github.com/pslzym/go-ethereum@v1.8.17-0.20180926104442-4b6824e07b1b/rpc/http.go (about)

     1  // Copyright 2015 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package rpc
    18  
    19  import (
    20  	"bytes"
    21  	"context"
    22  	"encoding/json"
    23  	"errors"
    24  	"fmt"
    25  	"io"
    26  	"io/ioutil"
    27  	"mime"
    28  	"net"
    29  	"net/http"
    30  	"strings"
    31  	"sync"
    32  	"time"
    33  
    34  	"github.com/ethereum/go-ethereum/log"
    35  	"github.com/rs/cors"
    36  )
    37  
    38  const (
    39  	contentType             = "application/json"
    40  	maxRequestContentLength = 1024 * 512
    41  )
    42  
    43  var nullAddr, _ = net.ResolveTCPAddr("tcp", "127.0.0.1:0")
    44  
    45  type httpConn struct {
    46  	client    *http.Client
    47  	req       *http.Request
    48  	closeOnce sync.Once
    49  	closed    chan struct{}
    50  }
    51  
    52  // httpConn is treated specially by Client.
    53  func (hc *httpConn) LocalAddr() net.Addr              { return nullAddr }
    54  func (hc *httpConn) RemoteAddr() net.Addr             { return nullAddr }
    55  func (hc *httpConn) SetReadDeadline(time.Time) error  { return nil }
    56  func (hc *httpConn) SetWriteDeadline(time.Time) error { return nil }
    57  func (hc *httpConn) SetDeadline(time.Time) error      { return nil }
    58  func (hc *httpConn) Write([]byte) (int, error)        { panic("Write called") }
    59  
    60  func (hc *httpConn) Read(b []byte) (int, error) {
    61  	<-hc.closed
    62  	return 0, io.EOF
    63  }
    64  
    65  func (hc *httpConn) Close() error {
    66  	hc.closeOnce.Do(func() { close(hc.closed) })
    67  	return nil
    68  }
    69  
    70  // HTTPTimeouts represents the configuration params for the HTTP RPC server.
    71  type HTTPTimeouts struct {
    72  	// ReadTimeout is the maximum duration for reading the entire
    73  	// request, including the body.
    74  	//
    75  	// Because ReadTimeout does not let Handlers make per-request
    76  	// decisions on each request body's acceptable deadline or
    77  	// upload rate, most users will prefer to use
    78  	// ReadHeaderTimeout. It is valid to use them both.
    79  	ReadTimeout time.Duration
    80  
    81  	// WriteTimeout is the maximum duration before timing out
    82  	// writes of the response. It is reset whenever a new
    83  	// request's header is read. Like ReadTimeout, it does not
    84  	// let Handlers make decisions on a per-request basis.
    85  	WriteTimeout time.Duration
    86  
    87  	// IdleTimeout is the maximum amount of time to wait for the
    88  	// next request when keep-alives are enabled. If IdleTimeout
    89  	// is zero, the value of ReadTimeout is used. If both are
    90  	// zero, ReadHeaderTimeout is used.
    91  	IdleTimeout time.Duration
    92  }
    93  
    94  // DefaultHTTPTimeouts represents the default timeout values used if further
    95  // configuration is not provided.
    96  var DefaultHTTPTimeouts = HTTPTimeouts{
    97  	ReadTimeout:  30 * time.Second,
    98  	WriteTimeout: 30 * time.Second,
    99  	IdleTimeout:  120 * time.Second,
   100  }
   101  
   102  // DialHTTPWithClient creates a new RPC client that connects to an RPC server over HTTP
   103  // using the provided HTTP Client.
   104  func DialHTTPWithClient(endpoint string, client *http.Client) (*Client, error) {
   105  	req, err := http.NewRequest(http.MethodPost, endpoint, nil)
   106  	if err != nil {
   107  		return nil, err
   108  	}
   109  	req.Header.Set("Content-Type", contentType)
   110  	req.Header.Set("Accept", contentType)
   111  
   112  	initctx := context.Background()
   113  	return newClient(initctx, func(context.Context) (net.Conn, error) {
   114  		return &httpConn{client: client, req: req, closed: make(chan struct{})}, nil
   115  	})
   116  }
   117  
   118  // DialHTTP creates a new RPC client that connects to an RPC server over HTTP.
