RubyGems - tipi - Versions diffs - 0.42 → 0.47 - Mend

tipi 0.42 → 0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

checksums.yaml +4 -4
data/.github/FUNDING.yml +1 -0
data/.github/workflows/test.yml +1 -3
data/CHANGELOG.md +27 -0
data/Gemfile +3 -1
data/Gemfile.lock +35 -29
data/README.md +184 -8
data/Rakefile +1 -7
data/benchmarks/bm_http1_parser.rb +45 -21
data/bin/benchmark +0 -0
data/bin/h1pd +0 -0
data/bm.png +0 -0
data/df/agent.rb +1 -1
data/df/sample_agent.rb +2 -2
data/df/server.rb +2 -0
data/df/server_utils.rb +12 -15
data/examples/hello.rb +5 -0
data/examples/hello.ru +3 -3
data/examples/http_server.js +1 -1
data/examples/http_server_graceful.rb +1 -1
data/examples/https_server.rb +41 -18
data/examples/rack_server_forked.rb +26 -0
data/examples/rack_server_https_forked.rb +1 -1
data/examples/websocket_demo.rb +1 -1
data/lib/tipi/acme.rb +51 -39
data/lib/tipi/cli.rb +79 -16
data/lib/tipi/config_dsl.rb +13 -13
data/lib/tipi/configuration.rb +2 -2
data/lib/tipi/controller/bare_polyphony.rb +0 -0
data/lib/tipi/controller/bare_stock.rb +10 -0
data/lib/tipi/controller/extensions.rb +37 -0
data/lib/tipi/controller/stock_http1_adapter.rb +15 -0
data/lib/tipi/controller/web_polyphony.rb +353 -0
data/lib/tipi/controller/web_stock.rb +635 -0
data/lib/tipi/controller.rb +12 -0
data/lib/tipi/digital_fabric/agent.rb +3 -3
data/lib/tipi/digital_fabric/agent_proxy.rb +11 -5
data/lib/tipi/digital_fabric/executive.rb +1 -1
data/lib/tipi/digital_fabric/protocol.rb +1 -1
data/lib/tipi/digital_fabric/service.rb +12 -8
data/lib/tipi/handler.rb +2 -2
data/lib/tipi/http1_adapter.rb +36 -30
data/lib/tipi/http2_adapter.rb +10 -10
data/lib/tipi/http2_stream.rb +14 -15
data/lib/tipi/rack_adapter.rb +2 -2
data/lib/tipi/response_extensions.rb +1 -1
data/lib/tipi/supervisor.rb +75 -0
data/lib/tipi/version.rb +1 -1
data/lib/tipi/websocket.rb +3 -3
data/lib/tipi.rb +4 -83
data/test/coverage.rb +2 -2
data/test/helper.rb +0 -1
data/test/test_http_server.rb +14 -14
data/test/test_request.rb +1 -1
data/tipi.gemspec +6 -7
metadata +58 -53
data/ext/tipi/extconf.rb +0 -13
data/ext/tipi/http1_parser.c +0 -823
data/ext/tipi/http1_parser.h +0 -18
data/ext/tipi/tipi_ext.c +0 -5
data/security/http1.rb +0 -12
data/test/test_http1_parser.rb +0 -586

data/lib/tipi/controller/web_polyphony.rb ADDED Viewed

@@ -0,0 +1,353 @@
+# frozen_string_literal: true
+require 'tipi'
+require 'localhost/authority'
+require_relative './extensions'
+module Tipi
+  class Controller
+    def initialize(opts)
+      @opts = opts
+      @path = File.expand_path(@opts['path'])
+      @service = prepare_service
+    end
+    WORKER_COUNT_RANGE = (1..32).freeze
+    def run
+      worker_count = (@opts['workers'] || 1).to_i.clamp(WORKER_COUNT_RANGE)
+      return run_worker if worker_count == 1
+      supervise_workers(worker_count)
+    end
+  private
+    def supervise_workers(worker_count)
+      supervisor = spin do
+        worker_count.times do
+          spin do
+            pid = Polyphony.fork { run_worker }
+            puts "Forked worker pid: #{pid}"
+            Polyphony.backend_waitpid(pid)
+            puts "Done worker pid: #{pid}"
+          end
+        end
+        supervise(restart: :always)
+      rescue Polyphony::Terminate
+        # TODO: find out how Terminate can leak like that (it's supposed to be
+        # caught in Fiber#run)
+      end
+      trap('SIGTERM') { supervisor.terminate(true) }
+      trap('SIGINT') do
+        trap('SIGINT') { exit! }
+        supervisor.terminate(true)
+      end
+      supervisor.await
+    rescue Polyphony::Terminate
+      # TODO: find out how Terminate can leak etc.
