mirror of
https://github.com/falk-werner/webfuse
synced 2024-10-27 20:34:10 +00:00
use tls configuration in server and provider
This commit is contained in:
parent
412c1f9a51
commit
f12f461154
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
/build/
|
/build/
|
||||||
/.vscode/
|
/.vscode/
|
||||||
|
*.pem
|
@ -34,6 +34,7 @@ add_library(webfuse_static STATIC
|
|||||||
src/webfuse/ws/client.cpp
|
src/webfuse/ws/client.cpp
|
||||||
src/webfuse/ws/messagewriter.cpp
|
src/webfuse/ws/messagewriter.cpp
|
||||||
src/webfuse/ws/messagereader.cpp
|
src/webfuse/ws/messagereader.cpp
|
||||||
|
src/webfuse/ws/url.cpp
|
||||||
)
|
)
|
||||||
|
|
||||||
target_include_directories(webfuse_static PUBLIC src)
|
target_include_directories(webfuse_static PUBLIC src)
|
||||||
|
7
script/create_cert.sh
Executable file
7
script/create_cert.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
openssl req -x509 -newkey rsa:4096 \
|
||||||
|
-keyout server-key.pem \
|
||||||
|
-out server-cert.pem \
|
||||||
|
-days 365 -nodes -batch \
|
||||||
|
-subj /CN=localhost
|
@ -33,6 +33,7 @@ public:
|
|||||||
{
|
{
|
||||||
{"path" , required_argument, nullptr, 'p'},
|
{"path" , required_argument, nullptr, 'p'},
|
||||||
{"url" , required_argument, nullptr, 'u'},
|
{"url" , required_argument, nullptr, 'u'},
|
||||||
|
{"ca-path", required_argument, nullptr, 'a'},
|
||||||
{"version", no_argument , nullptr, 'v'},
|
{"version", no_argument , nullptr, 'v'},
|
||||||
{"help" , no_argument , nullptr, 'h'},
|
{"help" , no_argument , nullptr, 'h'},
|
||||||
{nullptr , 0 , nullptr, 0 }
|
{nullptr , 0 , nullptr, 0 }
|
||||||
@ -44,7 +45,7 @@ public:
|
|||||||
while (!finished)
|
while (!finished)
|
||||||
{
|
{
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
const int c = getopt_long(argc, argv, "p:u:vh", long_options, &option_index);
|
const int c = getopt_long(argc, argv, "p:u:a:vh", long_options, &option_index);
|
||||||
switch (c)
|
switch (c)
|
||||||
{
|
{
|
||||||
case -1:
|
case -1:
|
||||||
@ -56,6 +57,9 @@ public:
|
|||||||
case 'u':
|
case 'u':
|
||||||
url = optarg;
|
url = optarg;
|
||||||
break;
|
break;
|
||||||
|
case 'a':
|
||||||
|
ca_path = optarg;
|
||||||
|
break;
|
||||||
case 'h':
|
case 'h':
|
||||||
cmd = command::show_help;
|
cmd = command::show_help;
|
||||||
break;
|
break;
|
||||||
@ -81,6 +85,7 @@ public:
|
|||||||
|
|
||||||
std::string base_path;
|
std::string base_path;
|
||||||
std::string url;
|
std::string url;
|
||||||
|
std::string ca_path;
|
||||||
command cmd;
|
command cmd;
|
||||||
int exit_code;
|
int exit_code;
|
||||||
};
|
};
|
||||||
@ -91,11 +96,12 @@ void print_usage()
|
|||||||
expose a local directory via webfuse2
|
expose a local directory via webfuse2
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
webfuse-provider -u <url> [-p <path>]
|
webfuse-provider -u <url> [-p <path>] [-a <ca_path>]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
--url, -u set url of webfuse2 service
|
--url, -u set url of webfuse2 service
|
||||||
--path, -p set path of directory to expose (default: .)
|
--path, -p set path of directory to expose (default: .)
