http-2 0.12.0 → 1.0.0

data/lib/http/2/connection.rb

@@ -17,7 +17,7 @@ module HTTP2
     settings_max_concurrent_streams: Framer::MAX_STREAM_ID, # unlimited
     settings_initial_window_size: 65_535,
     settings_max_frame_size: 16_384,
-    settings_max_header_list_size: (2**31) - 1 # unlimited
+    settings_max_header_list_size: (2 << 30) - 1 # unlimited
   }.freeze
 
   DEFAULT_CONNECTION_SETTINGS = {
@@ -26,7 +26,7 @@ module HTTP2
     settings_max_concurrent_streams: 100,
     settings_initial_window_size: 65_535,
     settings_max_frame_size: 16_384,
-    settings_max_header_list_size: (2**31) - 1 # unlimited
+    settings_max_header_list_size: (2 << 30) - 1 # unlimited
   }.freeze
 
   # Default stream priority (lower values are higher priority).
@@ -35,8 +35,10 @@ module HTTP2
   # Default connection "fast-fail" preamble string as defined by the spec.
   CONNECTION_PREFACE_MAGIC = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
 
-  # Time to hold recently closed streams until purge (seconds)
-  RECENTLY_CLOSED_STREAMS_TTL = 15
+  REQUEST_MANDATORY_HEADERS = %w[:scheme :method :authority :path].freeze
+  RESPONSE_MANDATORY_HEADERS = %w[:status].freeze
+
+  EMPTY = [].freeze
 
   # Connection encapsulates all of the connection, stream, flow-control,
   # error management, and other processing logic required for a well-behaved
@@ -51,6 +53,8 @@ module HTTP2
     include Emitter
     include Error
 
+    using StringExtensions
+
     # Connection state (:new, :closed).
     attr_reader :state
 
@@ -69,36 +73,38 @@ module HTTP2
 
     # Number of active streams between client and server (reserved streams
     # are not counted towards the stream limit).
-    attr_reader :active_stream_count
+    attr_accessor :active_stream_count
 
     # Initializes new connection object.
     #
-    def initialize(**settings)
+    def initialize(settings = {})
       @local_settings  = DEFAULT_CONNECTION_SETTINGS.merge(settings)
       @remote_settings = SPEC_DEFAULT_CONNECTION_SETTINGS.dup
 
-      @compressor   = Header::Compressor.new(**settings)
-      @decompressor = Header::Decompressor.new(**settings)
+      @compressor   = Header::Compressor.new(settings)
+      @decompressor = Header::Decompressor.new(settings)
 
       @active_stream_count = 0
+      @last_activated_stream = 0
+      @last_stream_id = 0
       @streams = {}
       @streams_recently_closed = {}
       @pending_settings = []
 
-      @framer = Framer.new
+      @framer = Framer.new(@local_settings[:settings_max_frame_size])
 
       @local_window_limit = @local_settings[:settings_initial_window_size]
       @local_window = @local_window_limit
       @remote_window_limit = @remote_settings[:settings_initial_window_size]
       @remote_window = @remote_window_limit
 
-      @recv_buffer = Buffer.new
-      @send_buffer = []
+      @recv_buffer = "".b
       @continuation = []
       @error = nil
 
       @h2c_upgrade = nil
       @closed_since = nil
+      @received_frame = false
     end
 
     def closed?
@@ -114,7 +120,11 @@ module HTTP2
       raise ConnectionClosed if @state == :closed
       raise StreamLimitExceeded if @active_stream_count >= @remote_settings[:settings_max_concurrent_streams]
 
+      connection_error(:protocol_error, msg: "id is smaller than previous") if @stream_id < @last_activated_stream
+
       stream = activate_stream(id: @stream_id, **args)
+      @last_activated_stream = stream.id
+
       @stream_id += 2
 
       stream
@@ -149,7 +159,7 @@ module HTTP2
       send(type: :goaway, last_stream: last_stream,
            error: error, payload: payload)
       @state = :closed
-      @closed_since = Time.now
+      @closed_since = Process.clock_gettime(Process::CLOCK_MONOTONIC)
     end
 
