bayserver-core 2.2.0

data/lib/baykit/bayserver/docker/built_in/built_in_log_docker.rb

@@ -0,0 +1,302 @@
+require 'baykit/bayserver/agent/grand_agent'
+require 'baykit/bayserver/agent/transporter/plain_transporter'
+require 'baykit/bayserver/agent/transporter/spin_write_transporter'
+require 'baykit/bayserver/docker/built_in/write_file_taxi'
+require 'baykit/bayserver/docker/log'
+require 'baykit/bayserver/docker/built_in/log_items'
+require 'baykit/bayserver/docker/built_in/log_boat'
+require 'baykit/bayserver/util/string_util'
+
+module Baykit
+  module BayServer
+    module Docker
+        module BuiltIn
+          class BuiltInLogDocker < Baykit::BayServer::Docker::Base::DockerBase
+            include Baykit::BayServer::Docker::Log # implements
+            include Baykit::BayServer::Agent::Transporter
+            include Baykit::BayServer::Agent
+            include Baykit::BayServer::Util
+
+            include Baykit::BayServer::Bcf
+
+            class AgentListener
+              include Baykit::BayServer::Agent::GrandAgent::GrandAgentLifecycleListener  # implements
+              include Baykit::BayServer::Agent::Transporter
+
+              attr :log_docker
+
+              def initialize(dkr)
+                @log_docker = dkr
+              end
+
+              def add(agt)
+                file_name = "#{@log_docker.file_prefix}_#{agt.agent_id}.#{@log_docker.file_ext}";
+
+                boat = LogBoat.new()
+
+                case @log_docker.log_write_method
+                when LOG_WRITE_METHOD_SELECT
+                  tp = PlainTransporter.new(false, 0, true)  # write only
+                  tp.init(agt.non_blocking_handler, File.open(file_name, "a"), boat)
+
+                when LOG_WRITE_METHOD_SPIN
+                  tp = SpinWriteTransporter.new()
+                  tp.init(agt.spin_handler, File.open(file_name, "a"), boat)
+
+                when LOG_WRITE_METHOD_TAXI
+                  tp = WriteFileTaxi.new()
+                  tp.init(File.open(file_name, "a"), boat)
+
+                end
+
+                begin
+                  boat.init(file_name, tp)
+                rescue IOError => e
+                  BayLog.fatal(BayMessage.get(:INT_CANNOT_OPEN_LOG_FILE, file_name));
+                  BayLog.fatal_e(e);
+                end
+
+                @log_docker.loggers[agt.agent_id] = boat
+              end
+
+
+              def remove(agt)
+                @log_docker.loggers.delete(agt.agent_id);
+              end
+            end
+
+
+            LOG_WRITE_METHOD_SELECT = 1
+            LOG_WRITE_METHOD_SPIN = 2
+            LOG_WRITE_METHOD_TAXI = 3
+            DEFAULT_LOG_WRITE_METHOD = LOG_WRITE_METHOD_TAXI
+
+            class << self
+              # Mapping table for format
+              attr :log_item_map
+            end
+
+            # Log send_file name parts
+            attr :file_prefix
+            attr :file_ext
+
+            # Logger for each agent.
+            #    Map of Agent ID => LogBoat
+            attr :loggers
+
+            # Log format
+            attr :format
+
+            # Log items
+            attr :log_items
+
+            # Log write method
+            attr :log_write_method
+
+            def initialize
+              @loggers = {}
+              @format = nil
+              @log_items = []
+              @log_write_method = DEFAULT_LOG_WRITE_METHOD
+            end
+
+            def init(elm, parent)
+              super
+              p = elm.arg.rindex('.')
