2 // Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
7 // Official repository: https://github.com/boostorg/beast
10 //------------------------------------------------------------------------------
12 // Example: HTTP flex server (plain and SSL), asynchronous
14 //------------------------------------------------------------------------------
16 #include "example/common/server_certificate.hpp"
18 #include <boost/beast/core.hpp>
19 #include <boost/beast/http.hpp>
20 #include <boost/beast/ssl.hpp>
21 #include <boost/beast/version.hpp>
22 #include <boost/asio/dispatch.hpp>
23 #include <boost/asio/strand.hpp>
24 #include <boost/config.hpp>
33 namespace beast = boost::beast; // from <boost/beast.hpp>
34 namespace http = beast::http; // from <boost/beast/http.hpp>
35 namespace net = boost::asio; // from <boost/asio.hpp>
36 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
37 using tcp = boost::asio::ip::tcp; // from <boost/asio/ip/tcp.hpp>
39 // Return a reasonable mime type based on the extension of a file.
41 mime_type(beast::string_view path)
44 auto const ext = [&path]
46 auto const pos = path.rfind(".");
47 if(pos == beast::string_view::npos)
48 return beast::string_view{};
49 return path.substr(pos);
51 if(iequals(ext, ".htm")) return "text/html";
52 if(iequals(ext, ".html")) return "text/html";
53 if(iequals(ext, ".php")) return "text/html";
54 if(iequals(ext, ".css")) return "text/css";
55 if(iequals(ext, ".txt")) return "text/plain";
56 if(iequals(ext, ".js")) return "application/javascript";
57 if(iequals(ext, ".json")) return "application/json";
58 if(iequals(ext, ".xml")) return "application/xml";
59 if(iequals(ext, ".swf")) return "application/x-shockwave-flash";
60 if(iequals(ext, ".flv")) return "video/x-flv";
61 if(iequals(ext, ".png")) return "image/png";
62 if(iequals(ext, ".jpe")) return "image/jpeg";
63 if(iequals(ext, ".jpeg")) return "image/jpeg";
64 if(iequals(ext, ".jpg")) return "image/jpeg";
65 if(iequals(ext, ".gif")) return "image/gif";
66 if(iequals(ext, ".bmp")) return "image/bmp";
67 if(iequals(ext, ".ico")) return "image/vnd.microsoft.icon";
68 if(iequals(ext, ".tiff")) return "image/tiff";
69 if(iequals(ext, ".tif")) return "image/tiff";
70 if(iequals(ext, ".svg")) return "image/svg+xml";
71 if(iequals(ext, ".svgz")) return "image/svg+xml";
72 return "application/text";
75 // Append an HTTP rel-path to a local filesystem path.
76 // The returned path is normalized for the platform.
79 beast::string_view base,
80 beast::string_view path)
83 return std::string(path);
84 std::string result(base);
86 char constexpr path_separator = '\\';
87 if(result.back() == path_separator)
88 result.resize(result.size() - 1);
89 result.append(path.data(), path.size());
94 char constexpr path_separator = '/';
95 if(result.back() == path_separator)
96 result.resize(result.size() - 1);
97 result.append(path.data(), path.size());
102 // This function produces an HTTP response for the given
103 // request. The type of the response object depends on the
104 // contents of the request, so the interface requires the
105 // caller to pass a generic lambda for receiving the response.
