caddyhttp: Clean up; move some code around

1 files changed, 433 insertions, 0 deletions

diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go
new file mode 100644
index 0000000..97290f4
--- /dev/null
+++ b/modules/caddyhttp/app.go
@@ -0,0 +1,433 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package caddyhttp
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/caddy/v2/modules/caddytls"
+	"github.com/lucas-clemente/quic-go/http3"
+	"go.uber.org/zap"
+)
+
+func init() {
+	err := caddy.RegisterModule(App{})
+	if err != nil {
+		caddy.Log().Fatal(err.Error())
+	}
+}
+
+// App is a robust, production-ready HTTP server.
+//
+// HTTPS is enabled by default if host matchers with qualifying names are used
+// in any of routes; certificates are automatically provisioned and renewed.
+// Additionally, automatic HTTPS will also enable HTTPS for servers that listen
+// only on the HTTPS port but which do not have any TLS connection policies
+// defined by adding a good, default TLS connection policy.
+//
+// In HTTP routes, additional placeholders are available (replace any `*`):
+//
+// Placeholder | Description
+// ------------|---------------
+// `{http.request.cookie.*}` | HTTP request cookie
+// `{http.request.header.*}` | Specific request header field
+// `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo
+// `{http.request.host}` | The host part of the request's Host header
+// `{http.request.hostport}` | The host and port from the request's Host header
+// `{http.request.method}` | The request method
+// `{http.request.orig_method}` | The request's original method
+// `{http.request.orig_uri.path.dir}` | The request's original directory
+// `{http.request.orig_uri.path.file}` | The request's original filename
+// `{http.request.orig_uri.path}` | The request's original path
+// `{http.request.orig_uri.query}` | The request's original query string (without `?`)
+// `{http.request.orig_uri}` | The request's original URI
+// `{http.request.port}` | The port part of the request's Host header
+// `{http.request.proto}` | The protocol of the request
+// `{http.request.remote.host}` | The host part of the remote client's address
+// `{http.request.remote.port}` | The port part of the remote client's address
+// `{http.request.remote}` | The address of the remote client
+// `{http.request.scheme}` | The request scheme
+// `{http.request.tls.version}` | The TLS version name
+// `{http.request.tls.cipher_suite}` | The TLS cipher suite
+// `{http.request.tls.resumed}` | The TLS connection resumed a previous connection
+// `{http.request.tls.proto}` | The negotiated next protocol
+// `{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server
+// `{http.request.tls.server_name}` | The server name requested by the client, if any
+// `{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate
+// `{http.request.tls.client.issuer}` | The issuer DN of the client certificate
+// `{http.request.tls.client.serial}` | The serial number of the client certificate
+// `{http.request.tls.client.subject}` | The subject DN of the client certificate
+// `{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)
+// `{http.request.uri.path.dir}` | The directory, excluding leaf filename
+// `{http.request.uri.path.file}` | The filename of the path, excluding directory
+// `{http.request.uri.path}` | The path component of the request URI
+// `{http.request.uri.query.*}` | Individual query string value
+// `{http.request.uri.query}` | The query string (without `?`)
+// `{http.request.uri}` | The full request URI
+// `{http.response.header.*}` | Specific response header field
+// `{http.vars.*}` | Custom variables in the HTTP handler chain
+type App struct {
+	// HTTPPort specifies the port to use for HTTP (as opposed to HTTPS),
+	// which is used when setting up HTTP->HTTPS redirects or ACME HTTP
+	// challenge solvers. Default: 80.
+	HTTPPort int `json:"http_port,omitempty"`
+
+	// HTTPSPort specifies the port to use for HTTPS, which is used when
+	// solving the ACME TLS-ALPN challenges, or whenever HTTPS is needed
+	// but no specific port number is given. Default: 443.
+	HTTPSPort int `json:"https_port,omitempty"`
+
+	// GracePeriod is how long to wait for active connections when shutting
+	// down the server. Once the grace period is over, connections will
+	// be forcefully closed.
