// Accepts a http connection & request pair. It hijacks the connection, sends headers and calls
// proceed if succesfull.
func (s *xhrMultipartSocket) accept(w http.ResponseWriter, req *http.Request, proceed func()) (err os.Error) {
if s.connected {
return ErrConnected
}
rwc, _, err := w.Hijack()
if err == nil {
rwc.(*net.TCPConn).SetReadTimeout(s.t.rtimeout)
rwc.(*net.TCPConn).SetWriteTimeout(s.t.wtimeout)
buf := new(bytes.Buffer)
buf.WriteString("HTTP/1.0 200 OK\r\n")
buf.WriteString("Content-Type: multipart/x-mixed-replace; boundary=\"socketio\"\r\n")
buf.WriteString("Connection: keep-alive\r\n")
if origin, ok := req.Header["Origin"]; ok {
fmt.Fprintf(buf,
"Access-Control-Allow-Origin: %s\r\nAccess-Control-Allow-Credentials: true\r\n",
origin)
}
buf.WriteString("\r\n--socketio\r\n")
if _, err = buf.WriteTo(rwc); err != nil {
rwc.Close()
return
}
s.rwc = rwc
s.connected = true
proceed()
}
return
}
// Accepts a http connection & request pair. It hijacks the connection, sends headers and calls
// proceed if succesfull.
func (s *htmlfileSocket) accept(w http.ResponseWriter, req *http.Request, proceed func()) (err os.Error) {
if s.connected {
return ErrConnected
}
rwc, _, err := w.Hijack()
if err == nil {
rwc.(*net.TCPConn).SetReadTimeout(s.t.rtimeout)
rwc.(*net.TCPConn).SetWriteTimeout(s.t.wtimeout)
buf := new(bytes.Buffer)
buf.WriteString("HTTP/1.1 200 OK\r\n")
buf.WriteString("Content-Type: text/html\r\n")
buf.WriteString("Connection: keep-alive\r\n")
buf.WriteString("Transfer-Encoding: chunked\r\n\r\n")
if _, err = buf.WriteTo(rwc); err != nil {
rwc.Close()
return
}
if _, err = fmt.Fprintf(rwc, "%x\r\n%s\r\n", len(htmlfileHeader), htmlfileHeader); err != nil {
rwc.Close()
return
}
s.rwc = rwc
s.connected = true
proceed()
}
return
}
// ServeHTTP implements the http.Handler interface for a Web Socket.
func (f Draft75Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if req.Method != "GET" || req.Proto != "HTTP/1.1" {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, "Unexpected request")
return
}
if req.Header["Upgrade"] != "WebSocket" {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, "missing Upgrade: WebSocket header")
return
}
if req.Header["Connection"] != "Upgrade" {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, "missing Connection: Upgrade header")
return
}
origin, found := req.Header["Origin"]
if !found {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, "missing Origin header")
return
}
rwc, buf, err := w.Hijack()
if err != nil {
panic("Hijack failed: " + err.String())
return
}
defer rwc.Close()
var location string
if w.UsingTLS() {
location = "wss://" + req.Host + req.URL.RawPath
} else {
location = "ws://" + req.Host + req.URL.RawPath
}
// TODO(ukai): verify origin,location,protocol.
buf.WriteString("HTTP/1.1 101 Web Socket Protocol Handshake\r\n")
buf.WriteString("Upgrade: WebSocket\r\n")
buf.WriteString("Connection: Upgrade\r\n")
buf.WriteString("WebSocket-Origin: " + origin + "\r\n")
buf.WriteString("WebSocket-Location: " + location + "\r\n")
protocol, found := req.Header["Websocket-Protocol"]
// canonical header key of WebSocket-Protocol.
if found {
buf.WriteString("WebSocket-Protocol: " + protocol + "\r\n")
}
buf.WriteString("\r\n")
if err := buf.Flush(); err != nil {
return
}
ws := newConn(origin, location, protocol, buf, rwc)
f(ws)
}
// ServeHTTP implements an http.Handler that answers RPC requests.
func (server *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if req.Method != "CONNECT" {
w.SetHeader("Content-Type", "text/plain; charset=utf-8")
w.WriteHeader(http.StatusMethodNotAllowed)
io.WriteString(w, "405 must CONNECT\n")
return
}
conn, _, err := w.Hijack()
if err != nil {
log.Print("rpc hijacking ", w.RemoteAddr(), ": ", err.String())
return
}
io.WriteString(conn, "HTTP/1.0 "+connected+"\n\n")
server.ServeConn(conn)
}
// Accepts a http connection & request pair. It hijacks the connection and calls
// proceed if succesfull.
func (s *xhrPollingSocket) accept(w http.ResponseWriter, req *http.Request, proceed func()) (err os.Error) {
if s.connected {
return ErrConnected
}
s.req = req
s.rwc, _, err = w.Hijack()
if err == nil {
s.rwc.(*net.TCPConn).SetReadTimeout(s.t.rtimeout)
s.rwc.(*net.TCPConn).SetWriteTimeout(s.t.wtimeout)
s.connected = true
proceed()
}
return
}
// Accepts a http connection & request pair. It hijacks the connection and calls
// proceed if succesfull.