107 class Body, class Allocator,
111 beast::string_view doc_root,
112 http::request<Body, http::basic_fields<Allocator>>&& req,
115 // Returns a bad request response
116 auto const bad_request =
117 [&req](beast::string_view why)
119 http::response<http::string_body> res{http::status::bad_request, req.version()};
120 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
121 res.set(http::field::content_type, "text/html");
122 res.keep_alive(req.keep_alive());
123 res.body() = std::string(why);
124 res.prepare_payload();
128 // Returns a not found response
129 auto const not_found =
130 [&req](beast::string_view target)
132 http::response<http::string_body> res{http::status::not_found, req.version()};
133 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
134 res.set(http::field::content_type, "text/html");
135 res.keep_alive(req.keep_alive());
136 res.body() = "The resource '" + std::string(target) + "' was not found.";
137 res.prepare_payload();
141 // Returns a server error response
142 auto const server_error =
143 [&req](beast::string_view what)
145 http::response<http::string_body> res{http::status::internal_server_error, req.version()};
146 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
147 res.set(http::field::content_type, "text/html");
148 res.keep_alive(req.keep_alive());
149 res.body() = "An error occurred: '" + std::string(what) + "'";
150 res.prepare_payload();
154 // Make sure we can handle the method
155 if( req.method() != http::verb::get &&
156 req.method() != http::verb::head)
157 return send(bad_request("Unknown HTTP-method"));
159 // Request path must be absolute and not contain "..".
160 if( req.target().empty() ||
161 req.target()[0] != '/' ||
162 req.target().find("..") != beast::string_view::npos)
163 return send(bad_request("Illegal request-target"));
165 // Build the path to the requested file
166 std::string path = path_cat(doc_root, req.target());
167 if(req.target().back() == '/')
168 path.append("index.html");
170 // Attempt to open the file
171 beast::error_code ec;
172 http::file_body::value_type body;
173 body.open(path.c_str(), beast::file_mode::scan, ec);
175 // Handle the case where the file doesn't exist
176 if(ec == beast::errc::no_such_file_or_directory)
177 return send(not_found(req.target()));
179 // Handle an unknown error
181 return send(server_error(ec.message()));
183 // Cache the size since we need it after the move
184 auto const size = body.size();
186 // Respond to HEAD request
187 if(req.method() == http::verb::head)
189 http::response<http::empty_body> res{http::status::ok, req.version()};
190 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
191 res.set(http::field::content_type, mime_type(path));
192 res.content_length(size);
193 res.keep_alive(req.keep_alive());
194 return send(std::move(res));
197 // Respond to GET request
198 http::response<http::file_body> res{
199 std::piecewise_construct,
200 std::make_tuple(std::move(body)),
201 std::make_tuple(http::status::ok, req.version())};
202 res.set(http::field::server, BOOST_BEAST_VERSION_STRING);
203 res.set(http::field::content_type, mime_type(path));
204 res.content_length(size);
205 res.keep_alive(req.keep_alive());
206 return send(std::move(res));
209 //------------------------------------------------------------------------------
213 fail(beast::error_code ec, char const* what)
215 // ssl::error::stream_truncated, also known as an SSL "short read",
216 // indicates the peer closed the connection without performing the
217 // required closing handshake (for example, Google does this to
218 // improve performance). Generally this can be a security issue,
219 // but if your communication protocol is self-terminated (as
220 // it is with both HTTP and WebSocket) then you may simply
221 // ignore the lack of close_notify.
223 // https://github.com/boostorg/beast/issues/38
225 // https://security.stackexchange.com/questions/91435/how-to-handle-a-malicious-ssl-tls-shutdown
227 // When a short read would cut off the end of an HTTP message,
228 // Beast returns the error beast::http::error::partial_message.
229 // Therefore, if we see a short read here, it has occurred
230 // after the message has been completed, so it is safe to ignore it.
232 if(ec == net::ssl::error::stream_truncated)
235 std::cerr << what << ": " << ec.message() << "\n";
238 // Handles an HTTP server connection.
239 // This uses the Curiously Recurring Template Pattern so that
240 // the same code works with both SSL streams and regular sockets.
241 template<class Derived>
244 // Access the derived class, this is part of
245 // the Curiously Recurring Template Pattern idiom.
249 return static_cast<Derived&>(*this);
252 // This is the C++11 equivalent of a generic lambda.
253 // The function object is used to send an HTTP message.
