websocket.go 9.6 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
// Copyright 2015 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

package rpc

import (
20
	"context"
21
	"encoding/base64"
22 23
	"fmt"
	"net/http"
24
	"net/url"
25
	"os"
26
	"strings"
27
	"sync"
28
	"time"
29

30
	mapset "github.com/deckarep/golang-set/v2"
31
	"github.com/ethereum/go-ethereum/log"
32
	"github.com/gorilla/websocket"
33 34
)

35
const (
36 37
	wsReadBuffer       = 1024
	wsWriteBuffer      = 1024
38
	wsPingInterval     = 30 * time.Second
39
	wsPingWriteTimeout = 5 * time.Second
40
	wsPongTimeout      = 30 * time.Second
41
	wsMessageSizeLimit = 32 * 1024 * 1024
42 43 44 45
)

var wsBufferPool = new(sync.Pool)

46 47 48 49
// WebsocketHandler returns a handler that serves JSON-RPC to WebSocket connections.
//
// allowedOrigins should be a comma-separated list of allowed origin URLs.
// To allow connections with any origin, pass "*".
50
func (s *Server) WebsocketHandler(allowedOrigins []string) http.Handler {
51 52 53 54 55 56 57 58 59 60 61
	var upgrader = websocket.Upgrader{
		ReadBufferSize:  wsReadBuffer,
		WriteBufferSize: wsWriteBuffer,
		WriteBufferPool: wsBufferPool,
		CheckOrigin:     wsHandshakeValidator(allowedOrigins),
	}
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		conn, err := upgrader.Upgrade(w, r, nil)
		if err != nil {
			log.Debug("WebSocket upgrade failed", "err", err)
			return
62
		}
63
		codec := newWebsocketCodec(conn, r.Host, r.Header)
64
		s.ServeCodec(codec, 0)
65
	})
66 67 68 69 70
}

// wsHandshakeValidator returns a handler that verifies the origin during the
// websocket upgrade process. When a '*' is specified as an allowed origins all
// connections are accepted.
71
func wsHandshakeValidator(allowedOrigins []string) func(*http.Request) bool {
72
	origins := mapset.NewSet[string]()
73 74 75 76 77 78 79
	allowAllOrigins := false

	for _, origin := range allowedOrigins {
		if origin == "*" {
			allowAllOrigins = true
		}
		if origin != "" {
80
			origins.Add(origin)
81 82
		}
	}
83
	// allow localhost if no allowedOrigins are specified.
84
	if len(origins.ToSlice()) == 0 {
85 86
		origins.Add("http://localhost")
		if hostname, err := os.Hostname(); err == nil {
87
			origins.Add("http://" + hostname)
88 89
		}
	}
90
	log.Debug(fmt.Sprintf("Allowed origin(s) for WS RPC interface %v", origins.ToSlice()))
91

92
	f := func(req *http.Request) bool {
93 94 95 96 97
		// Skip origin verification if no Origin header is present. The origin check
		// is supposed to protect against browser based attacks. Browsers always set
		// Origin. Non-browser software can put anything in origin and checking it doesn't
		// provide additional security.
		if _, ok := req.Header["Origin"]; !ok {
98
			return true
99
		}
100
		// Verify origin against allow list.
101
		origin := strings.ToLower(req.Header.Get("Origin"))
102
		if allowAllOrigins || originIsAllowed(origins, origin) {
103
			return true
104
		}
105
		log.Warn("Rejected WebSocket connection", "origin", origin)
106
		return false
107 108 109 110 111
	}

	return f
}

112 113 114 115
type wsHandshakeError struct {
	err    error
	status string
}
116

117 118 119 120
func (e wsHandshakeError) Error() string {
	s := e.err.Error()
	if e.status != "" {
		s += " (HTTP status " + e.status + ")"
121
	}
122
	return s
123 124
}