+    end
+    def run_worker
+      server = start_server(@service)
+      trap('SIGTERM') { server&.terminate(true) }
+      trap('SIGINT') do
+        trap('SIGINT') { exit! }
+        server&.terminate(true)
+      end
+      raise 'Server not started' unless server
+      server.await
+    rescue Polyphony::Terminate
+      # TODO: find out why this exception leaks from the server fiber
+      # ignore
+    end
+    def prepare_service
+      if File.file?(@path)
+        File.extname(@path) == '.ru' ? rack_service : tipi_service
+      elsif File.directory?(@path)
+        static_service
+      else
+        raise "Invalid path specified #{@path}"
+      end
+    end
+    def start_app
+      if File.extname(@path) == '.ru'
+        start_rack_app
+      else
+        require(@path)
+      end
+    end
+    def rack_service
+      puts "Loading Rack app from #{@path}"
+      app = Tipi::RackAdapter.load(@path)
+      web_service(app)
+    end
+    def tipi_service
+      puts "Loading Tipi app from #{@path}"
+      require(@path)
+      app = Tipi.app
+      web_service(app)
+      # proc { spin { Object.run } }
+    end
+    def static_service
+      puts "Serving static files from #{@path}"
+      app = proc do |req|
+        full_path = find_path(@path, req.path)
+        if full_path
+          req.serve_file(full_path)
+        else
+          req.respond(nil, ':status' => Qeweney::Status::NOT_FOUND)
+        end
+      end
+      web_service(app)
+    end
+    def web_service(app)
+      app = add_connection_headers(app)
+      prepare_listener(@opts['listen'], app)
+    end
+    def prepare_listener(spec, app)
+      case spec.shift
+      when 'http'
+        case spec.size
+        when 2
+          host, port = spec
+          port ||= 80
+        when 1
+          host = '0.0.0.0'
+          port = spec.first || 80
+        else
+          raise "Invalid listener spec"
+        end
+        prepare_http_listener(port, app)
+      when 'https'
+        case spec.size
+        when 2
+          host, port = spec
+          port ||= 80
+        when 1
+          host = 'localhost'
+          port = spec.first || 80
+        else
+          raise "Invalid listener spec"
+        end
+        port ||= 443
+        prepare_https_listener(host, port, app)
+      when 'full'
+        host, http_port, https_port = spec
+        http_port ||= 80
+        https_port ||= 443
+        prepare_full_service_listeners(host, http_port, https_port, app)
+      end
+    end
+    def prepare_http_listener(port, app)
+      puts "Listening for HTTP on localhost:#{port}"
+      proc do
+        spin_accept_loop('HTTP', port) do |socket|
+          Tipi.client_loop(socket, @opts, &app)
+        end
+      end
+    end
+    LOCALHOST_REGEXP = /^(.+\.)?localhost$/.freeze
+    def prepare_https_listener(host, port, app)
+      localhost = host =~ LOCALHOST_REGEXP
+      return prepare_localhost_https_listener(port, app) if localhost
+      raise "No certificate found for #{host}"
+      # TODO: implement loading certificate
+    end
+    def prepare_localhost_https_listener(port, app)
+      puts "Listening for HTTPS on localhost:#{port}"
+      authority = Localhost::Authority.fetch
+      ctx = authority.server_context
+      ctx.ciphers = 'ECDH+aRSA'
+      Polyphony::Net.setup_alpn(ctx, Tipi::ALPN_PROTOCOLS)
+      proc do
+        https_listener = spin_accept_loop('HTTPS', port) do |socket|
+          start_https_connection_fiber(socket, ctx, nil, app)
+        rescue Exception => e
+          puts "Exception in https_listener block: #{e.inspect}\n#{e.backtrace.inspect}"
+        end
+      end
+    end
+    def prepare_full_service_listeners(host, http_port, https_port, app)
+      puts "Listening for HTTP on localhost:#{http_port}"
+      puts "Listening for HTTPS on localhost:#{https_port}"
+      redirect_app = http_redirect_app(https_port)
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ciphers = 'ECDH+aRSA'
+      Polyphony::Net.setup_alpn(ctx, Tipi::ALPN_PROTOCOLS)
+      certificate_store = create_certificate_store
+      proc do
+        challenge_handler = Tipi::ACME::HTTPChallengeHandler.new
+        certificate_manager = Tipi::ACME::CertificateManager.new(
+          master_ctx: ctx,
+          store: certificate_store,
+          challenge_handler: challenge_handler,
