github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/lib/http/server.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // HTTP server. See RFC 7230 through 7235. 6 7 package http 8 9 import ( 10 "bufio" 11 "bytes" 12 "context" 13 "crypto/tls" 14 "errors" 15 "fmt" 16 "io" 17 "log" 18 "math/rand" 19 "net" 20 "net/textproto" 21 "os" 22 "path" 23 "runtime" 24 "sort" 25 "strconv" 26 "strings" 27 "sync" 28 "sync/atomic" 29 "time" 30 31 "github.com/ck00004/CobaltStrikeParser-Go/lib/url" 32 urlpkg "github.com/ck00004/CobaltStrikeParser-Go/lib/url" 33 34 "golang.org/x/net/http/httpguts" 35 ) 36 37 // Errors used by the HTTP server. 38 var ( 39 // ErrBodyNotAllowed is returned by ResponseWriter.Write calls 40 // when the HTTP method or response code does not permit a 41 // body. 42 ErrBodyNotAllowed = errors.New("http: request method or response status code does not allow body") 43 44 // ErrHijacked is returned by ResponseWriter.Write calls when 45 // the underlying connection has been hijacked using the 46 // Hijacker interface. A zero-byte write on a hijacked 47 // connection will return ErrHijacked without any other side 48 // effects. 49 ErrHijacked = errors.New("http: connection has been hijacked") 50 51 // ErrContentLength is returned by ResponseWriter.Write calls 52 // when a Handler set a Content-Length response header with a 53 // declared size and then attempted to write more bytes than 54 // declared. 55 ErrContentLength = errors.New("http: wrote more than the declared Content-Length") 56 57 // Deprecated: ErrWriteAfterFlush is no longer returned by 58 // anything in the net/http package. Callers should not 59 // compare errors against this variable. 60 ErrWriteAfterFlush = errors.New("unused") 61 ) 62 63 // A Handler responds to an HTTP request. 64 // 65 // ServeHTTP should write reply headers and data to the ResponseWriter 66 // and then return. Returning signals that the request is finished; it 67 // is not valid to use the ResponseWriter or read from the 68 // Request.Body after or concurrently with the completion of the 69 // ServeHTTP call. 70 // 71 // Depending on the HTTP client software, HTTP protocol version, and 72 // any intermediaries between the client and the Go server, it may not 73 // be possible to read from the Request.Body after writing to the 74 // ResponseWriter. Cautious handlers should read the Request.Body 75 // first, and then reply. 76 // 77 // Except for reading the body, handlers should not modify the 78 // provided Request. 79 // 80 // If ServeHTTP panics, the server (the caller of ServeHTTP) assumes 81 // that the effect of the panic was isolated to the active request. 82 // It recovers the panic, logs a stack trace to the server error log, 83 // and either closes the network connection or sends an HTTP/2 84 // RST_STREAM, depending on the HTTP protocol. To abort a handler so 85 // the client sees an interrupted response but the server doesn't log 86 // an error, panic with the value ErrAbortHandler. 87 type Handler interface { 88 ServeHTTP(ResponseWriter, *Request) 89 } 90 91 // A ResponseWriter interface is used by an HTTP handler to 92 // construct an HTTP response. 93 // 94 // A ResponseWriter may not be used after the Handler.ServeHTTP method 95 // has returned. 96 type ResponseWriter interface { 97 // Header returns the header map that will be sent by 98 // WriteHeader. The Header map also is the mechanism with which 99 // Handlers can set HTTP trailers. 100 // 101 // Changing the header map after a call to WriteHeader (or 102 // Write) has no effect unless the modified headers are 103 // trailers. 104 // 105 // There are two ways to set Trailers. The preferred way is to 106 // predeclare in the headers which trailers you will later 107 // send by setting the "Trailer" header to the names of the 108 // trailer keys which will come later. In this case, those 109 // keys of the Header map are treated as if they were 110 // trailers. See the example. The second way, for trailer 111 // keys not known to the Handler until after the first Write, 112 // is to prefix the Header map keys with the TrailerPrefix 113 // constant value. See TrailerPrefix. 114 // 115 // To suppress automatic response headers (such as "Date"), set 116 // their value to nil. 117 Header() Header 118 119 // Write writes the data to the connection as part of an HTTP reply. 120 // 121 // If WriteHeader has not yet been called, Write calls 122 // WriteHeader(http.StatusOK) before writing the data. If the Header 123 // does not contain a Content-Type line, Write adds a Content-Type set 124 // to the result of passing the initial 512 bytes of written data to 125 // DetectContentType. Additionally, if the total size of all written 126 // data is under a few KB and there are no Flush calls, the 127 // Content-Length header is added automatically. 128 // 129 // Depending on the HTTP protocol version and the client, calling 130 // Write or WriteHeader may prevent future reads on the 131 // Request.Body. For HTTP/1.x requests, handlers should read any 132 // needed request body data before writing the response. Once the 133 // headers have been flushed (due to either an explicit Flusher.Flush 134 // call or writing enough data to trigger a flush), the request body 135 // may be unavailable. For HTTP/2 requests, the Go HTTP server permits 136 // handlers to continue to read the request body while concurrently 137 // writing the response. However, such behavior may not be supported 138 // by all HTTP/2 clients. Handlers should read before writing if 139 // possible to maximize compatibility. 140 Write([]byte) (int, error) 141 142 // WriteHeader sends an HTTP response header with the provided 143 // status code. 144 // 145 // If WriteHeader is not called explicitly, the first call to Write 146 // will trigger an implicit WriteHeader(http.StatusOK). 147 // Thus explicit calls to WriteHeader are mainly used to 148 // send error codes. 149 // 150 // The provided code must be a valid HTTP 1xx-5xx status code. 151 // Only one header may be written. Go does not currently 152 // support sending user-defined 1xx informational headers, 153 // with the exception of 100-continue response header that the 154 // Server sends automatically when the Request.Body is read. 155 WriteHeader(statusCode int) 156 } 157 158 // The Flusher interface is implemented by ResponseWriters that allow 159 // an HTTP handler to flush buffered data to the client. 160 // 161 // The default HTTP/1.x and HTTP/2 ResponseWriter implementations 162 // support Flusher, but ResponseWriter wrappers may not. Handlers 163 // should always test for this ability at runtime. 164 // 165 // Note that even for ResponseWriters that support Flush, 166 // if the client is connected through an HTTP proxy, 167 // the buffered data may not reach the client until the response 168 // completes. 169 type Flusher interface { 170 // Flush sends any buffered data to the client. 171 Flush() 172 } 173 174 // The Hijacker interface is implemented by ResponseWriters that allow 175 // an HTTP handler to take over the connection. 176 // 177 // The default ResponseWriter for HTTP/1.x connections supports 178 // Hijacker, but HTTP/2 connections intentionally do not. 179 // ResponseWriter wrappers may also not support Hijacker. Handlers 180 // should always test for this ability at runtime. 181 type Hijacker interface { 182 // Hijack lets the caller take over the connection. 183 // After a call to Hijack the HTTP server library 184 // will not do anything else with the connection. 185 // 186 // It becomes the caller's responsibility to manage 187 // and close the connection. 188 // 189 // The returned net.Conn may have read or write deadlines 190 // already set, depending on the configuration of the 191 // Server. It is the caller's responsibility to set 192 // or clear those deadlines as needed. 193 // 194 // The returned bufio.Reader may contain unprocessed buffered 195 // data from the client. 196 // 197 // After a call to Hijack, the original Request.Body must not 198 // be used. The original Request's Context remains valid and 199 // is not canceled until the Request's ServeHTTP method 200 // returns. 201 Hijack() (net.Conn, *bufio.ReadWriter, error) 202 } 203 204 // The CloseNotifier interface is implemented by ResponseWriters which 205 // allow detecting when the underlying connection has gone away. 206 // 207 // This mechanism can be used to cancel long operations on the server 208 // if the client has disconnected before the response is ready. 209 // 210 // Deprecated: the CloseNotifier interface predates Go's context package. 211 // New code should use Request.Context instead. 212 type CloseNotifier interface { 213 // CloseNotify returns a channel that receives at most a 214 // single value (true) when the client connection has gone 215 // away. 216 // 217 // CloseNotify may wait to notify until Request.Body has been 218 // fully read. 219 // 220 // After the Handler has returned, there is no guarantee 221 // that the channel receives a value. 222 // 223 // If the protocol is HTTP/1.1 and CloseNotify is called while 224 // processing an idempotent request (such a GET) while 225 // HTTP/1.1 pipelining is in use, the arrival of a subsequent 226 // pipelined request may cause a value to be sent on the 227 // returned channel. In practice HTTP/1.1 pipelining is not 228 // enabled in browsers and not seen often in the wild. If this 229 // is a problem, use HTTP/2 or only use CloseNotify on methods 230 // such as POST. 231 CloseNotify() <-chan bool 232 } 233 234 var ( 235 // ServerContextKey is a context key. It can be used in HTTP 236 // handlers with Context.Value to access the server that 237 // started the handler. The associated value will be of 238 // type *Server. 239 ServerContextKey = &contextKey{"http-server"} 240 241 // LocalAddrContextKey is a context key. It can be used in 242 // HTTP handlers with Context.Value to access the local 243 // address the connection arrived on. 244 // The associated value will be of type net.Addr. 245 LocalAddrContextKey = &contextKey{"local-addr"} 246 ) 247 248 // A conn represents the server side of an HTTP connection. 249 type conn struct { 250 // server is the server on which the connection arrived. 251 // Immutable; never nil. 252 server *Server 253 254 // cancelCtx cancels the connection-level context. 255 cancelCtx context.CancelFunc 256 257 // rwc is the underlying network connection. 258 // This is never wrapped by other types and is the value given out 259 // to CloseNotifier callers. It is usually of type *net.TCPConn or 260 // *tls.Conn. 261 rwc net.Conn 262 263 // remoteAddr is rwc.RemoteAddr().String(). It is not populated synchronously 264 // inside the Listener's Accept goroutine, as some implementations block. 265 // It is populated immediately inside the (*conn).serve goroutine. 266 // This is the value of a Handler's (*Request).RemoteAddr. 267 remoteAddr string 268 269 // tlsState is the TLS connection state when using TLS. 270 // nil means not TLS. 271 tlsState *tls.ConnectionState 272 273 // werr is set to the first write error to rwc. 274 // It is set via checkConnErrorWriter{w}, where bufw writes. 275 werr error 276 277 // r is bufr's read source. It's a wrapper around rwc that provides 278 // io.LimitedReader-style limiting (while reading request headers) 279 // and functionality to support CloseNotifier. See *connReader docs. 280 r *connReader 281 282 // bufr reads from r. 283 bufr *bufio.Reader 284 285 // bufw writes to checkConnErrorWriter{c}, which populates werr on error. 286 bufw *bufio.Writer 287 288 // lastMethod is the method of the most recent request 289 // on this connection, if any. 290 lastMethod string 291 292 curReq atomic.Value // of *response (which has a Request in it) 293 294 curState struct{ atomic uint64 } // packed (unixtime<<8|uint8(ConnState)) 295 296 // mu guards hijackedv 297 mu sync.Mutex 298 299 // hijackedv is whether this connection has been hijacked 300 // by a Handler with the Hijacker interface. 301 // It is guarded by mu. 302 hijackedv bool 303 } 304 305 func (c *conn) hijacked() bool { 306 c.mu.Lock() 307 defer c.mu.Unlock() 308 return c.hijackedv 309 } 310 311 // c.mu must be held. 312 func (c *conn) hijackLocked() (rwc net.Conn, buf *bufio.ReadWriter, err error) { 313 if c.hijackedv { 314 return nil, nil, ErrHijacked 315 } 316 c.r.abortPendingRead() 317 318 c.hijackedv = true 319 rwc = c.rwc 320 rwc.SetDeadline(time.Time{}) 321 322 buf = bufio.NewReadWriter(c.bufr, bufio.NewWriter(rwc)) 323 if c.r.hasByte { 324 if _, err := c.bufr.Peek(c.bufr.Buffered() + 1); err != nil { 325 return nil, nil, fmt.Errorf("unexpected Peek failure reading buffered byte: %v", err) 326 } 327 } 328 c.setState(rwc, StateHijacked, runHooks) 329 return 330 } 331 332 // This should be >= 512 bytes for DetectContentType, 333 // but otherwise it's somewhat arbitrary. 334 const bufferBeforeChunkingSize = 2048 335 336 // chunkWriter writes to a response's conn buffer, and is the writer 337 // wrapped by the response.w buffered writer. 338 // 339 // chunkWriter also is responsible for finalizing the Header, including 340 // conditionally setting the Content-Type and setting a Content-Length 341 // in cases where the handler's final output is smaller than the buffer 342 // size. It also conditionally adds chunk headers, when in chunking mode. 343 // 344 // See the comment above (*response).Write for the entire write flow. 345 type chunkWriter struct { 346 res *response 347 348 // header is either nil or a deep clone of res.handlerHeader 349 // at the time of res.writeHeader, if res.writeHeader is 350 // called and extra buffering is being done to calculate 351 // Content-Type and/or Content-Length. 352 header Header 353 354 // wroteHeader tells whether the header's been written to "the 355 // wire" (or rather: w.conn.buf). this is unlike 356 // (*response).wroteHeader, which tells only whether it was 357 // logically written. 358 wroteHeader bool 359 360 // set by the writeHeader method: 361 chunking bool // using chunked transfer encoding for reply body 362 } 363 364 var ( 365 crlf = []byte("\r\n") 366 colonSpace = []byte(": ") 367 ) 368 369 func (cw *chunkWriter) Write(p []byte) (n int, err error) { 370 if !cw.wroteHeader { 371 cw.writeHeader(p) 372 } 373 if cw.res.req.Method == "HEAD" { 374 // Eat writes. 375 return len(p), nil 376 } 377 if cw.chunking { 378 _, err = fmt.Fprintf(cw.res.conn.bufw, "%x\r\n", len(p)) 379 if err != nil { 380 cw.res.conn.rwc.Close() 381 return 382 } 383 } 384 n, err = cw.res.conn.bufw.Write(p) 385 if cw.chunking && err == nil { 386 _, err = cw.res.conn.bufw.Write(crlf) 387 } 388 if err != nil { 389 cw.res.conn.rwc.Close() 390 } 391 return 392 } 393 394 func (cw *chunkWriter) flush() { 395 if !cw.wroteHeader { 396 cw.writeHeader(nil) 397 } 398 cw.res.conn.bufw.Flush() 399 } 400 401 func (cw *chunkWriter) close() { 402 if !cw.wroteHeader { 403 cw.writeHeader(nil) 404 } 405 if cw.chunking { 406 bw := cw.res.conn.bufw // conn's bufio writer 407 // zero chunk to mark EOF 408 bw.WriteString("0\r\n") 409 if trailers := cw.res.finalTrailers(); trailers != nil { 410 trailers.Write(bw) // the writer handles noting errors 411 } 412 // final blank line after the trailers (whether 413 // present or not) 414 bw.WriteString("\r\n") 415 } 416 } 417 418 // A response represents the server side of an HTTP response. 