+	GracePeriod caddy.Duration `json:"grace_period,omitempty"`
+
+	// Servers is the list of servers, keyed by arbitrary names chosen
+	// at your discretion for your own convenience; the keys do not
+	// affect functionality.
+	Servers map[string]*Server `json:"servers,omitempty"`
+
+	servers     []*http.Server
+	h3servers   []*http3.Server
+	h3listeners []net.PacketConn
+
+	ctx    caddy.Context
+	logger *zap.Logger
+	tlsApp *caddytls.TLS
+
+	// used temporarily between phases 1 and 2 of auto HTTPS
+	allCertDomains []string
+}
+
+// CaddyModule returns the Caddy module information.
+func (App) CaddyModule() caddy.ModuleInfo {
+	return caddy.ModuleInfo{
+		ID:  "http",
+		New: func() caddy.Module { return new(App) },
+	}
+}
+
+// Provision sets up the app.
+func (app *App) Provision(ctx caddy.Context) error {
+	// store some references
+	tlsAppIface, err := ctx.App("tls")
+	if err != nil {
+		return fmt.Errorf("getting tls app: %v", err)
+	}
+	app.tlsApp = tlsAppIface.(*caddytls.TLS)
+	app.ctx = ctx
+	app.logger = ctx.Logger(app)
+
+	repl := caddy.NewReplacer()
+
+	// this provisions the matchers for each route,
+	// and prepares auto HTTP->HTTPS redirects, and
+	// is required before we provision each server
+	err = app.automaticHTTPSPhase1(ctx, repl)
+	if err != nil {
+		return err
+	}
+
+	// prepare each server
+	for srvName, srv := range app.Servers {
+		srv.tlsApp = app.tlsApp
+		srv.logger = app.logger.Named("log")
+		srv.errorLogger = app.logger.Named("log.error")
+
+		// only enable access logs if configured
+		if srv.Logs != nil {
+			srv.accessLogger = app.logger.Named("log.access")
+		}
+
+		// if not explicitly configured by the user, disallow TLS
+		// client auth bypass (domain fronting) which could
+		// otherwise be exploited by sending an unprotected SNI
+		// value during a TLS handshake, then putting a protected
+		// domain in the Host header after establishing connection;
+		// this is a safe default, but we allow users to override
+		// it for example in the case of running a proxy where
+		// domain fronting is desired and access is not restricted
+		// based on hostname
+		if srv.StrictSNIHost == nil && srv.hasTLSClientAuth() {
+			app.logger.Info("enabling strict SNI-Host matching because TLS client auth is configured",
+				zap.String("server_name", srvName),
+			)
+			trueBool := true
+			srv.StrictSNIHost = &trueBool
+		}
+
+		// process each listener address
+		for i := range srv.Listen {
+			lnOut, err := repl.ReplaceOrErr(srv.Listen[i], true, true)
+			if err != nil {
+				return fmt.Errorf("server %s, listener %d: %v",
+					srvName, i, err)
+			}
+			srv.Listen[i] = lnOut
+		}
+
+		// set up each listener modifier
+		if srv.ListenerWrappersRaw != nil {
+			vals, err := ctx.LoadModule(srv, "ListenerWrappersRaw")
+			if err != nil {
+				return fmt.Errorf("loading listener wrapper modules: %v", err)
+			}
+			var hasTLSPlaceholder bool
+			for i, val := range vals.([]interface{}) {
+				if _, ok := val.(*tlsPlaceholderWrapper); ok {
+					if i == 0 {
+						// putting the tls placeholder wrapper first is nonsensical because
+						// that is the default, implicit setting: without it, all wrappers
+						// will go after the TLS listener anyway
+						return fmt.Errorf("it is unnecessary to specify the TLS listener wrapper in the first position because that is the default")
+					}
+					if hasTLSPlaceholder {
+						return fmt.Errorf("TLS listener wrapper can only be specified once")
+					}
+					hasTLSPlaceholder = true
+				}
+				srv.listenerWrappers = append(srv.listenerWrappers, val.(caddy.ListenerWrapper))
+			}
+			// if any wrappers were configured but the TLS placeholder wrapper is
+			// absent, prepend it so all defined wrappers come after the TLS
+			// handshake; this simplifies logic when starting the server, since we
+			// can simply assume the TLS placeholder will always be there
+			if !hasTLSPlaceholder && len(srv.listenerWrappers) > 0 {
+				srv.listenerWrappers = append([]caddy.ListenerWrapper{new(tlsPlaceholderWrapper)}, srv.listenerWrappers...)
