snode.c-doc/html/http_2model_2servers_8h_source.html

/*

 * SNode.C - A Slim Toolkit for Network Communication

 * Copyright (C) Volker Christian <me@vchrist.at>

 *               2020, 2021, 2022, 2023, 2024, 2025

 *

 * This program is free software: you can redistribute it and/or modify

 * it under the terms of the GNU Lesser General Public License as published

 * by the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

 * GNU Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public License

 * along with this program. If not, see <http://www.gnu.org/licenses/>.

 */


/*

 * MIT License

 *

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */


#ifndef APPS_HTTP_MODEL_SERVERS_H

#define APPS_HTTP_MODEL_SERVERS_H


#define QUOTE_INCLUDE(a) STR_INCLUDE(a)

#define STR_INCLUDE(a) #a


// clang-format off

#define WEBAPP_INCLUDE QUOTE_INCLUDE(express/STREAM/NET/WebApp.h)

// clang-format on


#include WEBAPP_INCLUDE // IWYU pragma: export


#include "express/middleware/VerboseRequest.h"


#ifndef DOXYGEN_SHOULD_SKIP_THIS


#include "log/Logger.h"


#if (STREAM_TYPE == TLS) // tls

#include <cstddef>

#include <openssl/ssl.h>

#include <openssl/x509v3.h>

#endif


#endif /* DOXYGEN_SHOULD_SKIP_THIS */


static express::Router getRouter() {

    return express::middleware::VerboseRequest();

}


#if (STREAM_TYPE == LEGACY) // legacy


namespace apps::http::legacy {


    using WebApp = express::legacy::NET::WebApp;

    using SocketConnection = WebApp::SocketConnection;


    static WebApp getWebApp(const std::string& name) {

        WebApp webApp(name, getRouter());


        return webApp;

    }


} // namespace apps::http::legacy


#endif // (STREAM_TYPE == LEGACY) // legacy


#if (STREAM_TYPE == TLS) // tls


namespace apps::http::tls {


    using WebApp = express::tls::NET::WebApp;

    using SocketConnection = WebApp::SocketConnection;


    static WebApp getWebApp(const std::string& name) {

        WebApp webApp(name, getRouter());


        const std::string& instanceName = webApp.getConfig().getInstanceName();


        webApp.setOnConnect([instanceName](SocketConnection* socketConnection) { // onConnect

            VLOG(1) << "OnConnect " << instanceName;


            VLOG(1) << "  Local: " << socketConnection->getLocalAddress().toString();

            VLOG(1) << "   Peer: " << socketConnection->getRemoteAddress().toString();


            /* Enable automatic hostname checks */

            // X509_VERIFY_PARAM* param = SSL_get0_param(socketConnection->getSSL());


            // X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

            // if (!X509_VERIFY_PARAM_set1_host(param, "localhost", sizeof("localhost") - 1)) {

            //   // handle error

            //   socketConnection->close();

            // }

        });


        webApp.setOnConnected([instanceName](SocketConnection* socketConnection) { // onConnected

            VLOG(1) << "OnConnected " << instanceName;


            X509* server_cert = SSL_get_peer_certificate(socketConnection->getSSL());

            if (server_cert != nullptr) {

                long verifyErr = SSL_get_verify_result(socketConnection->getSSL());


                VLOG(1) << "\tPeer certificate verifyErr = " + std::to_string(verifyErr) + ": " +

                               std::string(X509_verify_cert_error_string(verifyErr));


                char* str = X509_NAME_oneline(X509_get_subject_name(server_cert), nullptr, 0);

                VLOG(1) << "\t   Subject: " + std::string(str);

                OPENSSL_free(str);


                str = X509_NAME_oneline(X509_get_issuer_name(server_cert), nullptr, 0);

                VLOG(1) << "\t   Issuer: " + std::string(str);

                OPENSSL_free(str);


                // We could do all sorts of certificate verification stuff here before deallocating the certificate.


