2023-06-25 20:20:59 -06:00
|
|
|
package graphvent
|
|
|
|
|
|
|
|
|
|
import (
|
2023-07-19 14:45:05 -06:00
|
|
|
"time"
|
|
|
|
|
"net"
|
2023-06-25 20:20:59 -06:00
|
|
|
"net/http"
|
|
|
|
|
"github.com/graphql-go/graphql"
|
|
|
|
|
"github.com/graphql-go/graphql/language/parser"
|
|
|
|
|
"github.com/graphql-go/graphql/language/source"
|
|
|
|
|
"github.com/graphql-go/graphql/language/ast"
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
2023-07-20 00:24:22 -06:00
|
|
|
"encoding/base64"
|
2023-06-25 20:20:59 -06:00
|
|
|
"io"
|
|
|
|
|
"reflect"
|
|
|
|
|
"fmt"
|
|
|
|
|
"sync"
|
|
|
|
|
"github.com/gobwas/ws"
|
|
|
|
|
"github.com/gobwas/ws/wsutil"
|
2023-07-13 18:21:33 -06:00
|
|
|
"strings"
|
2023-07-19 14:45:05 -06:00
|
|
|
"crypto/ecdh"
|
|
|
|
|
"crypto/ecdsa"
|
|
|
|
|
"crypto/elliptic"
|
|
|
|
|
"crypto/sha512"
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"crypto/x509"
|
2023-07-21 01:05:24 -06:00
|
|
|
"crypto/tls"
|
2023-07-21 01:21:53 -06:00
|
|
|
"crypto/x509/pkix"
|
|
|
|
|
"math/big"
|
|
|
|
|
"encoding/pem"
|
2023-06-25 20:20:59 -06:00
|
|
|
)
|
|
|
|
|
|
2023-07-26 11:56:10 -06:00
|
|
|
const GQLThreadType = ThreadType("GQL")
|
|
|
|
|
func RegisterGQLThread(ctx *Context) error {
|
|
|
|
|
thread_ctx, err := GetCtx[*ThreadExt, *ThreadExtContext](ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = thread_ctx.RegisterThreadType(GQLThreadType, gql_actions, gql_handlers)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
type AuthReqJSON struct {
|
|
|
|
|
Time time.Time `json:"time"`
|
|
|
|
|
Pubkey []byte `json:"pubkey"`
|
|
|
|
|
ECDHPubkey []byte `json:"ecdh_client"`
|
|
|
|
|
Signature []byte `json:"signature"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAuthReqJSON(curve ecdh.Curve, id *ecdsa.PrivateKey) (AuthReqJSON, *ecdh.PrivateKey, error) {
|
|
|
|
|
ec_key, err := curve.GenerateKey(rand.Reader)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return AuthReqJSON{}, nil, err
|
|
|
|
|
}
|
|
|
|
|
now := time.Now()
|
|
|
|
|
time_bytes, err := now.MarshalJSON()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return AuthReqJSON{}, nil, err
|
|
|
|
|
}
|
|
|
|
|
sig_data := append(ec_key.PublicKey().Bytes(), time_bytes...)
|
|
|
|
|
sig_hash := sha512.Sum512(sig_data)
|
|
|
|
|
sig, err := ecdsa.SignASN1(rand.Reader, id, sig_hash[:])
|
|
|
|
|
|
|
|
|
|
id_ecdh, err := id.ECDH()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return AuthReqJSON{}, nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return AuthReqJSON{
|
|
|
|
|
Time: now,
|
|
|
|
|
Pubkey: id_ecdh.PublicKey().Bytes(),
|
|
|
|
|
ECDHPubkey: ec_key.PublicKey().Bytes(),
|
|
|
|
|
Signature: sig,
|
|
|
|
|
}, ec_key, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type AuthRespJSON struct {
|
|
|
|
|
Granted time.Time `json:"granted"`
|
|
|
|
|
ECDHPubkey []byte `json:"echd_server"`
|
2023-07-19 14:50:42 -06:00
|
|
|
Signature []byte `json:"signature"`
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func NewAuthRespJSON(gql_ext *GQLExt, req AuthReqJSON) (AuthRespJSON, *ecdsa.PublicKey, []byte, error) {
|
2023-07-19 14:45:05 -06:00
|
|
|
// Check if req.Time is within +- 1 second of now
|
|
|
|
|
now := time.Now()
|
|
|
|
|
earliest := now.Add(-1 * time.Second)
|
|
|
|
|
latest := now.Add(1 * time.Second)
|
|
|
|
|
// If req.Time is before the earliest acceptable time, or after the latest acceptible time
|
|
|
|
|
if req.Time.Compare(earliest) == -1 {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, fmt.Errorf("GQL_AUTH_TIME_TOO_LATE: %s", req.Time)
|
2023-07-19 14:45:05 -06:00
|
|
|
} else if req.Time.Compare(latest) == 1 {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, fmt.Errorf("GQL_AUTH_TIME_TOO_EARLY: %s", req.Time)
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
x, y := elliptic.Unmarshal(gql_ext.Key.Curve, req.Pubkey)
|
2023-07-19 14:45:05 -06:00
|
|
|
if x == nil {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, fmt.Errorf("GQL_AUTH_UNMARSHAL_FAIL: %+v", req.Pubkey)
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
remote, err := gql_ext.ECDH.NewPublicKey(req.ECDHPubkey)
|
2023-07-19 14:45:05 -06:00
|
|
|
if err != nil {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, err
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify the signature
|
|
|
|
|
time_bytes, _ := req.Time.MarshalJSON()
|
|
|
|
|
sig_data := append(req.ECDHPubkey, time_bytes...)
