falcon 0.36.4

data/lib/falcon/controller/serve.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+# Copyright, 2019, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative '../server'
+
+require 'async/container/controller'
+require 'async/io/trap'
+
+require 'async/io/shared_endpoint'
+
+module Falcon
+	module Controller
+		class Serve < Async::Container::Controller
+			def initialize(command, **options)
+				@command = command
+				
+				@endpoint = nil
+				@bound_endpoint = nil
+				@debug_trap = Async::IO::Trap.new(:USR1)
+				
+				super(**options)
+			end
+			
+			def create_container
+				@command.container_class.new
+			end
+			
+			def endpoint
+				@command.endpoint
+			end
+			
+			def load_app
+				@command.load_app
+			end
+			
+			def start
+				@endpoint ||= self.endpoint
+				
+				@bound_endpoint = Async::Reactor.run do
+					Async::IO::SharedEndpoint.bound(@endpoint)
+				end.wait
+				
+				@debug_trap.ignore!
+				
+				super
+			end
+			
+			def name
+				"Falcon Server"
+			end
+			
+			def setup(container)
+				container.run(name: self.name, restart: true, **@command.container_options) do |instance|
+					Async do |task|
+						# Load one app instance per container:
+						app = self.load_app
+						
+						task.async do
+							if @debug_trap.install!
+								Async.logger.info(instance) do
+									"- Per-process status: kill -USR1 #{Process.pid}"
+								end
+							end
+							
+							@debug_trap.trap do
+								Async.logger.info(self) do |buffer|
+									task.reactor.print_hierarchy(buffer)
+								end
+							end
+						end
+						
+						server = Falcon::Server.new(app, @bound_endpoint, @endpoint.protocol, @endpoint.scheme)
+						
+						server.run
+						
+						instance.ready!
+						
+						task.children.each(&:wait)
+					end
+				end
+			end
+			
+			def stop(*)
+				@bound_endpoint&.close
+				
+				@debug_trap.default!
+				
+				super
+			end
+		end
+	end
+end

data/lib/falcon/controller/virtual.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'async/container/controller'
+
+module Falcon
+	module Controller
+		class Virtual < Async::Container::Controller
+			def initialize(command, **options)
+				@command = command
+				
+				super(**options)
+				
+				trap(SIGHUP, &self.method(:reload))
+			end
+			
+			def assume_privileges(path)
+				stat = File.stat(path)
+				
+				Process::GID.change_privilege(stat.gid)
+				Process::UID.change_privilege(stat.uid)
+				
+				home = Etc.getpwuid(stat.uid).dir
+				
+				return {
+					'HOME' => home,
+				}
+			end
+			
+			def spawn(path, container, **options)
+				container.spawn(name: "Falcon Application", restart: true, key: path) do |instance|
+					env = assume_privileges(path)
+					
+					instance.exec(env,
+						"bundle", "exec", "--keep-file-descriptors",
+						path, ready: false, **options)
+				end
+			end
+			
+			def falcon_path
+				File.expand_path("../../../bin/falcon", __dir__)
+			end
+			
+			def setup(container)
+				if proxy = container[:proxy]
+					proxy.kill(:HUP)
+				end
+				
+				if redirect = container[:redirect]
+					redirect.kill(:HUP)
+				end
+				
+				container.reload do
+					@command.resolved_paths do |path|
+						path = File.expand_path(path)
+						root = File.dirname(path)
+						
+						spawn(path, container, chdir: root)
+					end
+					
+					container.spawn(name: "Falcon Redirector", restart: true, key: :redirect) do |instance|
+						instance.exec(falcon_path, "redirect",
+							"--bind", @command.bind_insecure,
+							"--timeout", @command.timeout.to_s,
+							"--redirect", @command.bind_secure,
+							*@command.paths, ready: false
+						)
+					end
+					
+					container.spawn(name: "Falcon Proxy", restart: true, key: :proxy) do |instance|
+						instance.exec(falcon_path, "proxy",
+							"--bind", @command.bind_secure,
+							"--timeout", @command.timeout.to_s,
+							*@command.paths, ready: false
+						)
+					end
+				end
+			end
+		end
+	end
+end

data/lib/falcon/endpoint.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'async/http/endpoint'
+require 'localhost/authority'
+
+module Falcon
+	class Endpoint < Async::HTTP::Endpoint
+		def ssl_context
+			@options[:ssl_context] || build_ssl_context
+		end
+		
+		def build_ssl_context(hostname = self.hostname)
+			authority = Localhost::Authority.fetch(hostname)
+			
+			authority.server_context.tap do |context|
+				context.alpn_select_cb = lambda do |protocols|
+					if protocols.include? "h2"
+						return "h2"
+					elsif protocols.include? "http/1.1"
+						return "http/1.1"
+					elsif protocols.include? "http/1.0"
+						return "http/1.0"
+					else
+						return nil
+					end
+				end
+				
+				context.session_id_context = "falcon"
+			end
+		end
+	end
+end

