SantaSpeen/BeamMP-Server
1
0
Fork 0
mirror of https://github.com/SantaSpeen/BeamMP-Server.git synced 2026-04-03 18:56:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add preliminary work for HTTP health endpoint (#68)

Browse Source 
* Add preliminary work for HTTP health endpoint

* Http: Fix infinite loop bug in Tx509KeypairGenerator::generateKey()

* update commandline

* Add TLS Support class for use with http server

* Add preliminary HTTP Server; TLS still broken; fix in later commit

* Fix TLS handshake, due to server being unable to serve key/certfile in 'Http.h/Http.cpp'; Cause was httlib not being threadsafe due to being a blocking http library

* Run clang format

* Add option to configure http server port via ServerConfig

* TConfig: add HTTPServerPort to config parsing step

* Fix SSL Cert / Key path not auto generating when not existing

* Add health endpoint; Fix SSL Cert serial no. not refreshing when regenerating

* Switch arround status codes in /health route

* Run clang format

Co-authored-by: Lion Kortlepel <development@kortlepel.com>
This commit is contained in:
awesome_milou
2021-12-05 18:24:55 +01:00
committed by GitHub
parent b33d50361c
commit 9d283738aa
11 changed files with 273 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
src/Http.cpp
View File

@@ -1,11 +1,13 @@
#include "Http.h"
#include "Common.h"
#include "CustomAssert.h"
#include <map>
#include <httplib.h>
#include <random>
#include <stdexcept>
fs::path Http::Server::THttpServerInstance::KeyFilePath;
fs::path Http::Server::THttpServerInstance::CertFilePath;
// TODO: Add sentry error handling back
std::string Http::GET(const std::string& host, int port, const std::string& target, unsigned int* status) {
@@ -115,10 +117,163 @@ static std::map<size_t, const char*> Map = {
{ 530, "(CDN) 1XXX Internal Error" },
};
std::string Http::Status::ToString(int code) {
if (Map.find(code) != Map.end()) {
return Map.at(code);
std::string Http::Status::ToString(int Code) {
if (Map.find(Code) != Map.end()) {
return Map.at(Code);
} else {
return std::to_string(code);
return std::to_string(Code);
}
}
long Http::Server::Tx509KeypairGenerator::GenerateRandomId() {
std::random_device R;
std::default_random_engine E1(R());
std::uniform_int_distribution<long> UniformDist(0, ULONG_MAX);
return UniformDist(E1);
}
// Http::Server::THttpServerInstance::THttpServerInstance() { }
EVP_PKEY* Http::Server::Tx509KeypairGenerator::GenerateKey() {
/**
* Allocate memory for the pkey
*/
EVP_PKEY* PKey = EVP_PKEY_new();
if (PKey == nullptr) {
beammp_error("Could not allocate memory for X.509 private key (PKEY) generation.");
throw std::runtime_error { std::string { "X.509 PKEY allocation error" } };
}
BIGNUM* E = BN_new();
beammp_assert(E); // TODO: replace all these asserts with beammp_errors
unsigned char three = 3;
BIGNUM* EErr = BN_bin2bn(&three, sizeof(three), E);
beammp_assert(EErr);
RSA* Rsa = RSA_new();
beammp_assert(Rsa);
int Ret = RSA_generate_key_ex(Rsa, Crypto::RSA_DEFAULT_KEYLENGTH, E, nullptr);
beammp_assert(Ret == 1);
BN_free(E);
if (!EVP_PKEY_assign_RSA(PKey, Rsa)) {
EVP_PKEY_free(PKey);
beammp_error(std::string("Could not generate " + std::to_string(Crypto::RSA_DEFAULT_KEYLENGTH) + "-bit RSA key."));
throw std::runtime_error { std::string("X.509 RSA key generation error") };
}
// todo: figure out if returning by reference instead of passing pointers is a security breach
return PKey;
}
X509* Http::Server::Tx509KeypairGenerator::GenerateCertificate(EVP_PKEY& PKey) {
X509* X509 = X509_new();
if (X509 == nullptr) {
X509_free(X509);
beammp_error("Could not allocate memory for X.509 certificate generation.");
throw std::runtime_error { std::string("X.509 certificate generation error") };
}
/**Set the metadata of the certificate*/
ASN1_INTEGER_set(X509_get_serialNumber(X509), GenerateRandomId());
/**Set the cert validity to a year*/
X509_gmtime_adj(X509_get_notBefore(X509), 0);
X509_gmtime_adj(X509_get_notAfter(X509), 31536000L);
/**Set the public key of the cert*/
X509_set_pubkey(X509, &PKey);