|
||||||
|
--ca-path, -a set path of ca file (default: not set)
|
||||||
--version, -v print version and quit
|
--version, -v print version and quit
|
||||||
--help, -h print this message and quit
|
--help, -h print this message and quit
|
||||||
|
|
||||||
@ -439,7 +445,7 @@ int main(int argc, char* argv[])
|
|||||||
signal(SIGTERM, &on_signal);
|
signal(SIGTERM, &on_signal);
|
||||||
|
|
||||||
filesystem fs(ctx.base_path);
|
filesystem fs(ctx.base_path);
|
||||||
webfuse::provider provider(fs);
|
webfuse::provider provider(fs, ctx.ca_path);
|
||||||
provider.set_connection_listener([](bool connected) {
|
provider.set_connection_listener([](bool connected) {
|
||||||
if (!connected)
|
if (!connected)
|
||||||
{
|
{
|
||||||
|
@ -13,9 +13,9 @@ namespace webfuse
|
|||||||
class provider::detail
|
class provider::detail
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
detail(filesystem_i & fs)
|
detail(filesystem_i & fs, std::string const & ca_path)
|
||||||
: fs_(fs)
|
: fs_(fs)
|
||||||
, client([this](auto& reader) { return this->on_message(reader); })
|
, client(ca_path, [this](auto& reader) { return this->on_message(reader); })
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -375,8 +375,8 @@ private:
|
|||||||
ws_client client;
|
ws_client client;
|
||||||
};
|
};
|
||||||
|
|
||||||
provider::provider(filesystem_i & fs)
|
provider::provider(filesystem_i & fs, std::string const & ca_path)
|
||||||
: d(new detail(fs))
|
: d(new detail(fs, ca_path))
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -13,7 +13,7 @@ class provider
|
|||||||
provider(provider const &) = delete;
|
provider(provider const &) = delete;
|
||||||
provider& operator=(provider const &) = delete;
|
provider& operator=(provider const &) = delete;
|
||||||
public:
|
public:
|
||||||
provider(filesystem_i & fs);
|
provider(filesystem_i & fs, std::string const & ca_path);
|
||||||
~provider();
|
~provider();
|
||||||
provider(provider && other);
|
provider(provider && other);
|
||||||
provider& operator=(provider && other);
|
provider& operator=(provider && other);
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
#include "webfuse/ws/client.hpp"
|
#include "webfuse/ws/client.hpp"
|
||||||
|
#include "webfuse/ws/url.hpp"
|
||||||
|
|
||||||
#include <libwebsockets.h>
|
#include <libwebsockets.h>
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
@ -106,8 +108,10 @@ class ws_client::detail
|
|||||||
detail(detail &&) = delete;
|
detail(detail &&) = delete;
|
||||||
detail& operator=(detail &&) = delete;
|
detail& operator=(detail &&) = delete;
|
||||||
public:
|
public:
|
||||||
detail(ws_client_handler handler)
|
detail(std::string const & ca_path, ws_client_handler handler)
|
||||||
{
|
{
|
||||||
|
lws_set_log_level(0, nullptr);
|
||||||
|
|
||||||
memset(reinterpret_cast<void*>(protocols), 0, sizeof(lws_protocols) * 2);
|
memset(reinterpret_cast<void*>(protocols), 0, sizeof(lws_protocols) * 2);
|
||||||
protocols[0].callback = &webfuse_client_callback;
|
protocols[0].callback = &webfuse_client_callback;
|
||||||
protocols[0].name = "webfuse2-client";
|
protocols[0].name = "webfuse2-client";
|
||||||
@ -119,12 +123,22 @@ public:
|
|||||||
info.protocols = protocols;
|
info.protocols = protocols;
|
||||||
info.uid = -1;
|
info.uid = -1;
|
||||||
info.gid = -1;
|
info.gid = -1;
|
||||||
|
info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS;