419 type response struct { 420 conn *conn 421 req *Request // request for this response 422 reqBody io.ReadCloser 423 cancelCtx context.CancelFunc // when ServeHTTP exits 424 wroteHeader bool // reply header has been (logically) written 425 wroteContinue bool // 100 Continue response was written 426 wants10KeepAlive bool // HTTP/1.0 w/ Connection "keep-alive" 427 wantsClose bool // HTTP request has Connection "close" 428 429 // canWriteContinue is a boolean value accessed as an atomic int32 430 // that says whether or not a 100 Continue header can be written 431 // to the connection. 432 // writeContinueMu must be held while writing the header. 433 // These two fields together synchronize the body reader 434 // (the expectContinueReader, which wants to write 100 Continue) 435 // against the main writer. 436 canWriteContinue atomicBool 437 writeContinueMu sync.Mutex 438 439 w *bufio.Writer // buffers output in chunks to chunkWriter 440 cw chunkWriter 441 442 // handlerHeader is the Header that Handlers get access to, 443 // which may be retained and mutated even after WriteHeader. 444 // handlerHeader is copied into cw.header at WriteHeader 445 // time, and privately mutated thereafter. 446 handlerHeader Header 447 calledHeader bool // handler accessed handlerHeader via Header 448 449 written int64 // number of bytes written in body 450 contentLength int64 // explicitly-declared Content-Length; or -1 451 status int // status code passed to WriteHeader 452 453 // close connection after this reply. set on request and 454 // updated after response from handler if there's a 455 // "Connection: keep-alive" response header and a 456 // Content-Length. 457 closeAfterReply bool 458 459 // requestBodyLimitHit is set by requestTooLarge when 460 // maxBytesReader hits its max size. It is checked in 461 // WriteHeader, to make sure we don't consume the 462 // remaining request body to try to advance to the next HTTP 463 // request. Instead, when this is set, we stop reading 464 // subsequent requests on this connection and stop reading 465 // input from it. 466 requestBodyLimitHit bool 467 468 // trailers are the headers to be sent after the handler 469 // finishes writing the body. This field is initialized from 470 // the Trailer response header when the response header is 471 // written. 472 trailers []string 473 474 handlerDone atomicBool // set true when the handler exits 475 476 // Buffers for Date, Content-Length, and status code 477 dateBuf [len(TimeFormat)]byte 478 clenBuf [10]byte 479 statusBuf [3]byte 480 481 // closeNotifyCh is the channel returned by CloseNotify. 482 // TODO(bradfitz): this is currently (for Go 1.8) always 483 // non-nil. Make this lazily-created again as it used to be? 484 closeNotifyCh chan bool 485 didCloseNotify int32 // atomic (only 0->1 winner should send) 486 } 487 488 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 489 // that, if present, signals that the map entry is actually for 490 // the response trailers, and not the response headers. The prefix 491 // is stripped after the ServeHTTP call finishes and the values are 492 // sent in the trailers. 493 // 494 // This mechanism is intended only for trailers that are not known 495 // prior to the headers being written. If the set of trailers is fixed 496 // or known before the header is written, the normal Go trailers mechanism 497 // is preferred: 498 // https://golang.org/pkg/net/http/#ResponseWriter 499 // https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 500 const TrailerPrefix = "Trailer:" 501 502 // finalTrailers is called after the Handler exits and returns a non-nil 503 // value if the Handler set any trailers. 504 func (w *response) finalTrailers() Header { 505 var t Header 506 for k, vv := range w.handlerHeader { 507 if strings.HasPrefix(k, TrailerPrefix) { 508 if t == nil { 509 t = make(Header) 510 } 511 t[strings.TrimPrefix(k, TrailerPrefix)] = vv 512 } 513 } 514 for _, k := range w.trailers { 515 if t == nil { 516 t = make(Header) 517 } 518 for _, v := range w.handlerHeader[k] { 519 t.Add(k, v) 520 } 521 } 522 return t 523 } 524 525 type atomicBool int32 526 527 func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 } 528 func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) } 529 func (b *atomicBool) setFalse() { atomic.StoreInt32((*int32)(b), 0) } 530 531 // declareTrailer is called for each Trailer header when the 532 // response header is written. It notes that a header will need to be 533 // written in the trailers at the end of the response. 534 func (w *response) declareTrailer(k string) { 535 k = CanonicalHeaderKey(k) 536 if !httpguts.ValidTrailerHeader(k) { 537 // Forbidden by RFC 7230, section 4.1.2 538 return 539 } 540 w.trailers = append(w.trailers, k) 541 } 542 543 // requestTooLarge is called by maxBytesReader when too much input has 544 // been read from the client. 545 func (w *response) requestTooLarge() { 546 w.closeAfterReply = true 547 w.requestBodyLimitHit = true 548 if !w.wroteHeader { 549 w.Header().Set("Connection", "close") 550 } 551 } 552 553 // needsSniff reports whether a Content-Type still needs to be sniffed. 554 func (w *response) needsSniff() bool { 555 _, haveType := w.handlerHeader["Content-Type"] 556 return !w.cw.wroteHeader && !haveType && w.written < sniffLen 557 } 558 559 // writerOnly hides an io.Writer value's optional ReadFrom method 560 // from io.Copy. 561 type writerOnly struct { 562 io.Writer 563 } 564 565 // ReadFrom is here to optimize copying from an *os.File regular file 566 // to a *net.TCPConn with sendfile, or from a supported src type such 567 // as a *net.TCPConn on Linux with splice. 568 func (w *response) ReadFrom(src io.Reader) (n int64, err error) { 569 bufp := copyBufPool.Get().(*[]byte) 570 buf := *bufp 571 defer copyBufPool.Put(bufp) 572 573 // Our underlying w.conn.rwc is usually a *TCPConn (with its 574 // own ReadFrom method). If not, just fall back to the normal 575 // copy method. 576 rf, ok := w.conn.rwc.(io.ReaderFrom) 577 if !ok { 578 return io.CopyBuffer(writerOnly{w}, src, buf) 579 } 580 581 // Copy the first sniffLen bytes before switching to ReadFrom. 582 // This ensures we don't start writing the response before the 583 // source is available (see golang.org/issue/5660) and provides 584 // enough bytes to perform Content-Type sniffing when required. 585 if !w.cw.wroteHeader { 586 n0, err := io.CopyBuffer(writerOnly{w}, io.LimitReader(src, sniffLen), buf) 587 n += n0 588 if err != nil || n0 < sniffLen { 589 return n, err 590 } 591 } 592 593 w.w.Flush() // get rid of any previous writes 594 w.cw.flush() // make sure Header is written; flush data to rwc 595 596 // Now that cw has been flushed, its chunking field is guaranteed initialized. 597 if !w.cw.chunking && w.bodyAllowed() { 598 n0, err := rf.ReadFrom(src) 599 n += n0 600 w.written += n0 601 return n, err 602 } 603 604 n0, err := io.CopyBuffer(writerOnly{w}, src, buf) 605 n += n0 606 return n, err 607 } 608 609 // debugServerConnections controls whether all server connections are wrapped 610 // with a verbose logging wrapper. 611 const debugServerConnections = false 612 613 // Create new connection from rwc. 614 func (srv *Server) newConn(rwc net.Conn) *conn { 615 c := &conn{ 616 server: srv, 617 rwc: rwc, 618 } 619 if debugServerConnections { 620 c.rwc = newLoggingConn("server", c.rwc) 621 } 622 return c 623 } 624 625 type readResult struct { 626 _ incomparable 627 n int 628 err error 629 b byte // byte read, if n == 1 630 } 631 632 // connReader is the io.Reader wrapper used by *conn. It combines a 633 // selectively-activated io.LimitedReader (to bound request header 634 // read sizes) with support for selectively keeping an io.Reader.Read 635 // call blocked in a background goroutine to wait for activity and 636 // trigger a CloseNotifier channel. 637 type connReader struct { 638 conn *conn 639 640 mu sync.Mutex // guards following 641 hasByte bool 642 byteBuf [1]byte 643 cond *sync.Cond 644 inRead bool 645 aborted bool // set true before conn.rwc deadline is set to past 646 remain int64 // bytes remaining 647 } 648 649 func (cr *connReader) lock() { 650 cr.mu.Lock() 651 if cr.cond == nil { 652 cr.cond = sync.NewCond(&cr.mu) 653 } 654 } 655 656 func (cr *connReader) unlock() { cr.mu.Unlock() } 657 658 func (cr *connReader) startBackgroundRead() { 659 cr.lock() 660 defer cr.unlock() 661 if cr.inRead { 662 panic("invalid concurrent Body.Read call") 663 } 664 if cr.hasByte { 665 return 666 } 667 cr.inRead = true 668 cr.conn.rwc.SetReadDeadline(time.Time{}) 669 go cr.backgroundRead() 670 } 671 672 func (cr *connReader) backgroundRead() { 673 n, err := cr.conn.rwc.Read(cr.byteBuf[:]) 674 cr.lock() 675 if n == 1 { 676 cr.hasByte = true 677 // We were past the end of the previous request's body already 678 // (since we wouldn't be in a background read otherwise), so 679 // this is a pipelined HTTP request. Prior to Go 1.11 we used to 680 // send on the CloseNotify channel and cancel the context here, 681 // but the behavior was documented as only "may", and we only 682 // did that because that's how CloseNotify accidentally behaved 683 // in very early Go releases prior to context support. Once we 684 // added context support, people used a Handler's 685 // Request.Context() and passed it along. Having that context 686 // cancel on pipelined HTTP requests caused problems. 687 // Fortunately, almost nothing uses HTTP/1.x pipelining. 688 // Unfortunately, apt-get does, or sometimes does. 689 // New Go 1.11 behavior: don't fire CloseNotify or cancel 690 // contexts on pipelined requests. Shouldn't affect people, but 691 // fixes cases like Issue 23921. This does mean that a client 692 // closing their TCP connection after sending a pipelined 693 // request won't cancel the context, but we'll catch that on any 694 // write failure (in checkConnErrorWriter.Write). 695 // If the server never writes, yes, there are still contrived 696 // server & client behaviors where this fails to ever cancel the 697 // context, but that's kinda why HTTP/1.x pipelining died 698 // anyway. 699 } 700 if ne, ok := err.(net.Error); ok && cr.aborted && ne.Timeout() { 701 // Ignore this error. It's the expected error from 702 // another goroutine calling abortPendingRead. 703 } else if err != nil { 704 cr.handleReadError(err) 705 } 706 cr.aborted = false 707 cr.inRead = false 708 cr.unlock() 709 cr.cond.Broadcast() 710 } 711 712 func (cr *connReader) abortPendingRead() { 713 cr.lock() 714 defer cr.unlock() 715 if !cr.inRead { 716 return 717 } 718 cr.aborted = true 719 cr.conn.rwc.SetReadDeadline(aLongTimeAgo) 720 for cr.inRead { 721 cr.cond.Wait() 722 } 723 cr.conn.rwc.SetReadDeadline(time.Time{}) 724 } 725 726 func (cr *connReader) setReadLimit(remain int64) { cr.remain = remain } 727 func (cr *connReader) setInfiniteReadLimit() { cr.remain = maxInt64 } 728 func (cr *connReader) hitReadLimit() bool { return cr.remain <= 0 } 729 730 // handleReadError is called whenever a Read from the client returns a 731 // non-nil error. 732 // 733 // The provided non-nil err is almost always io.EOF or a "use of 734 // closed network connection". In any case, the error is not 735 // particularly interesting, except perhaps for debugging during 736 // development. Any error means the connection is dead and we should 737 // down its context. 738 // 739 // It may be called from multiple goroutines. 740 func (cr *connReader) handleReadError(_ error) { 741 cr.conn.cancelCtx() 742 cr.closeNotify() 743 } 744 745 // may be called from multiple goroutines. 746 func (cr *connReader) closeNotify() { 747 res, _ := cr.conn.curReq.Load().(*response) 748 if res != nil && atomic.CompareAndSwapInt32(&res.didCloseNotify, 0, 1) { 749 res.closeNotifyCh <- true 750 } 751 } 752 753 func (cr *connReader) Read(p []byte) (n int, err error) { 754 cr.lock() 755 if cr.inRead { 756 cr.unlock() 757 if cr.conn.hijacked() { 758 panic("invalid Body.Read call. After hijacked, the original Request must not be used") 759 } 760 panic("invalid concurrent Body.Read call") 761 } 762 if cr.hitReadLimit() { 763 cr.unlock() 764 return 0, io.EOF 765 } 766 if len(p) == 0 { 767 cr.unlock() 768 return 0, nil 769 } 770 if int64(len(p)) > cr.remain { 771 p = p[:cr.remain] 772 } 773 if cr.hasByte { 774 p[0] = cr.byteBuf[0] 775 cr.hasByte = false 776 cr.unlock() 777 return 1, nil 778 } 779 cr.inRead = true 780 cr.unlock() 781 n, err = cr.conn.rwc.Read(p) 782 783 cr.lock() 784 cr.inRead = false 785 if err != nil { 786 cr.handleReadError(err) 787 } 788 cr.remain -= int64(n) 789 cr.unlock() 790 791 cr.cond.Broadcast() 792 return n, err 793 } 794 795 var ( 796 bufioReaderPool sync.Pool 797 bufioWriter2kPool sync.Pool 798 bufioWriter4kPool sync.Pool 799 ) 800 801 var copyBufPool = sync.Pool{ 802 New: func() interface{} { 803 b := make([]byte, 32*1024) 804 return &b 805 }, 806 } 807 808 func bufioWriterPool(size int) *sync.Pool { 809 switch size { 810 case 2 << 10: 811 return &bufioWriter2kPool 812 case 4 << 10: 813 return &bufioWriter4kPool 814 } 815 return nil 816 } 817 818 func newBufioReader(r io.Reader) *bufio.Reader { 819 if v := bufioReaderPool.Get(); v != nil { 820 br := v.(*bufio.Reader) 821 br.Reset(r) 822 return br 823 } 824 // Note: if this reader size is ever changed, update 825 // TestHandlerBodyClose's assumptions. 826 return bufio.NewReader(r) 827 } 828 829 func putBufioReader(br *bufio.Reader) { 830 br.Reset(nil) 831 bufioReaderPool.Put(br) 832 } 833 834 func newBufioWriterSize(w io.Writer, size int) *bufio.Writer { 835 pool := bufioWriterPool(size) 836 if pool != nil { 837 if v := pool.Get(); v != nil { 838 bw := v.(*bufio.Writer) 839 bw.Reset(w) 840 return bw 841 } 842 } 843 return bufio.NewWriterSize(w, size) 844 } 845 846 func putBufioWriter(bw *bufio.Writer) { 847 bw.Reset(nil) 848 if pool := bufioWriterPool(bw.Available()); pool != nil { 849 pool.Put(bw) 850 } 851 } 852 853 // DefaultMaxHeaderBytes is the maximum permitted size of the headers 854 // in an HTTP request. 855 // This can be overridden by setting Server.MaxHeaderBytes. 856 const DefaultMaxHeaderBytes = 1 << 20 // 1 MB 857 858 func (srv *Server) maxHeaderBytes() int { 859 if srv.MaxHeaderBytes > 0 { 860 return srv.MaxHeaderBytes 861 } 862 return DefaultMaxHeaderBytes 863 } 864 865 func (srv *Server) initialReadLimitSize() int64 { 866 return int64(srv.maxHeaderBytes()) + 4096 // bufio slop 867 } 868 869 // wrapper around io.ReadCloser which on first read, sends an 870 // HTTP/1.1 100 Continue header 871 type expectContinueReader struct { 872 resp *response 873 readCloser io.ReadCloser 874 closed atomicBool 875 sawEOF atomicBool 876 } 877 878 func (ecr *expectContinueReader) Read(p []byte) (n int, err error) { 879 if ecr.closed.isSet() { 880 return 0, ErrBodyReadAfterClose 881 } 882 w := ecr.resp 883 if !w.wroteContinue && w.canWriteContinue.isSet() && !w.conn.hijacked() { 884 w.wroteContinue = true 885 w.writeContinueMu.Lock() 886 if w.canWriteContinue.isSet() { 887 w.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n") 888 w.conn.bufw.Flush() 889 w.canWriteContinue.setFalse() 890 } 891 w.writeContinueMu.Unlock() 892 } 893 n, err = ecr.readCloser.Read(p) 894 if err == io.EOF { 895 ecr.sawEOF.setTrue() 896 } 897 return 898 } 899 900 func (ecr *expectContinueReader) Close() error { 901 ecr.closed.setTrue() 902 return ecr.readCloser.Close() 903 } 904 905 // TimeFormat is the time format to use when generating times in HTTP 906 // headers. It is like time.RFC1123 but hard-codes GMT as the time 907 // zone. The time being formatted must be in UTC for Format to 908 // generate the correct format. 