X509_NAME* Name = X509_get_subject_name(X509);
/**Set cert metadata*/
X509_NAME_add_entry_by_txt(Name, "C", MBSTRING_ASC, (unsigned char*)"GB", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "O", MBSTRING_ASC, (unsigned char*)"BeamMP Ltd.", -1, -1, 0);
X509_NAME_add_entry_by_txt(Name, "CN", MBSTRING_ASC, (unsigned char*)"localhost", -1, -1, 0);
X509_set_issuer_name(X509, Name);
// TODO: Hashing with sha256 might cause problems, check later
if (!X509_sign(X509, &PKey, EVP_sha1())) {
X509_free(X509);
beammp_error("Could not sign X.509 certificate.");
throw std::runtime_error { std::string("X.509 certificate signing error") };
}
return X509;
}
void Http::Server::Tx509KeypairGenerator::GenerateAndWriteToDisk(const fs::path& KeyFilePath, const fs::path& CertFilePath) {
// todo: generate directories for ssl keys
FILE* KeyFile = std::fopen(KeyFilePath.c_str(), "wb");
if (!KeyFile) {
beammp_error("Could not create file 'key.pem', check your permissions");
throw std::runtime_error("Could not create file 'key.pem'");
}
EVP_PKEY* PKey = Http::Server::Tx509KeypairGenerator::GenerateKey();
bool WriteOpResult = PEM_write_PrivateKey(KeyFile, PKey, nullptr, nullptr, 0, nullptr, nullptr);
fclose(KeyFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'key.pem', check your permissions");
throw std::runtime_error("Could not write to file 'key.pem'");
}
FILE* CertFile = std::fopen(CertFilePath.c_str(), "wb"); // x509 file
if (!CertFile) {
beammp_error("Could not create file 'cert.pem', check your permissions");
throw std::runtime_error("Could not create file 'cert.pem'");
}
X509* x509 = Http::Server::Tx509KeypairGenerator::GenerateCertificate(*PKey);
WriteOpResult = PEM_write_X509(CertFile, x509);
fclose(CertFile);
if (!WriteOpResult) {
beammp_error("Could not write to file 'cert.pem', check your permissions");
throw std::runtime_error("Could not write to file 'cert.pem'");
}
EVP_PKEY_free(PKey);
X509_free(x509);
return;
}
bool Http::Server::Tx509KeypairGenerator::EnsureTLSConfigExists() {
if (fs::is_regular_file(Application::Settings.SSLKeyPath)
&& fs::is_regular_file(Application::Settings.SSLCertPath)) {
return true;
} else {
return false;
}
}
void Http::Server::SetupEnvironment() {
auto parent = fs::path(Application::Settings.SSLKeyPath).parent_path();
if (!fs::exists(parent))
fs::create_directories(parent);
Application::TSettings defaultSettings {};
if (!Tx509KeypairGenerator::EnsureTLSConfigExists()) {
beammp_warn(std::string("No default TLS Key / Cert found. "
"IF YOU HAVE NOT MODIFIED THE SSLKeyPath OR SSLCertPath VALUES "
"THIS IS NORMAL ON FIRST STARTUP! BeamMP will generate it's own certs in the default directory "
"(Check for permissions or corrupted key-/certfile)"));
Tx509KeypairGenerator::GenerateAndWriteToDisk(defaultSettings.SSLKeyPath, defaultSettings.SSLCertPath);
Http::Server::THttpServerInstance::KeyFilePath = defaultSettings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = defaultSettings.SSLCertPath;
} else {
Http::Server::THttpServerInstance::KeyFilePath = Application::Settings.SSLKeyPath;
Http::Server::THttpServerInstance::CertFilePath = Application::Settings.SSLCertPath;
}
}
Http::Server::THttpServerInstance::THttpServerInstance() {
Start();
}
void Http::Server::THttpServerInstance::operator()() {
// todo: make this IP agnostic so people can set their own IP
this->mHttpLibServerInstancePtr = std::make_shared<httplib::SSLServer>(Application::Settings.SSLCertPath.c_str(), Application::Settings.SSLKeyPath.c_str());
this->mHttpLibServerInstancePtr->Get("/", [](const httplib::Request&, httplib::Response& res) {
res.set_content("<!DOCTYPE html><article><h1>Hello World!</h1><section><p>BeamMP Server can now serve HTTP requests!</p></section></article></html>", "text/html");
});
this->mHttpLibServerInstancePtr->Get("/health", [](const httplib::Request& req, httplib::Response& res) {
res.set_content("0", "text/plain");
res.status = 200;
});
this->mHttpLibServerInstancePtr->listen("0.0.0.0", Application::Settings.HTTPServerPort);
}