|
|
|
|
|
sig_hash := sha512.Sum512(sig_data)
|
|
|
|
|
|
2023-07-19 20:03:13 -06:00
|
|
|
remote_key := &ecdsa.PublicKey{
|
2023-07-26 00:18:11 -06:00
|
|
|
Curve: gql_ext.Key.Curve,
|
2023-07-19 20:03:13 -06:00
|
|
|
X: x,
|
|
|
|
|
Y: y,
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
verified := ecdsa.VerifyASN1(
|
2023-07-19 20:03:13 -06:00
|
|
|
remote_key,
|
2023-07-19 14:45:05 -06:00
|
|
|
sig_hash[:],
|
|
|
|
|
req.Signature,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if verified == false {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, fmt.Errorf("GQL_AUTH_VERIFY_FAIL: %+v", req)
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
ec_key, err := gql_ext.ECDH.GenerateKey(rand.Reader)
|
2023-07-19 14:45:05 -06:00
|
|
|
if err != nil {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, err
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-19 14:50:42 -06:00
|
|
|
ec_key_pub := ec_key.PublicKey().Bytes()
|
|
|
|
|
|
|
|
|
|
granted := time.Now()
|
|
|
|
|
time_ser, _ := granted.MarshalJSON()
|
|
|
|
|
resp_sig_data := append(ec_key_pub, time_ser...)
|
|
|
|
|
resp_sig_hash := sha512.Sum512(resp_sig_data)
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
resp_sig, err := ecdsa.SignASN1(rand.Reader, gql_ext.Key, resp_sig_hash[:])
|
2023-07-19 14:50:42 -06:00
|
|
|
if err != nil {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, err
|
2023-07-19 14:50:42 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
shared_secret, err := ec_key.ECDH(remote)
|
|
|
|
|
if err != nil {
|
2023-07-19 20:03:13 -06:00
|
|
|
return AuthRespJSON{}, nil, nil, err
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return AuthRespJSON{
|
2023-07-19 14:50:42 -06:00
|
|
|
Granted: granted,
|
|
|
|
|
ECDHPubkey: ec_key_pub,
|
|
|
|
|
Signature: resp_sig,
|
2023-07-20 00:24:22 -06:00
|
|
|
}, remote_key, shared_secret, nil
|
2023-07-19 21:28:48 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-20 00:24:22 -06:00
|
|
|
func ParseAuthRespJSON(resp AuthRespJSON, ecdsa_curve elliptic.Curve, ecdh_curve ecdh.Curve, ec_key *ecdh.PrivateKey) ([]byte, error) {
|
2023-07-19 21:28:48 -06:00
|
|
|
remote, err := ecdh_curve.NewPublicKey(resp.ECDHPubkey)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
shared_secret, err := ec_key.ECDH(remote)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 00:24:22 -06:00
|
|
|
return shared_secret, nil
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func AuthHandler(ctx *Context, server *Node, gql_ext *GQLExt) func(http.ResponseWriter, *http.Request) {
|
2023-07-19 14:45:05 -06:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_REQUEST: %s", r.RemoteAddr)
|
|
|
|
|
enableCORS(&w)
|
|
|
|
|
|
|
|
|
|
str, err := io.ReadAll(r.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_READ_ERR: %e", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var req AuthReqJSON
|
|
|
|
|
err = json.Unmarshal([]byte(str), &req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_UNMARHSHAL_ERR: %e", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
resp, _, _, err := NewAuthRespJSON(gql_ext, req)
|
2023-07-19 14:45:05 -06:00
|
|
|
if err != nil {
|
2023-07-19 21:28:48 -06:00
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_VERIFY_ERROR: %s", err)
|
2023-07-19 14:45:05 -06:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ser, err := json.Marshal(resp)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_RESP_MARSHAL_ERR: %e", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wrote, err := w.Write(ser)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_RESP_ERR: %e", err)
|
|
|
|
|
return
|
|
|
|
|
} else if wrote != len(ser) {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_RESP_BAD_LENGTH: %d/%d", wrote, len(ser))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
/*if exists {
|
2023-07-20 00:24:22 -06:00
|
|
|
ctx.Log.Logf("gql", "REFRESHING AUTH FOR %s", key_id)
|
2023-07-19 14:45:05 -06:00
|
|
|
} else {
|
2023-07-20 00:24:22 -06:00
|
|
|
ctx.Log.Logf("gql", "AUTHORIZING NEW USER %s - %s", key_id, shared)
|
|
|
|
|
|
2023-07-24 22:52:15 -06:00
|
|
|
new_user := NewUser(fmt.Sprintf("GQL_USER %s", key_id.String()), time.Now(), remote_id, shared)
|
2023-07-23 17:57:47 -06:00
|
|
|
context := NewWriteContext(ctx)
|
2023-07-26 00:18:11 -06:00
|
|
|
err := UpdateStates(context, server, ACLMap{
|
|
|
|
|
server.ID: ACLInfo{
|
2023-07-22 20:21:17 -06:00
|
|
|
Node: server,
|
|
|
|
|
Resources: []string{"users"},
|
|
|
|
|
},
|
2023-07-26 00:18:11 -06:00
|
|
|
new_user.ID: ACLInfo{
|
2023-07-22 20:21:17 -06:00
|
|
|
Node: &new_user,
|
2023-07-23 19:46:18 -06:00
|
|
|
Resources: nil,
|
2023-07-22 20:21:17 -06:00
|
|
|
},
|
2023-07-26 00:18:11 -06:00
|
|
|
}, func(context *StateContext) error {
|
|
|
|
|
server.Users[key_id] = &new_user
|
2023-07-20 00:24:22 -06:00
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_UPDATE_ERR: %s", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2023-07-26 00:18:11 -06:00
|
|
|
}*/
|
2023-07-19 14:45:05 -06:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-25 20:20:59 -06:00
|
|
|
func GraphiQLHandler() func(http.ResponseWriter, *http.Request) {
|
|
|
|
|
return func(w http.ResponseWriter, r * http.Request) {
|
|
|
|
|
graphiql_string := fmt.Sprintf(`
|
|
|
|
|
<!--
|
|
|
|
|
* Copyright (c) 2021 GraphQL Contributors
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree.
