v1.4.4

attic/authserver/StarAuthenticationServer.cpp

@@ -0,0 +1,325 @@
+#include "StarAuthenticationServer.hpp"
+#include "StarLogging.hpp"
+#include "StarAuthenticationDatabase.hpp"
+
+namespace Star {
+namespace Auth {
+
+AuthenticationConnectionHandler::AuthenticationConnectionHandler(TcpSocketPtr socket, AuthenticationServer* server)
+    : Thread("AuthenticationConnectionHandler") {
+  Logger::info("Connection thread constructor.");
+  m_socket = socket;
+  m_server = server;
+  m_stop = false;
+  m_closed = false;
+}
+
+AuthenticationConnectionHandler::~AuthenticationConnectionHandler() {
+  Logger::info("Connection thread destructor.");
+}
+
+void AuthenticationConnectionHandler::stop() {
+  m_stop = true;
+  try {
+    m_socket->close();
+  } catch (StarException const&) {
+    // bartwe: I'm a jerk, close is not supposed to be called during calls to the socket on other threads, not really seeing a good way to interrupt that i care about enough to implement atm.
+  }
+}
+
+bool AuthenticationConnectionHandler::isClosed() {
+  return m_closed;
+}
+
+void AuthenticationConnectionHandler::writeResponse(String const& response) {
+  String body = "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nCache-Control: no-cache, no-store\r\n\r\n" + response + "\r\n\r\n";
+  m_socket->write(body.utf8Ptr(), body.utf8Size());
+  Logger::info("Connection thread write response.");
+}
+
+void AuthenticationConnectionHandler::writeErrorResponse(String const& response) {
+  String body = "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nCache-Control: no-cache, no-store\r\n\r\n" + response + "\r\n\r\n";
+  m_socket->write(body.utf8Ptr(), body.utf8Size());
+  Logger::info("Connection thread write error.");
+}
+
+void AuthenticationConnectionHandler::run() {
+  Logger::info("Connection thread.run");
+  try {
+    m_socket->setNoDelay(true);
+    m_socket->setSocketTimeout(ClientSocketTimeout);
+
+    int64_t deadline = Thread::currentTime() + ClientSocketTimeout;
+
+    bool headerMode = true;
+    Buffer buffer(BufferCapacity);
+    int newlineCounter = 0;
+    while (!m_stop && m_socket->isOpen()) {
+      if (Thread::currentTime() >= deadline) {
+        // client too slow, or a slow lorris attack
+        writeErrorResponse("Client too slow.");
+        break;
+      }
+      char c;
+      if (m_socket->read(&c, 1) != 1)
+        throw StarException("Unexpected result from socket read\n");
+      if (c == '\r')
+        continue; // hello dos
+      buffer.write(&c, 1);
+      if (buffer.pos() >= BufferCapacity) {
+        // request too long
+        writeErrorResponse("Request too long.");
+        break;
+      }
+      if (c == '\n')
+        newlineCounter++;
+      else
+        newlineCounter = 0;
+      if (newlineCounter == 2) {
+        if (headerMode) {
+          String header = String(buffer.ptr(), buffer.pos());
+          if (!header.beginsWith("POST /auth.sb HTTP/1.1\n")) {
+            writeErrorResponse("Page not found.");
+            break;
+          }
+          headerMode = false;
+          buffer.clear();
+          newlineCounter = 0;
+        } else {
+          String body = String(buffer.ptr(), buffer.pos() - 2); // remove trailing newlines, guaranteed to be there
+          auto message = make_shared<MessageToken>(body);
+          Logger::info("Connection thread.message received.");
+          m_server->addMessage(message);
+          if (!message->waitForResponse(ClientProcessingTimeout))
+            writeErrorResponse("Timed out.");
+          writeResponse(message->response());
+          break;
+        }
+      }
+    }
+    m_socket->flush();
+  }
+  catch (NetworkException const&) {
+    goto finally;
+  }
+  catch (StarException const& e) {
+    Logger::error("AuthenticationConnectionHandler: Exception caught: %s", e.what());
+  }
+  catch (std::exception const& e) {
+    Logger::error("AuthenticationConnectionHandler: Exception caught: %s", e.what());
+    goto finally;
+  }
+  catch (...) {
+    goto finally;
+  }
+  finally: {
+    m_closed = true;
+    if (m_socket->isOpen())
+      m_socket->close();
+  }
+  m_server->addMessage( { });
+  Logger::info("Connection thread.run.end");
+}
+
+AuthenticationServer::AuthenticationServer() {
+  m_stop = false;
+
+  String connectionString = Variant::parseJson(File::readFileString("connectionstring.config")).getString("connectionString");
+
+  DatabasePtr db = as<Database>(make_shared<AuthenticationDatabase>(connectionString));
+  m_service = make_shared<AuthenticationService>(db);
+
+  m_requestCount = 0;
+  m_getAuthKeyCounter = 0;
+  m_authorizeClientCounter = 0;
+  m_authorizeClientFailure = 0;
+  m_validateClientCounter = 0;
+  m_validateClientFailure = 0;
+
+  m_munin = make_shared<MuninNode>(Variant::parseJson(File::readFileString("authmunin.config")));
+  m_munin->setCallback([=]() {
+    MutexLocker locker(m_mainLock);
+    m_munin->set("sbauth", "users", db->usersCount());
+    m_munin->set("sbauth", "requests", m_requestCount);