   119  func DialHTTP(endpoint string) (*Client, error) {
   120  	return DialHTTPWithClient(endpoint, new(http.Client))
   121  }
   122  
   123  func (c *Client) sendHTTP(ctx context.Context, op *requestOp, msg interface{}) error {
   124  	hc := c.writeConn.(*httpConn)
   125  	respBody, err := hc.doRequest(ctx, msg)
   126  	if respBody != nil {
   127  		defer respBody.Close()
   128  	}
   129  
   130  	if err != nil {
   131  		if respBody != nil {
   132  			buf := new(bytes.Buffer)
   133  			if _, err2 := buf.ReadFrom(respBody); err2 == nil {
   134  				return fmt.Errorf("%v %v", err, buf.String())
   135  			}
   136  		}
   137  		return err
   138  	}
   139  	var respmsg jsonrpcMessage
   140  	if err := json.NewDecoder(respBody).Decode(&respmsg); err != nil {
   141  		return err
   142  	}
   143  	op.resp <- &respmsg
   144  	return nil
   145  }
   146  
   147  func (c *Client) sendBatchHTTP(ctx context.Context, op *requestOp, msgs []*jsonrpcMessage) error {
   148  	hc := c.writeConn.(*httpConn)
   149  	respBody, err := hc.doRequest(ctx, msgs)
   150  	if err != nil {
   151  		return err
   152  	}
   153  	defer respBody.Close()
   154  	var respmsgs []jsonrpcMessage
   155  	if err := json.NewDecoder(respBody).Decode(&respmsgs); err != nil {
   156  		return err
   157  	}
   158  	for i := 0; i < len(respmsgs); i++ {
   159  		op.resp <- &respmsgs[i]
   160  	}
   161  	return nil
   162  }
   163  
   164  func (hc *httpConn) doRequest(ctx context.Context, msg interface{}) (io.ReadCloser, error) {
   165  	body, err := json.Marshal(msg)
   166  	if err != nil {
   167  		return nil, err
   168  	}
   169  	req := hc.req.WithContext(ctx)
   170  	req.Body = ioutil.NopCloser(bytes.NewReader(body))
   171  	req.ContentLength = int64(len(body))
   172  
   173  	resp, err := hc.client.Do(req)
   174  	if err != nil {
   175  		return nil, err
   176  	}
   177  	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
   178  		return resp.Body, errors.New(resp.Status)
   179  	}
   180  	return resp.Body, nil
   181  }
   182  
   183  // httpReadWriteNopCloser wraps a io.Reader and io.Writer with a NOP Close method.
   184  type httpReadWriteNopCloser struct {
   185  	io.Reader
   186  	io.Writer
   187  }
   188  
   189  // Close does nothing and returns always nil
   190  func (t *httpReadWriteNopCloser) Close() error {
   191  	return nil
   192  }
   193  
   194  // NewHTTPServer creates a new HTTP RPC server around an API provider.
   195  //
   196  // Deprecated: Server implements http.Handler
   197  func NewHTTPServer(cors []string, vhosts []string, timeouts HTTPTimeouts, srv *Server) *http.Server {
   198  	// Wrap the CORS-handler within a host-handler
   199  	handler := newCorsHandler(srv, cors)
   200  	handler = newVHostHandler(vhosts, handler)
   201  
   202  	// Make sure timeout values are meaningful
   203  	if timeouts.ReadTimeout < time.Second {
   204  		log.Warn("Sanitizing invalid HTTP read timeout", "provided", timeouts.ReadTimeout, "updated", DefaultHTTPTimeouts.ReadTimeout)
   205  		timeouts.ReadTimeout = DefaultHTTPTimeouts.ReadTimeout
   206  	}
   207  	if timeouts.WriteTimeout < time.Second {
   208  		log.Warn("Sanitizing invalid HTTP write timeout", "provided", timeouts.WriteTimeout, "updated", DefaultHTTPTimeouts.WriteTimeout)
   209  		timeouts.WriteTimeout = DefaultHTTPTimeouts.WriteTimeout
   210  	}
   211  	if timeouts.IdleTimeout < time.Second {
   212  		log.Warn("Sanitizing invalid HTTP idle timeout", "provided", timeouts.IdleTimeout, "updated", DefaultHTTPTimeouts.IdleTimeout)
   213  		timeouts.IdleTimeout = DefaultHTTPTimeouts.IdleTimeout
   214  	}
   215  	// Bundle and start the HTTP server
   216  	return &http.Server{
   217  		Handler:      handler,
   218  		ReadTimeout:  timeouts.ReadTimeout,
   219  		WriteTimeout: timeouts.WriteTimeout,
   220  		IdleTimeout:  timeouts.IdleTimeout,
   221  	}
   222  }
   223  
   224  // ServeHTTP serves JSON-RPC requests over HTTP.
   225  func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
   226  	// Permit dumb empty requests for remote health-checks (AWS)
   227  	if r.Method == http.MethodGet && r.ContentLength == 0 && r.URL.RawQuery == "" {
   228  		return
   229  	}
   230  	if code, err := validateRequest(r); err != nil {
   231  		http.Error(w, err.Error(), code)
   232  		return
   233  	}
   234  	// All checks passed, create a codec that reads direct from the request body
   235  	// untilEOF and writes the response to w and order the server to process a
   236  	// single request.