     # Sends a WINDOW_UPDATE frame to the peer.
@@ -166,7 +176,7 @@ module HTTP2
     # @param settings [Array or Hash]
     def settings(payload)
       payload = payload.to_a
-      connection_error if validate_settings(@local_role, payload)
+      validate_settings(@local_role, payload)
       @pending_settings << payload
       send(type: :settings, stream: 0, payload: payload)
       @pending_settings << payload
@@ -192,7 +202,6 @@ module HTTP2
           raise HandshakeError unless CONNECTION_PREFACE_MAGIC.start_with? @recv_buffer
 
           return # maybe next time
-
         elsif @recv_buffer.read(24) == CONNECTION_PREFACE_MAGIC
           # MAGIC is OK.  Send our settings
           @state = :waiting_connection_preface
@@ -204,6 +213,22 @@ module HTTP2
       end
 
       while (frame = @framer.parse(@recv_buffer))
+        if is_a?(Client) && !@received_frame
+          connection_error(:protocol_error, msg: "didn't receive settings") if frame[:type] != :settings
+          @received_frame = true
+        end
+
+        # Implementations MUST discard frames
+        # that have unknown or unsupported types.
+        if frame[:type].nil?
+          # However, extension frames that appear in
+          # the middle of a header block (Section 4.3) are not permitted; these
+          # MUST be treated as a connection error (Section 5.4.1) of type
+          # PROTOCOL_ERROR.
+          connection_error(:protocol_error) unless @continuation.empty?
+          next
+        end
+
         emit(:frame_received, frame)
 
         # Header blocks MUST be transmitted as a contiguous sequence of frames
@@ -212,7 +237,18 @@ module HTTP2
           connection_error unless frame[:type] == :continuation && frame[:stream] == @continuation.first[:stream]
 
           @continuation << frame
-          return unless frame[:flags].include? :end_headers
+          unless frame[:flags].include? :end_headers
+            buffered_payload = @continuation.sum { |f| f[:payload].bytesize }
+            # prevent HTTP/2 CONTINUATION FLOOD
+            # same heuristic as the one from HAProxy: https://www.haproxy.com/blog/haproxy-is-resilient-to-the-http-2-continuation-flood
+            # different mitigation (connection closed, instead of 400 response)
+            unless buffered_payload < @local_settings[:settings_max_frame_size]
+              connection_error(:protocol_error,
+                               msg: "too many continuations received")
+            end
+
+            next
+          end
 
           payload = @continuation.map { |f| f[:payload] }.join
 
@@ -220,7 +256,7 @@ module HTTP2
           @continuation.clear
 
           frame.delete(:length)
-          frame[:payload] = Buffer.new(payload)
+          frame[:payload] = payload
           frame[:flags] << :end_headers
         end
 
@@ -230,6 +266,7 @@ module HTTP2
         # anything other than 0x0, the endpoint MUST respond with a connection
         # error (Section 5.4.1) of type PROTOCOL_ERROR.
         if connection_frame?(frame)
+          connection_error(:protocol_error) unless frame[:stream].zero?
           connection_management(frame)
         else
           case frame[:type]
@@ -242,7 +279,7 @@ module HTTP2
             # frames MUST have the END_HEADERS flag set.
             unless frame[:flags].include? :end_headers
               @continuation << frame
-              return
+              next
             end
 
             # After sending a GOAWAY frame, the sender can discard frames
@@ -255,12 +292,15 @@ module HTTP2
 
             stream = @streams[frame[:stream]]
             if stream.nil?
+              verify_pseudo_headers(frame)
+
               stream = activate_stream(
                 id: frame[:stream],
                 weight: frame[:weight] || DEFAULT_WEIGHT,
                 dependency: frame[:dependency] || 0,
                 exclusive: frame[:exclusive] || false
               )
+              verify_stream_order(stream.id)
               emit(:stream, stream)
             end
 
@@ -296,7 +336,7 @@ module HTTP2
               return
             end
 
-            connection_error(msg: 'missing parent ID') if parent.nil?
+            connection_error(msg: "missing parent ID") if parent.nil?
 
             unless parent.state == :open || parent.state == :half_closed_local
               # An endpoint might receive a PUSH_PROMISE frame after it sends
@@ -313,7 +353,9 @@ module HTTP2
               end
             end
 