125
func originIsAllowed(allowedOrigins mapset.Set[string], browserOrigin string) bool {
126 127
	it := allowedOrigins.Iterator()
	for origin := range it.C {
128
		if ruleAllowsOrigin(origin, browserOrigin) {
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183
			return true
		}
	}
	return false
}

func ruleAllowsOrigin(allowedOrigin string, browserOrigin string) bool {
	var (
		allowedScheme, allowedHostname, allowedPort string
		browserScheme, browserHostname, browserPort string
		err                                         error
	)
	allowedScheme, allowedHostname, allowedPort, err = parseOriginURL(allowedOrigin)
	if err != nil {
		log.Warn("Error parsing allowed origin specification", "spec", allowedOrigin, "error", err)
		return false
	}
	browserScheme, browserHostname, browserPort, err = parseOriginURL(browserOrigin)
	if err != nil {
		log.Warn("Error parsing browser 'Origin' field", "Origin", browserOrigin, "error", err)
		return false
	}
	if allowedScheme != "" && allowedScheme != browserScheme {
		return false
	}
	if allowedHostname != "" && allowedHostname != browserHostname {
		return false
	}
	if allowedPort != "" && allowedPort != browserPort {
		return false
	}
	return true
}

func parseOriginURL(origin string) (string, string, string, error) {
	parsedURL, err := url.Parse(strings.ToLower(origin))
	if err != nil {
		return "", "", "", err
	}
	var scheme, hostname, port string
	if strings.Contains(origin, "://") {
		scheme = parsedURL.Scheme
		hostname = parsedURL.Hostname()
		port = parsedURL.Port()
	} else {
		scheme = ""
		hostname = parsedURL.Scheme
		port = parsedURL.Opaque
		if hostname == "" {
			hostname = origin
		}
	}
	return scheme, hostname, port, nil
}

184 185 186 187 188 189
// DialWebsocketWithDialer creates a new RPC client using WebSocket.
//
// The context is used for the initial connection establishment. It does not
// affect subsequent interactions with the client.
//
// Deprecated: use DialOptions and the WithWebsocketDialer option.
190
func DialWebsocketWithDialer(ctx context.Context, endpoint, origin string, dialer websocket.Dialer) (*Client, error) {
191 192 193 194 195 196
	cfg := new(clientConfig)
	cfg.wsDialer = &dialer
	if origin != "" {
		cfg.setHeader("origin", origin)
	}
	connect, err := newClientTransportWS(endpoint, cfg)
197 198 199
	if err != nil {
		return nil, err
	}
200
	return newClient(ctx, connect)
201 202
}

203 204 205 206 207 208
// DialWebsocket creates a new RPC client that communicates with a JSON-RPC server
// that is listening on the given endpoint.
//
// The context is used for the initial connection establishment. It does not
// affect subsequent interactions with the client.
func DialWebsocket(ctx context.Context, endpoint, origin string) (*Client, error) {
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253
	cfg := new(clientConfig)
	if origin != "" {
		cfg.setHeader("origin", origin)
	}
	connect, err := newClientTransportWS(endpoint, cfg)
	if err != nil {
		return nil, err
	}
	return newClient(ctx, connect)
}

func newClientTransportWS(endpoint string, cfg *clientConfig) (reconnectFunc, error) {
	dialer := cfg.wsDialer
	if dialer == nil {
		dialer = &websocket.Dialer{
			ReadBufferSize:  wsReadBuffer,
			WriteBufferSize: wsWriteBuffer,
			WriteBufferPool: wsBufferPool,
		}
	}

	dialURL, header, err := wsClientHeaders(endpoint, "")
	if err != nil {
		return nil, err
	}
	for key, values := range cfg.httpHeaders {
		header[key] = values
	}

	connect := func(ctx context.Context) (ServerCodec, error) {
		header := header.Clone()
		if cfg.httpAuth != nil {
			if err := cfg.httpAuth(header); err != nil {
				return nil, err
			}
		}
		conn, resp, err := dialer.DialContext(ctx, dialURL, header)
		if err != nil {
			hErr := wsHandshakeError{err: err}
			if resp != nil {
				hErr.status = resp.Status
			}
			return nil, hErr
		}
		return newWebsocketCodec(conn, dialURL, header), nil
254
	}
255
	return connect, nil
256 257
}