                GENERAL_NAMES* subjectAltNames =

                    static_cast<GENERAL_NAMES*>(X509_get_ext_d2i(server_cert, NID_subject_alt_name, nullptr, nullptr));


                int32_t altNameCount = OPENSSL_sk_num(reinterpret_cast<const OPENSSL_STACK*>(subjectAltNames));


                VLOG(1) << "\t   Subject alternative name count: " << altNameCount;

                for (int32_t i = 0; i < altNameCount; ++i) {

                    GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);


                    if (generalName->type == GEN_URI) {

                        std::string subjectAltName =

                            std::string(reinterpret_cast<const char*>(ASN1_STRING_get0_data(generalName->d.uniformResourceIdentifier)),

                                        static_cast<std::size_t>(ASN1_STRING_length(generalName->d.uniformResourceIdentifier)));

                        VLOG(1) << "\t      SAN (URI): '" + subjectAltName;

                    } else if (generalName->type == GEN_DNS) {

                        std::string subjectAltName =

                            std::string(reinterpret_cast<const char*>(ASN1_STRING_get0_data(generalName->d.dNSName)),

                                        static_cast<std::size_t>(ASN1_STRING_length(generalName->d.dNSName)));

                        VLOG(1) << "\t      SAN (DNS): '" + subjectAltName;

                    } else {

                        VLOG(1) << "\t      SAN (Type): '" + std::to_string(generalName->type);

                    }

                }


                sk_GENERAL_NAME_pop_free(subjectAltNames, GENERAL_NAME_free);


                X509_free(server_cert);

            } else {

                LOG(WARNING) << "\tPeer certificate: no certificate";

            }

        });


        webApp.setOnDisconnect([instanceName](SocketConnection* socketConnection) { // onDisconnect

            VLOG(1) << "OnDisconnect " << instanceName;


            VLOG(2) << "            Local: " << socketConnection->getLocalAddress().toString(false);

            VLOG(2) << "             Peer: " << socketConnection->getRemoteAddress().toString(false);


            VLOG(2) << "     Online Since: " << socketConnection->getOnlineSince();

            VLOG(2) << "  Online Duration: " << socketConnection->getOnlineDuration();


            VLOG(2) << "     Total Queued: " << socketConnection->getTotalQueued();

            VLOG(2) << "       Total Sent: " << socketConnection->getTotalSent();

            VLOG(2) << "      Write Delta: " << socketConnection->getTotalQueued() - socketConnection->getTotalSent();

            VLOG(2) << "       Total Read: " << socketConnection->getTotalRead();

            VLOG(2) << "  Total Processed: " << socketConnection->getTotalProcessed();

            VLOG(2) << "       Read Delta: " << socketConnection->getTotalRead() - socketConnection->getTotalProcessed();

        });


        return webApp;

    }


} // namespace apps::http::tls


#endif // (STREAM_TYPE == TLS) // tls


#endif // APPS_HTTP_MODEL_SERVERS_H

express::Router
Definition Router.h:98

net::config::ConfigSection
Definition ConfigSection.h:65

net::config::ConfigSection::required
void required(CLI::Option *opt, bool req=true)
Definition ConfigSection.cpp:88

main
int main(int argc, char *argv[])
Definition configtest.cpp:73

QUOTE_INCLUDE
#define QUOTE_INCLUDE(a)
Definition clients.h:47

STR_INCLUDE
#define STR_INCLUDE(a)
Definition servers.h:48

getRouter
static express::Router getRouter()
Definition servers.h:68

CLI
Definition Exceptions.cpp:50

apps::http::legacy::getWebApp
static WebApp getWebApp(const std::string &name)
Definition servers.h:79

apps::http::tls
Definition clients.h:529

apps::http::tls::getWebApp
static WebApp getWebApp(const std::string &name)
Definition servers.h:96

apps::http
Definition clients.h:88

express
Definition StaticMiddleware.h:57

net::config
Definition ConfigSection.hpp:71