+              if p == nil
+                @file_prefix = elm.arg
+                @file_ext = ""
+              else
+                @file_prefix = elm.arg[0, p]
+                @file_ext = elm.arg[p+1 .. -1]
+              end
+
+              if @format == nil
+                raise ConfigException.new(elm.file_name, elm.line_no, BayMessage.get(:CFG_INVALID_LOG_FORMAT, ""))
+              end
+
+              if !File.absolute_path?(@file_prefix)
+                @file_prefix = BayServer.get_location @file_prefix
+              end
+
+              @loggers = Array.new(BayServer.harbor.grand_agents)
+
+              log_dir = File.dirname(@file_prefix)
+              if !File.directory?(log_dir)
+                Dir.mkdir(log_dir)
+              end
+
+              # Parse format
+              compile(@format, @log_items, elm.file_name, elm.line_no)
+
+              # Check log write method
+              if @log_write_method == LOG_WRITE_METHOD_SELECT and !SysUtil.support_select_file()
+                BayLog.warn(BayMessage.get(:CFG_LOG_WRITE_METHOD_SELECT_NOT_SUPPORTED))
+                @log_write_method = LOG_WRITE_METHOD_TAXI
+              end
+
+              if @log_write_method == LOG_WRITE_METHOD_SPIN and !SysUtil.support_nonblock_file_write()
+                BayLog.warn(BayMessage.get(:CFG_LOG_WRITE_METHOD_SPIN_NOT_SUPPORTED))
+                @log_write_method = LOG_WRITE_METHOD_TAXI
+              end
+
+              GrandAgent.add_lifecycle_listener(AgentListener.new(self));
+            end
+
+            def init_key_val(kv)
+              case kv.key.downcase
+              when "format"
+                @format = kv.value
+              when "logwritemethod"
+                case kv.value.downcase()
+                when "select"
+                  @log_write_method = LOG_WRITE_METHOD_SELECT
+                when "spin"
+                  @log_write_method = LOG_WRITE_METHOD_SPIN
+                when "taxi"
+                  @log_write_method = LOG_WRITE_METHOD_TAXI
+                else
+                  raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_INVALID_PARAMETER_VALUE, kv.value))
+                end
+              else
+                return false
+              end
+              true
+            end
+
+            def log(tour)
+              sb = StringUtil.alloc(0)
+              @log_items.each do |item|
+                item = item.get_item(tour).to_s
+                if item == nil
+                  sb << "-"
+                else
+                  sb << item
+                end
+              end
+
+              # If threre are message to write, write it
+              if sb.length > 0
+                get_logger(tour.ship.agent).log(sb)
+              end
+            end
+
+            private
+
+            def get_logger(agt)
+              return @loggers[agt.agent_id]
+            end
+
+
+
+            #
+            # Compile format pattern
+            #
+            def compile(str, items, file_name, line_no)
+              # Find control code
+              pos = str.index('%')
+              if pos != nil
+                text = str[0, pos]
+                items.append(LogItems::TextItem.new(text))
+                compile_ctl(str[pos + 1 .. -1], items, file_name, line_no)
+              else
+                items.append(LogItems::TextItem.new(str))
+              end
+            end
+
+            #
+            # Compile format pattern(Control code)
+            #
+            def compile_ctl(str, items, file_name, line_no)
+              param = nil
+
+              # if exists param
+              if str[0] == '{'
+                # find close bracket
+                pos = str.index '}'
+                if pos == nil
+                  raise ConfigException.new(file_name, line_no, BayMessage.get(:CFG_INVALID_LOG_FORMAT, @format))
+                end
+
+                param = str[1, pos-1]
+                str = str[pos + 1 .. -1]
+              end
+
+              ctl_char = ""
+              error = false
+
+              if str.length == 0
+                error = true
+              end
+
+              if !error
+                # get control char
+                ctl_char = str[0, 1]
+                str = str[1 .. -1]
+
+                if ctl_char == ">"
