RubyGems - itsi-server - Versions diffs - 0.1.1 → 0.1.18 - Mend

itsi-server 0.1.1 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of itsi-server might be problematic. Click here for more details.

Files changed (184) hide show

data/ext/itsi_server/src/server/middleware_stack/mod.rs ADDED Viewed

@@ -0,0 +1,347 @@
+mod middleware;
+mod middlewares;
+use http::header::{ACCEPT, CONTENT_TYPE, HOST};
+use itsi_rb_helpers::HeapVal;
+use magnus::{error::Result, value::ReprValue, RArray, RHash, Ruby, TryConvert, Value};
+pub use middleware::Middleware;
+pub use middlewares::*;
+use regex::{Regex, RegexSet};
+use std::{collections::HashMap, sync::Arc};
+use tracing::debug;
+use super::http_message_types::HttpRequest;
+#[derive(Debug)]
+pub struct MiddlewareSet {
+    pub route_set: RegexSet,
+    pub patterns: Vec<Arc<Regex>>,
+    pub stacks: HashMap<usize, MiddlewareStack>,
+}
+#[derive(Debug)]
+pub struct MiddlewareStack {
+    layers: Vec<Middleware>,
+    methods: Option<Vec<StringMatch>>,
+    protocols: Option<Vec<StringMatch>>,
+    hosts: Option<Vec<StringMatch>>,
+    extensions: Option<Vec<StringMatch>>,
+    ports: Option<Vec<StringMatch>>,
+    content_types: Option<Vec<StringMatch>>,
+    accepts: Option<Vec<StringMatch>>,
+}
+#[derive(Debug)]
+enum StringMatch {
+    Exact(String),
+    Wildcard(Regex),
+}
+impl StringMatch {
+    fn from_value(value: Value) -> Result<Self> {
+        let ruby = Ruby::get().unwrap();
+        if value.is_kind_of(ruby.class_regexp()) {
+            let src_str = value.funcall::<_, _, String>("source", ())?;
+            let regex = Regex::new(&src_str).map_err(|e| {
+                magnus::Error::new(
+                    magnus::exception::standard_error(),
+                    format!("Invalid regexp: {}", e),
+                )
+            })?;
+            Ok(StringMatch::Wildcard(regex))
+        } else {
+            Ok(StringMatch::Exact(value.to_string()))
+        }
+    }
+    fn matches(&self, value: &str) -> bool {
+        match self {
+            StringMatch::Exact(s) => s.eq_ignore_ascii_case(value),
+            StringMatch::Wildcard(re) => re.is_match(value),
+        }
+    }
+}
+impl MiddlewareStack {
+    pub fn matches(&self, request: &HttpRequest) -> bool {
+        if let Some(methods) = &self.methods {
+            let method = request.method().as_str();
+            if !methods.iter().any(|m| m.matches(method)) {
+                return false;
+            }
+        }
+        if let (Some(protocols), Some(protocol)) = (&self.protocols, request.uri().scheme()) {
+            if !protocols.iter().any(|p| p.matches(protocol.as_str())) {
+                return false;
+            }
+        }
+        if let (Some(hosts), Some(host)) = (&self.hosts, request.headers().get(HOST)) {
+            if let Ok(host) = host.to_str() {
+                if !hosts.iter().any(|d| d.matches(host)) {
+                    return false;
+                }
+            }
+        }
+        if let (Some(ports), Some(port)) = (&self.ports, request.uri().port()) {
+            if !ports.iter().any(|d| d.matches(port.as_str())) {
+                return false;
+            }
+        }
+        if let Some(extensions) = &self.extensions {
+            let path = request.uri().path();
+            let segment = path.split('/').next_back().unwrap_or("");
+            let extension = segment.split('.').next_back().unwrap_or("");
+            let extension = if segment != extension { extension } else { "" };
+            if !extensions.iter().any(|e| e.matches(extension)) {
+                return false;
+            }
+        }
+        if let Some(content_types) = &self.content_types {
+            if let Some(content_type) = request.headers().get(CONTENT_TYPE) {
+                if !content_types
+                    .iter()
+                    .any(|ct| ct.matches(content_type.to_str().unwrap_or("")))
+                {
+                    return false;
+                }
+            }
+        }
+        if let Some(accepts) = &self.accepts {
+            if let Some(accept) = request.headers().get(ACCEPT) {
+                if !accepts
+                    .iter()
+                    .any(|a| a.matches(accept.to_str().unwrap_or("")))
+                {
+                    return false;
+                }
+            }
+        }
+        true
+    }
+}
+impl MiddlewareSet {
+    pub fn new(routes_raw: Option<HeapVal>) -> Result<Self> {
+        if let Some(routes_raw) = routes_raw {
+            let mut stacks = HashMap::new();
+            let mut routes = vec![];