909 // 910 // For parsing this time format, see ParseTime. 911 const TimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" 912 913 // appendTime is a non-allocating version of []byte(t.UTC().Format(TimeFormat)) 914 func appendTime(b []byte, t time.Time) []byte { 915 const days = "SunMonTueWedThuFriSat" 916 const months = "JanFebMarAprMayJunJulAugSepOctNovDec" 917 918 t = t.UTC() 919 yy, mm, dd := t.Date() 920 hh, mn, ss := t.Clock() 921 day := days[3*t.Weekday():] 922 mon := months[3*(mm-1):] 923 924 return append(b, 925 day[0], day[1], day[2], ',', ' ', 926 byte('0'+dd/10), byte('0'+dd%10), ' ', 927 mon[0], mon[1], mon[2], ' ', 928 byte('0'+yy/1000), byte('0'+(yy/100)%10), byte('0'+(yy/10)%10), byte('0'+yy%10), ' ', 929 byte('0'+hh/10), byte('0'+hh%10), ':', 930 byte('0'+mn/10), byte('0'+mn%10), ':', 931 byte('0'+ss/10), byte('0'+ss%10), ' ', 932 'G', 'M', 'T') 933 } 934 935 var errTooLarge = errors.New("http: request too large") 936 937 // Read next request from connection. 938 func (c *conn) readRequest(ctx context.Context) (w *response, err error) { 939 if c.hijacked() { 940 return nil, ErrHijacked 941 } 942 943 var ( 944 wholeReqDeadline time.Time // or zero if none 945 hdrDeadline time.Time // or zero if none 946 ) 947 t0 := time.Now() 948 if d := c.server.readHeaderTimeout(); d > 0 { 949 hdrDeadline = t0.Add(d) 950 } 951 if d := c.server.ReadTimeout; d > 0 { 952 wholeReqDeadline = t0.Add(d) 953 } 954 c.rwc.SetReadDeadline(hdrDeadline) 955 if d := c.server.WriteTimeout; d > 0 { 956 defer func() { 957 c.rwc.SetWriteDeadline(time.Now().Add(d)) 958 }() 959 } 960 961 c.r.setReadLimit(c.server.initialReadLimitSize()) 962 if c.lastMethod == "POST" { 963 // RFC 7230 section 3 tolerance for old buggy clients. 964 peek, _ := c.bufr.Peek(4) // ReadRequest will get err below 965 c.bufr.Discard(numLeadingCRorLF(peek)) 966 } 967 req, err := readRequest(c.bufr) 968 if err != nil { 969 if c.r.hitReadLimit() { 970 return nil, errTooLarge 971 } 972 return nil, err 973 } 974 975 if !http1ServerSupportsRequest(req) { 976 return nil, statusError{StatusHTTPVersionNotSupported, "unsupported protocol version"} 977 } 978 979 c.lastMethod = req.Method 980 c.r.setInfiniteReadLimit() 981 982 hosts, haveHost := req.Header["Host"] 983 isH2Upgrade := req.isH2Upgrade() 984 if req.ProtoAtLeast(1, 1) && (!haveHost || len(hosts) == 0) && !isH2Upgrade && req.Method != "CONNECT" { 985 return nil, badRequestError("missing required Host header") 986 } 987 if len(hosts) == 1 && !httpguts.ValidHostHeader(hosts[0]) { 988 return nil, badRequestError("malformed Host header") 989 } 990 for k, vv := range req.Header { 991 if !httpguts.ValidHeaderFieldName(k) { 992 return nil, badRequestError("invalid header name") 993 } 994 for _, v := range vv { 995 if !httpguts.ValidHeaderFieldValue(v) { 996 return nil, badRequestError("invalid header value") 997 } 998 } 999 } 1000 delete(req.Header, "Host") 1001 1002 ctx, cancelCtx := context.WithCancel(ctx) 1003 req.ctx = ctx 1004 req.RemoteAddr = c.remoteAddr 1005 req.TLS = c.tlsState 1006 if body, ok := req.Body.(*body); ok { 1007 body.doEarlyClose = true 1008 } 1009 1010 // Adjust the read deadline if necessary. 1011 if !hdrDeadline.Equal(wholeReqDeadline) { 1012 c.rwc.SetReadDeadline(wholeReqDeadline) 1013 } 1014 1015 w = &response{ 1016 conn: c, 1017 cancelCtx: cancelCtx, 1018 req: req, 1019 reqBody: req.Body, 1020 handlerHeader: make(Header), 1021 contentLength: -1, 1022 closeNotifyCh: make(chan bool, 1), 1023 1024 // We populate these ahead of time so we're not 1025 // reading from req.Header after their Handler starts 1026 // and maybe mutates it (Issue 14940) 1027 wants10KeepAlive: req.wantsHttp10KeepAlive(), 1028 wantsClose: req.wantsClose(), 1029 } 1030 if isH2Upgrade { 1031 w.closeAfterReply = true 1032 } 1033 w.cw.res = w 1034 w.w = newBufioWriterSize(&w.cw, bufferBeforeChunkingSize) 1035 return w, nil 1036 } 1037 1038 // http1ServerSupportsRequest reports whether Go's HTTP/1.x server 1039 // supports the given request. 1040 func http1ServerSupportsRequest(req *Request) bool { 1041 if req.ProtoMajor == 1 { 1042 return true 1043 } 1044 // Accept "PRI * HTTP/2.0" upgrade requests, so Handlers can 1045 // wire up their own HTTP/2 upgrades. 1046 if req.ProtoMajor == 2 && req.ProtoMinor == 0 && 1047 req.Method == "PRI" && req.RequestURI == "*" { 1048 return true 1049 } 1050 // Reject HTTP/0.x, and all other HTTP/2+ requests (which 1051 // aren't encoded in ASCII anyway). 1052 return false 1053 } 1054 1055 func (w *response) Header() Header { 1056 if w.cw.header == nil && w.wroteHeader && !w.cw.wroteHeader { 1057 // Accessing the header between logically writing it 1058 // and physically writing it means we need to allocate 1059 // a clone to snapshot the logically written state. 1060 w.cw.header = w.handlerHeader.Clone() 1061 } 1062 w.calledHeader = true 1063 return w.handlerHeader 1064 } 1065 1066 // maxPostHandlerReadBytes is the max number of Request.Body bytes not 1067 // consumed by a handler that the server will read from the client 1068 // in order to keep a connection alive. If there are more bytes than 1069 // this then the server to be paranoid instead sends a "Connection: 1070 // close" response. 1071 // 1072 // This number is approximately what a typical machine's TCP buffer 1073 // size is anyway. (if we have the bytes on the machine, we might as 1074 // well read them) 1075 const maxPostHandlerReadBytes = 256 << 10 1076 1077 func checkWriteHeaderCode(code int) { 1078 // Issue 22880: require valid WriteHeader status codes. 1079 // For now we only enforce that it's three digits. 1080 // In the future we might block things over 599 (600 and above aren't defined 1081 // at https://httpwg.org/specs/rfc7231.html#status.codes) 1082 // and we might block under 200 (once we have more mature 1xx support). 1083 // But for now any three digits. 1084 // 1085 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 1086 // no equivalent bogus thing we can realistically send in HTTP/2, 1087 // so we'll consistently panic instead and help people find their bugs 1088 // early. (We can't return an error from WriteHeader even if we wanted to.) 1089 if code < 100 || code > 999 { 1090 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 1091 } 1092 } 1093 1094 // relevantCaller searches the call stack for the first function outside of net/http. 1095 // The purpose of this function is to provide more helpful error messages. 1096 func relevantCaller() runtime.Frame { 1097 pc := make([]uintptr, 16) 1098 n := runtime.Callers(1, pc) 1099 frames := runtime.CallersFrames(pc[:n]) 1100 var frame runtime.Frame 1101 for { 1102 frame, more := frames.Next() 1103 if !strings.HasPrefix(frame.Function, "net/http.") { 1104 return frame 1105 } 1106 if !more { 1107 break 1108 } 1109 } 1110 return frame 1111 } 1112 1113 func (w *response) WriteHeader(code int) { 1114 if w.conn.hijacked() { 1115 caller := relevantCaller() 1116 w.conn.server.logf("http: response.WriteHeader on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1117 return 1118 } 1119 if w.wroteHeader { 1120 caller := relevantCaller() 1121 w.conn.server.logf("http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1122 return 1123 } 1124 checkWriteHeaderCode(code) 1125 w.wroteHeader = true 1126 w.status = code 1127 1128 if w.calledHeader && w.cw.header == nil { 1129 w.cw.header = w.handlerHeader.Clone() 1130 } 1131 1132 if cl := w.handlerHeader.get("Content-Length"); cl != "" { 1133 v, err := strconv.ParseInt(cl, 10, 64) 1134 if err == nil && v >= 0 { 1135 w.contentLength = v 1136 } else { 1137 w.conn.server.logf("http: invalid Content-Length of %q", cl) 1138 w.handlerHeader.Del("Content-Length") 1139 } 1140 } 1141 } 1142 1143 // extraHeader is the set of headers sometimes added by chunkWriter.writeHeader. 1144 // This type is used to avoid extra allocations from cloning and/or populating 1145 // the response Header map and all its 1-element slices. 1146 type extraHeader struct { 1147 contentType string 1148 connection string 1149 transferEncoding string 1150 date []byte // written if not nil 1151 contentLength []byte // written if not nil 1152 } 1153 1154 // Sorted the same as extraHeader.Write's loop. 1155 var extraHeaderKeys = [][]byte{ 1156 []byte("Content-Type"), 1157 []byte("Connection"), 1158 []byte("Transfer-Encoding"), 1159 } 1160 1161 var ( 1162 headerContentLength = []byte("Content-Length: ") 1163 headerDate = []byte("Date: ") 1164 ) 1165 1166 // Write writes the headers described in h to w. 1167 // 1168 // This method has a value receiver, despite the somewhat large size 1169 // of h, because it prevents an allocation. The escape analysis isn't 1170 // smart enough to realize this function doesn't mutate h. 1171 func (h extraHeader) Write(w *bufio.Writer) { 1172 if h.date != nil { 1173 w.Write(headerDate) 1174 w.Write(h.date) 1175 w.Write(crlf) 1176 } 1177 if h.contentLength != nil { 1178 w.Write(headerContentLength) 1179 w.Write(h.contentLength) 1180 w.Write(crlf) 1181 } 1182 for i, v := range []string{h.contentType, h.connection, h.transferEncoding} { 1183 if v != "" { 1184 w.Write(extraHeaderKeys[i]) 1185 w.Write(colonSpace) 1186 w.WriteString(v) 1187 w.Write(crlf) 1188 } 1189 } 1190 } 1191 1192 // writeHeader finalizes the header sent to the client and writes it 1193 // to cw.res.conn.bufw. 1194 // 1195 // p is not written by writeHeader, but is the first chunk of the body 1196 // that will be written. It is sniffed for a Content-Type if none is 1197 // set explicitly. It's also used to set the Content-Length, if the 1198 // total body size was small and the handler has already finished 1199 // running. 1200 func (cw *chunkWriter) writeHeader(p []byte) { 1201 if cw.wroteHeader { 1202 return 1203 } 1204 cw.wroteHeader = true 1205 1206 w := cw.res 1207 keepAlivesEnabled := w.conn.server.doKeepAlives() 1208 isHEAD := w.req.Method == "HEAD" 1209 1210 // header is written out to w.conn.buf below. Depending on the 1211 // state of the handler, we either own the map or not. If we 1212 // don't own it, the exclude map is created lazily for 1213 // WriteSubset to remove headers. The setHeader struct holds 1214 // headers we need to add. 1215 header := cw.header 1216 owned := header != nil 1217 if !owned { 1218 header = w.handlerHeader 1219 } 1220 var excludeHeader map[string]bool 1221 delHeader := func(key string) { 1222 if owned { 1223 header.Del(key) 1224 return 1225 } 1226 if _, ok := header[key]; !ok { 1227 return 1228 } 1229 if excludeHeader == nil { 1230 excludeHeader = make(map[string]bool) 1231 } 1232 excludeHeader[key] = true 1233 } 1234 var setHeader extraHeader 1235 1236 // Don't write out the fake "Trailer:foo" keys. See TrailerPrefix. 1237 trailers := false 1238 for k := range cw.header { 1239 if strings.HasPrefix(k, TrailerPrefix) { 1240 if excludeHeader == nil { 1241 excludeHeader = make(map[string]bool) 1242 } 1243 excludeHeader[k] = true 1244 trailers = true 1245 } 1246 } 1247 for _, v := range cw.header["Trailer"] { 1248 trailers = true 1249 foreachHeaderElement(v, cw.res.declareTrailer) 1250 } 1251 1252 te := header.get("Transfer-Encoding") 1253 hasTE := te != "" 1254 1255 // If the handler is done but never sent a Content-Length 1256 // response header and this is our first (and last) write, set 1257 // it, even to zero. This helps HTTP/1.0 clients keep their 1258 // "keep-alive" connections alive. 1259 // Exceptions: 304/204/1xx responses never get Content-Length, and if 1260 // it was a HEAD request, we don't know the difference between 1261 // 0 actual bytes and 0 bytes because the handler noticed it 1262 // was a HEAD request and chose not to write anything. So for 1263 // HEAD, the handler should either write the Content-Length or 1264 // write non-zero bytes. If it's actually 0 bytes and the 1265 // handler never looked at the Request.Method, we just don't 1266 // send a Content-Length header. 1267 // Further, we don't send an automatic Content-Length if they 1268 // set a Transfer-Encoding, because they're generally incompatible. 1269 if w.handlerDone.isSet() && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) { 1270 w.contentLength = int64(len(p)) 1271 setHeader.contentLength = strconv.AppendInt(cw.res.clenBuf[:0], int64(len(p)), 10) 1272 } 1273 1274 // If this was an HTTP/1.0 request with keep-alive and we sent a 1275 // Content-Length back, we can make this a keep-alive response ... 1276 if w.wants10KeepAlive && keepAlivesEnabled { 1277 sentLength := header.get("Content-Length") != "" 1278 if sentLength && header.get("Connection") == "keep-alive" { 1279 w.closeAfterReply = false 1280 } 1281 } 1282 1283 // Check for an explicit (and valid) Content-Length header. 1284 hasCL := w.contentLength != -1 1285 1286 if w.wants10KeepAlive && (isHEAD || hasCL || !bodyAllowedForStatus(w.status)) { 1287 _, connectionHeaderSet := header["Connection"] 1288 if !connectionHeaderSet { 1289 setHeader.connection = "keep-alive" 1290 } 1291 } else if !w.req.ProtoAtLeast(1, 1) || w.wantsClose { 1292 w.closeAfterReply = true 1293 } 1294 1295 if header.get("Connection") == "close" || !keepAlivesEnabled { 1296 w.closeAfterReply = true 1297 } 1298 1299 // If the client wanted a 100-continue but we never sent it to 1300 // them (or, more strictly: we never finished reading their 1301 // request body), don't reuse this connection because it's now 1302 // in an unknown state: we might be sending this response at 1303 // the same time the client is now sending its request body 1304 // after a timeout. (Some HTTP clients send Expect: 1305 // 100-continue but knowing that some servers don't support 1306 // it, the clients set a timer and send the body later anyway) 1307 // If we haven't seen EOF, we can't skip over the unread body 1308 // because we don't know if the next bytes on the wire will be 1309 // the body-following-the-timer or the subsequent request. 1310 // See Issue 11549. 1311 if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() { 1312 w.closeAfterReply = true 1313 } 1314 1315 // Per RFC 2616, we should consume the request body before 1316 // replying, if the handler hasn't already done so. But we 1317 // don't want to do an unbounded amount of reading here for 1318 // DoS reasons, so we only try up to a threshold. 1319 // TODO(bradfitz): where does RFC 2616 say that? See Issue 15527 1320 // about HTTP/1.x Handlers concurrently reading and writing, like 1321 // HTTP/2 handlers can do. Maybe this code should be relaxed? 1322 if w.req.ContentLength != 0 && !w.closeAfterReply { 1323 var discard, tooBig bool 1324 1325 switch bdy := w.req.Body.(type) { 1326 case *expectContinueReader: 1327 if bdy.resp.wroteContinue { 1328 discard = true 1329 } 1330 case *body: 1331 bdy.mu.Lock() 1332 switch { 1333 case bdy.closed: 1334 if !bdy.sawEOF { 1335 // Body was closed in handler with non-EOF error. 1336 w.closeAfterReply = true 1337 } 1338 case bdy.unreadDataSizeLocked() >= maxPostHandlerReadBytes: 1339 tooBig = true 1340 default: 1341 discard = true 1342 } 1343 bdy.mu.Unlock() 1344 default: 1345 discard = true 1346 } 1347 1348 if discard { 1349 _, err := io.CopyN(io.Discard, w.reqBody, maxPostHandlerReadBytes+1) 1350 switch err { 1351 case nil: 1352 // There must be even more data left over. 1353 tooBig = true 1354 case ErrBodyReadAfterClose: 1355 // Body was already consumed and closed. 