|
|
|
|
|
-->
|
|
|
|
|
<!DOCTYPE html>
|
|
|
|
|
<html lang="en">
|
|
|
|
|
<head>
|
|
|
|
|
<title>GraphiQL</title>
|
|
|
|
|
<style>
|
|
|
|
|
body {
|
|
|
|
|
height: 100%%;
|
|
|
|
|
margin: 0;
|
|
|
|
|
width: 100%%;
|
|
|
|
|
overflow: hidden;
|
|
|
|
|
}
|
|
|
|
|
#graphiql {
|
|
|
|
|
height: 100vh;
|
|
|
|
|
}
|
|
|
|
|
</style>
|
|
|
|
|
<!--
|
|
|
|
|
This GraphiQL example depends on Promise and fetch, which are available in
|
|
|
|
|
modern browsers, but can be "polyfilled" for older browsers.
|
|
|
|
|
GraphiQL itself depends on React DOM.
|
|
|
|
|
If you do not want to rely on a CDN, you can host these files locally or
|
|
|
|
|
include them directly in your favored resource bundler.
|
|
|
|
|
-->
|
|
|
|
|
<script
|
|
|
|
|
crossorigin
|
|
|
|
|
src="https://unpkg.com/react@18/umd/react.development.js"
|
|
|
|
|
></script>
|
|
|
|
|
<script
|
|
|
|
|
crossorigin
|
|
|
|
|
src="https://unpkg.com/react-dom@18/umd/react-dom.development.js"
|
|
|
|
|
></script>
|
|
|
|
|
<!--
|
|
|
|
|
These two files can be found in the npm module, however you may wish to
|
|
|
|
|
copy them directly into your environment, or perhaps include them in your
|
|
|
|
|
favored resource bundler.
|
|
|
|
|
-->
|
|
|
|
|
<link rel="stylesheet" href="https://unpkg.com/graphiql/graphiql.min.css" />
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<div id="graphiql">Loading...</div>
|
|
|
|
|
<script
|
|
|
|
|
src="https://unpkg.com/graphiql/graphiql.min.js"
|
|
|
|
|
type="application/javascript"
|
|
|
|
|
></script>
|
|
|
|
|
<script>
|
|
|
|
|
const root = ReactDOM.createRoot(document.getElementById('graphiql'));
|
|
|
|
|
root.render(
|
|
|
|
|
React.createElement(GraphiQL, {
|
|
|
|
|
fetcher: GraphiQL.createFetcher({
|
|
|
|
|
url: '/gql',
|
|
|
|
|
}),
|
|
|
|
|
defaultEditorToolsVisibility: true,
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
</script>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
`)
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
io.WriteString(w, graphiql_string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 00:24:22 -06:00
|
|
|
type GQLPayload struct {
|
2023-06-25 20:20:59 -06:00
|
|
|
OperationName string `json:"operationName,omitempty"`
|
|
|
|
|
Query string `json:"query,omitempty"`
|
|
|
|
|
Variables map[string]interface{} `json:"variables,omitempty"`
|
|
|
|
|
Extensions map[string]interface{} `json:"extensions,omitempty"`
|
|
|
|
|
Data string `json:"data,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type GQLWSMsg struct {
|
|
|
|
|
ID string `json:"id,omitempty"`
|
|
|
|
|
Type string `json:"type"`
|
2023-07-20 00:24:22 -06:00
|
|
|
Payload GQLPayload `json:"payload,omitempty"`
|
2023-06-25 20:20:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func enableCORS(w *http.ResponseWriter) {
|
|
|
|
|
(*w).Header().Set("Access-Control-Allow-Origin", "*")
|
|
|
|
|
(*w).Header().Set("Access-Control-Allow-Credentials", "true")
|
|
|
|
|
(*w).Header().Set("Access-Control-Allow-Headers", "*")
|
|
|
|
|
(*w).Header().Set("Access-Control-Allow-Methods", "*")
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-13 18:21:33 -06:00
|
|
|
type GQLUnauthorized string
|
|
|
|
|
|
|
|
|
|
func (e GQLUnauthorized) Is(target error) bool {
|
|
|
|
|
error_type := reflect.TypeOf(GQLUnauthorized(""))
|
|
|
|
|
target_type := reflect.TypeOf(target)
|
|
|
|
|
return error_type == target_type
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e GQLUnauthorized) Error() string {
|
|
|
|
|
return fmt.Sprintf("GQL_UNAUTHORIZED_ERROR: %s", string(e))
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-13 18:28:02 -06:00
|
|
|
func (e GQLUnauthorized) MarshalJSON() ([]byte, error) {
|
|
|
|
|
return json.MarshalIndent(&struct{
|
|
|
|
|
Error string `json:"error"`
|
|
|
|
|
}{
|
|
|
|
|
Error: string(e),
|
|
|
|
|
}, "", " ")
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-13 18:21:33 -06:00
|
|
|
func checkForAuthHeader(header http.Header) (string, bool) {
|
|
|
|
|
auths, ok := header["Authorization"]
|
|
|
|
|
if ok == false {
|
|
|
|
|
return "", false
|
|
|
|
|
}
|
|
|
|
|
for _, auth := range(auths) {
|
|
|
|
|
parts := strings.SplitN(auth, " ", 2)
|
|
|
|
|
if len(parts) != 2 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if parts[0] == "TM" {
|
|
|
|
|
return parts[1], true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", false
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-21 18:51:42 -06:00
|
|
|
type ResolveContext struct {
|
|
|
|
|
Context *Context
|
2023-07-26 00:18:11 -06:00
|
|
|
GQLContext *GQLExtContext
|
|
|
|
|
Server *Node
|
|
|
|
|
Ext *GQLExt
|
|
|
|
|
User *Node
|
2023-07-21 18:51:42 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func NewResolveContext(ctx *Context, server *Node, gql_ext *GQLExt, r *http.Request) (*ResolveContext, error) {