+            _verify_pseudo_headers(frame, REQUEST_MANDATORY_HEADERS)
             stream = activate_stream(id: pid, parent: parent)
+            verify_stream_order(stream.id)
             emit(:promise, stream)
             stream << frame
           else
@@ -346,11 +388,13 @@ module HTTP2
               # "closed" stream. A receiver MUST NOT treat this as an error
               # (see Section 5.1).
               when :window_update
-                process_window_update(frame)
+                stream = @streams_recently_closed[frame[:stream]]
+                connection_error(:protocol_error, msg: "sent window update on idle stream") unless stream
+                process_window_update(frame: frame, encode: true)
               else
                 # An endpoint that receives an unexpected stream identifier
                 # MUST respond with a connection error of type PROTOCOL_ERROR.
-                connection_error
+                connection_error(msg: "stream does not exist")
               end
             end
           end
@@ -362,8 +406,8 @@ module HTTP2
       connection_error(e: e)
     end
 
-    def <<(*args)
-      receive(*args)
+    def <<(data)
+      receive(data)
     end
 
     private
@@ -382,6 +426,7 @@ module HTTP2
       elsif frame[:type] == :rst_stream && frame[:error] == :protocol_error
         # An endpoint can end a connection at any time. In particular, an
         # endpoint MAY choose to treat a stream error as a connection error.
+
         goaway(frame[:error])
       else
         # HEADERS and PUSH_PROMISE may generate CONTINUATION. Also send
@@ -436,39 +481,55 @@ module HTTP2
         when :settings
           connection_settings(frame)
         when :window_update
-          @remote_window += frame[:increment]
-          send_data(nil, true)
+          process_window_update(frame: frame, encode: true)
         when :ping
-          if frame[:flags].include? :ack
-            emit(:ack, frame[:payload])
-          else
-            send(type: :ping, stream: 0,
-                 flags: [:ack], payload: frame[:payload])
-          end
+          ping_management(frame)
         when :goaway
           # Receivers of a GOAWAY frame MUST NOT open additional streams on
           # the connection, although a new connection can be established
           # for new streams.
           @state = :closed
-          @closed_since = Time.now
+          @closed_since = Process.clock_gettime(Process::CLOCK_MONOTONIC)
           emit(:goaway, frame[:last_stream], frame[:error], frame[:payload])
         when :altsvc
           # 4.  The ALTSVC HTTP/2 Frame
           # An ALTSVC frame on stream 0 with empty (length 0) "Origin"
           # information is invalid and MUST be ignored.
           emit(frame[:type], frame) if frame[:origin] && !frame[:origin].empty?
+        when :origin
+          return if @h2c_upgrade || !frame[:flags].empty?
+
+          frame[:payload].each do |origin|
+            emit(frame[:type], origin)
+          end
         when :blocked
           emit(frame[:type], frame)
         else
           connection_error
         end
       when :closed
-        connection_error if (Time.now - @closed_since) > 15
+        case frame[:type]
+        when :goaway
+          connection_error
+        when :ping
+          ping_management(frame)
+        else
+          connection_error if (Process.clock_gettime(Process::CLOCK_MONOTONIC) - @closed_since) > 15
+        end
       else
         connection_error
       end
     end
 