1356 case io.EOF: 1357 // The remaining body was just consumed, close it. 1358 err = w.reqBody.Close() 1359 if err != nil { 1360 w.closeAfterReply = true 1361 } 1362 default: 1363 // Some other kind of error occurred, like a read timeout, or 1364 // corrupt chunked encoding. In any case, whatever remains 1365 // on the wire must not be parsed as another HTTP request. 1366 w.closeAfterReply = true 1367 } 1368 } 1369 1370 if tooBig { 1371 w.requestTooLarge() 1372 delHeader("Connection") 1373 setHeader.connection = "close" 1374 } 1375 } 1376 1377 code := w.status 1378 if bodyAllowedForStatus(code) { 1379 // If no content type, apply sniffing algorithm to body. 1380 _, haveType := header["Content-Type"] 1381 1382 // If the Content-Encoding was set and is non-blank, 1383 // we shouldn't sniff the body. See Issue 31753. 1384 ce := header.Get("Content-Encoding") 1385 hasCE := len(ce) > 0 1386 if !hasCE && !haveType && !hasTE && len(p) > 0 { 1387 setHeader.contentType = DetectContentType(p) 1388 } 1389 } else { 1390 for _, k := range suppressedHeaders(code) { 1391 delHeader(k) 1392 } 1393 } 1394 1395 if !header.has("Date") { 1396 setHeader.date = appendTime(cw.res.dateBuf[:0], time.Now()) 1397 } 1398 1399 if hasCL && hasTE && te != "identity" { 1400 // TODO: return an error if WriteHeader gets a return parameter 1401 // For now just ignore the Content-Length. 1402 w.conn.server.logf("http: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %d", 1403 te, w.contentLength) 1404 delHeader("Content-Length") 1405 hasCL = false 1406 } 1407 1408 if w.req.Method == "HEAD" || !bodyAllowedForStatus(code) { 1409 // do nothing 1410 } else if code == StatusNoContent { 1411 delHeader("Transfer-Encoding") 1412 } else if hasCL { 1413 delHeader("Transfer-Encoding") 1414 } else if w.req.ProtoAtLeast(1, 1) { 1415 // HTTP/1.1 or greater: Transfer-Encoding has been set to identity, and no 1416 // content-length has been provided. The connection must be closed after the 1417 // reply is written, and no chunking is to be done. This is the setup 1418 // recommended in the Server-Sent Events candidate recommendation 11, 1419 // section 8. 1420 if hasTE && te == "identity" { 1421 cw.chunking = false 1422 w.closeAfterReply = true 1423 } else { 1424 // HTTP/1.1 or greater: use chunked transfer encoding 1425 // to avoid closing the connection at EOF. 1426 cw.chunking = true 1427 setHeader.transferEncoding = "chunked" 1428 if hasTE && te == "chunked" { 1429 // We will send the chunked Transfer-Encoding header later. 1430 delHeader("Transfer-Encoding") 1431 } 1432 } 1433 } else { 1434 // HTTP version < 1.1: cannot do chunked transfer 1435 // encoding and we don't know the Content-Length so 1436 // signal EOF by closing connection. 1437 w.closeAfterReply = true 1438 delHeader("Transfer-Encoding") // in case already set 1439 } 1440 1441 // Cannot use Content-Length with non-identity Transfer-Encoding. 1442 if cw.chunking { 1443 delHeader("Content-Length") 1444 } 1445 if !w.req.ProtoAtLeast(1, 0) { 1446 return 1447 } 1448 1449 // Only override the Connection header if it is not a successful 1450 // protocol switch response and if KeepAlives are not enabled. 1451 // See https://golang.org/issue/36381. 1452 delConnectionHeader := w.closeAfterReply && 1453 (!keepAlivesEnabled || !hasToken(cw.header.get("Connection"), "close")) && 1454 !isProtocolSwitchResponse(w.status, header) 1455 if delConnectionHeader { 1456 delHeader("Connection") 1457 if w.req.ProtoAtLeast(1, 1) { 1458 setHeader.connection = "close" 1459 } 1460 } 1461 1462 writeStatusLine(w.conn.bufw, w.req.ProtoAtLeast(1, 1), code, w.statusBuf[:]) 1463 cw.header.WriteSubset(w.conn.bufw, excludeHeader) 1464 setHeader.Write(w.conn.bufw) 1465 w.conn.bufw.Write(crlf) 1466 } 1467 1468 // foreachHeaderElement splits v according to the "#rule" construction 1469 // in RFC 7230 section 7 and calls fn for each non-empty element. 1470 func foreachHeaderElement(v string, fn func(string)) { 1471 v = textproto.TrimString(v) 1472 if v == "" { 1473 return 1474 } 1475 if !strings.Contains(v, ",") { 1476 fn(v) 1477 return 1478 } 1479 for _, f := range strings.Split(v, ",") { 1480 if f = textproto.TrimString(f); f != "" { 1481 fn(f) 1482 } 1483 } 1484 } 1485 1486 // writeStatusLine writes an HTTP/1.x Status-Line (RFC 7230 Section 3.1.2) 1487 // to bw. is11 is whether the HTTP request is HTTP/1.1. false means HTTP/1.0. 1488 // code is the response status code. 1489 // scratch is an optional scratch buffer. If it has at least capacity 3, it's used. 1490 func writeStatusLine(bw *bufio.Writer, is11 bool, code int, scratch []byte) { 1491 if is11 { 1492 bw.WriteString("HTTP/1.1 ") 1493 } else { 1494 bw.WriteString("HTTP/1.0 ") 1495 } 1496 if text, ok := statusText[code]; ok { 1497 bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) 1498 bw.WriteByte(' ') 1499 bw.WriteString(text) 1500 bw.WriteString("\r\n") 1501 } else { 1502 // don't worry about performance 1503 fmt.Fprintf(bw, "%03d status code %d\r\n", code, code) 1504 } 1505 } 1506 1507 // bodyAllowed reports whether a Write is allowed for this response type. 1508 // It's illegal to call this before the header has been flushed. 1509 func (w *response) bodyAllowed() bool { 1510 if !w.wroteHeader { 1511 panic("") 1512 } 1513 return bodyAllowedForStatus(w.status) 1514 } 1515 1516 // The Life Of A Write is like this: 1517 // 1518 // Handler starts. No header has been sent. The handler can either 1519 // write a header, or just start writing. Writing before sending a header 1520 // sends an implicitly empty 200 OK header. 1521 // 1522 // If the handler didn't declare a Content-Length up front, we either 1523 // go into chunking mode or, if the handler finishes running before 1524 // the chunking buffer size, we compute a Content-Length and send that 1525 // in the header instead. 1526 // 1527 // Likewise, if the handler didn't set a Content-Type, we sniff that 1528 // from the initial chunk of output. 1529 // 1530 // The Writers are wired together like: 1531 // 1532 // 1. *response (the ResponseWriter) -> 1533 // 2. (*response).w, a *bufio.Writer of bufferBeforeChunkingSize bytes -> 1534 // 3. chunkWriter.Writer (whose writeHeader finalizes Content-Length/Type) 1535 // and which writes the chunk headers, if needed -> 1536 // 4. conn.bufw, a *bufio.Writer of default (4kB) bytes, writing to -> 1537 // 5. checkConnErrorWriter{c}, which notes any non-nil error on Write 1538 // and populates c.werr with it if so, but otherwise writes to -> 1539 // 6. the rwc, the net.Conn. 1540 // 1541 // TODO(bradfitz): short-circuit some of the buffering when the 1542 // initial header contains both a Content-Type and Content-Length. 1543 // Also short-circuit in (1) when the header's been sent and not in 1544 // chunking mode, writing directly to (4) instead, if (2) has no 1545 // buffered data. More generally, we could short-circuit from (1) to 1546 // (3) even in chunking mode if the write size from (1) is over some 1547 // threshold and nothing is in (2). The answer might be mostly making 1548 // bufferBeforeChunkingSize smaller and having bufio's fast-paths deal 1549 // with this instead. 1550 func (w *response) Write(data []byte) (n int, err error) { 1551 return w.write(len(data), data, "") 1552 } 1553 1554 func (w *response) WriteString(data string) (n int, err error) { 1555 return w.write(len(data), nil, data) 1556 } 1557 1558 // either dataB or dataS is non-zero. 1559 func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err error) { 1560 if w.conn.hijacked() { 1561 if lenData > 0 { 1562 caller := relevantCaller() 1563 w.conn.server.logf("http: response.Write on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1564 } 1565 return 0, ErrHijacked 1566 } 1567 1568 if w.canWriteContinue.isSet() { 1569 // Body reader wants to write 100 Continue but hasn't yet. 1570 // Tell it not to. The store must be done while holding the lock 1571 // because the lock makes sure that there is not an active write 1572 // this very moment. 1573 w.writeContinueMu.Lock() 1574 w.canWriteContinue.setFalse() 1575 w.writeContinueMu.Unlock() 1576 } 1577 1578 if !w.wroteHeader { 1579 w.WriteHeader(StatusOK) 1580 } 1581 if lenData == 0 { 1582 return 0, nil 1583 } 1584 if !w.bodyAllowed() { 1585 return 0, ErrBodyNotAllowed 1586 } 1587 1588 w.written += int64(lenData) // ignoring errors, for errorKludge 1589 if w.contentLength != -1 && w.written > w.contentLength { 1590 return 0, ErrContentLength 1591 } 1592 if dataB != nil { 1593 return w.w.Write(dataB) 1594 } else { 1595 return w.w.WriteString(dataS) 1596 } 1597 } 1598 1599 func (w *response) finishRequest() { 1600 w.handlerDone.setTrue() 1601 1602 if !w.wroteHeader { 1603 w.WriteHeader(StatusOK) 1604 } 1605 1606 w.w.Flush() 1607 putBufioWriter(w.w) 1608 w.cw.close() 1609 w.conn.bufw.Flush() 1610 1611 w.conn.r.abortPendingRead() 1612 1613 // Close the body (regardless of w.closeAfterReply) so we can 1614 // re-use its bufio.Reader later safely. 1615 w.reqBody.Close() 1616 1617 if w.req.MultipartForm != nil { 1618 w.req.MultipartForm.RemoveAll() 1619 } 1620 } 1621 1622 // shouldReuseConnection reports whether the underlying TCP connection can be reused. 1623 // It must only be called after the handler is done executing. 1624 func (w *response) shouldReuseConnection() bool { 1625 if w.closeAfterReply { 1626 // The request or something set while executing the 1627 // handler indicated we shouldn't reuse this 1628 // connection. 1629 return false 1630 } 1631 1632 if w.req.Method != "HEAD" && w.contentLength != -1 && w.bodyAllowed() && w.contentLength != w.written { 1633 // Did not write enough. Avoid getting out of sync. 1634 return false 1635 } 1636 1637 // There was some error writing to the underlying connection 1638 // during the request, so don't re-use this conn. 1639 if w.conn.werr != nil { 1640 return false 1641 } 1642 1643 if w.closedRequestBodyEarly() { 1644 return false 1645 } 1646 1647 return true 1648 } 1649 1650 func (w *response) closedRequestBodyEarly() bool { 1651 body, ok := w.req.Body.(*body) 1652 return ok && body.didEarlyClose() 1653 } 1654 1655 func (w *response) Flush() { 1656 if !w.wroteHeader { 1657 w.WriteHeader(StatusOK) 1658 } 1659 w.w.Flush() 1660 w.cw.flush() 1661 } 1662 1663 func (c *conn) finalFlush() { 1664 if c.bufr != nil { 1665 // Steal the bufio.Reader (~4KB worth of memory) and its associated 1666 // reader for a future connection. 1667 putBufioReader(c.bufr) 1668 c.bufr = nil 1669 } 1670 1671 if c.bufw != nil { 1672 c.bufw.Flush() 1673 // Steal the bufio.Writer (~4KB worth of memory) and its associated 1674 // writer for a future connection. 1675 putBufioWriter(c.bufw) 1676 c.bufw = nil 1677 } 1678 } 1679 1680 // Close the connection. 1681 func (c *conn) close() { 1682 c.finalFlush() 1683 c.rwc.Close() 1684 } 1685 1686 // rstAvoidanceDelay is the amount of time we sleep after closing the 1687 // write side of a TCP connection before closing the entire socket. 1688 // By sleeping, we increase the chances that the client sees our FIN 1689 // and processes its final data before they process the subsequent RST 1690 // from closing a connection with known unread data. 1691 // This RST seems to occur mostly on BSD systems. (And Windows?) 1692 // This timeout is somewhat arbitrary (~latency around the planet). 1693 const rstAvoidanceDelay = 500 * time.Millisecond 1694 1695 type closeWriter interface { 1696 CloseWrite() error 1697 } 1698 1699 var _ closeWriter = (*net.TCPConn)(nil) 1700 1701 // closeWrite flushes any outstanding data and sends a FIN packet (if 1702 // client is connected via TCP), signalling that we're done. We then 1703 // pause for a bit, hoping the client processes it before any 1704 // subsequent RST. 1705 // 1706 // See https://golang.org/issue/3595 1707 func (c *conn) closeWriteAndWait() { 1708 c.finalFlush() 1709 if tcp, ok := c.rwc.(closeWriter); ok { 1710 tcp.CloseWrite() 1711 } 1712 time.Sleep(rstAvoidanceDelay) 1713 } 1714 1715 // validNextProto reports whether the proto is a valid ALPN protocol name. 1716 // Everything is valid except the empty string and built-in protocol types, 1717 // so that those can't be overridden with alternate implementations. 1718 func validNextProto(proto string) bool { 1719 switch proto { 1720 case "", "http/1.1", "http/1.0": 1721 return false 1722 } 1723 return true 1724 } 1725 1726 const ( 1727 runHooks = true 1728 skipHooks = false 1729 ) 1730 1731 func (c *conn) setState(nc net.Conn, state ConnState, runHook bool) { 1732 srv := c.server 1733 switch state { 1734 case StateNew: 1735 srv.trackConn(c, true) 1736 case StateHijacked, StateClosed: 1737 srv.trackConn(c, false) 1738 } 1739 if state > 0xff || state < 0 { 1740 panic("internal error") 1741 } 1742 packedState := uint64(time.Now().Unix()<<8) | uint64(state) 1743 atomic.StoreUint64(&c.curState.atomic, packedState) 1744 if !runHook { 1745 return 1746 } 1747 if hook := srv.ConnState; hook != nil { 1748 hook(nc, state) 1749 } 1750 } 1751 1752 func (c *conn) getState() (state ConnState, unixSec int64) { 1753 packedState := atomic.LoadUint64(&c.curState.atomic) 1754 return ConnState(packedState & 0xff), int64(packedState >> 8) 1755 } 1756 1757 // badRequestError is a literal string (used by in the server in HTML, 1758 // unescaped) to tell the user why their request was bad. It should 1759 // be plain text without user info or other embedded errors. 1760 func badRequestError(e string) error { return statusError{StatusBadRequest, e} } 1761 1762 // statusError is an error used to respond to a request with an HTTP status. 1763 // The text should be plain text without user info or other embedded errors. 1764 type statusError struct { 1765 code int 1766 text string 1767 } 1768 1769 func (e statusError) Error() string { return StatusText(e.code) + ": " + e.text } 1770 1771 // ErrAbortHandler is a sentinel panic value to abort a handler. 1772 // While any panic from ServeHTTP aborts the response to the client, 1773 // panicking with ErrAbortHandler also suppresses logging of a stack 1774 // trace to the server's error log. 1775 var ErrAbortHandler = errors.New("net/http: abort Handler") 1776 1777 // isCommonNetReadError reports whether err is a common error 1778 // encountered during reading a request off the network when the 1779 // client has gone away or had its read fail somehow. This is used to 1780 // determine which logs are interesting enough to log about. 1781 func isCommonNetReadError(err error) bool { 1782 if err == io.EOF { 1783 return true 1784 } 1785 if neterr, ok := err.(net.Error); ok && neterr.Timeout() { 1786 return true 1787 } 1788 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 1789 return true 1790 } 1791 return false 1792 } 1793 1794 // Serve a new connection. 1795 func (c *conn) serve(ctx context.Context) { 1796 c.remoteAddr = c.rwc.RemoteAddr().String() 1797 ctx = context.WithValue(ctx, LocalAddrContextKey, c.rwc.LocalAddr()) 1798 defer func() { 1799 if err := recover(); err != nil && err != ErrAbortHandler { 1800 const size = 64 << 10 1801 buf := make([]byte, size) 1802 buf = buf[:runtime.Stack(buf, false)] 1803 c.server.logf("http: panic serving %v: %v\n%s", c.remoteAddr, err, buf) 1804 } 1805 if !c.hijacked() { 1806 c.close() 1807 c.setState(c.rwc, StateClosed, runHooks) 1808 } 1809 }() 1810 1811 if tlsConn, ok := c.rwc.