|
2023-07-20 00:24:22 -06:00
|
|
|
username, password, ok := r.BasicAuth()
|
|
|
|
|
if ok == false {
|
|
|
|
|
return nil, fmt.Errorf("GQL_REQUEST_ERR: no auth header included in request header")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auth_id, err := ParseID(username)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("GQL_REQUEST_ERR: failed to parse ID from auth username: %s", username)
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
user, exists := gql_ext.Users[auth_id]
|
2023-07-20 00:24:22 -06:00
|
|
|
if exists == false {
|
|
|
|
|
return nil, fmt.Errorf("GQL_REQUEST_ERR: no existing authorization for client %s", auth_id)
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
user_ext, err := GetExt[*ECDHExt](user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if base64.StdEncoding.EncodeToString(user_ext.Shared) != password {
|
2023-07-20 00:24:22 -06:00
|
|
|
return nil, fmt.Errorf("GQL_AUTH_FAIL")
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-21 18:51:42 -06:00
|
|
|
return &ResolveContext{
|
|
|
|
|
Context: ctx,
|
2023-07-26 00:18:11 -06:00
|
|
|
GQLContext: ctx.Extensions[GQLExtType.Hash()].Data.(*GQLExtContext),
|
2023-07-21 18:51:42 -06:00
|
|
|
Server: server,
|
|
|
|
|
User: user,
|
|
|
|
|
}, nil
|
2023-07-20 00:24:22 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func GQLHandler(ctx *Context, server *Node, gql_ext *GQLExt) func(http.ResponseWriter, *http.Request) {
|
2023-06-25 20:20:59 -06:00
|
|
|
return func(w http.ResponseWriter, r * http.Request) {
|
|
|
|
|
ctx.Log.Logf("gql", "GQL REQUEST: %s", r.RemoteAddr)
|
|
|
|
|
enableCORS(&w)
|
|
|
|
|
header_map := map[string]interface{}{}
|
|
|
|
|
for header, value := range(r.Header) {
|
|
|
|
|
header_map[header] = value
|
|
|
|
|
}
|
|
|
|
|
ctx.Log.Logm("gql", header_map, "REQUEST_HEADERS")
|
2023-07-19 21:28:48 -06:00
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
resolve_context, err := NewResolveContext(ctx, server, gql_ext, r)
|
2023-07-19 21:28:48 -06:00
|
|
|
if err != nil {
|
2023-07-20 00:24:22 -06:00
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_ERR: %s", err)
|
|
|
|
|
json.NewEncoder(w).Encode(GQLUnauthorized(fmt.Sprintf("%s", err)))
|
2023-07-19 21:28:48 -06:00
|
|
|
return
|
|
|
|
|
}
|
2023-07-21 18:51:42 -06:00
|
|
|
|
|
|
|
|
req_ctx := context.Background()
|
2023-07-26 00:18:11 -06:00
|
|
|
req_ctx = context.WithValue(req_ctx, "resolve", resolve_context)
|
2023-06-25 20:20:59 -06:00
|
|
|
|
|
|
|
|
str, err := io.ReadAll(r.Body)
|
|
|
|
|
if err != nil {
|
2023-07-20 00:24:22 -06:00
|
|
|
ctx.Log.Logf("gql", "GQL_READ_ERR: %s", err)
|
|
|
|
|
json.NewEncoder(w).Encode(fmt.Sprintf("%e", err))
|
2023-06-25 20:20:59 -06:00
|
|
|
return
|
2023-07-13 18:21:33 -06:00
|
|
|
}
|
2023-07-20 00:24:22 -06:00
|
|
|
query := GQLPayload{}
|
2023-06-25 20:20:59 -06:00
|
|
|
json.Unmarshal(str, &query)
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
gql_context := ctx.Extensions[GQLExtType.Hash()].Data.(*GQLExtContext)
|
|
|
|
|
|
2023-06-25 20:20:59 -06:00
|
|
|
params := graphql.Params{
|
2023-07-26 00:18:11 -06:00
|
|
|
Schema: gql_context.Schema,
|
2023-07-13 18:21:33 -06:00
|
|
|
Context: req_ctx,
|
2023-06-25 20:20:59 -06:00
|
|
|
RequestString: query.Query,
|
|
|
|
|
}
|
|
|
|
|
if query.OperationName != "" {
|
|
|
|
|
params.OperationName = query.OperationName
|
|
|
|
|
}
|
|
|
|
|
if len(query.Variables) > 0 {
|
|
|
|
|
params.VariableValues = query.Variables
|
|
|
|
|
}
|
|
|
|
|
result := graphql.Do(params)
|
|
|
|
|
if len(result.Errors) > 0 {
|
|
|
|
|
extra_fields := map[string]interface{}{}
|
|
|
|
|
extra_fields["body"] = string(str)
|
|
|
|
|
extra_fields["headers"] = r.Header
|
|
|
|
|
ctx.Log.Logm("gql", extra_fields, "wrong result, unexpected errors: %v", result.Errors)
|
|
|
|
|
}
|
|
|
|
|
json.NewEncoder(w).Encode(result)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sendOneResultAndClose(res *graphql.Result) chan *graphql.Result {
|
|
|
|
|
resultChannel := make(chan *graphql.Result)
|
|
|
|
|
go func() {
|
|
|
|
|
resultChannel <- res
|
|
|
|
|
close(resultChannel)
|
|
|
|
|
}()
|
|
|
|
|
return resultChannel
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func getOperationTypeOfReq(p graphql.Params) string{
|
|
|
|
|
source := source.NewSource(&source.Source{
|
|
|
|
|
Body: []byte(p.RequestString),
|
|
|
|
|
Name: "GraphQL request",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
AST, err := parser.Parse(parser.ParseParams{Source: source})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, node := range AST.Definitions {
|
|
|
|
|
if operationDef, ok := node.(*ast.OperationDefinition); ok {
|
|
|
|
|
name := ""
|
|
|
|
|
if operationDef.Name != nil {
|
|
|
|
|