+    def ping_management(frame)
+      if frame[:flags].include? :ack
+        emit(:ack, frame[:payload])
+      else
+        send(type: :ping, stream: 0,
+             flags: [:ack], payload: frame[:payload])
+      end
+    end
+
     # Validate settings parameters.  See sepc Section 6.5.2.
     #
     # @param role [Symbol] The sender's role: :client or :server
@@ -476,8 +537,6 @@ module HTTP2
     def validate_settings(role, settings)
       settings.each do |key, v|
         case key
-        when :settings_header_table_size
-          # Any value is valid
         when :settings_enable_push
           case role
           when :server
@@ -485,32 +544,41 @@ module HTTP2
             # Clients MUST reject any attempt to change the
             # SETTINGS_ENABLE_PUSH setting to a value other than 0 by treating the
             # message as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
-            return ProtocolError.new("invalid #{key} value") unless v.zero?
+            next if v.zero?
+
+            connection_error(:protocol_error, msg: "invalid #{key} value")
           when :client
             # Any value other than 0 or 1 MUST be treated as a
             # connection error (Section 5.4.1) of type PROTOCOL_ERROR.
-            return ProtocolError.new("invalid #{key} value") unless v.zero? || v == 1
+            next if v.zero? || v == 1
+
+            connection_error(:protocol_error, msg: "invalid #{key} value")
           end
-        when :settings_max_concurrent_streams
-          # Any value is valid
         when :settings_initial_window_size
           # Values above the maximum flow control window size of 2^31-1 MUST
           # be treated as a connection error (Section 5.4.1) of type
           # FLOW_CONTROL_ERROR.
-          return FlowControlError.new("invalid #{key} value") unless v <= 0x7fffffff
+          next if v <= 0x7fffffff
+
+          connection_error(:flow_control_error, msg: "invalid #{key} value")
         when :settings_max_frame_size
           # The initial value is 2^14 (16,384) octets.  The value advertised
           # by an endpoint MUST be between this initial value and the maximum
           # allowed frame size (2^24-1 or 16,777,215 octets), inclusive.
           # Values outside this range MUST be treated as a connection error
           # (Section 5.4.1) of type PROTOCOL_ERROR.
-          return ProtocolError.new("invalid #{key} value") unless v >= 16_384 && v <= 16_777_215
-        when :settings_max_header_list_size
+          next if v >= 16_384 && v <= 16_777_215
+
+          connection_error(:protocol_error, msg: "invalid #{key} value")
+          # when :settings_max_concurrent_streams
+          # Any value is valid
+          # when :settings_header_table_size
+          # Any value is valid
+          # when :settings_max_header_list_size
           # Any value is valid
           # else # ignore unknown settings
         end
       end
-      nil
     end
 
     # Update connection settings based on parameters set by the peer.
@@ -527,7 +595,7 @@ module HTTP2
                          # Process pending settings we have sent.
                          [@pending_settings.shift, :local]
                        else
-                         connection_error if validate_settings(@remote_role, frame[:payload])
+                         validate_settings(@remote_role, frame[:payload])
                          [frame[:payload], :remote]
                        end
 
@@ -559,7 +627,10 @@ module HTTP2
 
             @local_window_limit = v
           when :remote
-            @remote_window = @remote_window - @remote_window_limit + v
+            # can adjust the initial window size for new streams by including a
+            # value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame.
+            # The connection flow-control window can only be changed using
+            # WINDOW_UPDATE frames.
             @streams.each_value do |stream|
               # Event name is :window, not :remote_window
               stream.emit(:window, stream.remote_window - @remote_window_limit + v)
@@ -581,8 +652,7 @@ module HTTP2
           # nothing to do
 
         when :settings_max_frame_size
-          # update framer max_frame_size
-          @framer.max_frame_size = v
+          @framer.remote_max_frame_size = v
 
           # else # ignore unknown settings
         end
@@ -596,6 +666,9 @@ module HTTP2
         unless @state == :closed || @h2c_upgrade == :start
           # Send ack to peer
           send(type: :settings, stream: 0, payload: [], flags: [:ack])
+          # when initial window size changes, we try to flush any buffered
+          # data.
+          @streams.each_value(&:flush)
         end
       end
     end
@@ -609,7 +682,7 @@ module HTTP2
     #
     # @param frame [Hash]
     def decode_headers(frame)
-      frame[:payload] = @decompressor.decode(frame[:payload]) if frame[:payload].is_a? Buffer
+      frame[:payload] = @decompressor.decode(frame[:payload], frame) if frame[:payload].is_a?(String)
     rescue CompressionError => e
       connection_error(:compression_error, e: e)
     rescue ProtocolError => e
@@ -624,29 +697,36 @@ module HTTP2
     # @return [Array of Frame]
     def encode_headers(frame)
       payload = frame[:payload]
-      payload = @compressor.encode(payload) unless payload.is_a? Buffer
+      begin
+        payload = frame[:payload] = @compressor.encode(payload) unless payload.is_a?(String)
+      rescue StandardError => e
+        connection_error(:compression_error, e: e)
+      end
+
+      # if single frame, return immediately
+      return [frame] if payload.bytesize <= @remote_settings[:settings_max_frame_size]
 
       frames = []
 