+			}
+		}
+
+		// pre-compile the primary handler chain, and be sure to wrap it in our
+		// route handler so that important security checks are done, etc.
+		primaryRoute := emptyHandler
+		if srv.Routes != nil {
+			err := srv.Routes.ProvisionHandlers(ctx)
+			if err != nil {
+				return fmt.Errorf("server %s: setting up route handlers: %v", srvName, err)
+			}
+			primaryRoute = srv.Routes.Compile(emptyHandler)
+		}
+		srv.primaryHandlerChain = srv.wrapPrimaryRoute(primaryRoute)
+
+		// pre-compile the error handler chain
+		if srv.Errors != nil {
+			err := srv.Errors.Routes.Provision(ctx)
+			if err != nil {
+				return fmt.Errorf("server %s: setting up server error handling routes: %v", srvName, err)
+			}
+			srv.errorHandlerChain = srv.Errors.Routes.Compile(errorEmptyHandler)
+		}
+
+		// prepare the TLS connection policies
+		err = srv.TLSConnPolicies.Provision(ctx)
+		if err != nil {
+			return fmt.Errorf("server %s: setting up TLS connection policies: %v", srvName, err)
+		}
+	}
+
+	return nil
+}
+
+// Validate ensures the app's configuration is valid.
+func (app *App) Validate() error {
+	// each server must use distinct listener addresses
+	lnAddrs := make(map[string]string)
+	for srvName, srv := range app.Servers {
+		for _, addr := range srv.Listen {
+			listenAddr, err := caddy.ParseNetworkAddress(addr)
+			if err != nil {
+				return fmt.Errorf("invalid listener address '%s': %v", addr, err)
+			}
+			// check that every address in the port range is unique to this server;
+			// we do not use <= here because PortRangeSize() adds 1 to EndPort for us
+			for i := uint(0); i < listenAddr.PortRangeSize(); i++ {
+				addr := caddy.JoinNetworkAddress(listenAddr.Network, listenAddr.Host, strconv.Itoa(int(listenAddr.StartPort+i)))
+				if sn, ok := lnAddrs[addr]; ok {
+					return fmt.Errorf("server %s: listener address repeated: %s (already claimed by server '%s')", srvName, addr, sn)
+				}
+				lnAddrs[addr] = srvName
+			}
+		}
+	}
+
+	return nil
+}
+
+// Start runs the app. It finishes automatic HTTPS if enabled,
+// including management of certificates.
+func (app *App) Start() error {
+	for srvName, srv := range app.Servers {
+		s := &http.Server{
+			ReadTimeout:       time.Duration(srv.ReadTimeout),
+			ReadHeaderTimeout: time.Duration(srv.ReadHeaderTimeout),
+			WriteTimeout:      time.Duration(srv.WriteTimeout),
+			IdleTimeout:       time.Duration(srv.IdleTimeout),
+			MaxHeaderBytes:    srv.MaxHeaderBytes,
+			Handler:           srv,
+		}
+
+		for _, lnAddr := range srv.Listen {
+			listenAddr, err := caddy.ParseNetworkAddress(lnAddr)
+			if err != nil {
+				return fmt.Errorf("%s: parsing listen address '%s': %v", srvName, lnAddr, err)
+			}
+			for portOffset := uint(0); portOffset < listenAddr.PortRangeSize(); portOffset++ {
+				// create the listener for this socket
+				hostport := listenAddr.JoinHostPort(portOffset)
+				ln, err := caddy.Listen(listenAddr.Network, hostport)
+				if err != nil {
+					return fmt.Errorf("%s: listening on %s: %v", listenAddr.Network, hostport, err)
+				}
+
+				// wrap listener before TLS (up to the TLS placeholder wrapper)
+				var lnWrapperIdx int
+				for i, lnWrapper := range srv.listenerWrappers {
+					if _, ok := lnWrapper.(*tlsPlaceholderWrapper); ok {
+						lnWrapperIdx = i + 1 // mark the next wrapper's spot
+						break
+					}
+					ln = lnWrapper.WrapListener(ln)
+				}
+