+                  if str.length == 0
+                    error = true
+                  else
+                    ctl_char = str[0, 1]
+                    str = str[1 .. -1]
+                  end
+                end
+              end
+
+              fct = nil
+              if !error
+                fct = BuiltInLogDocker.log_item_map[ctl_char]
+                if fct == nil
+                  error = true
+                end
+              end
+
+              if error
+                ConfigException.new(file_name, line_no,
+                                    BayMessage.get(:CFG_INVALID_LOG_FORMAT,
+                                                   @format + " (unknown control code: '%" + ctl_char + "')"))
+              end
+
+              item = fct.new
+              item.init(param)
+              @log_items.append(item)
+              compile(str, items, file_name, line_no)
+            end
+
+            def self.make_map
+              @log_item_map = {}
+              @log_item_map["a"] = LogItems::RemoteIpItem
+              @log_item_map["A"] = LogItems::ServerIpItem
+              @log_item_map["b"] = LogItems::RequestBytesItem2
+              @log_item_map["B"] = LogItems::RequestBytesItem1
+              @log_item_map["c"] = LogItems::ConnectionStatusItem
+              @log_item_map["e"] = LogItems::NullItem
+              @log_item_map["h"] = LogItems::RemoteHostItem
+              @log_item_map["H"] = LogItems::ProtocolItem
+              @log_item_map["i"] = LogItems::RequestHeaderItem
+              @log_item_map["l"] = LogItems::RemoteLogItem
+              @log_item_map["m"] = LogItems::MethodItem
+              @log_item_map["n"] = LogItems::NullItem
+              @log_item_map["o"] = LogItems::ResponseHeaderItem
+              @log_item_map["p"] = LogItems::PortItem
+              @log_item_map["P"] = LogItems::NullItem
+              @log_item_map["q"] = LogItems::QueryStringItem
+              @log_item_map["r"] = LogItems::StartLineItem
+              @log_item_map["s"] = LogItems::StatusItem
+              @log_item_map[">s"] = LogItems::StatusItem
+              @log_item_map["t"] = LogItems::TimeItem
+              @log_item_map["T"] = LogItems::IntervalItem
+              @log_item_map["u"] = LogItems::RemoteUserItem
+              @log_item_map["U"] = LogItems::RequestUrlItem
+              @log_item_map["v"] = LogItems::ServerNameItem
+              @log_item_map["V"] = LogItems::NullItem
+            end
+
+            make_map()
+
+          end
+      end
+    end
+  end
+end

data/lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb

@@ -0,0 +1,242 @@
+require 'ipaddr'
+
+require 'baykit/bayserver/http_exception'
+require 'baykit/bayserver/bcf/package'
+require 'baykit/bayserver/docker/permission'
+require 'baykit/bayserver/util/groups'
+require 'baykit/bayserver/util/headers'
+require 'baykit/bayserver/util/http_status'
+require 'baykit/bayserver/util/host_matcher'
+require 'baykit/bayserver/util/ip_matcher'
+
+
+module Baykit
+  module BayServer
+    module Docker
+      module BuiltIn
+        class BuiltInPermissionDocker < Baykit::BayServer::Docker::Base::DockerBase
+          include Permission # import
+
+          include Baykit::BayServer
+          include Baykit::BayServer::Bcf
+          include Baykit::BayServer::Util
+
+          class CheckItem
+            attr :matcher
+            attr :admit
+
+            def initialize(matcher, admit)
+              @matcher = matcher
+              @admit = admit
+            end
+
+            def socket_admitted(skt)
+              matcher.match_socket(skt) == @admit
+            end
+
+            def tour_admitted(tur)
+              matcher.match_tour(tur) == @admit
+            end
+          end
+
+          module PermissionMatcher # interface
+
+            def match_socket(skt)
+              raise NotImplementedError()
+            end
+
+            def match_tour(tur)
+              raise NotImplementedError()
+            end
+          end
+
+
+          class HostPermissionMatcher
+            include Baykit::BayServer::Util
+            include PermissionMatcher # implements
+
+            attr :mch
+
+            def initialize(hostPtn)
+              @mch = HostMatcher.new(hostPtn)
+            end
+
+            def match_socket(skt)
