShutdownHandler = std::function<void()>;
@ -162,6 +168,12 @@ void RegisterThread(const std::string& str);
            Application::Console().Write(_this_location + std::string("[DEBUG] ") + (x)); \
        }                                                                                 \
    } while (false)
+#define beammp_event(x)                                                                   \
+    do {                                                                                  \
+        if (Application::Settings.DebugModeEnabled) {                                     \
+            Application::Console().Write(_this_location + std::string("[EVENT] ") + (x)); \
+        }                                                                                 \
+    }while(false)
 // for those times when you just need to ignore something :^)
 // explicity disables a [[nodiscard]] warning
 #define beammp_ignore(x) (void)x
--- a/include/Http.h
+++ b/include/Http.h
@ -1,8 +1,20 @@
 #pragma once

+#include <Common.h>
+#include <IThreaded.h>
+#include <filesystem>
+#include <httplib.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
 #include <string>
 #include <unordered_map>

+namespace fs = std::filesystem;
+
+namespace Crypto {
+constexpr size_t RSA_DEFAULT_KEYLENGTH { 2048 };
+}
+
 namespace Http {
 std::string GET(const std::string& host, int port, const std::string& target, unsigned int* status = nullptr);
 std::string POST(const std::string& host, int port, const std::string& target, const std::string& body, const std::string& ContentType, unsigned int* status = nullptr);
@ -10,4 +22,36 @@ namespace Status {
    std::string ToString(int code);
 }
 const std::string ErrorString = "-1";
+
+namespace Server {
+    void SetupEnvironment();
+    // todo: Add non TLS Server Instance, this one is TLS only
+    class THttpServerInstance : IThreaded {
+    public:
+        THttpServerInstance();
+        static fs::path KeyFilePath;
+        static fs::path CertFilePath;
+
+    protected:
+        void operator()();
+
+    private:
+        /**
+         * the shared pointer is necessary because httplib is a blocking library and due lacking thread-safety
+         * will "forget" about its environment, when configured across multiple threads.
+         * So we need to able to start the server (make it "listen()") in a single Thread.
+         */
+        std::shared_ptr<httplib::SSLServer> mHttpLibServerInstancePtr;
+    };
+    // todo: all of these functions are likely unsafe,
+    // todo: replace with something that's managed by a domain specific crypto library
+    class Tx509KeypairGenerator {
+    public:
+        static long GenerateRandomId();
+        static bool EnsureTLSConfigExists();
+        static X509* GenerateCertificate(EVP_PKEY& pkey);
+        static EVP_PKEY* GenerateKey();
+        static void GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath);
+    };
+}
 }
--- a/include/TConfig.h
+++ b/include/TConfig.h
@ -20,7 +20,8 @@ private:
    void PrintDebug();

    void ParseOldFormat();
-
+    bool IsDefault();
    bool mFailed { false };
    std::string mConfigFileName;
 };
+
--- a/include/TLuaEngine.h
+++ b/include/TLuaEngine.h
@ -20,6 +20,9 @@

 using TLuaStateId = std::string;
 namespace fs = std::filesystem;
+/**
+ * std::variant means, that TLuaArgTypes may be one of the Types listed as template args
+ */
 using TLuaArgTypes = std::variant<std::string, int, sol::variadic_args, bool>;
 static constexpr size_t TLuaArgTypes_String = 0;
 static constexpr size_t TLuaArgTypes_Int = 1;
@ -114,11 +117,21 @@ public:
    void EnsureStateExists(TLuaStateId StateId, const std::string& Name, bool DontCallOnInit = false);
    void RegisterEvent(const std::string& EventName, TLuaStateId StateId, const std::string& FunctionName);
    template <typename... ArgsT>
+    /**
+     *
+     * @tparam ArgsT Template Arguments for the event (Metadata) todo: figure out what this means
+     * @param EventName Name of the event
+     * @param IgnoreId
+     * @param Args
+     * @return
+     */
    [[nodiscard]] std::vector<std::shared_ptr<TLuaResult>> TriggerEvent(const std::string& EventName, TLuaStateId IgnoreId, ArgsT&&... Args) {
        std::unique_lock Lock(mLuaEventsMutex);
-        if (mLuaEvents.find(EventName) == mLuaEvents.end()) {
+        beammp_event(EventName);
+        if (mLuaEvents.find(EventName) == mLuaEvents.end()) { // if no event handler is defined for 'EventName', return immediately
            return {};
        }
+
        std::vector<std::shared_ptr<TLuaResult>> Results;
        for (const auto& Event : mLuaEvents.at(EventName)) {
            for (const auto& Function : Event.second) {
@ -127,7 +140,7 @@ public:
                }
            }
        }
-        return Results;
+        return Results; //
    }
    std::set<std::string> GetEventHandlersForState(const std::string& EventName, TLuaStateId StateId);
    void CreateEventTimer(const std::string& EventName, TLuaStateId StateId, size_t IntervalMS);
--- a/src/Http.cpp
+++ b/src/Http.cpp
@ -1,11 +1,13 @@
 #include "Http.h"