259 send_lambda(session& self)
264 template<bool isRequest, class Body, class Fields>
266 operator()(http::message<isRequest, Body, Fields>&& msg) const
268 // The lifetime of the message has to extend
269 // for the duration of the async operation so
270 // we use a shared_ptr to manage it.
271 auto sp = std::make_shared<
272 http::message<isRequest, Body, Fields>>(std::move(msg));
274 // Store a type-erased version of the shared
275 // pointer in the class to keep it alive.
278 // Write the response
280 self_.derived().stream(),
282 beast::bind_front_handler(
284 self_.derived().shared_from_this(),
289 std::shared_ptr<std::string const> doc_root_;
290 http::request<http::string_body> req_;
291 std::shared_ptr<void> res_;
295 beast::flat_buffer buffer_;
298 // Take ownership of the buffer
300 beast::flat_buffer buffer,
301 std::shared_ptr<std::string const> const& doc_root)
302 : doc_root_(doc_root)
304 , buffer_(std::move(buffer))
312 beast::get_lowest_layer(
313 derived().stream()).expires_after(std::chrono::seconds(30));
320 beast::bind_front_handler(
322 derived().shared_from_this()));
327 beast::error_code ec,
328 std::size_t bytes_transferred)
330 boost::ignore_unused(bytes_transferred);
332 // This means they closed the connection
333 if(ec == http::error::end_of_stream)
334 return derived().do_eof();
337 return fail(ec, "read");
340 handle_request(*doc_root_, std::move(req_), lambda_);
346 beast::error_code ec,
347 std::size_t bytes_transferred)
349 boost::ignore_unused(bytes_transferred);
352 return fail(ec, "write");
356 // This means we should close the connection, usually because
357 // the response indicated the "Connection: close" semantic.
358 return derived().do_eof();
361 // We're done with the response so delete it
364 // Read another request
369 // Handles a plain HTTP connection
371 : public session<plain_session>
372 , public std::enable_shared_from_this<plain_session>
374 beast::tcp_stream stream_;
377 // Create the session
379 tcp::socket&& socket,
380 beast::flat_buffer buffer,
381 std::shared_ptr<std::string const> const& doc_root)
382 : session<plain_session>(
385 , stream_(std::move(socket))
389 // Called by the base class
396 // Start the asynchronous operation
400 // We need to be executing within a strand to perform async operations
401 // on the I/O objects in this session. Although not strictly necessary
402 // for single-threaded contexts, this example code is written to be
403 // thread-safe by default.
404 net::dispatch(stream_.get_executor(),
405 beast::bind_front_handler(
407 shared_from_this()));
413 // Send a TCP shutdown
414 beast::error_code ec;
415 stream_.socket().shutdown(tcp::socket::shutdown_send, ec);
417 // At this point the connection is closed gracefully
421 // Handles an SSL HTTP connection
423 : public session<ssl_session>
424 , public std::enable_shared_from_this<ssl_session>
426 beast::ssl_stream<beast::tcp_stream> stream_;
429 // Create the session
431 tcp::socket&& socket,
433 beast::flat_buffer buffer,
434 std::shared_ptr<std::string const> const& doc_root)
435 : session<ssl_session>(
438 , stream_(std::move(socket), ctx)
442 // Called by the base class
443 beast::ssl_stream<beast::tcp_stream>&
449 // Start the asynchronous operation
453 auto self = shared_from_this();
454 // We need to be executing within a strand to perform async operations
455 // on the I/O objects in this session.
456 net::dispatch(stream_.get_executor(), [self]() {
458 beast::get_lowest_layer(self->stream_).expires_after(
459 std::chrono::seconds(30));
461 // Perform the SSL handshake
462 // Note, this is the buffered version of the handshake.