(*tls.Conn); ok { 1812 if d := c.server.ReadTimeout; d > 0 { 1813 c.rwc.SetReadDeadline(time.Now().Add(d)) 1814 } 1815 if d := c.server.WriteTimeout; d > 0 { 1816 c.rwc.SetWriteDeadline(time.Now().Add(d)) 1817 } 1818 if err := tlsConn.HandshakeContext(ctx); err != nil { 1819 // If the handshake failed due to the client not speaking 1820 // TLS, assume they're speaking plaintext HTTP and write a 1821 // 400 response on the TLS conn's underlying net.Conn. 1822 if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) { 1823 io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n") 1824 re.Conn.Close() 1825 return 1826 } 1827 c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err) 1828 return 1829 } 1830 c.tlsState = new(tls.ConnectionState) 1831 *c.tlsState = tlsConn.ConnectionState() 1832 if proto := c.tlsState.NegotiatedProtocol; validNextProto(proto) { 1833 if fn := c.server.TLSNextProto[proto]; fn != nil { 1834 h := initALPNRequest{ctx, tlsConn, serverHandler{c.server}} 1835 // Mark freshly created HTTP/2 as active and prevent any server state hooks 1836 // from being run on these connections. This prevents closeIdleConns from 1837 // closing such connections. See issue https://golang.org/issue/39776. 1838 c.setState(c.rwc, StateActive, skipHooks) 1839 fn(c.server, tlsConn, h) 1840 } 1841 return 1842 } 1843 } 1844 1845 // HTTP/1.x from here on. 1846 1847 ctx, cancelCtx := context.WithCancel(ctx) 1848 c.cancelCtx = cancelCtx 1849 defer cancelCtx() 1850 1851 c.r = &connReader{conn: c} 1852 c.bufr = newBufioReader(c.r) 1853 c.bufw = newBufioWriterSize(checkConnErrorWriter{c}, 4<<10) 1854 1855 for { 1856 w, err := c.readRequest(ctx) 1857 if c.r.remain != c.server.initialReadLimitSize() { 1858 // If we read any bytes off the wire, we're active. 1859 c.setState(c.rwc, StateActive, runHooks) 1860 } 1861 if err != nil { 1862 const errorHeaders = "\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n" 1863 1864 switch { 1865 case err == errTooLarge: 1866 // Their HTTP client may or may not be 1867 // able to read this if we're 1868 // responding to them and hanging up 1869 // while they're still writing their 1870 // request. Undefined behavior. 1871 const publicErr = "431 Request Header Fields Too Large" 1872 fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr) 1873 c.closeWriteAndWait() 1874 return 1875 1876 case isUnsupportedTEError(err): 1877 // Respond as per RFC 7230 Section 3.3.1 which says, 1878 // A server that receives a request message with a 1879 // transfer coding it does not understand SHOULD 1880 // respond with 501 (Unimplemented). 1881 code := StatusNotImplemented 1882 1883 // We purposefully aren't echoing back the transfer-encoding's value, 1884 // so as to mitigate the risk of cross side scripting by an attacker. 1885 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s%sUnsupported transfer encoding", code, StatusText(code), errorHeaders) 1886 return 1887 1888 case isCommonNetReadError(err): 1889 return // don't reply 1890 1891 default: 1892 if v, ok := err.(statusError); ok { 1893 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s: %s%s%d %s: %s", v.code, StatusText(v.code), v.text, errorHeaders, v.code, StatusText(v.code), v.text) 1894 return 1895 } 1896 publicErr := "400 Bad Request" 1897 fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr) 1898 return 1899 } 1900 } 1901 1902 // Expect 100 Continue support 1903 req := w.req 1904 if req.expectsContinue() { 1905 if req.ProtoAtLeast(1, 1) && req.ContentLength != 0 { 1906 // Wrap the Body reader with one that replies on the connection 1907 req.Body = &expectContinueReader{readCloser: req.Body, resp: w} 1908 w.canWriteContinue.setTrue() 1909 } 1910 } else if req.Header.get("Expect") != "" { 1911 w.sendExpectationFailed() 1912 return 1913 } 1914 1915 c.curReq.Store(w) 1916 1917 if requestBodyRemains(req.Body) { 1918 registerOnHitEOF(req.Body, w.conn.r.startBackgroundRead) 1919 } else { 1920 w.conn.r.startBackgroundRead() 1921 } 1922 1923 // HTTP cannot have multiple simultaneous active requests.[*] 1924 // Until the server replies to this request, it can't read another, 1925 // so we might as well run the handler in this goroutine. 1926 // [*] Not strictly true: HTTP pipelining. We could let them all process 1927 // in parallel even if their responses need to be serialized. 1928 // But we're not going to implement HTTP pipelining because it 1929 // was never deployed in the wild and the answer is HTTP/2. 1930 serverHandler{c.server}.ServeHTTP(w, w.req) 1931 w.cancelCtx() 1932 if c.hijacked() { 1933 return 1934 } 1935 w.finishRequest() 1936 if !w.shouldReuseConnection() { 1937 if w.requestBodyLimitHit || w.closedRequestBodyEarly() { 1938 c.closeWriteAndWait() 1939 } 1940 return 1941 } 1942 c.setState(c.rwc, StateIdle, runHooks) 1943 c.curReq.Store((*response)(nil)) 1944 1945 if !w.conn.server.doKeepAlives() { 1946 // We're in shutdown mode. We might've replied 1947 // to the user without "Connection: close" and 1948 // they might think they can send another 1949 // request, but such is life with HTTP/1.1. 1950 return 1951 } 1952 1953 if d := c.server.idleTimeout(); d != 0 { 1954 c.rwc.SetReadDeadline(time.Now().Add(d)) 1955 if _, err := c.bufr.Peek(4); err != nil { 1956 return 1957 } 1958 } 1959 c.rwc.SetReadDeadline(time.Time{}) 1960 } 1961 } 1962 1963 func (w *response) sendExpectationFailed() { 1964 // TODO(bradfitz): let ServeHTTP handlers handle 1965 // requests with non-standard expectation[s]? Seems 1966 // theoretical at best, and doesn't fit into the 1967 // current ServeHTTP model anyway. We'd need to 1968 // make the ResponseWriter an optional 1969 // "ExpectReplier" interface or something. 1970 // 1971 // For now we'll just obey RFC 7231 5.1.1 which says 1972 // "A server that receives an Expect field-value other 1973 // than 100-continue MAY respond with a 417 (Expectation 1974 // Failed) status code to indicate that the unexpected 1975 // expectation cannot be met." 1976 w.Header().Set("Connection", "close") 1977 w.WriteHeader(StatusExpectationFailed) 1978 w.finishRequest() 1979 } 1980 1981 // Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter 1982 // and a Hijacker. 1983 func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) { 1984 if w.handlerDone.isSet() { 1985 panic("net/http: Hijack called after ServeHTTP finished") 1986 } 1987 if w.wroteHeader { 1988 w.cw.flush() 1989 } 1990 1991 c := w.conn 1992 c.mu.Lock() 1993 defer c.mu.Unlock() 1994 1995 // Release the bufioWriter that writes to the chunk writer, it is not 1996 // used after a connection has been hijacked. 1997 rwc, buf, err = c.hijackLocked() 1998 if err == nil { 1999 putBufioWriter(w.w) 2000 w.w = nil 2001 } 2002 return rwc, buf, err 2003 } 2004 2005 func (w *response) CloseNotify() <-chan bool { 2006 if w.handlerDone.isSet() { 2007 panic("net/http: CloseNotify called after ServeHTTP finished") 2008 } 2009 return w.closeNotifyCh 2010 } 2011 2012 func registerOnHitEOF(rc io.ReadCloser, fn func()) { 2013 switch v := rc.(type) { 2014 case *expectContinueReader: 2015 registerOnHitEOF(v.readCloser, fn) 2016 case *body: 2017 v.registerOnHitEOF(fn) 2018 default: 2019 panic("unexpected type " + fmt.Sprintf("%T", rc)) 2020 } 2021 } 2022 2023 // requestBodyRemains reports whether future calls to Read 2024 // on rc might yield more data. 2025 func requestBodyRemains(rc io.ReadCloser) bool { 2026 if rc == NoBody { 2027 return false 2028 } 2029 switch v := rc.(type) { 2030 case *expectContinueReader: 2031 return requestBodyRemains(v.readCloser) 2032 case *body: 2033 return v.bodyRemains() 2034 default: 2035 panic("unexpected type " + fmt.Sprintf("%T", rc)) 2036 } 2037 } 2038 2039 // The HandlerFunc type is an adapter to allow the use of 2040 // ordinary functions as HTTP handlers. If f is a function 2041 // with the appropriate signature, HandlerFunc(f) is a 2042 // Handler that calls f. 2043 type HandlerFunc func(ResponseWriter, *Request) 2044 2045 // ServeHTTP calls f(w, r). 2046 func (f HandlerFunc) ServeHTTP(w ResponseWriter, r *Request) { 2047 f(w, r) 2048 } 2049 2050 // Helper handlers 2051 2052 // Error replies to the request with the specified error message and HTTP code. 2053 // It does not otherwise end the request; the caller should ensure no further 2054 // writes are done to w. 2055 // The error message should be plain text. 2056 func Error(w ResponseWriter, error string, code int) { 2057 w.Header().Set("Content-Type", "text/plain; charset=utf-8") 2058 w.Header().Set("X-Content-Type-Options", "nosniff") 2059 w.WriteHeader(code) 2060 fmt.Fprintln(w, error) 2061 } 2062 2063 // NotFound replies to the request with an HTTP 404 not found error. 2064 func NotFound(w ResponseWriter, r *Request) { Error(w, "404 page not found", StatusNotFound) } 2065 2066 // NotFoundHandler returns a simple request handler 2067 // that replies to each request with a ``404 page not found'' reply. 2068 func NotFoundHandler() Handler { return HandlerFunc(NotFound) } 2069 2070 // StripPrefix returns a handler that serves HTTP requests by removing the 2071 // given prefix from the request URL's Path (and RawPath if set) and invoking 2072 // the handler h. StripPrefix handles a request for a path that doesn't begin 2073 // with prefix by replying with an HTTP 404 not found error. The prefix must 2074 // match exactly: if the prefix in the request contains escaped characters 2075 // the reply is also an HTTP 404 not found error. 2076 func StripPrefix(prefix string, h Handler) Handler { 2077 if prefix == "" { 2078 return h 2079 } 2080 return HandlerFunc(func(w ResponseWriter, r *Request) { 2081 p := strings.TrimPrefix(r.URL.Path, prefix) 2082 rp := strings.TrimPrefix(r.URL.RawPath, prefix) 2083 if len(p) < len(r.URL.Path) && (r.URL.RawPath == "" || len(rp) < len(r.URL.RawPath)) { 2084 r2 := new(Request) 2085 *r2 = *r 2086 r2.URL = new(url.URL) 2087 *r2.URL = *r.URL 2088 r2.URL.Path = p 2089 r2.URL.RawPath = rp 2090 h.ServeHTTP(w, r2) 2091 } else { 2092 NotFound(w, r) 2093 } 2094 }) 2095 } 2096 2097 // Redirect replies to the request with a redirect to url, 2098 // which may be a path relative to the request path. 2099 // 2100 // The provided code should be in the 3xx range and is usually 2101 // StatusMovedPermanently, StatusFound or StatusSeeOther. 2102 // 2103 // If the Content-Type header has not been set, Redirect sets it 2104 // to "text/html; charset=utf-8" and writes a small HTML body. 2105 // Setting the Content-Type header to any value, including nil, 2106 // disables that behavior. 2107 func Redirect(w ResponseWriter, r *Request, url string, code int) { 2108 if u, err := urlpkg.Parse(url); err == nil { 2109 // If url was relative, make its path absolute by 2110 // combining with request path. 2111 // The client would probably do this for us, 2112 // but doing it ourselves is more reliable. 2113 // See RFC 7231, section 7.1.2 2114 if u.Scheme == "" && u.Host == "" { 2115 oldpath := r.URL.Path 2116 if oldpath == "" { // should not happen, but avoid a crash if it does 2117 oldpath = "/" 2118 } 2119 2120 // no leading http://server 2121 if url == "" || url[0] != '/' { 2122 // make relative path absolute 2123 olddir, _ := path.Split(oldpath) 2124 url = olddir + url 2125 } 2126 2127 var query string 2128 if i := strings.Index(url, "?"); i != -1 { 2129 url, query = url[:i], url[i:] 2130 } 2131 2132 // clean up but preserve trailing slash 2133 trailing := strings.HasSuffix(url, "/") 2134 url = path.Clean(url) 2135 if trailing && !strings.HasSuffix(url, "/") { 2136 url += "/" 2137 } 2138 url += query 2139 } 2140 } 2141 2142 h := w.Header() 2143 2144 // RFC 7231 notes that a short HTML body is usually included in 2145 // the response because older user agents may not understand 301/307. 2146 // Do it only if the request didn't already have a Content-Type header. 2147 _, hadCT := h["Content-Type"] 2148 2149 h.Set("Location", hexEscapeNonASCII(url)) 2150 if !hadCT && (r.Method == "GET" || r.Method == "HEAD") { 2151 h.Set("Content-Type", "text/html; charset=utf-8") 2152 } 2153 w.WriteHeader(code) 2154 2155 // Shouldn't send the body for POST or HEAD; that leaves GET. 2156 if !hadCT && r.Method == "GET" { 2157 body := "<a href=\"" + htmlEscape(url) + "\">" + statusText[code] + "</a>.\n" 2158 fmt.Fprintln(w, body) 2159 } 2160 } 2161 2162 var htmlReplacer = strings.NewReplacer( 2163 "&", "&", 2164 "<", "<", 2165 ">", ">", 2166 // """ is shorter than """. 2167 `"`, """, 2168 // "'" is shorter than "'" and apos was not in HTML until HTML5. 2169 "'", "'", 2170 ) 2171 2172 func htmlEscape(s string) string { 2173 return htmlReplacer.Replace(s) 2174 } 2175 2176 // Redirect to a fixed URL 2177 type redirectHandler struct { 2178 url string 2179 code int 2180 } 2181 2182 func (rh *redirectHandler) ServeHTTP(w ResponseWriter, r *Request) { 2183 Redirect(w, r, rh.url, rh.code) 2184 } 2185 2186 // RedirectHandler returns a request handler that redirects 2187 // each request it receives to the given url using the given 2188 // status code. 2189 // 2190 // The provided code should be in the 3xx range and is usually 2191 // StatusMovedPermanently, StatusFound or StatusSeeOther. 2192 func RedirectHandler(url string, code int) Handler { 2193 return &redirectHandler{url, code} 2194 } 2195 2196 // ServeMux is an HTTP request multiplexer. 2197 // It matches the URL of each incoming request against a list of registered 2198 // patterns and calls the handler for the pattern that 2199 // most closely matches the URL. 2200 // 2201 // Patterns name fixed, rooted paths, like "/favicon.ico", 2202 // or rooted subtrees, like "/images/" (note the trailing slash). 2203 // Longer patterns take precedence over shorter ones, so that 2204 // if there are handlers registered for both "/images/" 2205 // and "/images/thumbnails/", the latter handler will be 2206 // called for paths beginning "/images/thumbnails/" and the 2207 // former will receive requests for any other paths in the 2208 // "/images/" subtree. 2209 // 2210 // Note that since a pattern ending in a slash names a rooted subtree, 2211 // the pattern "/" matches all paths not matched by other registered 2212 // patterns, not just the URL with Path == "/". 2213 // 2214 // If a subtree has been registered and a request is received naming the 2215 // subtree root without its trailing slash, ServeMux redirects that 2216 // request to the subtree root (adding the trailing slash). This behavior can 2217 // be overridden with a separate registration for the path without 2218 // the trailing slash. For example, registering "/images/" causes ServeMux 2219 // to redirect a request for "/images" to "/images/", unless "/images" has 2220 // been registered separately. 2221 // 2222 // Patterns may optionally begin with a host name, restricting matches to 2223 // URLs on that host only. Host-specific patterns take precedence over 2224 // general patterns, so that a handler might register for the two patterns 2225 // "/codesearch" and "codesearch.google.com/" without also taking over 2226 // requests for "http://www.google.com/". 2227 // 2228 // ServeMux also takes care of sanitizing the URL request path and the Host 2229 // header, stripping the port number and redirecting any request containing . or 2230 // .. elements or repeated slashes to an equivalent, cleaner URL. 2231 type ServeMux struct { 2232 mu sync.RWMutex 2233 m map[string]muxEntry 2234 es []muxEntry // slice of entries sorted from longest to shortest. 