data/lib/falcon/extensions/openssl.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'openssl/x509'
+
+module OpenSSL::X509
+	CERTIFICATE_PATTERN = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
+	
+	def self.load_certificates(path)
+		File.read(path).scan(CERTIFICATE_PATTERN).collect do |text|
+			Certificate.new(text)
+		end
+	end
+end

data/lib/falcon/middleware/proxy.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'async/http/client'
+require 'protocol/http/headers'
+require 'protocol/http/middleware'
+
+module Falcon
+	module Middleware
+		module BadRequest
+			def self.call(request)
+				return Protocol::HTTP::Response[400, {}, []]
+			end
+			
+			def self.close
+			end
+		end
+		
+		class Proxy < Protocol::HTTP::Middleware
+			FORWARDED = 'forwarded'.freeze
+			X_FORWARDED_FOR = 'x-forwarded-for'.freeze
+			X_FORWARDED_PROTO = 'x-forwarded-proto'.freeze
+			
+			VIA = 'via'.freeze
+			CONNECTION = 'connection'.freeze
+			
+			HOP_HEADERS = [
+				'connection',
+				'keep-alive',
+				'public',
+				'proxy-authenticate',
+				'transfer-encoding',
+				'upgrade',
+			]
+			
+			def initialize(app, hosts)
+				super(app)
+				
+				@server_context = nil
+				
+				@hosts = hosts
+				@clients = {}
+				
+				@count = 0
+			end
+			
+			attr :count
+			
+			def close
+				@clients.each_value(&:close)
+				
+				super
+			end
+			
+			def connect(endpoint)
+				@clients[endpoint] ||= Async::HTTP::Client.new(endpoint)
+			end
+			
+			def lookup(request)
+				# Trailing dot and port is ignored/normalized.
+				if authority = request.authority&.sub(/(\.)?(:\d+)?$/, '')
+					return @hosts[authority]
+				end
+			end
+			
+			def prepare_headers(headers)
+				if connection = headers[CONNECTION]
+					headers.extract(connection)
+				end
+				
+				headers.extract(HOP_HEADERS)
+			end
+			
+			def prepare_request(request, host)
+				forwarded = []
+				
+				Async.logger.debug(self) do |buffer|
+					buffer.puts "Request authority: #{request.authority}"
+					buffer.puts "Host authority: #{host.authority}"
+					buffer.puts "Request: #{request.method} #{request.path} #{request.version}"
+					buffer.puts "Request headers: #{request.headers.inspect}"
+				end
+				
+				# The authority of the request must match the authority of the endpoint we are proxying to, otherwise SNI and other things won't work correctly.
+				request.authority = host.authority
+				
+				if address = request.remote_address
+					request.headers.add(X_FORWARDED_FOR, address.ip_address)
+					forwarded << "for=#{address.ip_address}"
+				end
+				
+				if scheme = request.scheme
+					request.headers.add(X_FORWARDED_PROTO, scheme)
+					forwarded << "proto=#{scheme}"
+				end
+				
+				unless forwarded.empty?
+					request.headers.add(FORWARDED, forwarded.join(';'))
+				end
+				
+				request.headers.add(VIA, "#{request.version} #{self.class}")
+				
+				self.prepare_headers(request.headers)
+				
+				return request
+			end
+			
+			def call(request)
+				if host = lookup(request)
+					@count += 1
+					
+					request = self.prepare_request(request, host)
+					
+					client = connect(host.endpoint)
+					
+					client.call(request)
+				else
+					super
+				end
+			rescue
+				Async.logger.error(self) {$!}
+				return Protocol::HTTP::Response[502, {'content-type' => 'text/plain'}, ["#{$!.inspect}: #{$!.backtrace.join("\n")}"]]
+			end
+		end
+	end
+end

data/lib/falcon/middleware/redirect.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'async/http/client'
+
+module Falcon
+	module Middleware
+		module NotFound
+			def self.call(request)
+				return Protocol::HTTP::Response[404, {}, []]
+			end
+			
+			def self.close
+			end
+		end
+		
+		class Redirect < Protocol::HTTP::Middleware
+			def initialize(app, hosts, endpoint)
+				super(app)
+				
+				@hosts = hosts
+				@endpoint = endpoint
+			end
+			
+			def lookup(request)
+				# Trailing dot and port is ignored/normalized.
+				if authority = request.authority&.sub(/(\.)?(:\d+)?$/, '')
+					return @hosts[authority]
+				end
+			end
+			
+			def call(request)
+				if host = lookup(request)
+					if @endpoint.default_port?
+						location = "#{@endpoint.scheme}://#{host.authority}#{request.path}"
+					else
+						location = "#{@endpoint.scheme}://#{host.authority}:#{@endpoint.port}#{request.path}"
+					end
+					
+					return Protocol::HTTP::Response[301, [['location', location]], []]
+				else
+					super
+				end
+			end
+		end
+	end
+end