-      while payload.bytesize.positive?
+      until payload.nil? || payload.empty?
         cont = frame.dup
-        cont[:type] = :continuation
-        cont[:flags] = []
-        cont[:payload] = payload.slice!(0, @remote_settings[:settings_max_frame_size])
+
+        # first frame remains HEADERS
+        unless frames.empty?
+          cont[:type] = :continuation
+          cont[:flags] = EMPTY
+        end
+
+        cont[:payload] = payload.byteslice(0, @remote_settings[:settings_max_frame_size])
+        payload = payload.byteslice(@remote_settings[:settings_max_frame_size]..-1)
+
         frames << cont
       end
-      if frames.empty?
-        frames = [frame]
-      else
-        frames.first[:type]  = frame[:type]
-        frames.first[:flags] = frame[:flags] - [:end_headers]
-        frames.last[:flags] << :end_headers
-      end
+
+      frames.first[:flags].delete(:end_headers)
+      frames.last[:flags] = [:end_headers]
 
       frames
-    rescue StandardError => e
-      connection_error(:compression_error, e: e)
-      nil
     end
 
     # Activates new incoming or outgoing stream and registers appropriate
@@ -656,24 +736,26 @@ module HTTP2
     # @param priority [Integer]
     # @param window [Integer]
     # @param parent [Stream]
-    def activate_stream(id: nil, **args)
-      connection_error(msg: 'Stream ID already exists') if @streams.key?(id)
+    def activate_stream(id:, **args)
+      connection_error(msg: "Stream ID already exists") if @streams.key?(id)
+
+      raise StreamLimitExceeded if @active_stream_count >= @local_settings[:settings_max_concurrent_streams]
 
       stream = Stream.new(connection: self, id: id, **args)
 
-      # Streams that are in the "open" state, or either of the "half closed"
-      # states count toward the maximum number of streams that an endpoint is
-      # permitted to open.
-      stream.once(:active) { @active_stream_count += 1 }
       stream.once(:close) do
-        @active_stream_count -= 1
-
         # Store a reference to the closed stream, such that we can respond
         # to any in-flight frames while close is registered on both sides.
         # References to such streams will be purged whenever another stream
-        # is closed, with a defined RTT time window.
-        @streams_recently_closed[id] = Time.now.to_i
-        cleanup_recently_closed
+        # is closed, with a minimum of 15s RTT time window.
+        now = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+
+        # TODO: use a drop_while! variant whenever there is one.
+        @streams_recently_closed = @streams_recently_closed.drop_while do |_, v|
+          (now - v) > 15
+        end.to_h
+
+        @streams_recently_closed[id] = Process.clock_gettime(Process::CLOCK_MONOTONIC)
       end
 
       stream.on(:promise, &method(:promise)) if is_a? Server
@@ -682,21 +764,26 @@ module HTTP2
       @streams[id] = stream
     end
 
-    # Purge recently streams closed within defined RTT time window.
-    def cleanup_recently_closed
-      now_ts = Time.now.to_i
-      to_delete = []
-      @streams_recently_closed.each do |stream_id, ts|
-        # Ruby Hash enumeration is ordered, so once fresh stream is met we can stop searching.
-        break if now_ts - ts < RECENTLY_CLOSED_STREAMS_TTL
+    def verify_stream_order(id)
+      return unless id.odd?
 
-        to_delete << stream_id
-      end
+      connection_error(msg: "Stream ID smaller than previous") if @last_stream_id > id
+      @last_stream_id = id
+    end
 
-      to_delete.each do |stream_id|
-        @streams.delete stream_id
-        @streams_recently_closed.delete stream_id
-      end
+    def _verify_pseudo_headers(frame, mandatory_headers)
+      headers = frame[:payload]
+      return if headers.is_a?(String)
+
+      pseudo_headers = headers.take_while do |field, value|
+        # use this loop to validate pseudo-headers
+        connection_error(:protocol_error, msg: "path is empty") if field == ":path" && value.empty?
+        field.start_with?(":")
+      end.map(&:first)
+      return if mandatory_headers.size == pseudo_headers.size &&
+                (mandatory_headers - pseudo_headers).empty?
+
+      connection_error(:protocol_error, msg: "invalid pseudo-headers")
     end
 
