mirror of
https://github.com/DarkflameUniverse/DarkflameServer.git
synced 2026-02-01 08:29:53 +00:00
WIP: basic server, no features
This commit is contained in:
Aaron Kimbrell
265
dWeb/Web.cpp
265
dWeb/Web.cpp
@@ -6,30 +6,134 @@
|
||||
#include "eHTTPMethod.h"
|
||||
#include "GeneralUtils.h"
|
||||
#include "JSONUtils.h"
|
||||
#include "HTTPContext.h"
|
||||
#include "IHTTPMiddleware.h"
|
||||
#include <ranges>
|
||||
#include <set>
|
||||
#include <cctype>
|
||||
|
||||
namespace Game {
|
||||
Web web;
|
||||
}
|
||||
|
||||
namespace {
|
||||
const char* jsonContentType = "Content-Type: application/json\r\n";
|
||||
const std::string wsSubscribed = "{\"status\":\"subscribed\"}";
|
||||
const std::string wsUnsubscribed = "{\"status\":\"unsubscribed\"}";
|
||||
std::map<std::pair<eHTTPMethod, std::string>, HTTPRoute> g_HTTPRoutes;
|
||||
std::map<std::string, WSEvent> g_WSEvents;
|
||||
std::vector<std::string> g_WSSubscriptions;
|
||||
// Keep track of authenticated WebSocket connections
|
||||
std::set<mg_connection*> g_AuthenticatedWSConnections;
|
||||
|
||||
// Global middleware applied to all routes
|
||||
std::vector<MiddlewarePtr> g_GlobalMiddleware;
|
||||
|
||||
// Helper to extract client IP from mongoose connection
|
||||
static std::string GetClientIP(mg_connection* connection) {
|
||||
if (!connection) return "unknown";
|
||||
|
||||
const uint8_t* ip = connection->rem.ip;
|
||||
|
||||
// Check for IPv4-mapped IPv6 addresses (::ffff:x.x.x.x)
|
||||
if (ip[0] == 0 && ip[1] == 0 && ip[2] == 0 && ip[3] == 0 &&
|
||||
ip[4] == 0 && ip[5] == 0 && ip[6] == 0 && ip[7] == 0 &&
|
||||
ip[8] == 0 && ip[9] == 0 && ip[10] == 0xff && ip[11] == 0xff) {
|
||||
// IPv4 address is in bytes 12-15
|
||||
char buffer[32]{};
|
||||
snprintf(buffer, sizeof(buffer), "%d.%d.%d.%d",
|
||||
ip[12], ip[13], ip[14], ip[15]);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
// Direct IPv4
|
||||
char buffer[32]{};
|
||||
snprintf(buffer, sizeof(buffer), "%d.%d.%d.%d",
|
||||
ip[0], ip[1], ip[2], ip[3]);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
// Helper to populate HTTPContext from mg_http_message
|
||||
static void PopulateHTTPContext(HTTPContext& context,
|
||||
const mg_http_message* http_msg,
|
||||
mg_connection* connection) {
|
||||
// Parse method
|
||||
context.method = std::string(http_msg->method.buf, http_msg->method.len);
|
||||
|
||||
// Parse URI/path
|
||||
std::string uri(http_msg->uri.buf, http_msg->uri.len);
|
||||
std::transform(uri.begin(), uri.end(), uri.begin(), ::tolower);
|
||||
|
||||
// Split path and query string
|
||||
const size_t queryPos = uri.find('?');
|
||||
if (queryPos != std::string::npos) {
|
||||
context.path = uri.substr(0, queryPos);
|
||||
context.queryString = uri.substr(queryPos + 1);
|
||||
} else {
|
||||
context.path = uri;
|
||||
context.queryString = "";
|
||||
}
|
||||
|
||||
// Parse body
|
||||
context.body = std::string(http_msg->body.buf, http_msg->body.len);
|
||||
|
||||
// Parse common headers (case-insensitive)
|
||||
const struct mg_str* hdr_ptr;
|
||||
|
||||
// Get Content-Type
|
||||
if ((hdr_ptr = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "Content-Type")) != NULL) {
|
||||
context.SetHeader("Content-Type", std::string(hdr_ptr->buf, hdr_ptr->len));
|
||||
}
|
||||
|
||||
// Get Cookie
|
||||
if ((hdr_ptr = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "Cookie")) != NULL) {