func (s *jsonpPollingSocket) accept(w http.ResponseWriter, req *http.Request, proceed func()) (err os.Error) {
if s.connected {
return ErrConnected
}
rwc, _, err := w.Hijack()
if err == nil {
rwc.(*net.TCPConn).SetReadTimeout(s.t.rtimeout)
rwc.(*net.TCPConn).SetWriteTimeout(s.t.wtimeout)
s.rwc = rwc
s.connected = true
s.index = 0
if ts := req.FormValue("t"); ts != "" {
if index, err := strconv.Atoi(ts); err == nil {
s.index = index
}
}
proceed()
}
return
}
// ServeHTTP implements the http.Handler interface for a Web Socket
func (f Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
rwc, buf, err := w.Hijack()
if err != nil {
panic("Hijack failed: " + err.String())
return
}
// The server should abort the WebSocket connection if it finds
// the client did not send a handshake that matches with protocol
// specification.
defer rwc.Close()
if req.Method != "GET" {
return
}
// HTTP version can be safely ignored.
if strings.ToLower(req.Header["Upgrade"]) != "websocket" ||
strings.ToLower(req.Header["Connection"]) != "upgrade" {
return
}
// TODO(ukai): check Host
origin, found := req.Header["Origin"]
if !found {
return
}
key1, found := req.Header["Sec-Websocket-Key1"]
if !found {
return
}
key2, found := req.Header["Sec-Websocket-Key2"]
if !found {
return
}
key3 := make([]byte, 8)
if _, err := io.ReadFull(buf, key3); err != nil {
return
}
var location string
if w.UsingTLS() {
location = "wss://" + req.Host + req.URL.RawPath
} else {
location = "ws://" + req.Host + req.URL.RawPath
}
// Step 4. get key number in Sec-WebSocket-Key<n> fields.
keyNumber1 := getKeyNumber(key1)
keyNumber2 := getKeyNumber(key2)
// Step 5. get number of spaces in Sec-WebSocket-Key<n> fields.
space1 := uint32(strings.Count(key1, " "))
space2 := uint32(strings.Count(key2, " "))
if space1 == 0 || space2 == 0 {
return
}
// Step 6. key number must be an integral multiple of spaces.
if keyNumber1%space1 != 0 || keyNumber2%space2 != 0 {
return
}
// Step 7. let part be key number divided by spaces.
part1 := keyNumber1 / space1
part2 := keyNumber2 / space2
// Step 8. let challenge to be concatination of part1, part2 and key3.
// Step 9. get MD5 fingerprint of challenge.
response, err := getChallengeResponse(part1, part2, key3)
if err != nil {
return
}
// Step 10. send response status line.
buf.WriteString("HTTP/1.1 101 WebSocket Protocol Handshake\r\n")
// Step 11. send response headers.
buf.WriteString("Upgrade: WebSocket\r\n")
buf.WriteString("Connection: Upgrade\r\n")
buf.WriteString("Sec-WebSocket-Location: " + location + "\r\n")
buf.WriteString("Sec-WebSocket-Origin: " + origin + "\r\n")
protocol, found := req.Header["Sec-Websocket-Protocol"]
if found {
buf.WriteString("Sec-WebSocket-Protocol: " + protocol + "\r\n")
}
// Step 12. send CRLF.
buf.WriteString("\r\n")
// Step 13. send response data.
buf.Write(response)
if err := buf.Flush(); err != nil {
return
}
ws := newConn(origin, location, protocol, buf, rwc)
f(ws)
}
func handleGet(conn http.ResponseWriter, req *http.Request, fetcher blobref.Fetcher) {
isOwner := auth.IsAuthorized(req)
blobRef := BlobFromUrlPath(req.URL.Path)
if blobRef == nil {
httputil.BadRequestError(conn, "Malformed GET URL.")
return
}
var viaBlobs []*blobref.BlobRef
if !isOwner {
viaPathOkay := false
startTime := time.Nanoseconds()
defer func() {
if !viaPathOkay {
// Insert a delay, to hide timing attacks probing
// for the existence of blobs.
sleep := fetchFailureDelayNs - (time.Nanoseconds() - startTime)
if sleep > 0 {
time.Sleep(sleep)
}
}
}()
viaBlobs = make([]*blobref.BlobRef, 0)
if via := req.FormValue("via"); via != "" {
for _, vs := range strings.Split(via, ",", -1) {
if br := blobref.Parse(vs); br == nil {
httputil.BadRequestError(conn, "Malformed blobref in via param")
return
} else {
viaBlobs = append(viaBlobs, br)
}
}
}
fetchChain := make([]*blobref.BlobRef, 0)
fetchChain = append(fetchChain, viaBlobs...)
