falcon 0.35.0 → 0.35.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c3bb4c2f18d6b7005093348a0a91bb477ce212a286fef49179f8b3ad9f429b7
-  data.tar.gz: 7571194deea1618ee129e8e70361758b3af7eb843ef68669a6c1adc839ae756e
+  metadata.gz: 162695de84edbd4350ed3dcddbeaeb96d138cc79ce76fae9bf9423098787eb9d
+  data.tar.gz: ff4105b570dde008f0986b57501b67d1dca71b3d3593e43d94c74f8b0126be7e
 SHA512:
-  metadata.gz: 5b152cd97f1460687e7c6672347c96e66771fd66fabbd65d5220005c50b5f067aec3d05594e07389752d4e1ef7e2526b384a15b6d9b17b3449222e99909b186b
-  data.tar.gz: 6d91a871d7b11010d3b4be9e9119346e401491ce087a8e0ee353b3eb9942e301136f1da02b92b3f575a4cc8d6b8d33b6dccc1fac03d49561ad330a44030990db
+  metadata.gz: cc21bec15739b6dd02525e1abb4d46f07f87101bd3fb0bc591e72869278441d014253e3fc819229e95002b94334407e4b66146304ff4e4b218ee00c6c08edfd4
+  data.tar.gz: c45bbc232136b8077f1bec1bce95801a8870233a8c33e85220d0b030304c09d4c868a0e63858430e75c984892c499959a9de92b55583f9979a6bb84f47459b2a

data/examples/google/falcon.rb

@@ -0,0 +1,13 @@
+#!/usr/bin/env falcon-host
+
+load :proxy, :self_signed_tls, :supervisor
+
+supervisor
+
+proxy "google.localhost", :self_signed_tls do
+	url 'https://www.google.com'
+end
+
+proxy "codeotaku.localhost", :self_signed_tls do
+	url 'https://www.codeotaku.com'
+end

data/lib/falcon/command/host.rb

@@ -20,6 +20,7 @@
 
 require_relative '../controller/host'
 require_relative '../configuration'
+require_relative '../version'
 
 require 'samovar'
 
@@ -54,7 +55,7 @@ module Falcon
 					buffer.puts "Falcon Host v#{VERSION} taking flight!"
 					buffer.puts "- Configuration: #{@paths.join(', ')}"
 					buffer.puts "- To terminate: Ctrl-C or kill #{Process.pid}"
-					buffer.puts "- To reload all sites: kill -HUP #{Process.pid}"
+					buffer.puts "- To reload: kill -HUP #{Process.pid}"
 				end
 				
 				self.controller.run

data/lib/falcon/command/virtual.rb

@@ -29,8 +29,8 @@ module Falcon
 			self.description = "Run one or more virtual hosts with a front-end proxy."
 			
 			options do
-				option '--bind-insecure <address>', "Bind redirection to the given hostname/address", default: "http://[::]:8080"
-				option '--bind-secure <address>', "Bind proxy to the given hostname/address", default: "https://[::]:8443"
+				option '--bind-insecure <address>', "Bind redirection to the given hostname/address", default: "http://[::]:80"
+				option '--bind-secure <address>', "Bind proxy to the given hostname/address", default: "https://[::]:443"
 			end
 			
 			many :paths

data/lib/falcon/configuration/application.rb

@@ -40,7 +40,5 @@ add(:application) do
 		)
 	end
 	
-	service do
-		::Falcon::Service::Application
-	end
+	service ::Falcon::Service::Application
 end

data/lib/falcon/configuration/proxy.rb

@@ -18,8 +18,8 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-load(:application)
-
-add(:proxy, :application) do
+add(:proxy) do
 	endpoint {::Async::HTTP::Endpoint.parse(url)}
+	
+	service ::Falcon::Service::Proxy
 end

data/lib/falcon/configuration/tls.rb

@@ -19,9 +19,12 @@
 # THE SOFTWARE.
 
 require_relative '../extensions/openssl'
+require_relative '../controller/proxy'
+require_relative '../tls'
 
 add(:tls) do
-	ssl_session_id {"falcon"}
+	ssl_session_id "falcon"
+	ssl_ciphers Falcon::TLS::SERVER_CIPHERS
 	
 	ssl_certificate_path {File.expand_path("ssl/certificate.pem", root)}
 	ssl_certificates {OpenSSL::X509.load_certificates(ssl_certificate_path)}
@@ -36,6 +39,7 @@ add(:tls) do
 		OpenSSL::SSL::SSLContext.new.tap do |context|
 			context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
 			