|
||||
context.SetHeader("Cookie", std::string(hdr_ptr->buf, hdr_ptr->len));
|
||||
}
|
||||
|
||||
// Get Authorization
|
||||
if ((hdr_ptr = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "Authorization")) != NULL) {
|
||||
context.SetHeader("Authorization", std::string(hdr_ptr->buf, hdr_ptr->len));
|
||||
}
|
||||
|
||||
// Get User-Agent
|
||||
if ((hdr_ptr = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "User-Agent")) != NULL) {
|
||||
context.SetHeader("User-Agent", std::string(hdr_ptr->buf, hdr_ptr->len));
|
||||
}
|
||||
|
||||
// Get Host
|
||||
if ((hdr_ptr = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "Host")) != NULL) {
|
||||
context.SetHeader("Host", std::string(hdr_ptr->buf, hdr_ptr->len));
|
||||
}
|
||||
|
||||
// Get client IP
|
||||
context.clientIP = GetClientIP(connection);
|
||||
}
|
||||
|
||||
const char* ContentTypeToString(eContentType contentType) {
|
||||
switch (contentType) {
|
||||
case eContentType::APPLICATION_JSON:
|
||||
return "application/json";
|
||||
case eContentType::TEXT_HTML:
|
||||
return "text/html; charset=utf-8";
|
||||
case eContentType::TEXT_CSS:
|
||||
return "text/css; charset=utf-8";
|
||||
case eContentType::TEXT_JAVASCRIPT:
|
||||
return "application/javascript; charset=utf-8";
|
||||
case eContentType::TEXT_PLAIN:
|
||||
return "text/plain; charset=utf-8";
|
||||
case eContentType::IMAGE_PNG:
|
||||
return "image/png";
|
||||
case eContentType::IMAGE_JPEG:
|
||||
return "image/jpeg";
|
||||
case eContentType::APPLICATION_OCTET_STREAM:
|
||||
return "application/octet-stream";
|
||||
default:
|
||||
return "application/json";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
using json = nlohmann::json;
|
||||
|
||||
bool ValidateAuthentication(const mg_http_message* http_msg) {
|
||||
// TO DO: This is just a placeholder for now
|
||||
// use tokens or something at a later point if we want to implement authentication
|
||||
// bit using the listen bind address to limit external access is good enough to start with
|
||||
return true;
|
||||
}
|
||||
|
||||
void HandleHTTPMessage(mg_connection* connection, const mg_http_message* http_msg) {
|
||||
if (g_HTTPRoutes.empty()) return;
|
||||
|
||||
@@ -38,46 +142,136 @@ void HandleHTTPMessage(mg_connection* connection, const mg_http_message* http_ms
|
||||
if (!http_msg) {
|
||||
reply.status = eHTTPStatusCode::BAD_REQUEST;
|
||||
reply.message = "{\"error\":\"Invalid Request\"}";
|
||||
} else if (ValidateAuthentication(http_msg)) {
|
||||
|
||||
// convert method from cstring to std string
|
||||
} else {
|
||||
// All authentication is now handled by middleware chain
|
||||
// Convert method from cstring to enum
|
||||
std::string method_string(http_msg->method.buf, http_msg->method.len);
|
||||
// get method from mg to enum
|
||||
const eHTTPMethod method = magic_enum::enum_cast<eHTTPMethod>(method_string).value_or(eHTTPMethod::INVALID);
|
||||
|
||||
// convert uri from cstring to std string
|
||||
// Extract URI and convert to lowercase
|
||||
std::string uri(http_msg->uri.buf, http_msg->uri.len);
|
||||
std::transform(uri.begin(), uri.end(), uri.begin(), ::tolower);
|
||||
|
||||
// convert body from cstring to std string
|
||||
std::string body(http_msg->body.buf, http_msg->body.len);
|
||||
|
||||
// Special case for websocket
|
||||
if (uri == "/ws" && method == eHTTPMethod::GET) {
