1
0

server.go 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
  1. // Copyright 2013 The Gorilla WebSocket Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package websocket
  5. import (
  6. "bufio"
  7. "errors"
  8. "net"
  9. "net/http"
  10. "net/url"
  11. "strings"
  12. "time"
  13. )
  14. // HandshakeError describes an error with the handshake from the peer.
  15. type HandshakeError struct {
  16. message string
  17. }
  18. func (e HandshakeError) Error() string { return e.message }
  19. // Upgrader specifies parameters for upgrading an HTTP connection to a
  20. // WebSocket connection.
  21. type Upgrader struct {
  22. // HandshakeTimeout specifies the duration for the handshake to complete.
  23. HandshakeTimeout time.Duration
  24. // ReadBufferSize and WriteBufferSize specify I/O buffer sizes. If a buffer
  25. // size is zero, then buffers allocated by the HTTP server are used. The
  26. // I/O buffer sizes do not limit the size of the messages that can be sent
  27. // or received.
  28. ReadBufferSize, WriteBufferSize int
  29. // Subprotocols specifies the server's supported protocols in order of
  30. // preference. If this field is set, then the Upgrade method negotiates a
  31. // subprotocol by selecting the first match in this list with a protocol
  32. // requested by the client.
  33. Subprotocols []string
  34. // Error specifies the function for generating HTTP error responses. If Error
  35. // is nil, then http.Error is used to generate the HTTP response.
  36. Error func(w http.ResponseWriter, r *http.Request, status int, reason error)
  37. // CheckOrigin returns true if the request Origin header is acceptable. If
  38. // CheckOrigin is nil, the host in the Origin header must not be set or
  39. // must match the host of the request.
  40. CheckOrigin func(r *http.Request) bool
  41. // EnableCompression specify if the server should attempt to negotiate per
  42. // message compression (RFC 7692). Setting this value to true does not
  43. // guarantee that compression will be supported. Currently only "no context
  44. // takeover" modes are supported.
  45. EnableCompression bool
  46. }
  47. func (u *Upgrader) returnError(w http.ResponseWriter, r *http.Request, status int, reason string) (*Conn, error) {
  48. err := HandshakeError{reason}
  49. if u.Error != nil {
  50. u.Error(w, r, status, err)
  51. } else {
  52. w.Header().Set("Sec-Websocket-Version", "13")
  53. http.Error(w, http.StatusText(status), status)
  54. }
  55. return nil, err
  56. }
  57. // checkSameOrigin returns true if the origin is not set or is equal to the request host.
  58. func checkSameOrigin(r *http.Request) bool {
  59. origin := r.Header["Origin"]
  60. if len(origin) == 0 {
  61. return true
  62. }
  63. u, err := url.Parse(origin[0])
  64. if err != nil {
  65. return false
  66. }
  67. return equalASCIIFold(u.Host, r.Host)
  68. }
  69. func (u *Upgrader) selectSubprotocol(r *http.Request, responseHeader http.Header) string {
  70. if u.Subprotocols != nil {
  71. clientProtocols := Subprotocols(r)
  72. for _, serverProtocol := range u.Subprotocols {
  73. for _, clientProtocol := range clientProtocols {
  74. if clientProtocol == serverProtocol {
  75. return clientProtocol
  76. }
  77. }
  78. }
  79. } else if responseHeader != nil {
  80. return responseHeader.Get("Sec-Websocket-Protocol")
  81. }
  82. return ""
  83. }
  84. // Upgrade upgrades the HTTP server connection to the WebSocket protocol.
  85. //
  86. // The responseHeader is included in the response to the client's upgrade
  87. // request. Use the responseHeader to specify cookies (Set-Cookie) and the
  88. // application negotiated subprotocol (Sec-Websocket-Protocol).
  89. //
  90. // If the upgrade fails, then Upgrade replies to the client with an HTTP error
  91. // response.
  92. func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeader http.Header) (*Conn, error) {
  93. const badHandshake = "websocket: the client is not using the websocket protocol: "
  94. if !tokenListContainsValue(r.Header, "Connection", "upgrade") {
  95. return u.returnError(w, r, http.StatusBadRequest, badHandshake+"'upgrade' token not found in 'Connection' header")
  96. }
  97. if !tokenListContainsValue(r.Header, "Upgrade", "websocket") {
  98. return u.returnError(w, r, http.StatusBadRequest, badHandshake+"'websocket' token not found in 'Upgrade' header")
  99. }
  100. if r.Method != "GET" {
  101. return u.returnError(w, r, http.StatusMethodNotAllowed, badHandshake+"request method is not GET")
  102. }
  103. if !tokenListContainsValue(r.Header, "Sec-Websocket-Version", "13") {
  104. return u.returnError(w, r, http.StatusBadRequest, "websocket: unsupported version: 13 not found in 'Sec-Websocket-Version' header")
  105. }
  106. if _, ok := responseHeader["Sec-Websocket-Extensions"]; ok {
  107. return u.returnError(w, r, http.StatusInternalServerError, "websocket: application specific 'Sec-Websocket-Extensions' headers are unsupported")
  108. }
  109. checkOrigin := u.CheckOrigin
  110. if checkOrigin == nil {
  111. checkOrigin = checkSameOrigin
  112. }
  113. if !checkOrigin(r) {
  114. return u.returnError(w, r, http.StatusForbidden, "websocket: 'Origin' header value not allowed")
  115. }
  116. challengeKey := r.Header.Get("Sec-Websocket-Key")
  117. if challengeKey == "" {
  118. return u.returnError(w, r, http.StatusBadRequest, "websocket: not a websocket handshake: `Sec-Websocket-Key' header is missing or blank")
  119. }
  120. subprotocol := u.selectSubprotocol(r, responseHeader)
  121. // Negotiate PMCE
  122. var compress bool
  123. if u.EnableCompression {
  124. for _, ext := range parseExtensions(r.Header) {
  125. if ext[""] != "permessage-deflate" {
  126. continue
  127. }
  128. compress = true
  129. break
  130. }
  131. }
  132. var (
  133. netConn net.Conn
  134. err error
  135. )
  136. h, ok := w.(http.Hijacker)
  137. if !ok {
  138. return u.returnError(w, r, http.StatusInternalServerError, "websocket: response does not implement http.Hijacker")
  139. }
  140. var brw *bufio.ReadWriter
  141. netConn, brw, err = h.Hijack()
  142. if err != nil {
  143. return u.returnError(w, r, http.StatusInternalServerError, err.Error())
  144. }
  145. if brw.Reader.Buffered() > 0 {
  146. netConn.Close()
  147. return nil, errors.New("websocket: client sent data before handshake is complete")
  148. }
  149. c := newConnBRW(netConn, true, u.ReadBufferSize, u.WriteBufferSize, brw)
  150. c.subprotocol = subprotocol
  151. if compress {
  152. c.newCompressionWriter = compressNoContextTakeover
  153. c.newDecompressionReader = decompressNoContextTakeover
  154. }
  155. p := c.writeBuf[:0]
  156. p = append(p, "HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: "...)