 #include "Common.h"
+#include "CustomAssert.h"

 #include <map>
-
-#include <httplib.h>
-
+#include <random>
+#include <stdexcept>
+fs::path Http::Server::THttpServerInstance::KeyFilePath;
+fs::path Http::Server::THttpServerInstance::CertFilePath;
 // TODO: Add sentry error handling back

 std::string Http::GET(const std::string& host, int port, const std::string& target, unsigned int* status) {
@ -115,10 +117,163 @@ static std::map<size_t, const char*> Map = {
    { 530, "(CDN) 1XXX Internal Error" },
 };

-std::string Http::Status::ToString(int code) {
-    if (Map.find(code) != Map.end()) {
-        return Map.at(code);
+std::string Http::Status::ToString(int Code) {
+    if (Map.find(Code) != Map.end()) {
+        return Map.at(Code);
    } else {
-        return std::to_string(code);
+        return std::to_string(Code);
    }
 }
+
+long Http::Server::Tx509KeypairGenerator::GenerateRandomId() {
+    std::random_device R;
+    std::default_random_engine E1(R());
+    std::uniform_int_distribution<long> UniformDist(0, ULONG_MAX);
+    return UniformDist(E1);
+}
+
+// Http::Server::THttpServerInstance::THttpServerInstance() { }
+EVP_PKEY* Http::Server::Tx509KeypairGenerator::GenerateKey() {
+    /**
+     * Allocate memory for the pkey
+     */
+    EVP_PKEY* PKey = EVP_PKEY_new();
+    if (PKey == nullptr) {
+        beammp_error("Could not allocate memory for X.509 private key (PKEY) generation.");
+        throw std::runtime_error { std::string { "X.509 PKEY allocation error" } };
+    }
+    BIGNUM* E = BN_new();
+    beammp_assert(E); // TODO: replace all these asserts with beammp_errors
+    unsigned char three = 3;
+    BIGNUM* EErr = BN_bin2bn(&three, sizeof(three), E);
+    beammp_assert(EErr);
+    RSA* Rsa = RSA_new();
+    beammp_assert(Rsa);
+    int Ret = RSA_generate_key_ex(Rsa, Crypto::RSA_DEFAULT_KEYLENGTH, E, nullptr);
+    beammp_assert(Ret == 1);
+    BN_free(E);
+    if (!EVP_PKEY_assign_RSA(PKey, Rsa)) {
+        EVP_PKEY_free(PKey);
+        beammp_error(std::string("Could not generate " + std::to_string(Crypto::RSA_DEFAULT_KEYLENGTH) + "-bit RSA key."));
+        throw std::runtime_error { std::string("X.509 RSA key generation error") };
+    }
+    // todo: figure out if returning by reference instead of passing pointers is a security breach
+    return PKey;
+}
+
+X509* Http::Server::Tx509KeypairGenerator::GenerateCertificate(EVP_PKEY& PKey) {
+    X509* X509 = X509_new();
+    if (X509 == nullptr) {
+        X509_free(X509);
+        beammp_error("Could not allocate memory for X.509 certificate generation.");
+        throw std::runtime_error { std::string("X.509 certificate generation error") };
+    }
+
+    /**Set the metadata of the certificate*/
+    ASN1_INTEGER_set(X509_get_serialNumber(X509), GenerateRandomId());
+
+    /**Set the cert validity to a year*/
+    X509_gmtime_adj(X509_get_notBefore(X509), 0);
+    X509_gmtime_adj(X509_get_notAfter(X509), 31536000L);
+
+    /**Set the public key of the cert*/
+    X509_set_pubkey(X509, &PKey);
+
+    X509_NAME* Name = X509_get_subject_name(X509);
+
+    /**Set cert metadata*/
+    X509_NAME_add_entry_by_txt(Name, "C", MBSTRING_ASC, (unsigned char*)"GB", -1, -1, 0);
+    X509_NAME_add_entry_by_txt(Name, "O", MBSTRING_ASC, (unsigned char*)"BeamMP Ltd.", -1, -1, 0);
+    X509_NAME_add_entry_by_txt(Name, "CN", MBSTRING_ASC, (unsigned char*)"localhost", -1, -1, 0);
+
+    X509_set_issuer_name(X509, Name);
+
+    // TODO: Hashing with sha256 might cause problems, check later
+    if (!X509_sign(X509, &PKey, EVP_sha1())) {
+        X509_free(X509);
+        beammp_error("Could not sign X.509 certificate.");
+        throw std::runtime_error { std::string("X.509 certificate signing error") };
+    }
+    return X509;
+}
+
+void Http::Server::Tx509KeypairGenerator::GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath) {