2235 hosts bool // whether any patterns contain hostnames 2236 } 2237 2238 type muxEntry struct { 2239 h Handler 2240 pattern string 2241 } 2242 2243 // NewServeMux allocates and returns a new ServeMux. 2244 func NewServeMux() *ServeMux { return new(ServeMux) } 2245 2246 // DefaultServeMux is the default ServeMux used by Serve. 2247 var DefaultServeMux = &defaultServeMux 2248 2249 var defaultServeMux ServeMux 2250 2251 // cleanPath returns the canonical path for p, eliminating . and .. elements. 2252 func cleanPath(p string) string { 2253 if p == "" { 2254 return "/" 2255 } 2256 if p[0] != '/' { 2257 p = "/" + p 2258 } 2259 np := path.Clean(p) 2260 // path.Clean removes trailing slash except for root; 2261 // put the trailing slash back if necessary. 2262 if p[len(p)-1] == '/' && np != "/" { 2263 // Fast path for common case of p being the string we want: 2264 if len(p) == len(np)+1 && strings.HasPrefix(p, np) { 2265 np = p 2266 } else { 2267 np += "/" 2268 } 2269 } 2270 return np 2271 } 2272 2273 // stripHostPort returns h without any trailing ":<port>". 2274 func stripHostPort(h string) string { 2275 // If no port on host, return unchanged 2276 if strings.IndexByte(h, ':') == -1 { 2277 return h 2278 } 2279 host, _, err := net.SplitHostPort(h) 2280 if err != nil { 2281 return h // on error, return unchanged 2282 } 2283 return host 2284 } 2285 2286 // Find a handler on a handler map given a path string. 2287 // Most-specific (longest) pattern wins. 2288 func (mux *ServeMux) match(path string) (h Handler, pattern string) { 2289 // Check for exact match first. 2290 v, ok := mux.m[path] 2291 if ok { 2292 return v.h, v.pattern 2293 } 2294 2295 // Check for longest valid match. mux.es contains all patterns 2296 // that end in / sorted from longest to shortest. 2297 for _, e := range mux.es { 2298 if strings.HasPrefix(path, e.pattern) { 2299 return e.h, e.pattern 2300 } 2301 } 2302 return nil, "" 2303 } 2304 2305 // redirectToPathSlash determines if the given path needs appending "/" to it. 2306 // This occurs when a handler for path + "/" was already registered, but 2307 // not for path itself. If the path needs appending to, it creates a new 2308 // URL, setting the path to u.Path + "/" and returning true to indicate so. 2309 func (mux *ServeMux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) { 2310 mux.mu.RLock() 2311 shouldRedirect := mux.shouldRedirectRLocked(host, path) 2312 mux.mu.RUnlock() 2313 if !shouldRedirect { 2314 return u, false 2315 } 2316 path = path + "/" 2317 u = &url.URL{Path: path, RawQuery: u.RawQuery} 2318 return u, true 2319 } 2320 2321 // shouldRedirectRLocked reports whether the given path and host should be redirected to 2322 // path+"/". This should happen if a handler is registered for path+"/" but 2323 // not path -- see comments at ServeMux. 2324 func (mux *ServeMux) shouldRedirectRLocked(host, path string) bool { 2325 p := []string{path, host + path} 2326 2327 for _, c := range p { 2328 if _, exist := mux.m[c]; exist { 2329 return false 2330 } 2331 } 2332 2333 n := len(path) 2334 if n == 0 { 2335 return false 2336 } 2337 for _, c := range p { 2338 if _, exist := mux.m[c+"/"]; exist { 2339 return path[n-1] != '/' 2340 } 2341 } 2342 2343 return false 2344 } 2345 2346 // Handler returns the handler to use for the given request, 2347 // consulting r.Method, r.Host, and r.URL.Path. It always returns 2348 // a non-nil handler. If the path is not in its canonical form, the 2349 // handler will be an internally-generated handler that redirects 2350 // to the canonical path. If the host contains a port, it is ignored 2351 // when matching handlers. 2352 // 2353 // The path and host are used unchanged for CONNECT requests. 2354 // 2355 // Handler also returns the registered pattern that matches the 2356 // request or, in the case of internally-generated redirects, 2357 // the pattern that will match after following the redirect. 2358 // 2359 // If there is no registered handler that applies to the request, 2360 // Handler returns a ``page not found'' handler and an empty pattern. 2361 func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) { 2362 2363 // CONNECT requests are not canonicalized. 2364 if r.Method == "CONNECT" { 2365 // If r.URL.Path is /tree and its handler is not registered, 2366 // the /tree -> /tree/ redirect applies to CONNECT requests 2367 // but the path canonicalization does not. 2368 if u, ok := mux.redirectToPathSlash(r.URL.Host, r.URL.Path, r.URL); ok { 2369 return RedirectHandler(u.String(), StatusMovedPermanently), u.Path 2370 } 2371 2372 return mux.handler(r.Host, r.URL.Path) 2373 } 2374 2375 // All other requests have any port stripped and path cleaned 2376 // before passing to mux.handler. 2377 host := stripHostPort(r.Host) 2378 path := cleanPath(r.URL.Path) 2379 2380 // If the given path is /tree and its handler is not registered, 2381 // redirect for /tree/. 2382 if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok { 2383 return RedirectHandler(u.String(), StatusMovedPermanently), u.Path 2384 } 2385 2386 if path != r.URL.Path { 2387 _, pattern = mux.handler(host, path) 2388 u := &url.URL{Path: path, RawQuery: r.URL.RawQuery} 2389 return RedirectHandler(u.String(), StatusMovedPermanently), pattern 2390 } 2391 2392 return mux.handler(host, r.URL.Path) 2393 } 2394 2395 // handler is the main implementation of Handler. 2396 // The path is known to be in canonical form, except for CONNECT methods. 2397 func (mux *ServeMux) handler(host, path string) (h Handler, pattern string) { 2398 mux.mu.RLock() 2399 defer mux.mu.RUnlock() 2400 2401 // Host-specific pattern takes precedence over generic ones 2402 if mux.hosts { 2403 h, pattern = mux.match(host + path) 2404 } 2405 if h == nil { 2406 h, pattern = mux.match(path) 2407 } 2408 if h == nil { 2409 h, pattern = NotFoundHandler(), "" 2410 } 2411 return 2412 } 2413 2414 // ServeHTTP dispatches the request to the handler whose 2415 // pattern most closely matches the request URL. 2416 func (mux *ServeMux) ServeHTTP(w ResponseWriter, r *Request) { 2417 if r.RequestURI == "*" { 2418 if r.ProtoAtLeast(1, 1) { 2419 w.Header().Set("Connection", "close") 2420 } 2421 w.WriteHeader(StatusBadRequest) 2422 return 2423 } 2424 h, _ := mux.Handler(r) 2425 h.ServeHTTP(w, r) 2426 } 2427 2428 // Handle registers the handler for the given pattern. 2429 // If a handler already exists for pattern, Handle panics. 2430 func (mux *ServeMux) Handle(pattern string, handler Handler) { 2431 mux.mu.Lock() 2432 defer mux.mu.Unlock() 2433 2434 if pattern == "" { 2435 panic("http: invalid pattern") 2436 } 2437 if handler == nil { 2438 panic("http: nil handler") 2439 } 2440 if _, exist := mux.m[pattern]; exist { 2441 panic("http: multiple registrations for " + pattern) 2442 } 2443 2444 if mux.m == nil { 2445 mux.m = make(map[string]muxEntry) 2446 } 2447 e := muxEntry{h: handler, pattern: pattern} 2448 mux.m[pattern] = e 2449 if pattern[len(pattern)-1] == '/' { 2450 mux.es = appendSorted(mux.es, e) 2451 } 2452 2453 if pattern[0] != '/' { 2454 mux.hosts = true 2455 } 2456 } 2457 2458 func appendSorted(es []muxEntry, e muxEntry) []muxEntry { 2459 n := len(es) 2460 i := sort.Search(n, func(i int) bool { 2461 return len(es[i].pattern) < len(e.pattern) 2462 }) 2463 if i == n { 2464 return append(es, e) 2465 } 2466 // we now know that i points at where we want to insert 2467 es = append(es, muxEntry{}) // try to grow the slice in place, any entry works. 2468 copy(es[i+1:], es[i:]) // Move shorter entries down 2469 es[i] = e 2470 return es 2471 } 2472 2473 // HandleFunc registers the handler function for the given pattern. 2474 func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Request)) { 2475 if handler == nil { 2476 panic("http: nil handler") 2477 } 2478 mux.Handle(pattern, HandlerFunc(handler)) 2479 } 2480 2481 // Handle registers the handler for the given pattern 2482 // in the DefaultServeMux. 2483 // The documentation for ServeMux explains how patterns are matched. 2484 func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) } 2485 2486 // HandleFunc registers the handler function for the given pattern 2487 // in the DefaultServeMux. 2488 // The documentation for ServeMux explains how patterns are matched. 2489 func HandleFunc(pattern string, handler func(ResponseWriter, *Request)) { 2490 DefaultServeMux.HandleFunc(pattern, handler) 2491 } 2492 2493 // Serve accepts incoming HTTP connections on the listener l, 2494 // creating a new service goroutine for each. The service goroutines 2495 // read requests and then call handler to reply to them. 2496 // 2497 // The handler is typically nil, in which case the DefaultServeMux is used. 2498 // 2499 // HTTP/2 support is only enabled if the Listener returns *tls.Conn 2500 // connections and they were configured with "h2" in the TLS 2501 // Config.NextProtos. 2502 // 2503 // Serve always returns a non-nil error. 2504 func Serve(l net.Listener, handler Handler) error { 2505 srv := &Server{Handler: handler} 2506 return srv.Serve(l) 2507 } 2508 2509 // ServeTLS accepts incoming HTTPS connections on the listener l, 2510 // creating a new service goroutine for each. The service goroutines 2511 // read requests and then call handler to reply to them. 2512 // 2513 // The handler is typically nil, in which case the DefaultServeMux is used. 2514 // 2515 // Additionally, files containing a certificate and matching private key 2516 // for the server must be provided. If the certificate is signed by a 2517 // certificate authority, the certFile should be the concatenation 2518 // of the server's certificate, any intermediates, and the CA's certificate. 2519 // 2520 // ServeTLS always returns a non-nil error. 2521 func ServeTLS(l net.Listener, handler Handler, certFile, keyFile string) error { 2522 srv := &Server{Handler: handler} 2523 return srv.ServeTLS(l, certFile, keyFile) 2524 } 2525 2526 // A Server defines parameters for running an HTTP server. 2527 // The zero value for Server is a valid configuration. 2528 type Server struct { 2529 // Addr optionally specifies the TCP address for the server to listen on, 2530 // in the form "host:port". If empty, ":http" (port 80) is used. 2531 // The service names are defined in RFC 6335 and assigned by IANA. 2532 // See net.Dial for details of the address format. 2533 Addr string 2534 2535 Handler Handler // handler to invoke, http.DefaultServeMux if nil 2536 2537 // TLSConfig optionally provides a TLS configuration for use 2538 // by ServeTLS and ListenAndServeTLS. Note that this value is 2539 // cloned by ServeTLS and ListenAndServeTLS, so it's not 2540 // possible to modify the configuration with methods like 2541 // tls.Config.SetSessionTicketKeys. To use 2542 // SetSessionTicketKeys, use Server.Serve with a TLS Listener 2543 // instead. 2544 TLSConfig *tls.Config 2545 2546 // ReadTimeout is the maximum duration for reading the entire 2547 // request, including the body. A zero or negative value means 2548 // there will be no timeout. 2549 // 2550 // Because ReadTimeout does not let Handlers make per-request 2551 // decisions on each request body's acceptable deadline or 2552 // upload rate, most users will prefer to use 2553 // ReadHeaderTimeout. It is valid to use them both. 2554 ReadTimeout time.Duration 2555 2556 // ReadHeaderTimeout is the amount of time allowed to read 2557 // request headers. The connection's read deadline is reset 2558 // after reading the headers and the Handler can decide what 2559 // is considered too slow for the body. If ReadHeaderTimeout 2560 // is zero, the value of ReadTimeout is used. If both are 2561 // zero, there is no timeout. 2562 ReadHeaderTimeout time.Duration 2563 2564 // WriteTimeout is the maximum duration before timing out 2565 // writes of the response. It is reset whenever a new 2566 // request's header is read. Like ReadTimeout, it does not 2567 // let Handlers make decisions on a per-request basis. 2568 // A zero or negative value means there will be no timeout. 2569 WriteTimeout time.Duration 2570 2571 // IdleTimeout is the maximum amount of time to wait for the 2572 // next request when keep-alives are enabled. If IdleTimeout 2573 // is zero, the value of ReadTimeout is used. If both are 2574 // zero, there is no timeout. 2575 IdleTimeout time.Duration 2576 2577 // MaxHeaderBytes controls the maximum number of bytes the 2578 // server will read parsing the request header's keys and 2579 // values, including the request line. It does not limit the 2580 // size of the request body. 2581 // If zero, DefaultMaxHeaderBytes is used. 2582 MaxHeaderBytes int 2583 2584 // TLSNextProto optionally specifies a function to take over 2585 // ownership of the provided TLS connection when an ALPN 2586 // protocol upgrade has occurred. The map key is the protocol 2587 // name negotiated. The Handler argument should be used to 2588 // handle HTTP requests and will initialize the Request's TLS 2589 // and RemoteAddr if not already set. The connection is 2590 // automatically closed when the function returns. 2591 // If TLSNextProto is not nil, HTTP/2 support is not enabled 2592 // automatically. 2593 TLSNextProto map[string]func(*Server, *tls.Conn, Handler) 2594 2595 // ConnState specifies an optional callback function that is 2596 // called when a client connection changes state. See the 2597 // ConnState type and associated constants for details. 2598 ConnState func(net.Conn, ConnState) 2599 2600 // ErrorLog specifies an optional logger for errors accepting 2601 // connections, unexpected behavior from handlers, and 2602 // underlying FileSystem errors. 2603 // If nil, logging is done via the log package's standard logger. 2604 ErrorLog *log.Logger 2605 2606 // BaseContext optionally specifies a function that returns 2607 // the base context for incoming requests on this server. 2608 // The provided Listener is the specific Listener that's 2609 // about to start accepting requests. 2610 // If BaseContext is nil, the default is context.Background(). 2611 // If non-nil, it must return a non-nil context. 2612 BaseContext func(net.Listener) context.Context 2613 2614 // ConnContext optionally specifies a function that modifies 2615 // the context used for a new connection c. The provided ctx 2616 // is derived from the base context and has a ServerContextKey 2617 // value. 2618 ConnContext func(ctx context.Context, c net.Conn) context.Context 2619 2620 inShutdown atomicBool // true when server is in shutdown 2621 2622 disableKeepAlives int32 // accessed atomically. 2623 nextProtoOnce sync.Once // guards setupHTTP2_* init 2624 nextProtoErr error // result of http2.ConfigureServer if used 2625 2626 mu sync.Mutex 2627 listeners map[*net.Listener]struct{} 2628 activeConn map[*conn]struct{} 2629 doneChan chan struct{} 2630 onShutdown []func() 2631 } 2632 2633 func (s *Server) getDoneChan() <-chan struct{} { 2634 s.mu.Lock() 2635 defer s.mu.Unlock() 2636 return s.getDoneChanLocked() 2637 } 2638 2639 func (s *Server) getDoneChanLocked() chan struct{} { 2640 if s.doneChan == nil { 2641 s.doneChan = make(chan struct{}) 2642 } 2643 return s.doneChan 2644 } 2645 2646 func (s *Server) closeDoneChanLocked() { 2647 ch := s.getDoneChanLocked() 2648 select { 2649 case <-ch: 2650 // Already closed. Don't close again. 