name = operationDef.Name.Value
|
|
|
|
|
}
|
|
|
|
|
if name == p.OperationName || p.OperationName == "" {
|
|
|
|
|
return operationDef.Operation
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-09 19:33:18 -06:00
|
|
|
func GQLWSDo(ctx * Context, p graphql.Params) chan *graphql.Result {
|
2023-06-25 20:20:59 -06:00
|
|
|
operation := getOperationTypeOfReq(p)
|
|
|
|
|
ctx.Log.Logf("gqlws", "GQLWSDO_OPERATION: %s %+v", operation, p.RequestString)
|
|
|
|
|
|
|
|
|
|
if operation == ast.OperationTypeSubscription {
|
|
|
|
|
return graphql.Subscribe(p)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res := graphql.Do(p)
|
|
|
|
|
return sendOneResultAndClose(res)
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func GQLWSHandler(ctx * Context, server *Node, gql_ext *GQLExt) func(http.ResponseWriter, *http.Request) {
|
2023-06-25 20:20:59 -06:00
|
|
|
return func(w http.ResponseWriter, r * http.Request) {
|
|
|
|
|
ctx.Log.Logf("gqlws_new", "HANDLING %s",r.RemoteAddr)
|
2023-06-25 21:00:00 -06:00
|
|
|
enableCORS(&w)
|
2023-06-25 20:20:59 -06:00
|
|
|
header_map := map[string]interface{}{}
|
|
|
|
|
for header, value := range(r.Header) {
|
|
|
|
|
header_map[header] = value
|
|
|
|
|
}
|
2023-07-13 18:23:57 -06:00
|
|
|
|
2023-06-25 20:20:59 -06:00
|
|
|
ctx.Log.Logm("gql", header_map, "REQUEST_HEADERS")
|
2023-07-26 00:18:11 -06:00
|
|
|
resolve_context, err := NewResolveContext(ctx, server, gql_ext, r)
|
2023-07-19 21:28:48 -06:00
|
|
|
if err != nil {
|
2023-07-20 00:24:22 -06:00
|
|
|
ctx.Log.Logf("gql", "GQL_AUTH_ERR: %s", err)
|
2023-07-19 21:28:48 -06:00
|
|
|
return
|
|
|
|
|
}
|
2023-07-21 18:51:42 -06:00
|
|
|
req_ctx := context.Background()
|
|
|
|
|
req_ctx = context.WithValue(req_ctx, "resolve", resolve_context)
|
2023-07-13 18:23:57 -06:00
|
|
|
|
2023-06-25 20:20:59 -06:00
|
|
|
u := ws.HTTPUpgrader{
|
|
|
|
|
Protocol: func(protocol string) bool {
|
|
|
|
|
ctx.Log.Logf("gqlws", "UPGRADE_PROTOCOL: %s", string(protocol))
|
2023-06-25 21:00:00 -06:00
|
|
|
if string(protocol) == "graphql-transport-ws" || string(protocol) == "graphql-ws" {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
return false
|
2023-06-25 20:20:59 -06:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
conn, _, _, err := u.Upgrade(r, w)
|
|
|
|
|
if err == nil {
|
|
|
|
|
defer conn.Close()
|
|
|
|
|
conn_state := "init"
|
|
|
|
|
for {
|
|
|
|
|
msg_raw, op, err := wsutil.ReadClientData(conn)
|
|
|
|
|
ctx.Log.Logf("gqlws_hb", "MSG: %s\nOP: 0x%02x\nERR: %+v\n", string(msg_raw), op, err)
|
|
|
|
|
msg := GQLWSMsg{}
|
|
|
|
|
json.Unmarshal(msg_raw, &msg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "WS_CLIENT_ERROR")
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
if msg.Type == "connection_init" {
|
|
|
|
|
if conn_state != "init" {
|
|
|
|
|
ctx.Log.Logf("gqlws", "WS_CLIENT_ERROR: INIT WHILE IN %s", conn_state)
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
conn_state = "ready"
|
|
|
|
|
err = wsutil.WriteServerMessage(conn, 1, []byte("{\"type\": \"connection_ack\"}"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "WS_SERVER_ERROR: FAILED TO SEND connection_ack")
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
} else if msg.Type == "ping" {
|
|
|
|
|
ctx.Log.Logf("gqlws_hb", "PING FROM %s", r.RemoteAddr)
|
|
|
|
|
err = wsutil.WriteServerMessage(conn, 1, []byte("{\"type\": \"pong\"}"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "WS_SERVER_ERROR: FAILED TO SEND PONG")
|
|
|
|
|
}
|
|
|
|
|
} else if msg.Type == "subscribe" {
|
|
|
|
|
ctx.Log.Logf("gqlws", "SUBSCRIBE: %+v", msg.Payload)
|
2023-07-26 00:18:11 -06:00
|
|
|
gql_context := ctx.Extensions[GQLExtType.Hash()].Data.(*GQLExtContext)
|
2023-06-25 20:20:59 -06:00
|
|
|
params := graphql.Params{
|
2023-07-26 00:18:11 -06:00
|
|
|
Schema: gql_context.Schema,
|
2023-07-19 21:28:48 -06:00
|
|
|
Context: req_ctx,
|
2023-06-25 20:20:59 -06:00
|
|
|
RequestString: msg.Payload.Query,
|
|
|
|
|
}
|
|
|
|
|
if msg.Payload.OperationName != "" {
|
|
|
|
|
params.OperationName = msg.Payload.OperationName
|
|
|
|
|
}
|
|
|
|
|
if len(msg.Payload.Variables) > 0 {
|
|
|
|
|
params.VariableValues = msg.Payload.Variables
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res_chan := GQLWSDo(ctx, params)
|
2023-07-03 19:13:29 -06:00
|
|
|
if res_chan == nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "res_chan is nil")
|
|
|
|
|
} else {
|
|
|
|
|
ctx.Log.Logf("gqlws", "res_chan: %+v", res_chan)
|
|
|
|
|
}
|
2023-06-25 20:20:59 -06:00
|
|
|
|
|
|
|
|
go func(res_chan chan *graphql.Result) {
|
|
|
|
|
for {
|
|
|
|
|
next, ok := <-res_chan
|
|
|
|
|
if ok == false {
|
|
|
|
|
ctx.Log.Logf("gqlws", "response channel was closed")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if next == nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "NIL_ON_CHANNEL")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(next.Errors) > 0 {