+    // todo: generate directories for ssl keys
+    FILE* KeyFile = std::fopen(KeyFilePath.c_str(), "wb");
+    if (!KeyFile) {
+        beammp_error("Could not create file 'key.pem', check your permissions");
+        throw std::runtime_error("Could not create file 'key.pem'");
+    }
+
+    EVP_PKEY* PKey = Http::Server::Tx509KeypairGenerator::GenerateKey();
+
+    bool WriteOpResult = PEM_write_PrivateKey(KeyFile, PKey, nullptr, nullptr, 0, nullptr, nullptr);
+    fclose(KeyFile);
+
+    if (!WriteOpResult) {
+        beammp_error("Could not write to file 'key.pem', check your permissions");
+        throw std::runtime_error("Could not write to file 'key.pem'");
+    }
+
+    FILE* CertFile = std::fopen(CertFilePath.c_str(), "wb"); // x509 file
+    if (!CertFile) {
+        beammp_error("Could not create file 'cert.pem', check your permissions");
+        throw std::runtime_error("Could not create file 'cert.pem'");
+    }
+
+    X509* x509 = Http::Server::Tx509KeypairGenerator::GenerateCertificate(*PKey);
+    WriteOpResult = PEM_write_X509(CertFile, x509);
+    fclose(CertFile);
+
+    if (!WriteOpResult) {
+        beammp_error("Could not write to file 'cert.pem', check your permissions");
+        throw std::runtime_error("Could not write to file 'cert.pem'");
+    }
+    EVP_PKEY_free(PKey);
+    X509_free(x509);
+    return;
+}
+bool Http::Server::Tx509KeypairGenerator::EnsureTLSConfigExists() {
+    if (fs::is_regular_file(Application::Settings.SSLKeyPath)
+        && fs::is_regular_file(Application::Settings.SSLCertPath)) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
+void Http::Server::SetupEnvironment() {
+    auto parent = fs::path(Application::Settings.SSLKeyPath).parent_path();
+    if (!fs::exists(parent))
+        fs::create_directories(parent);
+
+    Application::TSettings defaultSettings {};
+    if (!Tx509KeypairGenerator::EnsureTLSConfigExists()) {
+        beammp_warn(std::string("No default TLS Key / Cert found. "
+                                "IF YOU HAVE NOT MODIFIED THE SSLKeyPath OR SSLCertPath VALUES "
+                                "THIS IS NORMAL ON FIRST STARTUP! BeamMP will generate it's own certs in the default directory "
+                                "(Check for permissions or corrupted key-/certfile)"));
+        Tx509KeypairGenerator::GenerateAndWriteToDisk(defaultSettings.SSLKeyPath, defaultSettings.SSLCertPath);
+        Http::Server::THttpServerInstance::KeyFilePath = defaultSettings.SSLKeyPath;
+        Http::Server::THttpServerInstance::CertFilePath = defaultSettings.SSLCertPath;
+    } else {
+        Http::Server::THttpServerInstance::KeyFilePath = Application::Settings.SSLKeyPath;
+        Http::Server::THttpServerInstance::CertFilePath = Application::Settings.SSLCertPath;
+    }
+}
+
+Http::Server::THttpServerInstance::THttpServerInstance() {
+    Start();
+}
+void Http::Server::THttpServerInstance::operator()() {
+    // todo: make this IP agnostic so people can set their own IP
+    this->mHttpLibServerInstancePtr = std::make_shared<httplib::SSLServer>(Application::Settings.SSLCertPath.c_str(), Application::Settings.SSLKeyPath.c_str());
+    this->mHttpLibServerInstancePtr->Get("/", [](const httplib::Request&, httplib::Response& res) {
+        res.set_content("<!DOCTYPE html><article><h1>Hello World!</h1><section><p>BeamMP Server can now serve HTTP requests!</p></section></article></html>", "text/html");
+    });
+    this->mHttpLibServerInstancePtr->Get("/health", [](const httplib::Request& req, httplib::Response& res) {
+        res.set_content("0", "text/plain");
+        res.status = 200;
+    });
+    this->mHttpLibServerInstancePtr->listen("0.0.0.0", Application::Settings.HTTPServerPort);
+}
--- a/src/TConfig.cpp
+++ b/src/TConfig.cpp
@ -1,3 +1,4 @@
+#include "Common.h"
 #define TOML11_PRESERVE_COMMENTS_BY_DEFAULT