+			context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
 			context.session_id_context = ssl_session_id
 			
 			context.alpn_select_cb = lambda do |protocols|
@@ -50,7 +54,11 @@ add(:tls) do
 				end
 			end
 			
+			# TODO Ruby 2.4 requires using ssl_version.
+			context.ssl_version = :TLSv1_2_server
+			
 			context.set_params(
+				ciphers: ssl_ciphers,
 				verify_mode: OpenSSL::SSL::VERIFY_NONE,
 			)
 			

data/lib/falcon/controller/proxy.rb

@@ -22,11 +22,13 @@ require 'async/container/controller'
 
 require_relative 'serve'
 require_relative '../middleware/proxy'
+require_relative '../service/proxy'
+
+require_relative '../tls'
 
 module Falcon
 	module Controller
 		class Proxy < Serve
-			SERVER_CIPHERS = "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5".freeze
 			DEFAULT_SESSION_ID = "falcon"
 			
 			def initialize(command, session_id: DEFAULT_SESSION_ID, **options)
@@ -66,8 +68,10 @@ module Falcon
 					
 					context.session_id_context = @session_id
 					
+					context.ssl_version = :TLSv1_2_server
+					
 					context.set_params(
-						ciphers: SERVER_CIPHERS,
+						ciphers: TLS::SERVER_CIPHERS,
 						verify_mode: OpenSSL::SSL::VERIFY_NONE,
 					)
 					
@@ -90,7 +94,8 @@ module Falcon
 				@hosts = {}
 				
 				services.each do |service|
-					if service.is_a?(Service::Application)
+					if service.is_a?(Service::Proxy)
+						Async.logger.info(self) {"Proxying #{service.authority} to #{service.endpoint}"}
 						@hosts[service.authority] = service
 					end
 				end

data/lib/falcon/controller/redirect.rb

@@ -22,6 +22,7 @@ require 'async/container/controller'
 
 require_relative 'serve'
 require_relative '../middleware/redirect'
+require_relative '../service/proxy'
 
 module Falcon
 	module Controller
@@ -54,7 +55,7 @@ module Falcon
 				@hosts = {}
 				
 				services.each do |service|
-					if service.is_a?(Service::Application)
+					if service.is_a?(Service::Proxy)
 						@hosts[service.authority] = service
 					end
 				end

data/lib/falcon/service/application.rb

@@ -18,52 +18,24 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-require_relative 'generic'
+require_relative 'proxy'
 
 require 'async/http/endpoint'
 require 'async/io/shared_endpoint'
 
 module Falcon
 	module Service
-		class Application < Generic
+		class Application < Proxy
 			def initialize(environment)
 				super
 				
 				@bound_endpoint = nil
 			end
 			
-			def name
-				"#{self.class} for #{self.authority}"
-			end
-			
-			def authority
-				@evaluator.authority
-			end
-			
-			def endpoint
-				@evaluator.endpoint
-			end
-			
-			def ssl_context
-				@evaluator.ssl_context
-			end
-			
-			def root
-				@evaluator.root
-			end
-			
 			def middleware
 				@evaluator.middleware
 			end
 			
-			def protocol
-				endpoint.protocol
-			end
-			
-			def scheme
-				endpoint.scheme
-			end
-			
 			def preload!
 				if scripts = @evaluator.preload
 					scripts.each do |path|
@@ -74,10 +46,6 @@ module Falcon
 				end
 			end
 			
-			def to_s
-				"#{self.class} #{@evaluator.authority}"
-			end
-			
 			def start
 				Async.logger.info(self) {"Binding to #{self.endpoint}..."}
 				
@@ -86,6 +54,8 @@ module Falcon
 				end.wait
 				
 				preload!
+				
+				super
 			end
 			
 			def setup(container)
@@ -102,11 +72,15 @@ module Falcon
 						task.children.each(&:wait)
 					end
 				end
+				
+				super
 			end
 			
 			def stop
 				@bound_endpoint&.close
 				@bound_endpoint = nil
+				
+				super
 			end
 		end
 	end

data/lib/falcon/service/generic.rb

@@ -45,8 +45,13 @@ module Falcon
 				return Async.logger # .with(name: name)
 			end
 			
