rpc: implement websockets with github.com/gorilla/websocket (#19866)
* rpc: implement websockets with github.com/gorilla/websocket
This change makes package rpc use the github.com/gorilla/websocket
package for WebSockets instead of golang.org/x/net/websocket. The new
library is more robust and supports all WebSocket features including
continuation frames.
There are new tests for two issues with the previously-used library:
- TestWebsocketClientPing checks handling of Ping frames.
- TestWebsocketLargeCall checks whether the request size limit is
applied correctly.
* rpc: raise HTTP/WebSocket request size limit to 5MB
* rpc: remove default origin for client connections
The client used to put the local hostname into the Origin header because
the server wanted an origin to accept the connection, but that's silly:
Origin is for browsers/websites. The nobody would whitelist a particular
hostname.
Now that the server doesn't need Origin anymore, don't bother setting
one for clients. Users who need an origin can use DialWebsocket to
create a client with arbitrary origin if needed.
* vendor: put golang.org/x/net/websocket back
* rpc: don't set Origin header for empty (default) origin
* rpc: add HTTP status code to handshake error
This makes it easier to debug failing connections.
* ethstats: use github.com/gorilla/websocket
* rpc: fix lint
This commit is contained in:
Felix Lange
committed by
Péter Szilágyi
Péter Szilágyi
parent
e8141e1685
commit
04e175b8ec
203
rpc/websocket.go
203
rpc/websocket.go
@ -17,78 +17,26 @@
|
||||
package rpc
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"sync"
|
||||
|
||||
mapset "github.com/deckarep/golang-set"
|
||||
"github.com/ethereum/go-ethereum/log"
|
||||
"golang.org/x/net/websocket"
|
||||
"github.com/gorilla/websocket"
|
||||
)
|
||||
|
||||
// websocketJSONCodec is a custom JSON codec with payload size enforcement and
|
||||
// special number parsing.
|
||||
var websocketJSONCodec = websocket.Codec{
|
||||
// Marshal is the stock JSON marshaller used by the websocket library too.
|
||||
Marshal: func(v interface{}) ([]byte, byte, error) {
|
||||
msg, err := json.Marshal(v)
|
||||
return msg, websocket.TextFrame, err
|
||||
},
|
||||
// Unmarshal is a specialized unmarshaller to properly convert numbers.
|
||||
Unmarshal: func(msg []byte, payloadType byte, v interface{}) error {
|
||||
dec := json.NewDecoder(bytes.NewReader(msg))
|
||||
dec.UseNumber()
|
||||
const (
|
||||
wsReadBuffer = 1024
|
||||
wsWriteBuffer = 1024
|
||||
)
|
||||
|
||||
return dec.Decode(v)
|
||||
},
|
||||
}
|
||||
|
||||
// WebsocketHandler returns a handler that serves JSON-RPC to WebSocket connections.
|
||||
//
|
||||
// allowedOrigins should be a comma-separated list of allowed origin URLs.
|
||||
// To allow connections with any origin, pass "*".
|
||||
func (s *Server) WebsocketHandler(allowedOrigins []string) http.Handler {
|
||||
return websocket.Server{
|
||||
Handshake: wsHandshakeValidator(allowedOrigins),
|
||||
Handler: func(conn *websocket.Conn) {
|
||||
codec := newWebsocketCodec(conn)
|
||||
s.ServeCodec(codec, OptionMethodInvocation|OptionSubscriptions)
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func newWebsocketCodec(conn *websocket.Conn) ServerCodec {
|
||||
// Create a custom encode/decode pair to enforce payload size and number encoding
|
||||
conn.MaxPayloadBytes = maxRequestContentLength
|
||||
encoder := func(v interface{}) error {
|
||||
return websocketJSONCodec.Send(conn, v)
|
||||
}
|
||||
decoder := func(v interface{}) error {
|
||||
return websocketJSONCodec.Receive(conn, v)
|
||||
}
|
||||
rpcconn := Conn(conn)
|
||||
if conn.IsServerConn() {
|
||||
// Override remote address with the actual socket address because
|
||||
// package websocket crashes if there is no request origin.
|
||||
addr := conn.Request().RemoteAddr
|
||||
if wsaddr := conn.RemoteAddr().(*websocket.Addr); wsaddr.URL != nil {
|
||||
// Add origin if present.
|
||||
addr += "(" + wsaddr.URL.String() + ")"
|
||||
}
|
||||
rpcconn = connWithRemoteAddr{conn, addr}
|
||||
}
|
||||
return NewCodec(rpcconn, encoder, decoder)
|
||||
}
|
||||
var wsBufferPool = new(sync.Pool)
|
||||
|
||||
// NewWSServer creates a new websocket RPC server around an API provider.