258 259
func wsClientHeaders(endpoint, origin string) (string, http.Header, error) {
	endpointURL, err := url.Parse(endpoint)
260
	if err != nil {
261
		return endpoint, nil, err
262
	}
263 264 265
	header := make(http.Header)
	if origin != "" {
		header.Add("origin", origin)
266
	}
267 268 269 270
	if endpointURL.User != nil {
		b64auth := base64.StdEncoding.EncodeToString([]byte(endpointURL.User.String()))
		header.Add("authorization", "Basic "+b64auth)
		endpointURL.User = nil
271
	}
272
	return endpointURL.String(), header, nil
273 274
}

275 276 277
type websocketCodec struct {
	*jsonCodec
	conn *websocket.Conn
278
	info PeerInfo
279 280 281 282 283

	wg        sync.WaitGroup
	pingReset chan struct{}
}

284
func newWebsocketCodec(conn *websocket.Conn, host string, req http.Header) ServerCodec {
285
	conn.SetReadLimit(wsMessageSizeLimit)
286 287 288 289
	conn.SetPongHandler(func(appData string) error {
		conn.SetReadDeadline(time.Time{})
		return nil
	})
290 291 292 293

	encode := func(v interface{}, isErrorResponse bool) error {
		return conn.WriteJSON(v)
	}
294
	wc := &websocketCodec{
295
		jsonCodec: NewFuncCodec(conn, encode, conn.ReadJSON).(*jsonCodec),
296 297
		conn:      conn,
		pingReset: make(chan struct{}, 1),
298 299 300 301
		info: PeerInfo{
			Transport:  "ws",
			RemoteAddr: conn.RemoteAddr().String(),
		},
302
	}
303 304 305 306 307
	// Fill in connection details.
	wc.info.HTTP.Host = host
	wc.info.HTTP.Origin = req.Get("Origin")
	wc.info.HTTP.UserAgent = req.Get("User-Agent")
	// Start pinger.
308 309 310 311 312 313 314 315 316 317
	wc.wg.Add(1)
	go wc.pingLoop()
	return wc
}

func (wc *websocketCodec) close() {
	wc.jsonCodec.close()
	wc.wg.Wait()
}

318 319 320 321
func (wc *websocketCodec) peerInfo() PeerInfo {
	return wc.info
}

322 323
func (wc *websocketCodec) writeJSON(ctx context.Context, v interface{}, isError bool) error {
	err := wc.jsonCodec.writeJSON(ctx, v, isError)
324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
	if err == nil {
		// Notify pingLoop to delay the next idle ping.
		select {
		case wc.pingReset <- struct{}{}:
		default:
		}
	}
	return err
}

// pingLoop sends periodic ping frames when the connection is idle.
func (wc *websocketCodec) pingLoop() {
	var timer = time.NewTimer(wsPingInterval)
	defer wc.wg.Done()
	defer timer.Stop()

	for {
		select {
		case <-wc.closed():
			return
		case <-wc.pingReset:
			if !timer.Stop() {
				<-timer.C
			}
			timer.Reset(wsPingInterval)
		case <-timer.C:
			wc.jsonCodec.encMu.Lock()
			wc.conn.SetWriteDeadline(time.Now().Add(wsPingWriteTimeout))
			wc.conn.WriteMessage(websocket.PingMessage, nil)
353
			wc.conn.SetReadDeadline(time.Now().Add(wsPongTimeout))
354 355 356 357
			wc.jsonCodec.encMu.Unlock()
			timer.Reset(wsPingInterval)
		}
	}
358
}