2651 default: 2652 // Safe to close here. We're the only closer, guarded 2653 // by s.mu. 2654 close(ch) 2655 } 2656 } 2657 2658 // Close immediately closes all active net.Listeners and any 2659 // connections in state StateNew, StateActive, or StateIdle. For a 2660 // graceful shutdown, use Shutdown. 2661 // 2662 // Close does not attempt to close (and does not even know about) 2663 // any hijacked connections, such as WebSockets. 2664 // 2665 // Close returns any error returned from closing the Server's 2666 // underlying Listener(s). 2667 func (srv *Server) Close() error { 2668 srv.inShutdown.setTrue() 2669 srv.mu.Lock() 2670 defer srv.mu.Unlock() 2671 srv.closeDoneChanLocked() 2672 err := srv.closeListenersLocked() 2673 for c := range srv.activeConn { 2674 c.rwc.Close() 2675 delete(srv.activeConn, c) 2676 } 2677 return err 2678 } 2679 2680 // shutdownPollIntervalMax is the max polling interval when checking 2681 // quiescence during Server.Shutdown. Polling starts with a small 2682 // interval and backs off to the max. 2683 // Ideally we could find a solution that doesn't involve polling, 2684 // but which also doesn't have a high runtime cost (and doesn't 2685 // involve any contentious mutexes), but that is left as an 2686 // exercise for the reader. 2687 const shutdownPollIntervalMax = 500 * time.Millisecond 2688 2689 // Shutdown gracefully shuts down the server without interrupting any 2690 // active connections. Shutdown works by first closing all open 2691 // listeners, then closing all idle connections, and then waiting 2692 // indefinitely for connections to return to idle and then shut down. 2693 // If the provided context expires before the shutdown is complete, 2694 // Shutdown returns the context's error, otherwise it returns any 2695 // error returned from closing the Server's underlying Listener(s). 2696 // 2697 // When Shutdown is called, Serve, ListenAndServe, and 2698 // ListenAndServeTLS immediately return ErrServerClosed. Make sure the 2699 // program doesn't exit and waits instead for Shutdown to return. 2700 // 2701 // Shutdown does not attempt to close nor wait for hijacked 2702 // connections such as WebSockets. The caller of Shutdown should 2703 // separately notify such long-lived connections of shutdown and wait 2704 // for them to close, if desired. See RegisterOnShutdown for a way to 2705 // register shutdown notification functions. 2706 // 2707 // Once Shutdown has been called on a server, it may not be reused; 2708 // future calls to methods such as Serve will return ErrServerClosed. 2709 func (srv *Server) Shutdown(ctx context.Context) error { 2710 srv.inShutdown.setTrue() 2711 2712 srv.mu.Lock() 2713 lnerr := srv.closeListenersLocked() 2714 srv.closeDoneChanLocked() 2715 for _, f := range srv.onShutdown { 2716 go f() 2717 } 2718 srv.mu.Unlock() 2719 2720 pollIntervalBase := time.Millisecond 2721 nextPollInterval := func() time.Duration { 2722 // Add 10% jitter. 2723 interval := pollIntervalBase + time.Duration(rand.Intn(int(pollIntervalBase/10))) 2724 // Double and clamp for next time. 2725 pollIntervalBase *= 2 2726 if pollIntervalBase > shutdownPollIntervalMax { 2727 pollIntervalBase = shutdownPollIntervalMax 2728 } 2729 return interval 2730 } 2731 2732 timer := time.NewTimer(nextPollInterval()) 2733 defer timer.Stop() 2734 for { 2735 if srv.closeIdleConns() && srv.numListeners() == 0 { 2736 return lnerr 2737 } 2738 select { 2739 case <-ctx.Done(): 2740 return ctx.Err() 2741 case <-timer.C: 2742 timer.Reset(nextPollInterval()) 2743 } 2744 } 2745 } 2746 2747 // RegisterOnShutdown registers a function to call on Shutdown. 2748 // This can be used to gracefully shutdown connections that have 2749 // undergone ALPN protocol upgrade or that have been hijacked. 2750 // This function should start protocol-specific graceful shutdown, 2751 // but should not wait for shutdown to complete. 2752 func (srv *Server) RegisterOnShutdown(f func()) { 2753 srv.mu.Lock() 2754 srv.onShutdown = append(srv.onShutdown, f) 2755 srv.mu.Unlock() 2756 } 2757 2758 func (s *Server) numListeners() int { 2759 s.mu.Lock() 2760 defer s.mu.Unlock() 2761 return len(s.listeners) 2762 } 2763 2764 // closeIdleConns closes all idle connections and reports whether the 2765 // server is quiescent. 2766 func (s *Server) closeIdleConns() bool { 2767 s.mu.Lock() 2768 defer s.mu.Unlock() 2769 quiescent := true 2770 for c := range s.activeConn { 2771 st, unixSec := c.getState() 2772 // Issue 22682: treat StateNew connections as if 2773 // they're idle if we haven't read the first request's 2774 // header in over 5 seconds. 2775 if st == StateNew && unixSec < time.Now().Unix()-5 { 2776 st = StateIdle 2777 } 2778 if st != StateIdle || unixSec == 0 { 2779 // Assume unixSec == 0 means it's a very new 2780 // connection, without state set yet. 2781 quiescent = false 2782 continue 2783 } 2784 c.rwc.Close() 2785 delete(s.activeConn, c) 2786 } 2787 return quiescent 2788 } 2789 2790 func (s *Server) closeListenersLocked() error { 2791 var err error 2792 for ln := range s.listeners { 2793 if cerr := (*ln).Close(); cerr != nil && err == nil { 2794 err = cerr 2795 } 2796 } 2797 return err 2798 } 2799 2800 // A ConnState represents the state of a client connection to a server. 2801 // It's used by the optional Server.ConnState hook. 2802 type ConnState int 2803 2804 const ( 2805 // StateNew represents a new connection that is expected to 2806 // send a request immediately. Connections begin at this 2807 // state and then transition to either StateActive or 2808 // StateClosed. 2809 StateNew ConnState = iota 2810 2811 // StateActive represents a connection that has read 1 or more 2812 // bytes of a request. The Server.ConnState hook for 2813 // StateActive fires before the request has entered a handler 2814 // and doesn't fire again until the request has been 2815 // handled. After the request is handled, the state 2816 // transitions to StateClosed, StateHijacked, or StateIdle. 2817 // For HTTP/2, StateActive fires on the transition from zero 2818 // to one active request, and only transitions away once all 2819 // active requests are complete. That means that ConnState 2820 // cannot be used to do per-request work; ConnState only notes 2821 // the overall state of the connection. 2822 StateActive 2823 2824 // StateIdle represents a connection that has finished 2825 // handling a request and is in the keep-alive state, waiting 2826 // for a new request. Connections transition from StateIdle 2827 // to either StateActive or StateClosed. 2828 StateIdle 2829 2830 // StateHijacked represents a hijacked connection. 2831 // This is a terminal state. It does not transition to StateClosed. 2832 StateHijacked 2833 2834 // StateClosed represents a closed connection. 2835 // This is a terminal state. Hijacked connections do not 2836 // transition to StateClosed. 2837 StateClosed 2838 ) 2839 2840 var stateName = map[ConnState]string{ 2841 StateNew: "new", 2842 StateActive: "active", 2843 StateIdle: "idle", 2844 StateHijacked: "hijacked", 2845 StateClosed: "closed", 2846 } 2847 2848 func (c ConnState) String() string { 2849 return stateName[c] 2850 } 2851 2852 // serverHandler delegates to either the server's Handler or 2853 // DefaultServeMux and also handles "OPTIONS *" requests. 2854 type serverHandler struct { 2855 srv *Server 2856 } 2857 2858 func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request) { 2859 handler := sh.srv.Handler 2860 if handler == nil { 2861 handler = DefaultServeMux 2862 } 2863 if req.RequestURI == "*" && req.Method == "OPTIONS" { 2864 handler = globalOptionsHandler{} 2865 } 2866 2867 if req.URL != nil && strings.Contains(req.URL.RawQuery, ";") { 2868 var allowQuerySemicolonsInUse int32 2869 req = req.WithContext(context.WithValue(req.Context(), silenceSemWarnContextKey, func() { 2870 atomic.StoreInt32(&allowQuerySemicolonsInUse, 1) 2871 })) 2872 defer func() { 2873 if atomic.LoadInt32(&allowQuerySemicolonsInUse) == 0 { 2874 sh.srv.logf("http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192") 2875 } 2876 }() 2877 } 2878 2879 handler.ServeHTTP(rw, req) 2880 } 2881 2882 var silenceSemWarnContextKey = &contextKey{"silence-semicolons"} 2883 2884 // AllowQuerySemicolons returns a handler that serves requests by converting any 2885 // unescaped semicolons in the URL query to ampersands, and invoking the handler h. 2886 // 2887 // This restores the pre-Go 1.17 behavior of splitting query parameters on both 2888 // semicolons and ampersands. (See golang.org/issue/25192). Note that this 2889 // behavior doesn't match that of many proxies, and the mismatch can lead to 2890 // security issues. 2891 // 2892 // AllowQuerySemicolons should be invoked before Request.ParseForm is called. 2893 func AllowQuerySemicolons(h Handler) Handler { 2894 return HandlerFunc(func(w ResponseWriter, r *Request) { 2895 if silenceSemicolonsWarning, ok := r.Context().Value(silenceSemWarnContextKey).(func()); ok { 2896 silenceSemicolonsWarning() 2897 } 2898 if strings.Contains(r.URL.RawQuery, ";") { 2899 r2 := new(Request) 2900 *r2 = *r 2901 r2.URL = new(url.URL) 2902 *r2.URL = *r.URL 2903 r2.URL.RawQuery = strings.ReplaceAll(r.URL.RawQuery, ";", "&") 2904 h.ServeHTTP(w, r2) 2905 } else { 2906 h.ServeHTTP(w, r) 2907 } 2908 }) 2909 } 2910 2911 // ListenAndServe listens on the TCP network address srv.Addr and then 2912 // calls Serve to handle requests on incoming connections. 2913 // Accepted connections are configured to enable TCP keep-alives. 2914 // 2915 // If srv.Addr is blank, ":http" is used. 2916 // 2917 // ListenAndServe always returns a non-nil error. After Shutdown or Close, 2918 // the returned error is ErrServerClosed. 2919 func (srv *Server) ListenAndServe() error { 2920 if srv.shuttingDown() { 2921 return ErrServerClosed 2922 } 2923 addr := srv.Addr 2924 if addr == "" { 2925 addr = ":http" 2926 } 2927 ln, err := net.Listen("tcp", addr) 2928 if err != nil { 2929 return err 2930 } 2931 return srv.Serve(ln) 2932 } 2933 2934 var testHookServerServe func(*Server, net.Listener) // used if non-nil 2935 2936 // shouldDoServeHTTP2 reports whether Server.Serve should configure 2937 // automatic HTTP/2. (which sets up the srv.TLSNextProto map) 2938 func (srv *Server) shouldConfigureHTTP2ForServe() bool { 2939 if srv.TLSConfig == nil { 2940 // Compatibility with Go 1.6: 2941 // If there's no TLSConfig, it's possible that the user just 2942 // didn't set it on the http.Server, but did pass it to 2943 // tls.NewListener and passed that listener to Serve. 2944 // So we should configure HTTP/2 (to set up srv.TLSNextProto) 2945 // in case the listener returns an "h2" *tls.Conn. 2946 return true 2947 } 2948 // The user specified a TLSConfig on their http.Server. 2949 // In this, case, only configure HTTP/2 if their tls.Config 2950 // explicitly mentions "h2". Otherwise http2.ConfigureServer 2951 // would modify the tls.Config to add it, but they probably already 2952 // passed this tls.Config to tls.NewListener. And if they did, 2953 // it's too late anyway to fix it. It would only be potentially racy. 2954 // See Issue 15908. 2955 return strSliceContains(srv.TLSConfig.NextProtos, http2NextProtoTLS) 2956 } 2957 2958 // ErrServerClosed is returned by the Server's Serve, ServeTLS, ListenAndServe, 2959 // and ListenAndServeTLS methods after a call to Shutdown or Close. 2960 var ErrServerClosed = errors.New("http: Server closed") 2961 2962 // Serve accepts incoming connections on the Listener l, creating a 2963 // new service goroutine for each. The service goroutines read requests and 2964 // then call srv.Handler to reply to them. 2965 // 2966 // HTTP/2 support is only enabled if the Listener returns *tls.Conn 2967 // connections and they were configured with "h2" in the TLS 2968 // Config.NextProtos. 2969 // 2970 // Serve always returns a non-nil error and closes l. 2971 // After Shutdown or Close, the returned error is ErrServerClosed. 2972 func (srv *Server) Serve(l net.Listener) error { 2973 if fn := testHookServerServe; fn != nil { 2974 fn(srv, l) // call hook with unwrapped listener 2975 } 2976 2977 origListener := l 2978 l = &onceCloseListener{Listener: l} 2979 defer l.Close() 2980 2981 if err := srv.setupHTTP2_Serve(); err != nil { 2982 return err 2983 } 2984 2985 if !srv.trackListener(&l, true) { 2986 return ErrServerClosed 2987 } 2988 defer srv.trackListener(&l, false) 2989 2990 baseCtx := context.Background() 2991 if srv.BaseContext != nil { 2992 baseCtx = srv.BaseContext(origListener) 2993 if baseCtx == nil { 2994 panic("BaseContext returned a nil context") 2995 } 2996 } 2997 2998 var tempDelay time.Duration // how long to sleep on accept failure 2999 3000 ctx := context.WithValue(baseCtx, ServerContextKey, srv) 3001 for { 3002 rw, err := l.Accept() 3003 if err != nil { 3004 select { 3005 case <-srv.getDoneChan(): 3006 return ErrServerClosed 3007 default: 3008 } 3009 if ne, ok := err.(net.Error); ok && ne.Temporary() { 3010 if tempDelay == 0 { 3011 tempDelay = 5 * time.Millisecond 3012 } else { 3013 tempDelay *= 2 3014 } 3015 if max := 1 * time.Second; tempDelay > max { 3016 tempDelay = max 3017 } 3018 srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay) 3019 time.Sleep(tempDelay) 3020 continue 3021 } 3022 return err 3023 } 3024 connCtx := ctx 3025 if cc := srv.ConnContext; cc != nil { 3026 connCtx = cc(connCtx, rw) 3027 if connCtx == nil { 3028 panic("ConnContext returned nil") 3029 } 3030 } 3031 tempDelay = 0 3032 c := srv.newConn(rw) 3033 c.setState(c.rwc, StateNew, runHooks) // before Serve can return 3034 go c.serve(connCtx) 3035 } 3036 } 3037 3038 // ServeTLS accepts incoming connections on the Listener l, creating a 3039 // new service goroutine for each. The service goroutines perform TLS 3040 // setup and then read requests, calling srv.Handler to reply to them. 3041 // 3042 // Files containing a certificate and matching private key for the 3043 // server must be provided if neither the Server's 3044 // TLSConfig.Certificates nor TLSConfig.GetCertificate are populated. 3045 // If the certificate is signed by a certificate authority, the 3046 // certFile should be the concatenation of the server's certificate, 3047 // any intermediates, and the CA's certificate. 3048 // 3049 // ServeTLS always returns a non-nil error. After Shutdown or Close, the 3050 // returned error is ErrServerClosed. 3051 func (srv *Server) ServeTLS(l net.Listener, certFile, keyFile string) error { 3052 // Setup HTTP/2 before srv.Serve, to initialize srv.TLSConfig 3053 // before we clone it and create the TLS Listener. 3054 if err := srv.setupHTTP2_ServeTLS(); err != nil { 3055 return err 3056 } 3057 3058 config := cloneTLSConfig(srv.TLSConfig) 3059 if !strSliceContains(config.NextProtos, "http/1.1") { 3060 config.NextProtos = append(config.NextProtos, "http/1.1") 3061 } 3062 3063 configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil 3064 if !configHasCert || certFile != "" || keyFile != "" { 3065 var err error 3066 config.Certificates = make([]tls.Certificate, 1) 3067 config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) 3068 if err != nil { 3069 return err 3070 } 3071 } 3072 3073 tlsListener := tls.NewListener(l, config) 3074 return srv.Serve(tlsListener) 3075 } 3076 3077 // trackListener adds or removes a net.Listener to the set of tracked 3078 // listeners. 