+            for (index, route) in RArray::from_value(*routes_raw)
+                .ok_or(magnus::Error::new(
+                    magnus::exception::standard_error(),
+                    format!("Routes must be an array. Got {:?}", routes_raw),
+                ))?
+                .into_iter()
+                .enumerate()
+            {
+                let route_hash: RHash = RHash::try_convert(route)?;
+                let route_raw = route_hash
+                    .get("route")
+                    .ok_or(magnus::Error::new(
+                        magnus::exception::standard_error(),
+                        "Route is missing :route key",
+                    ))?
+                    .funcall::<_, _, String>("source", ())?;
+                let middleware =
+                    RArray::from_value(route_hash.get("middleware").ok_or(magnus::Error::new(
+                        magnus::exception::standard_error(),
+                        "Route is missing middleware key",
+                    ))?)
+                    .ok_or(magnus::Error::new(
+                        magnus::exception::standard_error(),
+                        format!("middleware must be an array. Got {:?}", routes_raw),
+                    ))?;
+                let mut layers = middleware
+                    .into_iter()
+                    .map(MiddlewareSet::parse_middleware)
+                    .collect::<Result<Vec<_>>>()?;
+                routes.push(route_raw);
+                layers.sort();
+                stacks.insert(
+                    index,
+                    MiddlewareStack {
+                        layers,
+                        methods: extract_optional_match_array(route_hash, "methods")?,
+                        protocols: extract_optional_match_array(route_hash, "protocols")?,
+                        hosts: extract_optional_match_array(route_hash, "hosts")?,
+                        extensions: extract_optional_match_array(route_hash, "extensions")?,
+                        ports: extract_optional_match_array(route_hash, "ports")?,
+                        content_types: extract_optional_match_array(route_hash, "content_types")?,
+                        accepts: extract_optional_match_array(route_hash, "accepts")?,
+                    },
+                );
+            }
+            Ok(Self {
+                route_set: RegexSet::new(&routes).map_err(|e| {
+                    magnus::Error::new(
+                        magnus::exception::standard_error(),
+                        format!("Failed to create route set: {}", e),
+                    )
+                })?,
+                patterns: routes
+                    .into_iter()
+                    .map(|r| Regex::new(&r))
+                    .collect::<std::result::Result<Vec<Regex>, regex::Error>>()
+                    .map_err(|e| {
+                        magnus::Error::new(
+                            magnus::exception::standard_error(),
+                            format!("Failed to create route set: {}", e),
+                        )
+                    })?
+                    .into_iter()
+                    .map(Arc::new)
+                    .collect(),
+                stacks,
+            })
+        } else {
+            Err(magnus::Error::new(
+                magnus::exception::standard_error(),
+                "Failed to create middleware stack",
+            ))
+        }
+    }
+    pub fn stack_for(
+        &self,
+        request: &HttpRequest,
+    ) -> Result<(&Vec<Middleware>, Option<Arc<Regex>>)> {
+        let binding = self.route_set.matches(request.uri().path());
+        let matches = binding.iter();
+        debug!(
+            "Matching request URI {:?} against self.route_set: {:?}",
+            request.uri().path(),
+            self.route_set
+        );
+        for index in matches {
+            let matching_pattern = self.patterns.get(index).cloned();
+            if let Some(stack) = self.stacks.get(&index) {
+                if stack.matches(request) {
+                    return Ok((&stack.layers, matching_pattern));
+                }
+            }
+        }
+        debug!(
+            "Failed to match request URI {:?} to self.route_set: {:?}",
+            request.uri().path(),
+            self.route_set
+        );
+        Err(magnus::Error::new(
+            magnus::exception::standard_error(),
+            format!(
+                "No matching middleware stack found for request: {:?}",
+                request
+            ),
+        ))
+    }
+    pub fn parse_middleware(middleware: Value) -> Result<Middleware> {