  157. p = append(p, computeAcceptKey(challengeKey)...)
  158. p = append(p, "\r\n"...)
  159. if c.subprotocol != "" {
  160. p = append(p, "Sec-Websocket-Protocol: "...)
  161. p = append(p, c.subprotocol...)
  162. p = append(p, "\r\n"...)
  163. }
  164. if compress {
  165. p = append(p, "Sec-Websocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\n"...)
  166. }
  167. for k, vs := range responseHeader {
  168. if k == "Sec-Websocket-Protocol" {
  169. continue
  170. }
  171. for _, v := range vs {
  172. p = append(p, k...)
  173. p = append(p, ": "...)
  174. for i := 0; i < len(v); i++ {
  175. b := v[i]
  176. if b <= 31 {
  177. // prevent response splitting.
  178. b = ' '
  179. }
  180. p = append(p, b)
  181. }
  182. p = append(p, "\r\n"...)
  183. }
  184. }
  185. p = append(p, "\r\n"...)
  186. // Clear deadlines set by HTTP server.
  187. netConn.SetDeadline(time.Time{})
  188. if u.HandshakeTimeout > 0 {
  189. netConn.SetWriteDeadline(time.Now().Add(u.HandshakeTimeout))
  190. }
  191. if _, err = netConn.Write(p); err != nil {
  192. netConn.Close()
  193. return nil, err
  194. }
  195. if u.HandshakeTimeout > 0 {
  196. netConn.SetWriteDeadline(time.Time{})
  197. }
  198. return c, nil
  199. }
  200. // Upgrade upgrades the HTTP server connection to the WebSocket protocol.
  201. //
  202. // Deprecated: Use websocket.Upgrader instead.
  203. //
  204. // Upgrade does not perform origin checking. The application is responsible for
  205. // checking the Origin header before calling Upgrade. An example implementation
  206. // of the same origin policy check is:
  207. //
  208. // if req.Header.Get("Origin") != "http://"+req.Host {
  209. // http.Error(w, "Origin not allowed", 403)
  210. // return
  211. // }
  212. //
  213. // If the endpoint supports subprotocols, then the application is responsible
  214. // for negotiating the protocol used on the connection. Use the Subprotocols()
  215. // function to get the subprotocols requested by the client. Use the
  216. // Sec-Websocket-Protocol response header to specify the subprotocol selected
  217. // by the application.
  218. //
  219. // The responseHeader is included in the response to the client's upgrade
  220. // request. Use the responseHeader to specify cookies (Set-Cookie) and the
  221. // negotiated subprotocol (Sec-Websocket-Protocol).
  222. //
  223. // The connection buffers IO to the underlying network connection. The
  224. // readBufSize and writeBufSize parameters specify the size of the buffers to
  225. // use. Messages can be larger than the buffers.
  226. //
  227. // If the request is not a valid WebSocket handshake, then Upgrade returns an
  228. // error of type HandshakeError. Applications should handle this error by
  229. // replying to the client with an HTTP error response.
  230. func Upgrade(w http.ResponseWriter, r *http.Request, responseHeader http.Header, readBufSize, writeBufSize int) (*Conn, error) {
  231. u := Upgrader{ReadBufferSize: readBufSize, WriteBufferSize: writeBufSize}
  232. u.Error = func(w http.ResponseWriter, r *http.Request, status int, reason error) {
  233. // don't return errors to maintain backwards compatibility
  234. }
  235. u.CheckOrigin = func(r *http.Request) bool {
  236. // allow all connections by default
  237. return true
  238. }
  239. return u.Upgrade(w, r, responseHeader)
  240. }
  241. // Subprotocols returns the subprotocols requested by the client in the
  242. // Sec-Websocket-Protocol header.
  243. func Subprotocols(r *http.Request) []string {
  244. h := strings.TrimSpace(r.Header.Get("Sec-Websocket-Protocol"))
  245. if h == "" {
  246. return nil
  247. }
  248. protocols := strings.Split(h, ",")
  249. for i := range protocols {
  250. protocols[i] = strings.TrimSpace(protocols[i])
  251. }
  252. return protocols
  253. }
  254. // IsWebSocketUpgrade returns true if the client requested upgrade to the
  255. // WebSocket protocol.
  256. func IsWebSocketUpgrade(r *http.Request) bool {
  257. return tokenListContainsValue(r.Header, "Connection", "upgrade") &&
  258. tokenListContainsValue(r.Header, "Upgrade", "websocket")
  259. }