463 self->stream_.async_handshake(
464 ssl::stream_base::server,
465 self->buffer_.data(),
466 beast::bind_front_handler(
467 &ssl_session::on_handshake,
474 beast::error_code ec,
475 std::size_t bytes_used)
478 return fail(ec, "handshake");
480 // Consume the portion of the buffer used by the handshake
481 buffer_.consume(bytes_used);
490 beast::get_lowest_layer(stream_).expires_after(std::chrono::seconds(30));
492 // Perform the SSL shutdown
493 stream_.async_shutdown(
494 beast::bind_front_handler(
495 &ssl_session::on_shutdown,
496 shared_from_this()));
500 on_shutdown(beast::error_code ec)
503 return fail(ec, "shutdown");
505 // At this point the connection is closed gracefully
509 //------------------------------------------------------------------------------
511 // Detects SSL handshakes
512 class detect_session : public std::enable_shared_from_this<detect_session>
514 beast::tcp_stream stream_;
516 std::shared_ptr<std::string const> doc_root_;
517 beast::flat_buffer buffer_;
521 tcp::socket&& socket,
523 std::shared_ptr<std::string const> const& doc_root)
524 : stream_(std::move(socket))
526 , doc_root_(doc_root)
530 // Launch the detector
535 beast::get_lowest_layer(stream_).expires_after(std::chrono::seconds(30));
537 // Detect a TLS handshake
541 beast::bind_front_handler(
542 &detect_session::on_detect,
543 shared_from_this()));
547 on_detect(beast::error_code ec, bool result)
550 return fail(ec, "detect");
554 // Launch SSL session
555 std::make_shared<ssl_session>(
556 stream_.release_socket(),
563 // Launch plain session
564 std::make_shared<plain_session>(
565 stream_.release_socket(),
571 // Accepts incoming connections and launches the sessions
572 class listener : public std::enable_shared_from_this<listener>
574 net::io_context& ioc_;
576 tcp::acceptor acceptor_;
577 std::shared_ptr<std::string const> doc_root_;
581 net::io_context& ioc,
583 tcp::endpoint endpoint,
584 std::shared_ptr<std::string const> const& doc_root)
587 , acceptor_(net::make_strand(ioc))
588 , doc_root_(doc_root)
590 beast::error_code ec;
593 acceptor_.open(endpoint.protocol(), ec);
600 // Allow address reuse
601 acceptor_.set_option(net::socket_base::reuse_address(true), ec);
604 fail(ec, "set_option");
608 // Bind to the server address
609 acceptor_.bind(endpoint, ec);
616 // Start listening for connections
618 net::socket_base::max_listen_connections, ec);
626 // Start accepting incoming connections
637 // The new connection gets its own strand
638 acceptor_.async_accept(
639 net::make_strand(ioc_),
640 beast::bind_front_handler(
641 &listener::on_accept,
642 shared_from_this()));
646 on_accept(beast::error_code ec, tcp::socket socket)
654 // Create the detector session and run it
655 std::make_shared<detect_session>(
661 // Accept another connection
666 //------------------------------------------------------------------------------
668 int main(int argc, char* argv[])
670 // Check command line arguments.
674 "Usage: http-server-flex <address> <port> <doc_root> <threads>\n" <<
676 " http-server-flex 0.0.0.0 8080 .\n";
679 auto const address = net::ip::make_address(argv[1]);
680 auto const port = static_cast<unsigned short>(std::atoi(argv[2]));
681 auto const doc_root = std::make_shared<std::string>(argv[3]);
682 auto const threads = std::max<int>(1, std::atoi(argv[4]));
684 // The io_context is required for all I/O
685 net::io_context ioc{threads};
687 // The SSL context is required, and holds certificates
688 ssl::context ctx{ssl::context::tlsv12};
690 // This holds the self-signed certificate used by the server
691 load_server_certificate(ctx);
693 // Create and launch a listening port
694 std::make_shared<listener>(
697 tcp::endpoint{address, port},
700 // Run the I/O service on the requested number of threads
701 std::vector<std::thread> v;
702 v.reserve(threads - 1);
703 for(auto i = threads - 1; i > 0; --i)