|
|
|
|
|
extra_fields := map[string]interface{}{}
|
|
|
|
|
extra_fields["query"] = string(msg.Payload.Query)
|
|
|
|
|
ctx.Log.Logm("gqlws", extra_fields, "ERROR: wrong result, unexpected errors: %+v", next.Errors)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
ctx.Log.Logf("gqlws", "DATA: %+v", next.Data)
|
|
|
|
|
data, err := json.Marshal(next.Data)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "ERROR: %+v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
msg, err := json.Marshal(GQLWSMsg{
|
|
|
|
|
ID: msg.ID,
|
|
|
|
|
Type: "next",
|
2023-07-20 00:24:22 -06:00
|
|
|
Payload: GQLPayload{
|
2023-06-25 20:20:59 -06:00
|
|
|
Data: string(data),
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "ERROR: %+v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = wsutil.WriteServerMessage(conn, 1, msg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Log.Logf("gqlws", "ERROR: %+v", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}(res_chan)
|
|
|
|
|
} else {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
panic("Failed to upgrade websocket")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
// Map of go types to graphql types
|
|
|
|
|
type ObjTypeMap map[reflect.Type]*graphql.Object
|
|
|
|
|
|
|
|
|
|
// GQL Specific Context information
|
|
|
|
|
type GQLExtContext struct {
|
|
|
|
|
// Generated GQL schema
|
|
|
|
|
Schema graphql.Schema
|
|
|
|
|
|
|
|
|
|
// List of GQL types
|
|
|
|
|
TypeList []graphql.Type
|
|
|
|
|
|
|
|
|
|
// Interface type maps to map go types of specific interfaces to gql types
|
|
|
|
|
ValidNodes ObjTypeMap
|
|
|
|
|
ValidLockables ObjTypeMap
|
|
|
|
|
ValidThreads ObjTypeMap
|
|
|
|
|
|
|
|
|
|
BaseNodeType *graphql.Object
|
|
|
|
|
BaseLockableType *graphql.Object
|
|
|
|
|
BaseThreadType *graphql.Object
|
|
|
|
|
|
|
|
|
|
Query *graphql.Object
|
|
|
|
|
Mutation *graphql.Object
|
|
|
|
|
Subscription *graphql.Object
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewGQLExtContext() *GQLExtContext {
|
|
|
|
|
query := graphql.NewObject(graphql.ObjectConfig{
|
|
|
|
|
Name: "Query",
|
|
|
|
|
Fields: graphql.Fields{},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
mutation := graphql.NewObject(graphql.ObjectConfig{
|
|
|
|
|
Name: "Mutation",
|
|
|
|
|
Fields: graphql.Fields{},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
subscription := graphql.NewObject(graphql.ObjectConfig{
|
|
|
|
|
Name: "Subscription",
|
|
|
|
|
Fields: graphql.Fields{},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
context := GQLExtContext{
|
|
|
|
|
Schema: graphql.Schema{},
|
|
|
|
|
TypeList: []graphql.Type{},
|
|
|
|
|
ValidNodes: ObjTypeMap{},
|
|
|
|
|
ValidThreads: ObjTypeMap{},
|
|
|
|
|
ValidLockables: ObjTypeMap{},
|
|
|
|
|
Query: query,
|
|
|
|
|
Mutation: mutation,
|
|
|
|
|
Subscription: subscription,
|
|
|
|
|
BaseNodeType: GQLTypeBaseNode.Type,
|
|
|
|
|
BaseLockableType: GQLTypeBaseLockable.Type,
|
|
|
|
|
BaseThreadType: GQLTypeBaseThread.Type,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &context
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type GQLExt struct {
|
2023-07-19 14:45:05 -06:00
|
|
|
tcp_listener net.Listener
|
2023-06-26 21:20:04 -06:00
|
|
|
http_server *http.Server
|
2023-07-26 00:18:11 -06:00
|
|
|
http_done sync.WaitGroup
|
2023-07-21 01:21:53 -06:00
|
|
|
tls_key []byte
|
|
|
|
|
tls_cert []byte
|
2023-07-09 19:33:18 -06:00
|
|
|
Listen string
|
2023-07-26 00:18:11 -06:00
|
|
|
Users NodeMap
|
2023-07-19 14:45:05 -06:00
|
|
|
Key *ecdsa.PrivateKey
|
|
|
|
|
ECDH ecdh.Curve
|
2023-07-24 16:04:56 -06:00
|
|
|
SubscribeLock sync.Mutex
|
2023-07-26 15:08:14 -06:00
|
|
|
SubscribeListeners []chan Signal
|
2023-07-24 16:04:56 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 15:08:14 -06:00
|
|
|
func (ext *GQLExt) NewSubscriptionChannel(buffer int) chan Signal {
|
2023-07-26 00:18:11 -06:00
|
|
|
ext.SubscribeLock.Lock()
|
|
|
|
|
defer ext.SubscribeLock.Unlock()
|
2023-07-24 16:04:56 -06:00
|
|
|
|
2023-07-26 15:08:14 -06:00
|
|
|
new_listener := make(chan Signal, buffer)
|
2023-07-26 00:18:11 -06:00
|
|
|
ext.SubscribeListeners = append(ext.SubscribeListeners, new_listener)
|
2023-07-24 16:04:56 -06:00
|
|
|
|
|
|
|
|
return new_listener
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 15:08:14 -06:00
|
|
|
func (ext *GQLExt) Process(context *StateContext, node *Node, signal Signal) error {
|
2023-07-26 00:18:11 -06:00
|
|
|
ext.SubscribeLock.Lock()
|
|
|
|
|
defer ext.SubscribeLock.Unlock()
|
|
|
|
|
|
2023-07-26 15:08:14 -06:00
|
|
|
active_listeners := []chan Signal{}
|
2023-07-26 00:18:11 -06:00
|
|
|
for _, listener := range(ext.SubscribeListeners) {
|
