blob: 985c4c4bc81848565f85a819fd808df3d6bf5400 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/strings/string_number_conversions.h"
#include "net/base/elements_upload_data_stream.h"
#include "net/base/net_errors.h"
#include "net/base/request_priority.h"
#include "net/base/upload_bytes_element_reader.h"
#include "net/cert/cert_status_flags.h"
#include "net/http/http_response_headers.h"
#include "net/http/http_status_code.h"
#include "net/http/http_util.h"
#include "net/ssl/ssl_info.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "net/url_request/redirect_info.h"
#include "net/url_request/url_request_context.h"
#include "net/tools/quic/quic_http_proxy_backend_stream.h"
namespace net {
// This is the Size of the buffer that consumes the response from the Backend
// The response is consumed upto 64KB at a time to avoid a large response
// from hogging resources from smaller responses.
const int QuicHttpProxyBackendStream::kBufferSize = 64000;
/*502 Bad Gateway
The server was acting as a gateway or proxy and received an
invalid response from the upstream server.*/
const int QuicHttpProxyBackendStream::kProxyHttpBackendError = 502;
// Hop-by-hop headers (small-caps). These are removed when sent to the backend.
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
// not Trailers per URL above;
// http://www.rfc-editor.org/errata_search.php?eid=4522
const std::set<std::string> QuicHttpProxyBackendStream::kHopHeaders = {
"connection",
"proxy-connection", // non-standard but still sent by libcurl and rejected
// by e.g. google
"keep-alive", "proxy-authenticate", "proxy-authorization",
"te", // canonicalized version of "TE"
"trailer", // not Trailers per URL above;
// http://www.rfc-editor.org/errata_search.php?eid=4522
"transfer-encoding", "upgrade",
};
const std::string QuicHttpProxyBackendStream::kDefaultQuicPeerIP = "Unknown";
QuicHttpProxyBackendStream::QuicHttpProxyBackendStream(
QuicHttpProxyBackend* proxy_context)
: proxy_context_(proxy_context),
delegate_(nullptr),
quic_peer_ip_(kDefaultQuicPeerIP),
url_request_(nullptr),
buf_(base::MakeRefCounted<IOBuffer>(kBufferSize)),
response_completed_(false),
headers_set_(false),
quic_response_(new quic::QuicBackendResponse()) {}
QuicHttpProxyBackendStream::~QuicHttpProxyBackendStream() {}
void QuicHttpProxyBackendStream::Initialize(
quic::QuicConnectionId quic_connection_id,
quic::QuicStreamId quic_stream_id,
std::string quic_peer_ip) {
quic_connection_id_ = quic_connection_id;
quic_stream_id_ = quic_stream_id;
quic_peer_ip_ = quic_peer_ip;
if (!quic_proxy_task_runner_.get()) {
quic_proxy_task_runner_ = proxy_context_->GetProxyTaskRunner();
} else {
DCHECK_EQ(quic_proxy_task_runner_, proxy_context_->GetProxyTaskRunner());
}
quic_response_->set_response_type(
quic::QuicBackendResponse::BACKEND_ERR_RESPONSE);
}
void QuicHttpProxyBackendStream::set_delegate(
quic::QuicSimpleServerBackend::RequestHandler* delegate) {
delegate_ = delegate;
delegate_task_runner_ = base::SequencedTaskRunnerHandle::Get();
}
bool QuicHttpProxyBackendStream::SendRequestToBackend(
const spdy::SpdyHeaderBlock* incoming_request_headers,
const std::string& incoming_body) {
DCHECK(proxy_context_->IsBackendInitialized())
<< " The quic-backend-proxy-context should be initialized";
// Get Path From the Incoming Header Block
spdy::SpdyHeaderBlock::const_iterator it =
incoming_request_headers->find(":path");
GURL url = proxy_context_->backend_url();
std::string backend_spec = url.spec();
if (it != incoming_request_headers->end()) {
if (url.path().compare("/") == 0) {
backend_spec.pop_back();
}
backend_spec.append(it->second.as_string());
}
url_ = GURL(backend_spec.c_str());
if (!url_.is_valid()) {
LOG(ERROR) << "Invalid URL received from QUIC client " << backend_spec;
return false;
}
LOG(INFO) << "QUIC Proxy Making a request to the Backed URL: " + url_.spec();
// Set the Method From the Incoming Header Block
std::string method = "";
it = incoming_request_headers->find(":method");
if (it != incoming_request_headers->end()) {
method.append(it->second.as_string());
}
if (ValidateHttpMethod(method) != true) {
LOG(INFO) << "Unknown Request Type received from QUIC client " << method;
return false;
}
CopyHeaders(incoming_request_headers);
if (method_type_ == "POST" || method_type_ == "PUT" ||
method_type_ == "PATCH") {
// Upload content must be set
if (!incoming_body.empty()) {
std::unique_ptr<UploadElementReader> reader(new UploadBytesElementReader(
incoming_body.data(), incoming_body.size()));
SetUpload(
ElementsUploadDataStream::CreateWithReader(std::move(reader), 0));
}
}
// Start the request on the backend thread
bool posted = quic_proxy_task_runner_->PostTask(
FROM_HERE,
base::BindOnce(&QuicHttpProxyBackendStream::SendRequestOnBackendThread,
weak_factory_.GetWeakPtr()));
return posted;
}
void QuicHttpProxyBackendStream::CopyHeaders(
const spdy::SpdyHeaderBlock* incoming_request_headers) {
// Set all the request headers
// Add or append the X-Forwarded-For Header and X-Real-IP
for (spdy::SpdyHeaderBlock::const_iterator it =
incoming_request_headers->begin();
it != incoming_request_headers->end(); ++it) {
std::string key = it->first.as_string();
std::string value = it->second.as_string();
// Ignore the spdy headers
if (!key.empty() && key[0] != ':') {
// Remove hop-by-hop headers
if (base::Contains(kHopHeaders, key)) {
LOG(INFO) << "QUIC Proxy Ignoring Hop-by-hop Request Header: " << key
<< ":" << value;
} else {
LOG(INFO) << "QUIC Proxy Copying to backend Request Header: " << key
<< ":" << value;
AddRequestHeader(key, value);
}
}
}
// ToDo append proxy ip when x_forwarded_for header already present
AddRequestHeader("X-Forwarded-For", quic_peer_ip_);
}
bool QuicHttpProxyBackendStream::ValidateHttpMethod(std::string method) {
// Http method is a token, just as header name.