|
||||||
|
|
||||||
data.handler = handler;
|
data.handler = handler;
|
||||||
data.connection_listener = [](bool){ };
|
data.connection_listener = [](bool){ };
|
||||||
data.connection = nullptr;
|
data.connection = nullptr;
|
||||||
|
|
||||||
context = lws_create_context(&info);
|
context = lws_create_context(&info);
|
||||||
|
|
||||||
|
struct lws_vhost * vhost = lws_create_vhost(context, &info);
|
||||||
|
info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
|
||||||
|
if (!ca_path.empty())
|
||||||
|
{
|
||||||
|
info.client_ssl_ca_filepath = ca_path.c_str();
|
||||||
|
}
|
||||||
|
|
||||||
|
lws_init_vhost_client_ssl(&info, vhost);
|
||||||
}
|
}
|
||||||
|
|
||||||
~detail()
|
~detail()
|
||||||
@ -134,15 +148,17 @@ public:
|
|||||||
|
|
||||||
void connect(std::string const & url)
|
void connect(std::string const & url)
|
||||||
{
|
{
|
||||||
|
ws_url parsed_url(url);
|
||||||
|
|
||||||
lws_client_connect_info info;
|
lws_client_connect_info info;
|
||||||
memset(reinterpret_cast<void*>(&info), 0, sizeof(lws_client_connect_info));
|
memset(reinterpret_cast<void*>(&info), 0, sizeof(lws_client_connect_info));
|
||||||
info.context = context;
|
info.context = context;
|
||||||
info.port = 8081; //NOLINT(readability-magic-numbers)
|
info.port = parsed_url.port;
|
||||||
info.address = "localhost";
|
info.address = parsed_url.hostname.c_str();
|
||||||
info.host = "localhost";
|
info.host = info.address;
|
||||||
info.path = "/";
|
info.path = parsed_url.path.c_str();
|
||||||
info.origin = "localhost";
|
info.origin = info.address;
|
||||||
info.ssl_connection = 0;
|
info.ssl_connection = (parsed_url.use_tls) ? LCCSCF_USE_SSL : 0;
|
||||||
info.protocol = "webfuse2";
|
info.protocol = "webfuse2";
|
||||||
info.local_protocol_name = "webfuse2-client";
|
info.local_protocol_name = "webfuse2-client";
|
||||||
info.pwsi = &data.connection;
|
info.pwsi = &data.connection;
|
||||||
@ -172,8 +188,8 @@ private:
|
|||||||
user_data data;
|
user_data data;
|
||||||
};
|
};
|
||||||
|
|
||||||
ws_client::ws_client(ws_client_handler handler)
|
ws_client::ws_client(std::string const & ca_path, ws_client_handler handler)
|
||||||
: d(new detail(handler))
|
: d(new detail(ca_path, handler))
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -16,7 +16,7 @@ class ws_client
|
|||||||
ws_client(ws_client const &) = delete;
|
ws_client(ws_client const &) = delete;
|
||||||
ws_client& operator=(ws_client const &) = delete;
|
ws_client& operator=(ws_client const &) = delete;
|
||||||
public:
|
public:
|
||||||
ws_client(ws_client_handler handler);
|
ws_client(std::string const & ca_path, ws_client_handler handler);
|
||||||
~ws_client();
|
~ws_client();
|
||||||
ws_client(ws_client && other);
|
ws_client(ws_client && other);
|
||||||
ws_client& operator=(ws_client && other);
|
ws_client& operator=(ws_client && other);
|
||||||
|
@ -164,6 +164,8 @@ public:
|
|||||||
detail(ws_config const & config)
|
detail(ws_config const & config)
|
||||||
: shutdown_requested(false)
|
: shutdown_requested(false)
|
||||||
{
|
{
|
||||||
|
lws_set_log_level(0, nullptr);
|
||||||
|
|
||||||
memset(reinterpret_cast<void*>(protocols), 0, sizeof(protocols));
|
memset(reinterpret_cast<void*>(protocols), 0, sizeof(protocols));
|
||||||
protocols[0].name = "webfuse2";
|
protocols[0].name = "webfuse2";
|
||||||