2023-07-24 16:04:56 -06:00
|
|
|
select {
|
|
|
|
|
case listener <- signal:
|
|
|
|
|
active_listeners = append(active_listeners, listener)
|
|
|
|
|
default:
|
2023-07-26 15:08:14 -06:00
|
|
|
go func(listener chan Signal) {
|
2023-07-24 16:04:56 -06:00
|
|
|
listener <- NewDirectSignal("Channel Closed")
|
|
|
|
|
close(listener)
|
|
|
|
|
}(listener)
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-07-26 00:18:11 -06:00
|
|
|
ext.SubscribeListeners = active_listeners
|
|
|
|
|
return nil
|
2023-06-26 21:20:04 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
const GQLExtType = ExtType("gql_thread")
|
|
|
|
|
func (ext *GQLExt) Type() ExtType {
|
|
|
|
|
return GQLExtType
|
2023-07-25 00:27:39 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
type GQLExtJSON struct {
|
2023-07-01 13:06:39 -06:00
|
|
|
Listen string `json:"listen"`
|
2023-07-19 14:45:05 -06:00
|
|
|
Key []byte `json:"key"`
|
|
|
|
|
ECDH uint8 `json:"ecdh_curve"`
|
2023-07-21 01:21:53 -06:00
|
|
|
TLSKey []byte `json:"ssl_key"`
|
|
|
|
|
TLSCert []byte `json:"ssl_cert"`
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func (ext *GQLExt) Serialize() ([]byte, error) {
|
|
|
|
|
ser_key, err := x509.MarshalECPrivateKey(ext.Key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return json.MarshalIndent(&GQLExtJSON{
|
|
|
|
|
Listen: ext.Listen,
|
|
|
|
|
Key: ser_key,
|
|
|
|
|
ECDH: ecdh_curve_ids[ext.ECDH],
|
|
|
|
|
TLSKey: ext.tls_key,
|
|
|
|
|
TLSCert: ext.tls_cert,
|
|
|
|
|
}, "", " ")
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
var ecdsa_curves = map[uint8]elliptic.Curve{
|
|
|
|
|
0: elliptic.P256(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var ecdsa_curve_ids = map[elliptic.Curve]uint8{
|
|
|
|
|
elliptic.P256(): 0,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var ecdh_curves = map[uint8]ecdh.Curve{
|
|
|
|
|
0: ecdh.P256(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var ecdh_curve_ids = map[ecdh.Curve]uint8{
|
|
|
|
|
ecdh.P256(): 0,
|
2023-07-01 13:03:28 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
func LoadGQLExt(ctx *Context, data []byte) (Extension, error) {
|
|
|
|
|
var j GQLExtJSON
|
|
|
|
|
err := json.Unmarshal(data, &j)
|
2023-07-19 14:45:05 -06:00
|
|
|
if err != nil {
|
2023-07-26 00:18:11 -06:00
|
|
|
return nil, err
|
2023-07-09 19:33:18 -06:00
|
|
|
}
|
2023-07-01 13:03:28 -06:00
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
ecdh_curve, ok := ecdh_curves[j.ECDH]
|
|
|
|
|
if ok == false {
|
|
|
|
|
return nil, fmt.Errorf("%d is not a known ECDH curve ID", j.ECDH)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
key, err := x509.ParseECPrivateKey(j.Key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 11:56:10 -06:00
|
|
|
return NewGQLExt(j.Listen, ecdh_curve, key, j.TLSCert, j.TLSKey), nil
|
2023-07-26 00:18:11 -06:00
|
|
|
}
|
2023-07-03 13:14:48 -06:00
|
|
|
|
2023-07-26 11:56:10 -06:00
|
|
|
func NewGQLExt(listen string, ecdh_curve ecdh.Curve, key *ecdsa.PrivateKey, tls_cert []byte, tls_key []byte) *GQLExt {
|
2023-07-21 01:21:53 -06:00
|
|
|
if tls_cert == nil || tls_key == nil {
|
|
|
|
|
ssl_key, err := ecdsa.GenerateKey(key.Curve, rand.Reader)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssl_key_bytes, err := x509.MarshalECPrivateKey(ssl_key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssl_key_pem := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: ssl_key_bytes})
|
|
|
|
|
|
|
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
|
|
|
serialNumber, _ := rand.Int(rand.Reader, serialNumberLimit)
|
|
|
|
|
notBefore := time.Now()
|
|
|
|
|
notAfter := notBefore.Add(365*24*time.Hour)
|
|
|
|
|
template := x509.Certificate{
|
|
|
|
|
SerialNumber: serialNumber,
|
|
|
|
|
Subject: pkix.Name{
|
|
|
|
|
Organization: []string{"mekkanized"},
|
|
|
|
|
},
|
|
|
|
|
NotBefore: notBefore,
|
|
|
|
|
NotAfter: notAfter,
|
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
|
|
|
BasicConstraintsValid: true,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssl_cert, err := x509.CreateCertificate(rand.Reader, &template, &template, &ssl_key.PublicKey, ssl_key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssl_cert_pem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ssl_cert})
|
|
|
|
|
|
|
|
|
|
tls_cert = ssl_cert_pem
|
|
|
|
|
tls_key = ssl_key_pem
|
|
|
|
|
}
|
2023-07-26 11:56:10 -06:00
|
|
|
return &GQLExt{
|
2023-06-25 20:20:59 -06:00
|
|
|
Listen: listen,
|
2023-07-26 15:08:14 -06:00
|
|
|
SubscribeListeners: []chan Signal{},
|
2023-07-19 14:45:05 -06:00
|
|
|
Key: key,
|
|
|
|
|
ECDH: ecdh_curve,
|
2023-07-21 01:21:53 -06:00
|
|
|
tls_cert: tls_cert,
|
|
|
|
|
tls_key: tls_key,
|
2023-06-25 20:20:59 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var gql_actions ThreadActions = ThreadActions{