+        let middleware_hash = RHash::from_value(middleware).ok_or(magnus::Error::new(
+            magnus::exception::standard_error(),
+            format!("Filter must be a hash. Got {:?}", middleware),
+        ))?;
+        let middleware_type: String = middleware_hash
+            .get("type")
+            .ok_or(magnus::Error::new(
+                magnus::exception::standard_error(),
+                format!("Filter must have a :type key. Got {:?}", middleware_hash),
+            ))?
+            .to_string();
+        let mw_type = middleware_type.clone();
+        let parameters: Value = middleware_hash.get("parameters").ok_or(magnus::Error::new(
+            magnus::exception::standard_error(),
+            format!(
+                "Filter must have a :parameters key. Got {:?}",
+                middleware_hash
+            ),
+        ))?;
+        let result = (move || -> Result<Middleware> {
+            match mw_type.as_str() {
+                "allow_list" => Ok(Middleware::AllowList(AllowList::from_value(parameters)?)),
+                "auth_basic" => Ok(Middleware::AuthBasic(AuthBasic::from_value(parameters)?)),
+                "auth_jwt" => Ok(Middleware::AuthJwt(Box::new(AuthJwt::from_value(
+                    parameters,
+                )?))),
+                "auth_api_key" => Ok(Middleware::AuthAPIKey(AuthAPIKey::from_value(parameters)?)),
+                "cache_control" => Ok(Middleware::CacheControl(CacheControl::from_value(
+                    parameters,
+                )?)),
+                "deny_list" => Ok(Middleware::DenyList(DenyList::from_value(parameters)?)),
+                "etag" => Ok(Middleware::ETag(ETag::from_value(parameters)?)),
+                "intrusion_protection" => Ok({
+                    Middleware::IntrusionProtection(IntrusionProtection::from_value(parameters)?)
+                }),
+                "max_body" => Ok(Middleware::MaxBody(MaxBody::from_value(parameters)?)),
+                "rate_limit" => Ok(Middleware::RateLimit(RateLimit::from_value(parameters)?)),
+                "cors" => Ok(Middleware::Cors(Box::new(Cors::from_value(parameters)?))),
+                "request_headers" => Ok(Middleware::RequestHeaders(RequestHeaders::from_value(
+                    parameters,
+                )?)),
+                "response_headers" => Ok(Middleware::ResponseHeaders(ResponseHeaders::from_value(
+                    parameters,
+                )?)),
+                "static_assets" => Ok(Middleware::StaticAssets(StaticAssets::from_value(
+                    parameters,
+                )?)),
+                "static_response" => Ok(Middleware::StaticResponse(StaticResponse::from_value(
+                    parameters,
+                )?)),
+                "compression" => Ok(Middleware::Compression(Compression::from_value(
+                    parameters,
+                )?)),
+                "log_requests" => Ok(Middleware::LogRequests(LogRequests::from_value(
+                    parameters,
+                )?)),
+                "redirect" => Ok(Middleware::Redirect(Redirect::from_value(parameters)?)),
+                "app" => Ok(Middleware::RubyApp(RubyApp::from_value(parameters.into())?)),
+                "proxy" => Ok(Middleware::Proxy(Proxy::from_value(parameters)?)),
+                _ => Err(magnus::Error::new(
+                    magnus::exception::standard_error(),
+                    format!("Unknown filter type: {}", mw_type),
+                )),
+            }
+        })();
+        match result {
+            Ok(result) => Ok(result),
+            Err(err) => Err(magnus::Error::new(
+                magnus::exception::standard_error(),
+                format!(
+                    "Failed to instantiate middleware of type {}, due to {}",
+                    middleware_type, err
+                ),
+            )),
+        }
+    }
+    pub async fn initialize_layers(&self) -> Result<()> {
+        for stack in self.stacks.values() {
+            for middleware in &stack.layers {
+                middleware.initialize().await?;
+            }
+        }
+        Ok(())
+    }
+}
+fn extract_optional_match_array(route_hash: RHash, arg: &str) -> Result<Option<Vec<StringMatch>>> {
+    let rarray = route_hash.aref::<_, Option<RArray>>(arg)?;
+    if let Some(array) = rarray {
+        Ok(Some(
+            array
+                .into_iter()
+                .map(StringMatch::from_value)
+                .collect::<Result<Vec<StringMatch>>>()?,
+        ))
+    } else {
+        Ok(None)
+    }
+}