|
||||
mg_ws_upgrade(connection, const_cast<mg_http_message*>(http_msg), NULL);
|
||||
LOG_DEBUG("Upgraded connection to websocket: %d.%d.%d.%d:%i", MG_IPADDR_PARTS(&connection->rem.ip), connection->rem.port);
|
||||
// return cause they are now a websocket
|
||||
// Check if connection is from localhost/internal network
|
||||
bool isInternal = false;
|
||||
const uint8_t* ip = connection->rem.ip;
|
||||
|
||||
// Check for IPv4-mapped IPv6 addresses (::ffff:x.x.x.x)
|
||||
if (ip[0] == 0 && ip[1] == 0 && ip[2] == 0 && ip[3] == 0 &&
|
||||
ip[4] == 0 && ip[5] == 0 && ip[6] == 0 && ip[7] == 0 &&
|
||||
ip[8] == 0 && ip[9] == 0 && ip[10] == 0xff && ip[11] == 0xff) {
|
||||
// IPv4 address is in bytes 12-15
|
||||
uint8_t b1 = ip[12];
|
||||
uint8_t b2 = ip[13];
|
||||
|
||||
// Check for 127.x.x.x (localhost)
|
||||
if (b1 == 127) {
|
||||
isInternal = true;
|
||||
}
|
||||
// Check for 192.168.x.x
|
||||
else if (b1 == 192 && b2 == 168) {
|
||||
isInternal = true;
|
||||
}
|
||||
// Check for 10.x.x.x
|
||||
else if (b1 == 10) {
|
||||
isInternal = true;
|
||||
}
|
||||
// Check for 172.16.x.x to 172.31.x.x
|
||||
else if (b1 == 172 && b2 >= 16 && b2 <= 31) {
|
||||
isInternal = true;
|
||||
}
|
||||
}
|
||||
|
||||
bool authenticated = isInternal; // Internal connections are automatically trusted
|
||||
|
||||
// For external connections, require authentication cookie
|
||||
if (!isInternal) {
|
||||
const auto* cookieHeader = mg_http_get_header(const_cast<mg_http_message*>(http_msg), "Cookie");
|
||||
if (cookieHeader) {
|
||||
std::string cookieStr = std::string(cookieHeader->buf, cookieHeader->len);
|
||||
if (!cookieStr.empty() && cookieStr.find("dashboardToken=") != std::string::npos) {
|
||||
authenticated = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (authenticated) {
|
||||
mg_ws_upgrade(connection, const_cast<mg_http_message*>(http_msg), NULL);
|
||||
g_AuthenticatedWSConnections.insert(connection);
|
||||
const char* connType = isInternal ? "internal" : "external";
|
||||
LOG_DEBUG("Upgraded %s connection to websocket: %d.%d.%d.%d:%i", connType, MG_IPADDR_PARTS(&connection->rem.ip), connection->rem.port);
|
||||
} else {
|
||||
LOG_DEBUG("Rejected WebSocket connection - no valid authentication from %d.%d.%d.%d:%i", MG_IPADDR_PARTS(&connection->rem.ip), connection->rem.port);
|
||||
reply.status = eHTTPStatusCode::UNAUTHORIZED;
|
||||
reply.message = "{\"error\":\"Unauthorized\"}";
|
||||
std::string headers = std::string("Content-Type: ") + ContentTypeToString(reply.contentType) + "\r\n";
|
||||
if (!reply.location.empty()) {
|
||||
headers += "Location: " + reply.location + "\r\n";
|
||||
}
|
||||
mg_http_reply(connection, static_cast<int>(reply.status), headers.c_str(), reply.message.c_str());
|
||||
}
|
||||
// return cause they are now a websocket or connection closed
|
||||
return;
|
||||
}
|
||||
|
||||
// Handle HTTP request
|
||||
const auto routeItr = g_HTTPRoutes.find({method, uri});
|
||||
if (routeItr != g_HTTPRoutes.end()) {
|
||||
const auto& [_, route] = *routeItr;
|
||||
route.handle(reply, body);
|
||||
const auto& route = routeItr->second;
|
||||
|
||||
// Create HTTP context from request
|
||||
HTTPContext context;
|
||||
PopulateHTTPContext(context, http_msg, connection);
|
||||
|
||||
// Build complete middleware chain
|
||||
std::vector<MiddlewarePtr> middlewareChain = g_GlobalMiddleware;
|