+    m_munin->set("sbauth", "getAuthKey", m_getAuthKeyCounter);
+    m_munin->set("sbauth", "authorizeClient", m_authorizeClientCounter);
+    m_munin->set("sbauth", "authorizeClientFailure", m_authorizeClientFailure);
+    m_munin->set("sbauth", "validateClient", m_validateClientCounter);
+    m_munin->set("sbauth", "validateClientFailure", m_validateClientFailure);
+  });
+}
+
+AuthenticationServer::~AuthenticationServer() {}
+
+void AuthenticationServer::acceptConnection(TcpSocketPtr socket) {
+  MutexLocker locker(m_mainLock);
+  if (m_stop) {
+    socket->close();
+  } else {
+    auto handler = make_shared<AuthenticationConnectionHandler>(socket, this);
+    m_handlers.add(handler);
+    handler->start();
+  }
+}
+
+void AuthenticationServer::run() {
+  TcpServer tcpServer(ListenPort);
+  tcpServer.setAcceptCallback(std::bind(&AuthenticationServer::acceptConnection, this, std::placeholders::_1));
+
+  Logger::info("Auth server started.");
+
+  List<AuthenticationConnectionHandlerPtr> cleanup;
+  while (true) {
+    try {
+      MessageTokenPtr message;
+      {
+        MutexLocker locker(m_mainLock);
+        if (m_stop)
+          break;
+        for (auto& handler : m_handlers) {
+          if (handler->isClosed())
+            cleanup.append(handler);
+        }
+        m_handlers.removeAll(cleanup);
+        if (m_messages.empty() && cleanup.empty())
+          m_signal.wait(m_mainLock);
+        if (!m_messages.empty())
+          message = m_messages.takeFirst();
+      }
+      cleanup.clear();
+      if (message) {
+        try {
+          handleMessage(message);
+          if (!message->hasResponse())
+            message->setResponse("");
+        }
+        catch (std::exception const&) {
+          if (!message->hasResponse())
+            message->setResponse("");
+          throw;
+        }
+      }
+    }
+    catch (std::exception const& e) {
+      Logger::error("AuthenticationServer exception caught: %s", e.what());
+    }
+  }
+
+  Logger::info("Finishing remaining connections.");
+
+  try {
+    MutexLocker locker(m_mainLock);
+    m_stop = true;
+    tcpServer.close();
+  } catch (std::exception const& e) {
+    Logger::error("AuthenticationServer exception caught cleaning up: %s", e.what());
+  }
+
+  {
+    MutexLocker locker(m_mainLock);
+    for (auto & message : m_messages)
+      message->setResponse("stopping");
+    m_messages.clear();
+  }
+
+  // locking should no longer be needed at this point
+  // unused to avoid deadlock scenario where the handler calls addMessage
+  for (auto& handler : m_handlers)
+    handler->stop();
+  m_handlers.clear();
+}
+
+void AuthenticationServer::stop() {
+  Logger::info("Auth server stopping.");
+  MutexLocker locker(m_mainLock);
+  m_stop = true;
+  m_signal.signal();
+}
+
+void AuthenticationServer::addMessage(MessageTokenPtr const& message) {
+  MutexLocker locker(m_mainLock);
+  m_requestCount++;
+  if (m_stop) {
+    if (message)
+      message->setResponse("stopped");
+  } else {
+    m_messages.append(message);
+    m_signal.signal();
+  }
+}
+
+void AuthenticationServer::handleMessage(MessageTokenPtr const& message) {
+  Variant command = Variant::parse(message->request());
+  if (command.getString("command") == "getAuthKey") {
+    m_getAuthKeyCounter++;
+    auto response = m_service->getCertificate();
+    message->setResponse(response.repr(0, true));
+  } else if (command.getString("command") == "authorizeClient") {
+    m_authorizeClientCounter++;
+    try {
+      auto response = m_service->authorizeClient(command.getMap("body"));
+      message->setResponse(response.repr(0, true));
+    }
+    catch (...) {
+      m_authorizeClientFailure++;
+      throw;
+    }
+  } else if (command.getString("command") == "validateClient") {
+    m_validateClientCounter++;
+    try {
+      auto response = m_service->validateClient(command.getMap("body"));
+      message->setResponse(response.repr(0, true));
+    }
+    catch (...) {
+      m_validateClientFailure++;
+      throw;
+    }
+  }
+}
+
+MessageToken::MessageToken(String const& request) {
+  m_request = request;
+  m_hasResponse = false;
+}
+
+bool MessageToken::hasResponse() {
+  MutexLocker locker(m_lock);
+  return m_hasResponse;
+}
+
+bool MessageToken::waitForResponse(unsigned millis) {
+  MutexLocker locker(m_lock);
+  int64_t timeout = millis;
+  while (true) {
+    if (m_hasResponse)
+      return true;
+    if (timeout <= 0)
+      return false;
+    int64_t startTime = Thread::currentTime();
+    m_signal.wait(m_lock, (unsigned)timeout);
+    timeout -= Thread::currentTime() - startTime;
+  }
+}
+
+void MessageToken::setResponse(String const& response) {
+  {
+    MutexLocker locker(m_lock);
+    starAssert(!m_hasResponse);
+    m_response = response;
+    m_hasResponse = true;
+  }
+  m_signal.signal();
+}
+
+String MessageToken::response() {
+  MutexLocker locker(m_lock);
+  starAssert(m_hasResponse);
+  return m_response;
+}
+
+String MessageToken::request() {
+  return m_request;
+}
+
+}
+}