data/ext/itsi_server/src/server/mod.rs CHANGED Viewed

@@ -1,5 +1,12 @@
-pub mod bind;
-pub mod itsi_server;
-pub mod listener;
-pub mod tls;
-pub mod transfer_protocol;
+pub mod binds;
+pub mod byte_frame;
+pub mod http_message_types;
+pub mod io_stream;
+pub mod lifecycle_event;
+pub mod middleware_stack;
+pub mod process_worker;
+pub mod request_job;
+pub mod serve_strategy;
+pub mod signal;
+pub mod size_limited_incoming;
+pub mod thread_worker;

data/ext/itsi_server/src/server/process_worker.rs ADDED Viewed

@@ -0,0 +1,247 @@
+use super::serve_strategy::{cluster_mode::ClusterMode, single_mode::SingleMode};
+use core_affinity::CoreId;
+use itsi_error::{ItsiError, Result};
+use itsi_rb_helpers::{call_with_gvl, call_without_gvl, create_ruby_thread, fork};
+use itsi_tracing::error;
+use nix::{
+    errno::Errno,
+    sys::{
+        signal::{
+            kill,
+            Signal::{SIGKILL, SIGTERM, SIGUSR2},
+        },
+        wait::{waitpid, WaitPidFlag, WaitStatus},
+    },
+    unistd::{setpgid, Pid},
+};
+use parking_lot::Mutex;
+use std::{
+    process::{self, exit},
+    sync::{Arc, LazyLock},
+    time::{Duration, Instant},
+};
+use sysinfo::System;
+use tokio::{sync::watch, time::sleep};
+use tracing::{info, instrument, warn};
+#[derive(Clone, Debug)]
+pub struct ProcessWorker {
+    pub worker_id: usize,
+    pub child_pid: Arc<Mutex<Option<Pid>>>,
+    pub started_at: Instant,
+}
+impl Default for ProcessWorker {
+    fn default() -> Self {
+        Self {
+            worker_id: 0,
+            child_pid: Arc::new(Mutex::new(None)),
+            started_at: Instant::now(),
+        }
+    }
+}
+static CORE_IDS: LazyLock<Vec<CoreId>> = LazyLock::new(|| core_affinity::get_core_ids().unwrap());
+impl ProcessWorker {
+    #[instrument(skip(self, cluster_template), fields(self.worker_id = %self.worker_id))]
+    pub(crate) fn boot(&self, cluster_template: Arc<ClusterMode>) -> Result<()> {
+        let child_pid = *self.child_pid.lock();
+        if let Some(pid) = child_pid {
+            if self.is_alive() {
+                if let Err(e) = kill(pid, SIGTERM) {
+                    info!("Failed to send SIGTERM to process {}: {}", pid, e);
+                }
+            }
+            *self.child_pid.lock() = None;
+        }
+        match call_with_gvl(|_ruby| {
+            fork(
+                cluster_template
+                    .server_config
+                    .server_params
+                    .read()
+                    .hooks
+                    .get("after_fork")
+                    .cloned(),
+            )
+        }) {
+            Some(pid) => {
+                *self.child_pid.lock() = Some(Pid::from_raw(pid));
+            }
+            None => {
+                if let Err(e) = setpgid(
+                    Pid::from_raw(process::id() as i32),
+                    Pid::from_raw(process::id() as i32),
+                ) {
+                    error!("Failed to set process group ID: {}", e);
+                }
+                match SingleMode::new(cluster_template.server_config.clone()) {
+                    Ok(single_mode) => {
+                        if cluster_template
+                            .server_config
+                            .server_params
+                            .read()
+                            .pin_worker_cores
+                        {
+                            core_affinity::set_for_current(
+                                CORE_IDS[self.worker_id % CORE_IDS.len()],
+                            );
+                        }
+                        Arc::new(single_mode).run().ok();
+                    }
+                    Err(e) => {
+                        error!("Failed to boot into worker mode: {}", e);
+                    }
+                }
+                exit(0)
+            }
+        }
+        Ok(())
+    }
+    pub fn pid(&self) -> i32 {
+        if let Some(pid) = *self.child_pid.lock() {
+            return pid.as_raw();
+        }
+        0
+    }
+    pub(crate) fn memory_usage(&self) -> Option<u64> {
+        if let Some(pid) = *self.child_pid.lock() {
+            let s = System::new_all();
+            if let Some(process) = s.process(sysinfo::Pid::from(pid.as_raw() as usize)) {
+                return Some(process.memory());
+            }
+        }
+        None
+    }
+    pub(crate) async fn reboot(&self, cluster_template: Arc<ClusterMode>) -> Result<bool> {
+        self.graceful_shutdown(cluster_template.clone()).await;
+        let self_clone = self.clone();
+        let (booted_sender, mut booted_receiver) = watch::channel(false);