 #include <toml11/toml.hpp> // header-only version of TOML++
@ -20,6 +21,9 @@ static constexpr std::string_view StrResourceFolder = "ResourceFolder";
 static constexpr std::string_view StrAuthKey = "AuthKey";
 static constexpr std::string_view StrSendErrors = "SendErrors";
 static constexpr std::string_view StrSendErrorsMessageEnabled = "SendErrorsShowMessage";
+static constexpr std::string_view StrSSLKeyPath = "SSLKeyPath";
+static constexpr std::string_view StrSSLCertPath = "SSLCertPath";
+static constexpr std::string_view StrHTTPServerPort = "HTTPServerPort";

 void WriteSendErrors(const std::string& name) {
    std::ofstream CfgFile { name, std::ios::out | std::ios::app };
@ -43,7 +47,15 @@ TConfig::TConfig(const std::string& ConfigFileName)
        ParseFromFile(mConfigFileName);
    }
 }
-
+/**
+ * @brief Writes out the loaded application state into ServerConfig.toml
+ *
+ * This writes out the current state of application settings that are
+ * applied to the server instance (i.e. the current application settings loaded in the server).
+ * If the state of the application settings changes during runtime,
+ * call this function whenever something about the config changes
+ * whether it is in TConfig.cpp or the configuration file.
+ */
 void TConfig::FlushToFile() {
    auto data = toml::parse(mConfigFileName);
    data["General"] = toml::table();
@ -59,6 +71,9 @@ void TConfig::FlushToFile() {
    data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
    data["General"][StrSendErrors.data()] = Application::Settings.SendErrors;
    data["General"][StrSendErrorsMessageEnabled.data()] = Application::Settings.SendErrorsMessageEnabled;
+    data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
+    data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
+    data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;
    std::ofstream Stream(mConfigFileName);
    Stream << data << std::flush;
 }
@ -93,6 +108,9 @@ void TConfig::CreateConfigFile(std::string_view name) {
    data["General"][StrMap.data()] = Application::Settings.MapName;
    data["General"][StrDescription.data()] = Application::Settings.ServerDesc;
    data["General"][StrResourceFolder.data()] = Application::Settings.Resource;
+    data["General"][StrSSLKeyPath.data()] = Application::Settings.SSLKeyPath;
+    data["General"][StrSSLCertPath.data()] = Application::Settings.SSLCertPath;
+    data["General"][StrHTTPServerPort.data()] = Application::Settings.HTTPServerPort;