if (!net::HttpUtil::IsValidHeaderName(method))
return false;
method_type_ = method;
return true;
}
bool QuicHttpProxyBackendStream::AddRequestHeader(std::string name,
std::string value) {
if (!net::HttpUtil::IsValidHeaderName(name) ||
!net::HttpUtil::IsValidHeaderValue(value)) {
return false;
}
request_headers_.SetHeader(name, value);
return true;
}
void QuicHttpProxyBackendStream::SetUpload(
std::unique_ptr<net::UploadDataStream> upload) {
DCHECK(!upload_);
upload_ = std::move(upload);
}
void QuicHttpProxyBackendStream::SendRequestOnBackendThread() {
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
url_request_ = proxy_context_->GetURLRequestContext()->CreateRequest(
url_, net::DEFAULT_PRIORITY, this, MISSING_TRAFFIC_ANNOTATION);
url_request_->set_method(method_type_);
url_request_->SetExtraRequestHeaders(request_headers_);
if (upload_) {
url_request_->set_upload(std::move(upload_));
}
url_request_->Start();
VLOG(1) << "Quic Proxy Sending Request to Backend for quic_conn_id: "
<< quic_connection_id_ << " quic_stream_id: " << quic_stream_id_
<< " url: " << url_;
}
void QuicHttpProxyBackendStream::OnReceivedRedirect(
net::URLRequest* request,
const net::RedirectInfo& redirect_info,
bool* defer_redirect) {
DCHECK_EQ(request, url_request_.get());
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
// Do not defer redirect, retry again from the proxy with the new url
*defer_redirect = false;
LOG(ERROR) << "Received Redirect from Backend "
<< " redirectUrl: "
<< redirect_info.new_url.possibly_invalid_spec().c_str()
<< " RespCode " << request->GetResponseCode();
}
void QuicHttpProxyBackendStream::OnCertificateRequested(
net::URLRequest* request,
net::SSLCertRequestInfo* cert_request_info) {
DCHECK_EQ(request, url_request_.get());
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
// Continue the SSL handshake without a client certificate.
request->ContinueWithCertificate(nullptr, nullptr);
}
void QuicHttpProxyBackendStream::OnSSLCertificateError(
net::URLRequest* request,
int net_error,
const net::SSLInfo& ssl_info,
bool fatal) {
request->Cancel();
OnResponseCompleted();
}
void QuicHttpProxyBackendStream::OnResponseStarted(net::URLRequest* request,
int net_error) {
DCHECK_EQ(request, url_request_.get());
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
// It doesn't make sense for the request to have IO pending at this point.