fetchChain = append(fetchChain, blobRef)
for i, br := range fetchChain {
switch i {
case 0:
file, size, err := fetcher.Fetch(br)
if err != nil {
log.Printf("Fetch chain 0 of %s failed: %v", br.String(), err)
sendUnauthorized(conn)
return
}
defer file.Close()
if size > maxJsonSize {
log.Printf("Fetch chain 0 of %s too large", br.String())
sendUnauthorized(conn)
return
}
jd := json.NewDecoder(file)
m := make(map[string]interface{})
if err := jd.Decode(&m); err != nil {
log.Printf("Fetch chain 0 of %s wasn't JSON: %v", br.String(), err)
sendUnauthorized(conn)
return
}
if m["camliType"].(string) != "share" {
log.Printf("Fetch chain 0 of %s wasn't a share", br.String())
sendUnauthorized(conn)
return
}
if len(fetchChain) > 1 && fetchChain[1].String() != m["target"].(string) {
log.Printf("Fetch chain 0->1 (%s -> %q) unauthorized, expected hop to %q",
br.String(), fetchChain[1].String(), m["target"])
sendUnauthorized(conn)
return
}
case len(fetchChain) - 1:
// Last one is fine (as long as its path up to here has been proven, and it's
// not the first thing in the chain)
continue
default:
file, _, err := fetcher.Fetch(br)
if err != nil {
log.Printf("Fetch chain %d of %s failed: %v", i, br.String(), err)
sendUnauthorized(conn)
return
}
defer file.Close()
lr := io.LimitReader(file, maxJsonSize)
slurpBytes, err := ioutil.ReadAll(lr)
if err != nil {
log.Printf("Fetch chain %d of %s failed in slurp: %v", i, br.String(), err)
sendUnauthorized(conn)
return
}
saught := fetchChain[i+1].String()
if bytes.IndexAny(slurpBytes, saught) == -1 {
log.Printf("Fetch chain %d of %s failed; no reference to %s",
i, br.String(), saught)
sendUnauthorized(conn)
return
}
}
}
viaPathOkay = true
}
file, size, err := fetcher.Fetch(blobRef)
switch err {
case nil:
break
case os.ENOENT:
conn.WriteHeader(http.StatusNotFound)
fmt.Fprintf(conn, "Object not found.")
return
default:
httputil.ServerError(conn, err)
return
}
defer file.Close()
reqRange := getRequestedRange(req)
if reqRange.SkipBytes != 0 {
_, err = file.Seek(reqRange.SkipBytes, 0)
if err != nil {
httputil.ServerError(conn, err)
return
}
}
var input io.Reader = file
if reqRange.LimitBytes != -1 {
input = io.LimitReader(file, reqRange.LimitBytes)
}
remainBytes := size - reqRange.SkipBytes
if reqRange.LimitBytes != -1 &&
reqRange.LimitBytes < remainBytes {
remainBytes = reqRange.LimitBytes
}
// Assume this generic content type by default. For better
// demos we'll try to sniff and guess the "right" MIME type in
// certain cases (no Range requests, etc) but this isn't part
// of the Camli spec at all. We just do it to ease demos.
contentType := "application/octet-stream"
if reqRange.IsWholeFile() {
const peekSize = 1024
bufReader, _ := bufio.NewReaderSize(input, peekSize)
header, _ := bufReader.Peek(peekSize)
if len(header) >= 8 {
switch {
case isValidUtf8(string(header)):
contentType = "text/plain; charset=utf-8"
case bytes.HasPrefix(header, []byte{0xff, 0xd8, 0xff, 0xe2}):
contentType = "image/jpeg"
case bytes.HasPrefix(header, []byte{0x89, 0x50, 0x4e, 0x47, 0xd, 0xa, 0x1a, 0xa}):
contentType = "image/png"
}
}
input = bufReader
}
conn.SetHeader("Content-Type", contentType)
if !reqRange.IsWholeFile() {
conn.SetHeader("Content-Range",
fmt.Sprintf("bytes %d-%d/%d", reqRange.SkipBytes,
reqRange.SkipBytes+remainBytes,
size))
conn.WriteHeader(http.StatusPartialContent)
}
bytesCopied, err := io.Copy(conn, input)
// If there's an error at this point, it's too late to tell the client,
// as they've already been receiving bytes. But they should be smart enough
// to verify the digest doesn't match. But we close the (chunked) response anyway,
// to further signal errors.
killConnection := func() {
closer, _, err := conn.Hijack()
if err != nil {
closer.Close()
}
}
if err != nil {
fmt.Fprintf(os.Stderr, "Error sending file: %v, err=%v\n", blobRef, err)
killConnection()
return
}
if bytesCopied != remainBytes {
fmt.Fprintf(os.Stderr, "Error sending file: %v, copied=%d, not %d\n", blobRef,
bytesCopied, remainBytes)
killConnection()
return
}
}