|
2023-07-02 12:14:04 -06:00
|
|
|
"wait": ThreadWait,
|
2023-07-26 00:18:11 -06:00
|
|
|
"restore": func(ctx *Context, thread *Node, thread_ext *ThreadExt) (string, error) {
|
|
|
|
|
return "start_server", ThreadRestore(ctx, thread, thread_ext, false)
|
2023-07-02 12:47:45 -06:00
|
|
|
},
|
2023-07-26 00:18:11 -06:00
|
|
|
"start": func(ctx * Context, thread *Node, thread_ext *ThreadExt) (string, error) {
|
|
|
|
|
_, err := ThreadStart(ctx, thread, thread_ext)
|
2023-07-06 16:57:51 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2023-07-26 00:18:11 -06:00
|
|
|
return "start_server", ThreadRestore(ctx, thread, thread_ext, true)
|
2023-07-06 16:57:51 -06:00
|
|
|
},
|
2023-07-26 00:18:11 -06:00
|
|
|
"start_server": func(ctx * Context, thread *Node, thread_ext *ThreadExt) (string, error) {
|
|
|
|
|
gql_ext, err := GetExt[*GQLExt](thread)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2023-06-26 21:20:04 -06:00
|
|
|
|
|
|
|
|
mux := http.NewServeMux()
|
2023-07-26 00:18:11 -06:00
|
|
|
mux.HandleFunc("/auth", AuthHandler(ctx, thread, gql_ext))
|
|
|
|
|
mux.HandleFunc("/gql", GQLHandler(ctx, thread, gql_ext))
|
|
|
|
|
mux.HandleFunc("/gqlws", GQLWSHandler(ctx, thread, gql_ext))
|
2023-07-01 13:03:28 -06:00
|
|
|
|
|
|
|
|
// Server a graphiql interface(TODO make configurable whether to start this)
|
2023-06-26 21:20:04 -06:00
|
|
|
mux.HandleFunc("/graphiql", GraphiQLHandler())
|
2023-07-01 13:03:28 -06:00
|
|
|
|
|
|
|
|
// Server the ./site directory to /site (TODO make configurable with better defaults)
|
2023-06-26 21:20:04 -06:00
|
|
|
fs := http.FileServer(http.Dir("./site"))
|
|
|
|
|
mux.Handle("/site/", http.StripPrefix("/site", fs))
|
|
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
http_server := &http.Server{
|
2023-07-26 00:18:11 -06:00
|
|
|
Addr: gql_ext.Listen,
|
2023-07-19 14:45:05 -06:00
|
|
|
Handler: mux,
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-21 01:05:24 -06:00
|
|
|
l, err := net.Listen("tcp", http_server.Addr)
|
2023-07-19 14:45:05 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("Failed to start listener for server on %s", http_server.Addr)
|
2023-07-21 01:05:24 -06:00
|
|
|
}
|
|
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
cert, err := tls.X509KeyPair(gql_ext.tls_cert, gql_ext.tls_key)
|
2023-07-21 01:21:53 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2023-07-21 01:05:24 -06:00
|
|
|
|
2023-07-21 01:21:53 -06:00
|
|
|
config := tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
|
NextProtos: []string{"http/1.1"},
|
2023-07-19 14:45:05 -06:00
|
|
|
}
|
2023-06-26 21:20:04 -06:00
|
|
|
|
2023-07-21 01:21:53 -06:00
|
|
|
listener := tls.NewListener(l, &config)
|
2023-07-21 01:05:24 -06:00
|
|
|
|
2023-07-26 00:18:11 -06:00
|
|
|
gql_ext.http_done.Add(1)
|
|
|
|
|
go func(qql_ext *GQLExt) {
|
|
|
|
|
defer gql_ext.http_done.Done()
|
2023-07-19 14:45:05 -06:00
|
|
|
|
2023-07-21 01:05:24 -06:00
|
|
|
err := http_server.Serve(listener)
|
2023-06-26 21:20:04 -06:00
|
|
|
if err != http.ErrServerClosed {
|
2023-07-19 14:45:05 -06:00
|
|
|
panic(fmt.Sprintf("Failed to start gql server: %s", err))
|
2023-06-26 21:20:04 -06:00
|
|
|
}
|
2023-07-26 00:18:11 -06:00
|
|
|
}(gql_ext)
|
2023-06-26 21:20:04 -06:00
|
|
|
|
2023-07-19 14:45:05 -06:00
|
|
|
|
2023-07-23 17:57:47 -06:00
|
|
|
context := NewWriteContext(ctx)
|
2023-07-26 00:18:11 -06:00
|
|
|
err = UpdateStates(context, thread, NewACLInfo(thread, []string{"http_server"}), func(context *StateContext) error {
|
|
|
|
|
gql_ext.tcp_listener = listener
|
|
|
|
|
gql_ext.http_server = http_server
|
2023-07-22 20:21:17 -06:00
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-23 17:57:47 -06:00
|
|
|
context = NewReadContext(ctx)
|
2023-07-26 15:08:14 -06:00
|
|
|
err = SendSignal(context, thread, thread, NewStatusSignal("server_started", thread.ID))
|
2023-07-22 20:21:17 -06:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-25 20:20:59 -06:00
|
|
|
return "wait", nil
|
|
|
|
|
},
|
2023-07-26 00:18:11 -06:00
|
|
|
"finish": func(ctx *Context, thread *Node, thread_ext *ThreadExt) (string, error) {
|
|
|
|
|
gql_ext, err := GetExt[*GQLExt](thread)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gql_ext.http_server.Shutdown(context.TODO())
|
|
|
|
|
gql_ext.http_done.Wait()
|
|
|
|
|
return ThreadFinish(ctx, thread, thread_ext)
|
2023-07-23 17:57:47 -06:00
|
|
|
},
|
2023-06-25 20:20:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var gql_handlers ThreadHandlers = ThreadHandlers{
|
2023-07-24 16:04:56 -06:00
|
|
|
"child_linked": ThreadChildLinked,
|
|
|
|
|
"start_child": ThreadStartChild,
|
2023-07-23 17:57:47 -06:00
|
|
|
"abort": ThreadAbort,
|
2023-07-23 19:04:04 -06:00
|
|
|
"stop": ThreadStop,
|
2023-06-25 20:20:59 -06:00
|
|
|
}
|
|
|
|
|
|