    std::ofstream ofs { std::string(name) };
    if (ofs.good()) {
@ -124,6 +142,9 @@ void TConfig::ParseFromFile(std::string_view name) {
        Application::Settings.ServerDesc = data["General"][StrDescription.data()].as_string();
        Application::Settings.Resource = data["General"][StrResourceFolder.data()].as_string();
        Application::Settings.Key = data["General"][StrAuthKey.data()].as_string();
+        Application::Settings.SSLKeyPath = data["General"][StrSSLKeyPath.data()].as_string();
+        Application::Settings.SSLCertPath = data["General"][StrSSLCertPath.data()].as_string();
+        Application::Settings.HTTPServerPort = data["General"][StrHTTPServerPort.data()].as_integer();
        if (!data["General"][StrSendErrors.data()].is_boolean()
            || !data["General"][StrSendErrorsMessageEnabled.data()].is_boolean()) {
            WriteSendErrors(std::string(name));
@ -154,6 +175,8 @@ void TConfig::PrintDebug() {
    beammp_debug(std::string(StrName) + ": \"" + Application::Settings.ServerName + "\"");
    beammp_debug(std::string(StrDescription) + ": \"" + Application::Settings.ServerDesc + "\"");
    beammp_debug(std::string(StrResourceFolder) + ": \"" + Application::Settings.Resource + "\"");
+    beammp_debug(std::string(StrSSLKeyPath) + ": \"" + Application::Settings.SSLKeyPath + "\"");
+    beammp_debug(std::string(StrSSLCertPath) + ": \"" + Application::Settings.SSLCertPath + "\"");
    // special!
    beammp_debug("Key Length: " + std::to_string(Application::Settings.Key.length()) + "");
 }
--- a/src/TConsole.cpp
+++ b/src/TConsole.cpp
@ -106,8 +106,8 @@ void TConsole::ChangeToLuaConsole(const std::string& LuaStateId) {
        } else {
            Application::Console().WriteRaw("Entered Lua console. To exit, type `exit()`");
        }
-        mCachedRegularHistory = mCommandline.history();
-        mCommandline.set_history(mCachedLuaHistory);
+        //mCachedRegularHistory = mCommandline.history();
+        //mCommandline.set_history(mCachedLuaHistory);
        mCommandline.set_prompt("lua> ");
    }
 }
@ -120,8 +120,8 @@ void TConsole::ChangeToRegularConsole() {
        } else {
            Application::Console().WriteRaw("Left Lua console.");
        }
-        mCachedLuaHistory = mCommandline.history();
-        mCommandline.set_history(mCachedRegularHistory);
+        //mCachedLuaHistory = mCommandline.history();
+        //mCommandline.set_history(mCachedRegularHistory);
        mCommandline.set_prompt("> ");
        mStateId = mDefaultStateId;
    }
--- a/src/THeartbeatThread.cpp
+++ b/src/THeartbeatThread.cpp
@ -6,6 +6,7 @@
 #include <sstream>

 void THeartbeatThread::operator()() {
+    return;/*
    RegisterThread("Heartbeat");
    std::string Body;
    std::string T;
@ -82,6 +83,7 @@ void THeartbeatThread::operator()() {

        //SocketIO::Get().SetAuthenticated(isAuth);
    }
+    */
 }

 std::string THeartbeatThread::GenerateCall() {
--- a/src/TNetwork.cpp
+++ b/src/TNetwork.cpp
@ -211,7 +211,7 @@ void TNetwork::Authentication(const TConnection& ClientConnection) {
    beammp_trace("This thread is ip " + std::string(str));
    Client->SetIdentifier("ip", str);

-    std::string Rc;
+    std::string Rc; //TODO: figure out why this is not default constructed
    beammp_info("Identifying new ClientConnection...");

    Rc = TCPRcv(*Client);
--- a/src/main.cpp
+++ b/src/main.cpp
@ -17,7 +17,7 @@

 #include <iostream>
 #include <thread>
-
+#define CPPHTTPLIB_OPENSSL_SUPPORT 1
 static const std::string sCommandlineArguments = R"(
 USAGE: 
    BeamMP-Server [arguments]
@ -155,6 +155,12 @@ int BeamMPServerMain(MainArguments Arguments) {
    Application::Console().InitializeLuaConsole(LuaEngine);
    Application::CheckForUpdates();

+    Http::Server::SetupEnvironment();
+    Http::Server::THttpServerInstance HttpServerInstance {};
+
+    beammp_debug("cert.pem is " + std::to_string(fs::file_size("cert.pem")) + " bytes");
+    beammp_debug("key.pem is " + std::to_string(fs::file_size("key.pem")) + " bytes");
+
    RegisterThread("Main(Waiting)");

    while (!Shutdown) {
				`@ -1 +0,0 @@`
				`Subproject commit 3d11606d02b449b8afd40a7132160d2392043eb3`