+          valid_hosts: app.respond_to?(:valid_hosts) ? app.valid_hosts : nil
+        )
+        http_app = certificate_manager.challenge_routing_app(redirect_app)
+        http_listener = spin_accept_loop('HTTP', http_port) do |socket|
+          Tipi.client_loop(socket, @opts, &http_app)
+        end
+        ssl_accept_thread_pool = Polyphony::ThreadPool.new(4)
+        https_listener = spin_accept_loop('HTTPS', https_port) do |socket|
+          start_https_connection_fiber(socket, ctx, ssl_accept_thread_pool, app)
+        rescue Exception => e
+          puts "Exception in https_listener block: #{e.inspect}\n#{e.backtrace.inspect}"
+        end
+      end
+    end
+    def http_redirect_app(https_port)
+      case https_port
+      when 443, 10443
+        ->(req) { req.redirect("https://#{req.host}#{req.path}") }
+      else
+        ->(req) { req.redirect("https://#{req.host}:#{https_port}#{req.path}") }
+      end
+    end
+    INVALID_PATH_REGEXP = /\/?(\.\.|\.)\//
+    def find_path(base, path)
+      return nil if path =~ INVALID_PATH_REGEXP
+      full_path = File.join(base, path)
+      return full_path if File.file?(full_path)
+      return find_path(full_path, 'index') if File.directory?(full_path)
+      qualified = "#{full_path}.html"
+      return qualified if File.file?(qualified)
+      nil
+    end
+    SOCKET_OPTS = {
+      reuse_addr:   true,
+      reuse_port:   true,
+      dont_linger:  true,
+    }.freeze
+    def spin_accept_loop(name, port, &block)
+      spin do
+        server = Polyphony::Net.tcp_listen('0.0.0.0', port, SOCKET_OPTS)
+        loop do
+          socket = server.accept
+          spin_connection_handler(name, socket, block)
+        rescue Polyphony::BaseException => e
+          raise
+        rescue Exception => e
+          puts "#{name} listener uncaught exception: #{e.inspect}"
+        end
+      ensure
+        finalize_listener(server) if server
+      end
+    end
+    def spin_connection_handler(name, socket, block)
+      spin do
+        block.(socket)
+      rescue Polyphony::BaseException
+        raise
+      rescue Exception => e
+        puts "Uncaught error in #{name} handler: #{e.inspect}"
+        p e.backtrace
+      end
+    end
+    def finalize_listener(server)
+      fiber  = Fiber.current
+      server.close
+      gracefully_terminate_conections(fiber) if fiber.graceful_shutdown?
+    rescue Polyphony::BaseException
+      raise
+    rescue Exception => e
+      trace "Exception in finalize_listener: #{e.inspect}"
+    end
+    def gracefully_terminate_conections(fiber)
+      supervisor = spin { supervise }.detach
+      fiber.attach_all_children_to(supervisor)
+      # terminating the supervisor will
+      supervisor.terminate(true)
+    end
+    def add_connection_headers(app)
+      app
+      # proc do |req|
+      #   conn = req.adapter.conn
+      #   # req.headers[':peer'] = conn.peeraddr(false)[2]
+      #   req.headers[':scheme'] ||= conn.is_a?(OpenSSL::SSL::SSLSocket) ? 'https' : 'http'
+      #   app.(req)
+      # end
+    end
+    def ssl_accept(client)
+      client.accept
+      true
+    rescue Polyphony::BaseException
+      raise
+    rescue Exception => e
+      p e
+      e
+    end
+    def start_https_connection_fiber(socket, ctx, thread_pool, app)
+      client = OpenSSL::SSL::SSLSocket.new(socket, ctx)
+      client.sync_close = true
+      result = thread_pool ?
+        thread_pool.process { ssl_accept(client) } : ssl_accept(client)
+      if result.is_a?(Exception)
+        puts "Exception in SSL handshake: #{result.inspect}"
+        return
+      end
+      Tipi.client_loop(client, @opts, &app)
+    rescue => e
+      puts "Uncaught error in HTTPS connection fiber: #{e.inspect} bt: #{e.backtrace.inspect}"
+    ensure
+      (client ? client.close : socket.close) rescue nil
+    end
+    CERTIFICATE_STORE_DEFAULT_DIR = File.expand_path('~/.tipi').freeze
+    CERTIFICATE_STORE_DEFAULT_DB_PATH = File.join(
+      CERTIFICATE_STORE_DEFAULT_DIR, 'certificates.db').freeze
+    def create_certificate_store
+      FileUtils.mkdir(CERTIFICATE_STORE_DEFAULT_DIR) rescue nil
+      Tipi::ACME::SQLiteCertificateStore.new(CERTIFICATE_STORE_DEFAULT_DB_PATH)
+    end
+    def start_server(service)
+      spin do
+        service.call
+        supervise(restart: :always)
+      end
+    end
+  end
+end