+              return @mch.match(skt.remote_address.getnameinfo[0])
+            end
+
+            def match_tour(tur)
+              return @mch.match(tur.req.remote_host())
+            end
+          end
+
+          class IpPermissionMatcher
+            include Baykit::BayServer::Util
+            include PermissionMatcher # implements
+
+            attr :mch
+
+            def initialize(ip_desc)
+              @mch = IpMatcher.new(ip_desc)
+            end
+
+            def match_socket(skt)
+              return @mch.match(@mch.get_ip_addr(skt.remote_address.ip_address))
+            end
+
+            def match_tour(tur)
+               begin
+                return @mch.match(IPAddr.new(tur.req.remote_address))
+              rescue => e
+                BayLog.error_e(e)
+                false
+              end
+            end
+
+          end
+
+          attr :check_list
+          attr :groups
+
+          def initialize
+            @check_list = []
+            @groups = []
+          end
+
+          def init(elm, parent)
+            super
+          end
+
+          def init_key_val(kv)
+            case kv.key.downcase
+            when "admit", "allow"
+              parse_value(kv).each do |permission_matcher|
+                @check_list.append(CheckItem.new(permission_matcher, true))
+              end
+
+            when "refuse", "deny"
+              parse_value(kv).each do |permission_matcher|
+                @check_list.append(CheckItem.new(permission_matcher, false))
+              end
+
+            when "group"
+              kv.value.split(" ").each do |group_name|
+                g = BayServer.harbor.groups.get_group(group_name)
+                if g == nil
+                  raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_GROUP_NOT_FOUND, group_name))
+                end
+                @groups.append(g)
+              end
+
+            else
+              raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_INVALID_PERMISSION_DESCRIPTION, kv.value))
+
+            end
+
+            return true
+          end
+
+          def socket_admitted(skt)
+            # Check remote host
+            isOk = true
+            @check_list.each do |chk|
+              if chk.admit
+                if chk.socket_admitted(skt)
+                  isOk = true
+                  break
+                end
+              else
+                if !chk.socket_admitted(skt)
+                  isOk = false
+                  break
+                end
+              end
+            end
+
+            if !isOk
+              BayLog.error("Permission error: socket not admitted: %s", skt)
+              raise HttpException.new HttpStatus::FORBIDDEN
+            end
+          end
+
+
+          def tour_admitted(tur)
+            # Check remote host
+            is_ok = true
+            @check_list.each do |chk|
+              if chk.admit
+                if chk.tour_admitted(tur)
+                  is_ok = true
+                  break
+                end
+              else
+                if !chk.tour_admitted(tur)
+                  is_ok = false
+                  break
+                end
+              end
+            end
+
+            if !is_ok
+              raise HttpException.new(HttpStatus::FORBIDDEN, tur.req.uri)
+            end
+
+            if @groups.empty?
+              return
+            end
+
+            # Check member
+            is_ok = false
+            if tur.req.remote_user != nil
+              @groups.each do |grp|
+                if grp.validate(tur.req.remote_user, tur.req.remote_pass)
+                  is_ok = true
+                  break
+                end
+              end
+            end
+
+            if !is_ok
+              tur.res.headers.set(Headers::WWW_AUTHENTICATE, "Basic realm=\"Auth\"")
+              raise HttpException.new(HttpStatus::UNAUTHORIZED)
+            end
+          end
+
+
+          private
+          def parse_value(kv)
+            items = kv.value.split(" ")
+            type = nil
+            match_str = []
+            items.length.times do |i|
+              if i == 0
+                type = items[i]
+              else
+                match_str.append(items[i])
+              end
+            end
+
+            if match_str.empty?