+        create_ruby_thread(move || {
+            call_without_gvl(move || {
+                if self_clone.boot(cluster_template).is_ok() {
+                    booted_sender.send(true).ok()
+                } else {
+                    booted_sender.send(false).ok()
+                };
+            })
+        });
+        booted_receiver
+            .changed()
+            .await
+            .map_err(|_| ItsiError::InternalServerError("Failed to boot worker".to_owned()))?;
+        let guard = booted_receiver.borrow();
+        let result = guard.to_owned();
+        // Not very robust, we should check to see if the worker is actually listening before considering this successful.
+        sleep(Duration::from_secs(1)).await;
+        Ok(result)
+    }
+    pub(crate) async fn graceful_shutdown(&self, cluster_template: Arc<ClusterMode>) {
+        let self_clone = self.clone();
+        self_clone.request_shutdown();
+        let force_kill_time = Instant::now()
+            + Duration::from_secs_f64(
+                cluster_template
+                    .server_config
+                    .server_params
+                    .read()
+                    .shutdown_timeout,
+            );
+        while self_clone.is_alive() && force_kill_time > Instant::now() {
+            tokio::time::sleep(Duration::from_millis(100)).await;
+        }
+        if self_clone.is_alive() {
+            self_clone.force_kill();
+        }
+    }
+    pub(crate) fn boot_if_dead(&self, cluster_template: Arc<ClusterMode>) -> bool {
+        if !self.is_alive() {
+            if self.just_started() {
+                error!(
+                    "Worker in crash loop {:?}. Refusing to restart",
+                    self.child_pid.lock()
+                );
+                return false;
+            } else {
+                let self_clone = self.clone();
+                create_ruby_thread(move || {
+                    call_without_gvl(move || {
+                        self_clone.boot(cluster_template).ok();
+                    })
+                });
+            }
+        }
+        true
+    }
+    pub(crate) fn request_shutdown(&self) {
+        let child_pid = *self.child_pid.lock();
+        if let Some(pid) = child_pid {
+            if self.is_alive() {
+                if let Err(e) = kill(pid, SIGTERM) {
+                    error!("Failed to send SIGTERM to process {}: {}", pid, e);
+                }
+            } else {
+                error!("Trying to shutdown a dead process");
+            }
+        }
+    }
+    pub(crate) fn force_kill(&self) {
+        let child_pid = *self.child_pid.lock();
+        if let Some(pid) = child_pid {
+            if self.is_alive() {
+                info!("Worker still alive, sending SIGKILL {}", pid);
+                if let Err(e) = kill(pid, SIGKILL) {
+                    error!("Failed to force kill process {}: {}", pid, e);
+                }
+            }
+        }
+    }
+    pub fn print_info(&self) -> Result<()> {
+        let child_pid = *self.child_pid.lock();
+        if let Some(pid) = child_pid {
+            println!("Worker {:?}, PID: {:?}", self.worker_id, pid);
+            if let Err(e) = kill(pid, SIGUSR2) {
+                error!("Failed to send SIGUSR2 to process {}: {}", pid, e);
+            }
+        }
+        Ok(())
+    }
+    pub(crate) fn just_started(&self) -> bool {
+        let now = Instant::now();
+        now.duration_since(self.started_at).as_millis() < 2000
+    }
+    pub(crate) fn is_alive(&self) -> bool {
+        let child_pid = *self.child_pid.lock();
+        if let Some(pid) = child_pid {
+            match waitpid(pid, Some(WaitPidFlag::WNOHANG)) {
+                Ok(WaitStatus::Exited(_, _)) | Ok(WaitStatus::Signaled(_, _, _)) => {
+                    return false;
+                }
+                Ok(WaitStatus::StillAlive) | Ok(_) => {}
+                Err(_) => return false,
+            }
+            match kill(pid, None) {
+                Ok(_) => true,
+                Err(errno) => !matches!(errno, Errno::ESRCH),
+            }
+        } else {
+            false
+        }
+    }
+}

data/ext/itsi_server/src/server/request_job.rs ADDED Viewed

@@ -0,0 +1,11 @@
+use crate::ruby_types::{itsi_grpc_call::ItsiGrpcCall, itsi_http_request::ItsiHttpRequest};
+use itsi_rb_helpers::HeapValue;
+use magnus::block::Proc;
+use std::sync::Arc;
+#[derive(Debug)]
+pub enum RequestJob {
+    ProcessHttpRequest(ItsiHttpRequest, Arc<HeapValue<Proc>>),
+    ProcessGrpcRequest(ItsiGrpcCall, Arc<HeapValue<Proc>>),
+    Shutdown,
+}