|
||||
//
|
||||
@ -97,10 +45,32 @@ func NewWSServer(allowedOrigins []string, srv *Server) *http.Server {
|
||||
return &http.Server{Handler: srv.WebsocketHandler(allowedOrigins)}
|
||||
}
|
||||
|
||||
// WebsocketHandler returns a handler that serves JSON-RPC to WebSocket connections.
|
||||
//
|
||||
// allowedOrigins should be a comma-separated list of allowed origin URLs.
|
||||
// To allow connections with any origin, pass "*".
|
||||
func (s *Server) WebsocketHandler(allowedOrigins []string) http.Handler {
|
||||
var upgrader = websocket.Upgrader{
|
||||
ReadBufferSize: wsReadBuffer,
|
||||
WriteBufferSize: wsWriteBuffer,
|
||||
WriteBufferPool: wsBufferPool,
|
||||
CheckOrigin: wsHandshakeValidator(allowedOrigins),
|
||||
}
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
conn, err := upgrader.Upgrade(w, r, nil)
|
||||
if err != nil {
|
||||
log.Debug("WebSocket upgrade failed", "err", err)
|
||||
return
|
||||
}
|
||||
codec := newWebsocketCodec(conn)
|
||||
s.ServeCodec(codec, OptionMethodInvocation|OptionSubscriptions)
|
||||
})
|
||||
}
|
||||
|
||||
// wsHandshakeValidator returns a handler that verifies the origin during the
|
||||
// websocket upgrade process. When a '*' is specified as an allowed origins all
|
||||
// connections are accepted.
|
||||
func wsHandshakeValidator(allowedOrigins []string) func(*websocket.Config, *http.Request) error {
|
||||
func wsHandshakeValidator(allowedOrigins []string) func(*http.Request) bool {
|
||||
origins := mapset.NewSet()
|
||||
allowAllOrigins := false
|
||||
|
||||
@ -112,7 +82,6 @@ func wsHandshakeValidator(allowedOrigins []string) func(*websocket.Config, *http
|
||||
origins.Add(strings.ToLower(origin))
|
||||
}
|
||||
}
|
||||
|
||||
// allow localhost if no allowedOrigins are specified.
|
||||
if len(origins.ToSlice()) == 0 {
|
||||
origins.Add("http://localhost")
|
||||
@ -120,52 +89,39 @@ func wsHandshakeValidator(allowedOrigins []string) func(*websocket.Config, *http
|
||||
origins.Add("http://" + strings.ToLower(hostname))
|
||||
}
|
||||
}
|
||||
|
||||
log.Debug(fmt.Sprintf("Allowed origin(s) for WS RPC interface %v", origins.ToSlice()))
|
||||
|
||||
f := func(cfg *websocket.Config, req *http.Request) error {
|
||||
f := func(req *http.Request) bool {
|
||||
// Skip origin verification if no Origin header is present. The origin check
|
||||
// is supposed to protect against browser based attacks. Browsers always set
|
||||
// Origin. Non-browser software can put anything in origin and checking it doesn't
|
||||
// provide additional security.
|
||||
if _, ok := req.Header["Origin"]; !ok {
|
||||
return nil
|
||||
return true
|
||||
}
|
||||
// Verify origin against whitelist.
|
||||
origin := strings.ToLower(req.Header.Get("Origin"))
|
||||
if allowAllOrigins || origins.Contains(origin) {
|
||||
return nil
|
||||
return true
|
||||
}
|
||||
log.Warn("Rejected WebSocket connection", "origin", origin)
|
||||
return errors.New("origin not allowed")
|
||||
return false
|
||||
}
|
||||
|
||||
return f
|
||||
}
|
||||
|
||||
func wsGetConfig(endpoint, origin string) (*websocket.Config, error) {
|
||||
if origin == "" {
|
||||
var err error
|
||||
if origin, err = os.Hostname(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if strings.HasPrefix(endpoint, "wss") {
|
||||
origin = "https://" + strings.ToLower(origin)
|
||||
} else {
|
||||
origin = "http://" + strings.ToLower(origin)
|
||||
}
|
||||
}
|
||||
config, err := websocket.NewConfig(endpoint, origin)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
type wsHandshakeError struct {
|
||||
err error
|
||||
status string
|
||||
}
|
||||
|
||||
if config.Location.User != nil {
|
||||
b64auth := base64.StdEncoding.EncodeToString([]byte(config.Location.User.String()))
|
||||
config.Header.Add("Authorization", "Basic "+b64auth)
|
||||
config.Location.User = nil
|
||||
func (e wsHandshakeError) Error() string {
|
||||
s := e.err.Error()
|
||||
if e.status != "" {
|
||||
s += " (HTTP status " + e.status + ")"
|
||||
}
|
||||
return config, nil
|
||||
return s
|
||||
}
|
||||
|
||||
// DialWebsocket creates a new RPC client that communicates with a JSON-RPC server
|
||||
@ -174,65 +130,46 @@ func wsGetConfig(endpoint, origin string) (*websocket.Config, error) {
|
||||
// The context is used for the initial connection establishment. It does not
|
||||
// affect subsequent interactions with the client.