-			def to_s
-				self.class.name
+			def start
+			end
+			
+			def setup(container)
+			end
+			
+			def stop
 			end
 		end
 	end

data/lib/falcon/service/proxy.rb

@@ -0,0 +1,58 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'generic'
+
+require 'async/http/endpoint'
+require 'async/io/shared_endpoint'
+
+module Falcon
+	module Service
+		class Proxy < Generic
+			def name
+				"#{self.class} for #{self.authority}"
+			end
+			
+			def authority
+				@evaluator.authority
+			end
+			
+			def endpoint
+				@evaluator.endpoint
+			end
+			
+			def ssl_context
+				@evaluator.ssl_context
+			end
+			
+			def root
+				@evaluator.root
+			end
+			
+			def protocol
+				endpoint.protocol
+			end
+			
+			def scheme
+				endpoint.scheme
+			end
+		end
+	end
+end

data/lib/falcon/service/supervisor.rb

@@ -18,10 +18,12 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-require 'async/io/endpoint'
 require 'process/metrics'
 require 'json'
 
+require 'async/io/endpoint'
+require 'async/io/shared_endpoint'
+
 module Falcon
 	module Service
 		class Supervisor < Generic
@@ -67,6 +69,8 @@ module Falcon
 				@bound_endpoint = Async::Reactor.run do
 					Async::IO::SharedEndpoint.bound(self.endpoint)
 				end.wait
+				
+				super
 			end
 			
 			def setup(container)
@@ -84,11 +88,15 @@ module Falcon
 						instance.ready!
 					end
 				end
+				
+				super
 			end
 			
 			def stop
 				@bound_endpoint&.close
 				@bound_endpoint = nil
+				
+				super
 			end
 		end
 	end

data/lib/falcon/tls.rb

@@ -0,0 +1,44 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'extensions/openssl'
+
+module Falcon
+	module TLS
+		# We follow "Intermediate compatibility"
+		# https://wiki.mozilla.org/Security/Server_Side_TLS
+		SERVER_CIPHERS = [
+			# TLS 1.3:
+			"TLS_AES_128_GCM_SHA256",
+			"TLS_AES_256_GCM_SHA384",
+			"TLS_CHACHA20_POLY1305_SHA256",
+			
+			# TLS 1.2:
+			"ECDHE-ECDSA-AES128-GCM-SHA256",
+			"ECDHE-RSA-AES128-GCM-SHA256",
+			"ECDHE-ECDSA-AES256-GCM-SHA384",
+			"ECDHE-RSA-AES256-GCM-SHA384",
+			"ECDHE-ECDSA-CHACHA20-POLY1305",
+			"ECDHE-RSA-CHACHA20-POLY1305",
+			"DHE-RSA-AES128-GCM-SHA256",
+			"DHE-RSA-AES256-GCM-SHA384"
+		].freeze
+	end
+end

data/lib/falcon/version.rb

@@ -19,5 +19,5 @@
 # THE SOFTWARE.
 
 module Falcon
-	VERSION = "0.35.0"
+	VERSION = "0.35.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: falcon
 version: !ruby/object:Gem::Version
-  version: 0.35.0
+  version: 0.35.1
 platform: ruby
 authors:
 - Samuel Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-30 00:00:00.000000000 Z
+date: 2020-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async
@@ -259,6 +259,7 @@ files:
 - examples/benchmark/config.ru
 - examples/benchmark/falcon.rb
 - examples/csv/config.ru
+- examples/google/falcon.rb
 - examples/hello/config.ru
 - examples/hello/falcon.rb
 - examples/hello/preload.rb
@@ -317,8 +318,10 @@ files:
 - lib/falcon/server.rb
 - lib/falcon/service/application.rb
 - lib/falcon/service/generic.rb
+- lib/falcon/service/proxy.rb
 - lib/falcon/service/supervisor.rb
 - lib/falcon/services.rb
+- lib/falcon/tls.rb
 - lib/falcon/verbose.rb
 - lib/falcon/version.rb
 - lib/rack/handler/falcon.rb