     # Emit GOAWAY error indicating to peer that the connection is being
@@ -715,10 +802,9 @@ module HTTP2
 
       @state = :closed
       @error = error
-      klass = error.to_s.split('_').map(&:capitalize).join
-      msg ||= e&.message
-      backtrace = e&.backtrace || []
-      raise Error.const_get(klass), msg, backtrace
+      msg ||= e ? e.message : "protocol error"
+      backtrace = e ? e.backtrace : nil
+      raise Error.types[error], msg, backtrace
     end
     alias error connection_error
 

data/lib/http/2/emitter.rb

@@ -9,19 +9,18 @@ module HTTP2
     #
     # @param event [Symbol]
     # @param block [Proc] callback function
-    def add_listener(event, &block)
-      raise ArgumentError, 'must provide callback' unless block_given?
+    def on(event, &block)
+      raise ArgumentError, "must provide callback" unless block
 
       listeners(event.to_sym).push block
     end
-    alias on add_listener
 
     # Subscribe to next event (at most once) for specified type.
     #
     # @param event [Symbol]
     # @param block [Proc] callback function
     def once(event, &block)
-      add_listener(event) do |*args, &callback|
+      on(event) do |*args, &callback|
         block.call(*args, &callback)
         :delete
       end
@@ -34,7 +33,7 @@ module HTTP2
     # @param block [Proc] callback function
     def emit(event, *args, &block)
       listeners(event).delete_if do |cb|
-        cb.call(*args, &block) == :delete
+        :delete == cb.call(*args, &block) # rubocop:disable Style/YodaCondition
       end
     end
 

data/lib/http/2/error.rb

@@ -3,7 +3,24 @@
 module HTTP2
   # Stream, connection, and compressor exceptions.
   module Error
-    class Error < StandardError; end
+    @types = {}
+
+    class << self
+      attr_reader :types
+    end
+
+    class Error < StandardError
+      def self.inherited(klass)
+        super
+
+        type = klass.name or return
+
+        type = type.split("::").last or return
+
+        type = type.gsub(/([^\^])([A-Z])/, '\1_\2').downcase.to_sym
+        HTTP2::Error.types[type] = klass
+      end
+    end
 
     # Raised if connection header is missing or invalid indicating that
     # this is an invalid HTTP 2.0 request - no frames are emitted and the
@@ -42,5 +59,9 @@ module HTTP2
 
     # Raised if stream limit has been reached and new stream cannot be opened.
     class StreamLimitExceeded < Error; end
+
+    class FrameSizeError < Error; end
+
+    @types.freeze
   end
 end

data/lib/http/2/extensions.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module HTTP2
+  module StringExtensions
+    refine String do
+      def read(n)
+        return "".b if n == 0
+
+        chunk = byteslice(0..n - 1)
+        remaining = byteslice(n..-1)
+        remaining ? replace(remaining) : clear
+        chunk
+      end
+
+      def read_uint32
+        read(4).unpack1("N")
+      end
+
+      def shift_byte
+        read(1).ord
+      end
+    end
+  end
+
+  # this mixin handles backwards-compatibility for the new packing options
+  # shipping with ruby 3.3 (see https://docs.ruby-lang.org/en/3.3/packed_data_rdoc.html)
+  module PackingExtensions
+    if RUBY_VERSION < "3.3.0"
+      def pack(array_to_pack, template, buffer:, offset: -1)
+        packed_str = array_to_pack.pack(template)
+        case offset
+        when -1
+          buffer << packed_str
+        when 0
+          buffer.prepend(packed_str)
+        else
+          buffer.insert(offset, packed_str)
+        end
+      end
+    else
+      def pack(array_to_pack, template, buffer:, offset: -1)
+        case offset
+        when -1
+          array_to_pack.pack(template, buffer: buffer)
+        when 0
+          buffer.prepend(array_to_pack.pack(template))
+        else
+          buffer.insert(offset, array_to_pack.pack(template))
+        end
+      end
+    end
+  end
+end