   237  	ctx := r.Context()
   238  	ctx = context.WithValue(ctx, "remote", r.RemoteAddr)
   239  	ctx = context.WithValue(ctx, "scheme", r.Proto)
   240  	ctx = context.WithValue(ctx, "local", r.Host)
   241  	if ua := r.Header.Get("User-Agent"); ua != "" {
   242  		ctx = context.WithValue(ctx, "User-Agent", ua)
   243  	}
   244  	if origin := r.Header.Get("Origin"); origin != "" {
   245  		ctx = context.WithValue(ctx, "Origin", origin)
   246  	}
   247  
   248  	body := io.LimitReader(r.Body, maxRequestContentLength)
   249  	codec := NewJSONCodec(&httpReadWriteNopCloser{body, w})
   250  	defer codec.Close()
   251  
   252  	w.Header().Set("content-type", contentType)
   253  	srv.ServeSingleRequest(ctx, codec, OptionMethodInvocation)
   254  }
   255  
   256  // validateRequest returns a non-zero response code and error message if the
   257  // request is invalid.
   258  func validateRequest(r *http.Request) (int, error) {
   259  	if r.Method == http.MethodPut || r.Method == http.MethodDelete {
   260  		return http.StatusMethodNotAllowed, errors.New("method not allowed")
   261  	}
   262  	if r.ContentLength > maxRequestContentLength {
   263  		err := fmt.Errorf("content length too large (%d>%d)", r.ContentLength, maxRequestContentLength)
   264  		return http.StatusRequestEntityTooLarge, err
   265  	}
   266  	mt, _, err := mime.ParseMediaType(r.Header.Get("content-type"))
   267  	if r.Method != http.MethodOptions && (err != nil || mt != contentType) {
   268  		err := fmt.Errorf("invalid content type, only %s is supported", contentType)
   269  		return http.StatusUnsupportedMediaType, err
   270  	}
   271  	return 0, nil
   272  }
   273  
   274  func newCorsHandler(srv *Server, allowedOrigins []string) http.Handler {
   275  	// disable CORS support if user has not specified a custom CORS configuration
   276  	if len(allowedOrigins) == 0 {
   277  		return srv
   278  	}
   279  	c := cors.New(cors.Options{
   280  		AllowedOrigins: allowedOrigins,
   281  		AllowedMethods: []string{http.MethodPost, http.MethodGet},
   282  		MaxAge:         600,
   283  		AllowedHeaders: []string{"*"},
   284  	})
   285  	return c.Handler(srv)
   286  }
   287  
   288  // virtualHostHandler is a handler which validates the Host-header of incoming requests.
   289  // The virtualHostHandler can prevent DNS rebinding attacks, which do not utilize CORS-headers,
   290  // since they do in-domain requests against the RPC api. Instead, we can see on the Host-header
   291  // which domain was used, and validate that against a whitelist.
   292  type virtualHostHandler struct {
   293  	vhosts map[string]struct{}
   294  	next   http.Handler
   295  }
   296  
   297  // ServeHTTP serves JSON-RPC requests over HTTP, implements http.Handler
   298  func (h *virtualHostHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
   299  	// if r.Host is not set, we can continue serving since a browser would set the Host header
   300  	if r.Host == "" {
   301  		h.next.ServeHTTP(w, r)
   302  		return
   303  	}
   304  	host, _, err := net.SplitHostPort(r.Host)
   305  	if err != nil {
   306  		// Either invalid (too many colons) or no port specified
   307  		host = r.Host
   308  	}
   309  	if ipAddr := net.ParseIP(host); ipAddr != nil {
   310  		// It's an IP address, we can serve that
   311  		h.next.ServeHTTP(w, r)
   312  		return
   313  
   314  	}
   315  	// Not an ip address, but a hostname. Need to validate
   316  	if _, exist := h.vhosts["*"]; exist {
   317  		h.next.ServeHTTP(w, r)
   318  		return
   319  	}
   320  	if _, exist := h.vhosts[host]; exist {
   321  		h.next.ServeHTTP(w, r)
   322  		return
   323  	}
   324  	http.Error(w, "invalid host specified", http.StatusForbidden)
   325  }
   326  
   327  func newVHostHandler(vhosts []string, next http.Handler) http.Handler {
   328  	vhostMap := make(map[string]struct{})
   329  	for _, allowedHost := range vhosts {
   330  		vhostMap[strings.ToLower(allowedHost)] = struct{}{}
   331  	}
   332  	return &virtualHostHandler{vhostMap, next}
   333  }