+              raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_INVALID_PERMISSION_DESCRIPTION, kv.value))
+            end
+
+            permission_manager_list = []
+            if type.casecmp?("host")
+              match_str.each do |m|
+                permission_manager_list.append(HostPermissionMatcher.new(m))
+              end
+            elsif type.casecmp?("ip")
+              match_str.each do |m|
+                permission_manager_list.append(IpPermissionMatcher.new(m))
+              end
+            else
+              raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_INVALID_PERMISSION_DESCRIPTION, kv.value))
+            end
+            return permission_manager_list
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb

@@ -0,0 +1,157 @@
+require 'openssl'
+
+require 'baykit/bayserver/bcf/package'
+require 'baykit/bayserver/agent/transporter/secure_transporter'
+
+require 'baykit/bayserver/docker/secure'
+require 'baykit/bayserver/util/string_util'
+
+module Baykit
+  module BayServer
+    module Docker
+      module BuiltIn
+        class BuiltInSecureDocker < Baykit::BayServer::Docker::Base::DockerBase
+          include Baykit::BayServer::Docker::Secure  # implements
+
+          include Baykit::BayServer::Bcf
+          include Baykit::BayServer::Agent::Transporter
+          include Baykit::BayServer::Util
+          include OpenSSL
+
+          DEFAULT_CLIENT_AUTH = false
+          DEFAULT_SSL_PROTOCOL = "TLS"
+
+          # SSL setting
+          attr :key_store
+          attr :key_store_pass
+          attr :client_auth
+          attr :ssl_protocol
+          attr :key_file
+          attr :cert_file
+          attr :certs
+          attr :certs_pass
+          attr :trace_ssl
+          attr :sslctx
+          attr :app_protocols
+
+          def initialize
+            @client_auth = DEFAULT_CLIENT_AUTH
+            @ssl_protocol = DEFAULT_SSL_PROTOCOL
+            @app_protocols = []
+          end
+
+          ######################################################
+          # Implements Docker
+          ######################################################
+
+          def init(elm, parent)
+            super
+
+            if (@key_store == nil) && ((@key_file == nil) || (@cert_file == nil))
+              raise ConfigException.new(elm.file_name, elm.line_no, "Key file or cert file is not specified")
+            end
+
+            begin
+              init_ssl()
+            rescue ConfigException => e
+              raise e
+            rescue => e
+              BayLog.error_e(e)
+              raise ConfigException.new(elm.file_name, elm.line_no, BayMessage.get(:CFG_SSL_INIT_ERROR, e.message))
+            end
+          end
+
+          ######################################################
+          # Implements DockerBase
+          ######################################################
+
+          def init_key_val(kv)
+            case kv.key.downcase
+            when "key"
+              @key_file = get_file_path(kv.value)
+            when "cert"
+              @cert_file = get_file_path(kv.value)
+            when "keystore"
+              @key_store = get_file_path(kv.value)
+            when "keystorepass"
+              @key_store_pass = kv.value
+            when "clientauth"
+              @client_auth = StringUtil.parse_bool(kv.value)
+            when "sslprotocol"
+              @ssl_protocol = kv.value
+            when "trustcerts"
+              @certs = get_file_path(kv.value)
+            when "certspass"
+              @certs_pass = kv.value
+            when "tracessl"
+              @trace_ssl = StringUtil.parse_bool(kv.value)
+            else
+              return false
+            end
+            return true
+          end
+
+
+          ######################################################
+          # Implements Secure
+          ######################################################
+
+          def set_app_protocols(protocols)
+            @app_protocols = protocols
+            @sslctx.alpn_select_cb = lambda do |protocols|
+                if protocols.include?("h2")
+                  return "h2"
+                elsif protocols.include?("http/1.1")
+                  return "http/1.1"
+                else
+                  return protocols.first
+                end
+            end
+          end
+
+          def create_transporter(buf_size)
+            SecureTransporter.new(@sslctx, true, buf_size, @trace_ssl)
+          end
+
+          def reload_cert()
+            init_ssl()
+          end
+
+          def init_ssl()
+            BayLog.debug("%s init ssl", self)
+            @sslctx = SSL::SSLContext.new
+
+            if @key_store == nil
+              if @cert_file != nil
+                @sslctx.cert = X509::Certificate.new(File.read(@cert_file))
+              end
+              if @key_file != nil
+                @sslctx.key = PKey::RSA.new(File.read(@key_file))
+              end
+            else
+              p12 = OpenSSL::PKCS12.new(File.read(@key_store), @key_store_pass)
+              @sslctx.cert = p12.certificate
+              @sslctx.key = p12.key
+            end
+          end
+
+
+          private
+
+          def get_file_path(file)
+            if !File.absolute_path?(file)
+              file = BayServer.bserv_home + "/" + file
+            end
+
+            if !File.file?(file)
+              raise RuntimeError.new("File not found: #{file}")
+            end
+
+            file
+          end
+
+        end
+      end
+    end
+  end
+end