|
||||
func DialWebsocket(ctx context.Context, endpoint, origin string) (*Client, error) {
|
||||
config, err := wsGetConfig(endpoint, origin)
|
||||
endpoint, header, err := wsClientHeaders(endpoint, origin)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
dialer := websocket.Dialer{
|
||||
ReadBufferSize: wsReadBuffer,
|
||||
WriteBufferSize: wsWriteBuffer,
|
||||
WriteBufferPool: wsBufferPool,
|
||||
}
|
||||
return newClient(ctx, func(ctx context.Context) (ServerCodec, error) {
|
||||
conn, err := wsDialContext(ctx, config)
|
||||
conn, resp, err := dialer.DialContext(ctx, endpoint, header)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
hErr := wsHandshakeError{err: err}
|
||||
if resp != nil {
|
||||
hErr.status = resp.Status
|
||||
}
|
||||
return nil, hErr
|
||||
}
|
||||
return newWebsocketCodec(conn), nil
|
||||
})
|
||||
}
|
||||
|
||||
func wsDialContext(ctx context.Context, config *websocket.Config) (*websocket.Conn, error) {
|
||||
var conn net.Conn
|
||||
var err error
|
||||
switch config.Location.Scheme {
|
||||
case "ws":
|
||||
conn, err = dialContext(ctx, "tcp", wsDialAddress(config.Location))
|
||||
case "wss":
|
||||
dialer := contextDialer(ctx)
|
||||
conn, err = tls.DialWithDialer(dialer, "tcp", wsDialAddress(config.Location), config.TlsConfig)
|
||||
default:
|
||||
err = websocket.ErrBadScheme
|
||||
}
|
||||
func wsClientHeaders(endpoint, origin string) (string, http.Header, error) {
|
||||
endpointURL, err := url.Parse(endpoint)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return endpoint, nil, err
|
||||
}
|
||||
ws, err := websocket.NewClient(config, conn)
|
||||
if err != nil {
|
||||
conn.Close()
|
||||
return nil, err
|
||||
header := make(http.Header)
|
||||
if origin != "" {
|
||||
header.Add("origin", origin)
|
||||
}
|
||||
return ws, err
|
||||
if endpointURL.User != nil {
|
||||
b64auth := base64.StdEncoding.EncodeToString([]byte(endpointURL.User.String()))
|
||||
header.Add("authorization", "Basic "+b64auth)
|
||||
endpointURL.User = nil
|
||||
}
|
||||
return endpointURL.String(), header, nil
|
||||
}
|
||||
|
||||
var wsPortMap = map[string]string{"ws": "80", "wss": "443"}
|
||||
|
||||
func wsDialAddress(location *url.URL) string {
|
||||
if _, ok := wsPortMap[location.Scheme]; ok {
|
||||
if _, _, err := net.SplitHostPort(location.Host); err != nil {
|
||||
return net.JoinHostPort(location.Host, wsPortMap[location.Scheme])
|
||||
}
|
||||
}
|
||||
return location.Host
|
||||
}
|
||||
|
||||
func dialContext(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
d := &net.Dialer{KeepAlive: tcpKeepAliveInterval}
|
||||
return d.DialContext(ctx, network, addr)
|
||||
}
|
||||
|
||||
func contextDialer(ctx context.Context) *net.Dialer {
|
||||
dialer := &net.Dialer{Cancel: ctx.Done(), KeepAlive: tcpKeepAliveInterval}
|
||||
if deadline, ok := ctx.Deadline(); ok {
|
||||
dialer.Deadline = deadline
|
||||
} else {
|
||||
dialer.Deadline = time.Now().Add(defaultDialTimeout)
|
||||
}
|
||||
return dialer
|
||||
func newWebsocketCodec(conn *websocket.Conn) ServerCodec {
|
||||
conn.SetReadLimit(maxRequestContentLength)
|
||||
return newCodec(conn, conn.WriteJSON, conn.ReadJSON)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user