3079 // 3080 // We store a pointer to interface in the map set, in case the 3081 // net.Listener is not comparable. This is safe because we only call 3082 // trackListener via Serve and can track+defer untrack the same 3083 // pointer to local variable there. We never need to compare a 3084 // Listener from another caller. 3085 // 3086 // It reports whether the server is still up (not Shutdown or Closed). 3087 func (s *Server) trackListener(ln *net.Listener, add bool) bool { 3088 s.mu.Lock() 3089 defer s.mu.Unlock() 3090 if s.listeners == nil { 3091 s.listeners = make(map[*net.Listener]struct{}) 3092 } 3093 if add { 3094 if s.shuttingDown() { 3095 return false 3096 } 3097 s.listeners[ln] = struct{}{} 3098 } else { 3099 delete(s.listeners, ln) 3100 } 3101 return true 3102 } 3103 3104 func (s *Server) trackConn(c *conn, add bool) { 3105 s.mu.Lock() 3106 defer s.mu.Unlock() 3107 if s.activeConn == nil { 3108 s.activeConn = make(map[*conn]struct{}) 3109 } 3110 if add { 3111 s.activeConn[c] = struct{}{} 3112 } else { 3113 delete(s.activeConn, c) 3114 } 3115 } 3116 3117 func (s *Server) idleTimeout() time.Duration { 3118 if s.IdleTimeout != 0 { 3119 return s.IdleTimeout 3120 } 3121 return s.ReadTimeout 3122 } 3123 3124 func (s *Server) readHeaderTimeout() time.Duration { 3125 if s.ReadHeaderTimeout != 0 { 3126 return s.ReadHeaderTimeout 3127 } 3128 return s.ReadTimeout 3129 } 3130 3131 func (s *Server) doKeepAlives() bool { 3132 return atomic.LoadInt32(&s.disableKeepAlives) == 0 && !s.shuttingDown() 3133 } 3134 3135 func (s *Server) shuttingDown() bool { 3136 return s.inShutdown.isSet() 3137 } 3138 3139 // SetKeepAlivesEnabled controls whether HTTP keep-alives are enabled. 3140 // By default, keep-alives are always enabled. Only very 3141 // resource-constrained environments or servers in the process of 3142 // shutting down should disable them. 3143 func (srv *Server) SetKeepAlivesEnabled(v bool) { 3144 if v { 3145 atomic.StoreInt32(&srv.disableKeepAlives, 0) 3146 return 3147 } 3148 atomic.StoreInt32(&srv.disableKeepAlives, 1) 3149 3150 // Close idle HTTP/1 conns: 3151 srv.closeIdleConns() 3152 3153 // TODO: Issue 26303: close HTTP/2 conns as soon as they become idle. 3154 } 3155 3156 func (s *Server) logf(format string, args ...interface{}) { 3157 if s.ErrorLog != nil { 3158 s.ErrorLog.Printf(format, args...) 3159 } else { 3160 log.Printf(format, args...) 3161 } 3162 } 3163 3164 // logf prints to the ErrorLog of the *Server associated with request r 3165 // via ServerContextKey. If there's no associated server, or if ErrorLog 3166 // is nil, logging is done via the log package's standard logger. 3167 func logf(r *Request, format string, args ...interface{}) { 3168 s, _ := r.Context().Value(ServerContextKey).(*Server) 3169 if s != nil && s.ErrorLog != nil { 3170 s.ErrorLog.Printf(format, args...) 3171 } else { 3172 log.Printf(format, args...) 3173 } 3174 } 3175 3176 // ListenAndServe listens on the TCP network address addr and then calls 3177 // Serve with handler to handle requests on incoming connections. 3178 // Accepted connections are configured to enable TCP keep-alives. 3179 // 3180 // The handler is typically nil, in which case the DefaultServeMux is used. 3181 // 3182 // ListenAndServe always returns a non-nil error. 3183 func ListenAndServe(addr string, handler Handler) error { 3184 server := &Server{Addr: addr, Handler: handler} 3185 return server.ListenAndServe() 3186 } 3187 3188 // ListenAndServeTLS acts identically to ListenAndServe, except that it 3189 // expects HTTPS connections. Additionally, files containing a certificate and 3190 // matching private key for the server must be provided. If the certificate 3191 // is signed by a certificate authority, the certFile should be the concatenation 3192 // of the server's certificate, any intermediates, and the CA's certificate. 3193 func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error { 3194 server := &Server{Addr: addr, Handler: handler} 3195 return server.ListenAndServeTLS(certFile, keyFile) 3196 } 3197 3198 // ListenAndServeTLS listens on the TCP network address srv.Addr and 3199 // then calls ServeTLS to handle requests on incoming TLS connections. 3200 // Accepted connections are configured to enable TCP keep-alives. 3201 // 3202 // Filenames containing a certificate and matching private key for the 3203 // server must be provided if neither the Server's TLSConfig.Certificates 3204 // nor TLSConfig.GetCertificate are populated. If the certificate is 3205 // signed by a certificate authority, the certFile should be the 3206 // concatenation of the server's certificate, any intermediates, and 3207 // the CA's certificate. 3208 // 3209 // If srv.Addr is blank, ":https" is used. 3210 // 3211 // ListenAndServeTLS always returns a non-nil error. After Shutdown or 3212 // Close, the returned error is ErrServerClosed. 3213 func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error { 3214 if srv.shuttingDown() { 3215 return ErrServerClosed 3216 } 3217 addr := srv.Addr 3218 if addr == "" { 3219 addr = ":https" 3220 } 3221 3222 ln, err := net.Listen("tcp", addr) 3223 if err != nil { 3224 return err 3225 } 3226 3227 defer ln.Close() 3228 3229 return srv.ServeTLS(ln, certFile, keyFile) 3230 } 3231 3232 // setupHTTP2_ServeTLS conditionally configures HTTP/2 on 3233 // srv and reports whether there was an error setting it up. If it is 3234 // not configured for policy reasons, nil is returned. 3235 func (srv *Server) setupHTTP2_ServeTLS() error { 3236 srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults) 3237 return srv.nextProtoErr 3238 } 3239 3240 // setupHTTP2_Serve is called from (*Server).Serve and conditionally 3241 // configures HTTP/2 on srv using a more conservative policy than 3242 // setupHTTP2_ServeTLS because Serve is called after tls.Listen, 3243 // and may be called concurrently. See shouldConfigureHTTP2ForServe. 3244 // 3245 // The tests named TestTransportAutomaticHTTP2* and 3246 // TestConcurrentServerServe in server_test.go demonstrate some 3247 // of the supported use cases and motivations. 3248 func (srv *Server) setupHTTP2_Serve() error { 3249 srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults_Serve) 3250 return srv.nextProtoErr 3251 } 3252 3253 func (srv *Server) onceSetNextProtoDefaults_Serve() { 3254 if srv.shouldConfigureHTTP2ForServe() { 3255 srv.onceSetNextProtoDefaults() 3256 } 3257 } 3258 3259 // onceSetNextProtoDefaults configures HTTP/2, if the user hasn't 3260 // configured otherwise. (by setting srv.TLSNextProto non-nil) 3261 // It must only be called via srv.nextProtoOnce (use srv.setupHTTP2_*). 3262 func (srv *Server) onceSetNextProtoDefaults() { 3263 if omitBundledHTTP2 || strings.Contains(os.Getenv("GODEBUG"), "http2server=0") { 3264 return 3265 } 3266 // Enable HTTP/2 by default if the user hasn't otherwise 3267 // configured their TLSNextProto map. 3268 if srv.TLSNextProto == nil { 3269 conf := &http2Server{ 3270 NewWriteScheduler: func() http2WriteScheduler { return http2NewPriorityWriteScheduler(nil) }, 3271 } 3272 srv.nextProtoErr = http2ConfigureServer(srv, conf) 3273 } 3274 } 3275 3276 // TimeoutHandler returns a Handler that runs h with the given time limit. 3277 // 3278 // The new Handler calls h.ServeHTTP to handle each request, but if a 3279 // call runs for longer than its time limit, the handler responds with 3280 // a 503 Service Unavailable error and the given message in its body. 3281 // (If msg is empty, a suitable default message will be sent.) 3282 // After such a timeout, writes by h to its ResponseWriter will return 3283 // ErrHandlerTimeout. 3284 // 3285 // TimeoutHandler supports the Pusher interface but does not support 3286 // the Hijacker or Flusher interfaces. 3287 func TimeoutHandler(h Handler, dt time.Duration, msg string) Handler { 3288 return &timeoutHandler{ 3289 handler: h, 3290 body: msg, 3291 dt: dt, 3292 } 3293 } 3294 3295 // ErrHandlerTimeout is returned on ResponseWriter Write calls 3296 // in handlers which have timed out. 3297 var ErrHandlerTimeout = errors.New("http: Handler timeout") 3298 3299 type timeoutHandler struct { 3300 handler Handler 3301 body string 3302 dt time.Duration 3303 3304 // When set, no context will be created and this context will 3305 // be used instead. 3306 testContext context.Context 3307 } 3308 3309 func (h *timeoutHandler) errorBody() string { 3310 if h.body != "" { 3311 return h.body 3312 } 3313 return "<html><head><title>Timeout</title></head><body><h1>Timeout</h1></body></html>" 3314 } 3315 3316 func (h *timeoutHandler) ServeHTTP(w ResponseWriter, r *Request) { 3317 ctx := h.testContext 3318 if ctx == nil { 3319 var cancelCtx context.CancelFunc 3320 ctx, cancelCtx = context.WithTimeout(r.Context(), h.dt) 3321 defer cancelCtx() 3322 } 3323 r = r.WithContext(ctx) 3324 done := make(chan struct{}) 3325 tw := &timeoutWriter{ 3326 w: w, 3327 h: make(Header), 3328 req: r, 3329 } 3330 panicChan := make(chan interface{}, 1) 3331 go func() { 3332 defer func() { 3333 if p := recover(); p != nil { 3334 panicChan <- p 3335 } 3336 }() 3337 h.handler.ServeHTTP(tw, r) 3338 close(done) 3339 }() 3340 select { 3341 case p := <-panicChan: 3342 panic(p) 3343 case <-done: 3344 tw.mu.Lock() 3345 defer tw.mu.Unlock() 3346 dst := w.Header() 3347 for k, vv := range tw.h { 3348 dst[k] = vv 3349 } 3350 if !tw.wroteHeader { 3351 tw.code = StatusOK 3352 } 3353 w.WriteHeader(tw.code) 3354 w.Write(tw.wbuf.Bytes()) 3355 case <-ctx.Done(): 3356 tw.mu.Lock() 3357 defer tw.mu.Unlock() 3358 w.WriteHeader(StatusServiceUnavailable) 3359 io.WriteString(w, h.errorBody()) 3360 tw.timedOut = true 3361 } 3362 } 3363 3364 type timeoutWriter struct { 3365 w ResponseWriter 3366 h Header 3367 wbuf bytes.Buffer 3368 req *Request 3369 3370 mu sync.Mutex 3371 timedOut bool 3372 wroteHeader bool 3373 code int 3374 } 3375 3376 var _ Pusher = (*timeoutWriter)(nil) 3377 3378 // Push implements the Pusher interface. 3379 func (tw *timeoutWriter) Push(target string, opts *PushOptions) error { 3380 if pusher, ok := tw.w.(Pusher); ok { 3381 return pusher.Push(target, opts) 3382 } 3383 return ErrNotSupported 3384 } 3385 3386 func (tw *timeoutWriter) Header() Header { return tw.h } 3387 3388 func (tw *timeoutWriter) Write(p []byte) (int, error) { 3389 tw.mu.Lock() 3390 defer tw.mu.Unlock() 3391 if tw.timedOut { 3392 return 0, ErrHandlerTimeout 3393 } 3394 if !tw.wroteHeader { 3395 tw.writeHeaderLocked(StatusOK) 3396 } 3397 return tw.wbuf.Write(p) 3398 } 3399 3400 func (tw *timeoutWriter) writeHeaderLocked(code int) { 3401 checkWriteHeaderCode(code) 3402 3403 switch { 3404 case tw.timedOut: 3405 return 3406 case tw.wroteHeader: 3407 if tw.req != nil { 3408 caller := relevantCaller() 3409 logf(tw.req, "http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 3410 } 3411 default: 3412 tw.wroteHeader = true 3413 tw.code = code 3414 } 3415 } 3416 3417 func (tw *timeoutWriter) WriteHeader(code int) { 3418 tw.mu.Lock() 3419 defer tw.mu.Unlock() 3420 tw.writeHeaderLocked(code) 3421 } 3422 3423 // onceCloseListener wraps a net.Listener, protecting it from 3424 // multiple Close calls. 3425 type onceCloseListener struct { 3426 net.Listener 3427 once sync.Once 3428 closeErr error 3429 } 3430 3431 func (oc *onceCloseListener) Close() error { 3432 oc.once.Do(oc.close) 3433 return oc.closeErr 3434 } 3435 3436 func (oc *onceCloseListener) close() { oc.closeErr = oc.Listener.Close() } 3437 3438 // globalOptionsHandler responds to "OPTIONS *" requests. 3439 type globalOptionsHandler struct{} 3440 3441 func (globalOptionsHandler) ServeHTTP(w ResponseWriter, r *Request) { 3442 w.Header().Set("Content-Length", "0") 3443 if r.ContentLength != 0 { 3444 // Read up to 4KB of OPTIONS body (as mentioned in the 3445 // spec as being reserved for future use), but anything 3446 // over that is considered a waste of server resources 3447 // (or an attack) and we abort and close the connection, 3448 // courtesy of MaxBytesReader's EOF behavior. 3449 mb := MaxBytesReader(w, r.Body, 4<<10) 3450 io.Copy(io.Discard, mb) 3451 } 3452 } 3453 3454 // initALPNRequest is an HTTP handler that initializes certain 3455 // uninitialized fields in its *Request. Such partially-initialized 3456 // Requests come from ALPN protocol handlers. 3457 type initALPNRequest struct { 3458 ctx context.Context 3459 c *tls.Conn 3460 h serverHandler 3461 } 3462 3463 // BaseContext is an exported but unadvertised http.Handler method 3464 // recognized by x/net/http2 to pass down a context; the TLSNextProto 3465 // API predates context support so we shoehorn through the only 3466 // interface we have available. 3467 func (h initALPNRequest) BaseContext() context.Context { return h.ctx } 3468 3469 func (h initALPNRequest) ServeHTTP(rw ResponseWriter, req *Request) { 3470 if req.TLS == nil { 3471 req.TLS = &tls.ConnectionState{} 3472 *req.TLS = h.c.ConnectionState() 3473 } 3474 if req.Body == nil { 3475 req.Body = NoBody 3476 } 3477 if req.RemoteAddr == "" { 3478 req.RemoteAddr = h.c.RemoteAddr().String() 3479 } 3480 h.h.ServeHTTP(rw, req) 3481 } 3482 3483 // loggingConn is used for debugging. 3484 type loggingConn struct { 3485 name string 3486 net.Conn 3487 } 3488 3489 var ( 3490 uniqNameMu sync.Mutex 3491 uniqNameNext = make(map[string]int) 3492 ) 3493 3494 func newLoggingConn(baseName string, c net.Conn) net.Conn { 3495 uniqNameMu.Lock() 3496 defer uniqNameMu.Unlock() 3497 uniqNameNext[baseName]++ 3498 return &loggingConn{ 3499 name: fmt.Sprintf("%s-%d", baseName, uniqNameNext[baseName]), 3500 Conn: c, 3501 } 3502 } 3503 3504 func (c *loggingConn) Write(p []byte) (n int, err error) { 3505 log.Printf("%s.Write(%d) = ....", c.name, len(p)) 3506 n, err = c.Conn.Write(p) 3507 log.Printf("%s.Write(%d) = %d, %v", c.name, len(p), n, err) 3508 return 3509 } 3510 3511 func (c *loggingConn) Read(p []byte) (n int, err error) { 3512 log.Printf("%s.Read(%d) = ....", c.name, len(p)) 3513 n, err = c.Conn.Read(p) 3514 log.Printf("%s.Read(%d) = %d, %v", c.name, len(p), n, err) 3515 return 3516 } 3517 3518 func (c *loggingConn) Close() (err error) { 3519 log.Printf("%s.Close() = ...", c.name) 3520 err = c.Conn.Close() 3521 log.Printf("%s.Close() = %v", c.name, err) 3522 return 3523 } 3524 3525 // checkConnErrorWriter writes to c.rwc and records any write errors to c.werr. 3526 // It only contains one field (and a pointer field at that), so it 3527 // fits in an interface value without an extra allocation. 3528 type checkConnErrorWriter struct { 3529 c *conn 3530 } 3531 3532 func (w checkConnErrorWriter) Write(p []byte) (n int, err error) { 3533 n, err = w.c.rwc.Write(p) 3534 if err != nil && w.c.werr == nil { 3535 w.c.werr = err 3536 w.c.cancelCtx() 3537 } 3538 return 3539 } 3540 3541 func numLeadingCRorLF(v []byte) (n int) { 3542 for _, b := range v { 3543 if b == '\r' || b == '\n' { 3544 n++ 3545 continue 3546 } 3547 break 3548 } 3549 return 3550 3551 } 3552 3553 func strSliceContains(ss []string, s string) bool { 3554 for _, v := range ss { 3555 if v == s { 3556 return true 3557 } 3558 } 3559 return false 3560 } 3561 3562 // tlsRecordHeaderLooksLikeHTTP reports whether a TLS record header 3563 // looks like it might've been a misdirected plaintext HTTP request. 3564 func tlsRecordHeaderLooksLikeHTTP(hdr [5]byte) bool { 3565 switch string(hdr[:]) { 3566 case "GET /", "HEAD ", "POST ", "PUT /", "OPTIO": 3567 return true 3568 } 3569 return false 3570 }