DCHECK_NE(net::ERR_IO_PENDING, net_error);
if (net_error != net::OK) {
LOG(ERROR) << "OnResponseStarted Error from Backend "
<< " url: "
<< url_request_->url().possibly_invalid_spec().c_str()
<< " RespError " << net::ErrorToString(net_error);
OnResponseCompleted();
return;
}
// Initialite the first read
ReadOnceTask();
}
void QuicHttpProxyBackendStream::ReadOnceTask() {
// Initiate a read for a max of kBufferSize
// This avoids a request with a large response from starving
// requests with smaller responses
int bytes_read = url_request_->Read(buf_.get(), kBufferSize);
OnReadCompleted(url_request_.get(), bytes_read);
}
// In the case of net::ERR_IO_PENDING,
// OnReadCompleted callback will be called by URLRequest
void QuicHttpProxyBackendStream::OnReadCompleted(net::URLRequest* unused,
int bytes_read) {
DCHECK_EQ(url_request_.get(), unused);
LOG(INFO) << "OnReadCompleted Backend with"
<< " RespCode " << url_request_->GetResponseCode()
<< " RcvdBytesCount " << bytes_read << " RcvdTotalBytes "
<< data_received_.size();
if (bytes_read > 0) {
data_received_.append(buf_->data(), bytes_read);
// More data to be read, send a task to self
quic_proxy_task_runner_->PostTask(
FROM_HERE, base::BindOnce(&QuicHttpProxyBackendStream::ReadOnceTask,
weak_factory_.GetWeakPtr()));
} else if (bytes_read != net::ERR_IO_PENDING) {
quic_response_->set_response_type(
quic::QuicBackendResponse::REGULAR_RESPONSE);
OnResponseCompleted();
}
}
/* Response from Backend complete, send the last chunk of data with fin=true to
* the corresponding quic stream */
void QuicHttpProxyBackendStream::OnResponseCompleted() {
DCHECK(!response_completed_);
LOG(INFO) << "Quic Proxy Received Response from Backend for quic_conn_id: "
<< quic_connection_id_ << " quic_stream_id: " << quic_stream_id_
<< " url: " << url_;
// ToDo Stream the response
spdy::SpdyHeaderBlock response_headers;
if (quic_response_->response_type() !=
quic::QuicBackendResponse::BACKEND_ERR_RESPONSE) {
response_headers = getAsQuicHeaders(url_request_->response_headers(),
url_request_->GetResponseCode(),
data_received_.size());
quic_response_->set_headers(std::move(response_headers));
quic_response_->set_body(std::move(data_received_));
} else {
response_headers =
getAsQuicHeaders(url_request_->response_headers(),
kProxyHttpBackendError, data_received_.size());
quic_response_->set_headers(std::move(response_headers));
}
response_completed_ = true;
ReleaseRequest();
// Send the response back to the quic client on the quic/main thread
if (delegate_ != nullptr) {
delegate_task_runner_->PostTask(
FROM_HERE,
base::BindOnce(
&QuicHttpProxyBackendStream::SendResponseOnDelegateThread,
base::Unretained(this)));
}
}
void QuicHttpProxyBackendStream::SendResponseOnDelegateThread() {
DCHECK(delegate_ != nullptr);
// Proxy currently does not support push resources
std::list<quic::QuicBackendResponse::ServerPushInfo> empty_resources;
delegate_->OnResponseBackendComplete(quic_response_.get(), empty_resources);
}
void QuicHttpProxyBackendStream::CancelRequest() {
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
if (quic_proxy_task_runner_.get())
DCHECK(quic_proxy_task_runner_->BelongsToCurrentThread());
delegate_ = nullptr;
if (url_request_.get()) {
url_request_->CancelWithError(ERR_ABORTED);
ReleaseRequest();
}
}
void QuicHttpProxyBackendStream::ReleaseRequest() {
url_request_.reset();
buf_ = nullptr;
}
quic::QuicBackendResponse* QuicHttpProxyBackendStream::GetBackendResponse()
const {
return quic_response_.get();
}
// Copy Backend Response headers to Quic response headers
spdy::SpdyHeaderBlock QuicHttpProxyBackendStream::getAsQuicHeaders(
net::HttpResponseHeaders* resp_headers,
int response_code,
uint64_t response_decoded_body_size) {
DCHECK(!headers_set_);
bool response_body_encoded = false;
spdy::SpdyHeaderBlock quic_response_headers;
// Add spdy headers: Status, version need : before the header
quic_response_headers[":status"] = base::NumberToString(response_code);
headers_set_ = true;
// Returns an empty array if |headers| is nullptr.
if (resp_headers != nullptr) {
size_t iter = 0;
std::string header_name;
std::string header_value;
while (resp_headers->EnumerateHeaderLines(&iter, &header_name,
&header_value)) {
header_name = base::ToLowerASCII(header_name);
// Do not copy status again since status needs a ":" before the header
// name
if (header_name.compare("status") != 0) {
if (header_name.compare("content-encoding") != 0) {
// Remove hop-by-hop headers
if (base::Contains(kHopHeaders, header_name)) {
LOG(INFO) << "Quic Proxy Ignoring Hop-by-hop Response Header: "
<< header_name << ":" << header_value;
} else {
LOG(INFO) << " Quic Proxy Copying Response Header: " << header_name
<< ":" << header_value;
quic_response_headers.AppendValueOrAddHeader(header_name,
header_value);
}
} else {
response_body_encoded = true;
}
}
} // while
// Currently URLRequest class does not support ability to disable decoding,
// response body (gzip, deflate etc. )
// Instead of re-encoding the body, we send decode body to the quic client
// and re-write the content length to the original body size
if (response_body_encoded) {
LOG(INFO) << " Quic Proxy Rewriting the Content-Length Header since "
"the response was encoded : "
<< response_decoded_body_size;
quic_response_headers["content-length"] =
base::NumberToString(response_decoded_body_size);
}
}
return quic_response_headers;
}
} // namespace net