+				// enable TLS if there is a policy and if this is not the HTTP port
+				useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort()
+				if useTLS {
+					// create TLS listener
+					tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx)
+					ln = tls.NewListener(ln, tlsCfg)
+
+					/////////
+					// TODO: HTTP/3 support is experimental for now
+					if srv.ExperimentalHTTP3 {
+						app.logger.Info("enabling experimental HTTP/3 listener",
+							zap.String("addr", hostport),
+						)
+						h3ln, err := caddy.ListenPacket("udp", hostport)
+						if err != nil {
+							return fmt.Errorf("getting HTTP/3 UDP listener: %v", err)
+						}
+						h3srv := &http3.Server{
+							Server: &http.Server{
+								Addr:      hostport,
+								Handler:   srv,
+								TLSConfig: tlsCfg,
+							},
+						}
+						go h3srv.Serve(h3ln)
+						app.h3servers = append(app.h3servers, h3srv)
+						app.h3listeners = append(app.h3listeners, h3ln)
+						srv.h3server = h3srv
+					}
+					/////////
+				}
+
+				// finish wrapping listener where we left off before TLS
+				for i := lnWrapperIdx; i < len(srv.listenerWrappers); i++ {
+					ln = srv.listenerWrappers[i].WrapListener(ln)
+				}
+
+				app.logger.Debug("starting server loop",
+					zap.String("address", lnAddr),
+					zap.Bool("http3", srv.ExperimentalHTTP3),
+					zap.Bool("tls", useTLS),
+				)
+
+				go s.Serve(ln)
+				app.servers = append(app.servers, s)
+			}
+		}
+	}
+
+	// finish automatic HTTPS by finally beginning
+	// certificate management
+	err := app.automaticHTTPSPhase2()
+	if err != nil {
+		return fmt.Errorf("finalizing automatic HTTPS: %v", err)
+	}
+
+	return nil
+}
+
+// Stop gracefully shuts down the HTTP server.
+func (app *App) Stop() error {
+	ctx := context.Background()
+	if app.GracePeriod > 0 {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithTimeout(ctx, time.Duration(app.GracePeriod))
+		defer cancel()
+	}
+	for _, s := range app.servers {
+		err := s.Shutdown(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	// close the http3 servers; it's unclear whether the bug reported in
+	// https://github.com/caddyserver/caddy/pull/2727#issuecomment-526856566
+	// was ever truly fixed, since it seemed racey/nondeterministic; but
+	// recent tests in 2020 were unable to replicate the issue again after
+	// repeated attempts (the bug manifested after a config reload; i.e.
+	// reusing a http3 server or listener was problematic), but it seems
+	// to be working fine now
+	for _, s := range app.h3servers {
+		// TODO: CloseGracefully, once implemented upstream
+		// (see https://github.com/lucas-clemente/quic-go/issues/2103)
+		err := s.Close()
+		if err != nil {
+			return err
+		}
+	}
+
+	// closing an http3.Server does not close their underlying listeners
+	// since apparently the listener can be used both by servers and
+	// clients at the same time; so we need to manually call Close()
+	// on the underlying h3 listeners (see lucas-clemente/quic-go#2103)
+	for _, pc := range app.h3listeners {
+		err := pc.Close()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (app *App) httpPort() int {
+	if app.HTTPPort == 0 {
+		return DefaultHTTPPort
+	}
+	return app.HTTPPort
+}
+
+func (app *App) httpsPort() int {
+	if app.HTTPSPort == 0 {
+		return DefaultHTTPSPort
+	}
+	return app.HTTPSPort
+}
+
+// Interface guards
+var (
+	_ caddy.App         = (*App)(nil)
+	_ caddy.Provisioner = (*App)(nil)
+	_ caddy.Validator   = (*App)(nil)
+)