||||
middlewareChain.insert(middlewareChain.end(),
|
||||
route.middleware.begin(),
|
||||
route.middleware.end());
|
||||
|
||||
// Execute middleware chain
|
||||
bool chainPassed = true;
|
||||
for (const auto& middleware : middlewareChain) {
|
||||
if (!middleware->Process(context, reply)) {
|
||||
chainPassed = false;
|
||||
LOG_DEBUG("Middleware %s rejected request to %s %s",
|
||||
middleware->GetName().c_str(),
|
||||
context.method.c_str(),
|
||||
context.path.c_str());
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Call handler only if all middleware passed
|
||||
if (chainPassed) {
|
||||
route.handle(reply, context);
|
||||
}
|
||||
} else {
|
||||
reply.status = eHTTPStatusCode::NOT_FOUND;
|
||||
reply.message = "{\"error\":\"Not Found\"}";
|
||||
}
|
||||
} else {
|
||||
reply.status = eHTTPStatusCode::UNAUTHORIZED;
|
||||
reply.message = "{\"error\":\"Unauthorized\"}";
|
||||
}
|
||||
mg_http_reply(connection, static_cast<int>(reply.status), jsonContentType, reply.message.c_str());
|
||||
|
||||
// Build headers
|
||||
std::string headers = std::string("Content-Type: ") + ContentTypeToString(reply.contentType) + "\r\n";
|
||||
if (!reply.location.empty()) {
|
||||
headers += "Location: " + reply.location + "\r\n";
|
||||
}
|
||||
mg_http_reply(connection, static_cast<int>(reply.status), headers.c_str(), reply.message.c_str());
|
||||
}
|
||||
|
||||
|
||||
|
||||
void HandleWSMessage(mg_connection* connection, const mg_ws_message* ws_msg) {
|
||||
// Check if connection is authenticated
|
||||
if (g_AuthenticatedWSConnections.find(connection) == g_AuthenticatedWSConnections.end()) {
|
||||
LOG_DEBUG("Received websocket message from unauthenticated connection");
|
||||
mg_ws_send(connection, "{\"error\":\"Unauthorized\"}", 23, WEBSOCKET_OP_TEXT);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!ws_msg) {
|
||||
LOG_DEBUG("Received invalid websocket message");
|
||||
return;
|
||||
@@ -233,6 +427,15 @@ void Web::RegisterWSSubscription(const std::string& subscription) {
|
||||
}
|
||||
}
|
||||
|
||||
void Web::AddGlobalMiddleware(MiddlewarePtr middleware) {
|
||||
if (!middleware) {
|
||||
LOG_DEBUG("Attempted to add null middleware");
|
||||
return;
|
||||
}
|
||||
g_GlobalMiddleware.push_back(middleware);
|
||||
LOG_DEBUG("Registered global middleware: %s", middleware->GetName().c_str());
|
||||
}
|
||||
|
||||
Web::Web() {
|
||||
mg_log_set_fn(DLOG, NULL); // Redirect logs to our logger
|
||||
mg_log_set(MG_LL_DEBUG);
|
||||
@@ -293,6 +496,18 @@ void Web::SendWSMessage(const std::string subscription, json& data) {
|
||||
// tell it the event type
|
||||
data["event"] = subscription;
|
||||
auto index = std::distance(g_WSSubscriptions.begin(), subItr);
|
||||
|
||||
// Clean up closed connections from authenticated set
|
||||
std::vector<mg_connection*> closedConnections;
|
||||
for (auto* conn : g_AuthenticatedWSConnections) {
|
||||
if (conn->is_closing) {
|
||||
closedConnections.push_back(conn);
|
||||
}
|
||||
}
|
||||
for (auto* conn : closedConnections) {
|
||||
g_AuthenticatedWSConnections.erase(conn);
|
||||
}
|
||||
|
||||
for (auto *wc = Game::web.mgr.conns; wc != NULL; wc = wc->next) {
|
||||
if (wc->is_websocket && wc->data[index] == SubscriptionStatus::SUBSCRIBED) {
|
||||
mg_ws_send(wc, data.dump().c_str(), data.dump().size(), WEBSOCKET_OP_TEXT);
|
||||
|
||||
Reference in New Issue
Block a user