protocols[0].callback = &ws_server_callback;
|
protocols[0].callback = &ws_server_callback;
|
||||||
@ -173,15 +175,21 @@ public:
|
|||||||
memset(reinterpret_cast<void*>(&info), 0, sizeof(info));
|
memset(reinterpret_cast<void*>(&info), 0, sizeof(info));
|
||||||
info.port = config.port;
|
info.port = config.port;
|
||||||
info.protocols = protocols;
|
info.protocols = protocols;
|
||||||
info.vhost_name = "localhost";
|
info.vhost_name = config.vhost_name.c_str();
|
||||||
info.options = LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE | LWS_SERVER_OPTION_EXPLICIT_VHOSTS;
|
info.options = LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE | LWS_SERVER_OPTION_EXPLICIT_VHOSTS;
|
||||||
|
|
||||||
|
if (config.use_tls)
|
||||||
|
{
|
||||||
|
info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
|
||||||
|
info.ssl_cert_filepath = config.cert_path.c_str();
|
||||||
|
info.ssl_private_key_filepath = config.key_path.c_str();
|
||||||
|
}
|
||||||
|
|
||||||
context = lws_create_context(&info);
|
context = lws_create_context(&info);
|
||||||
|
|
||||||
lws_create_vhost(context, &info);
|
lws_create_vhost(context, &info);
|
||||||
// lws_vhost * const vhost = lws_create_vhost(context, &info);
|
// lws_vhost * const vhost = lws_create_vhost(context, &info);
|
||||||
// port = lws_get_vhost_port(vhost);
|
// int port = lws_get_vhost_port(vhost);
|
||||||
|
|
||||||
|
|
||||||
thread = std::thread([this]() {
|
thread = std::thread([this]() {
|
||||||
while (!shutdown_requested)
|
while (!shutdown_requested)
|
||||||
|
70
src/webfuse/ws/url.cpp
Normal file
70
src/webfuse/ws/url.cpp
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
#include "webfuse/ws/url.hpp"
|
||||||
|
|
||||||
|
#include <cstring>
|
||||||
|
#include <stdexcept>
|
||||||
|
|
||||||
|
namespace
|
||||||
|
{
|
||||||
|
|
||||||
|
bool starts_with(std::string const & value, std::string const & prefix)
|
||||||
|
{
|
||||||
|
return (0 == value.find(prefix));
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string parse_protocol(std::string const &url, bool &use_tls)
|
||||||
|
{
|
||||||
|
if (starts_with(url, "ws://"))
|
||||||
|
{
|
||||||
|
use_tls = false;
|
||||||
|
return url.substr(strlen("ws://"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (starts_with(url, "wss://"))
|
||||||
|
{
|
||||||
|
use_tls = true;
|
||||||
|
return url.substr(strlen("wss://"));
|
||||||
|
}
|
||||||
|
|
||||||
|
throw std::runtime_error("unknown protocol");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
namespace webfuse
|
||||||
|
{
|
||||||
|
|
||||||
|
constexpr uint16_t const ws_port = 80;
|
||||||
|
constexpr uint16_t const wss_port = 443;
|
||||||
|
|
||||||
|
ws_url::ws_url(std::string const & url)
|
||||||
|
{
|
||||||
|
auto remainder = parse_protocol(url, use_tls);
|
||||||
|
|
||||||
|
auto const path_start = remainder.find('/');
|
||||||
|
if (path_start != std::string::npos)
|
||||||
|
{
|
||||||
|
path = remainder.substr(path_start);
|
||||||
|
remainder = remainder.substr(0, path_start);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
path = "/";
|
||||||
|
}
|
||||||
|
|
||||||
|
auto const port_start = remainder.find(':');
|
||||||
|
if (port_start != std::string::npos)
|
||||||
|
{
|
||||||
|
auto const port_str = remainder.substr(port_start + 1);
|
||||||
|
port = static_cast<uint16_t>(std::stoi(port_str));
|
||||||
|
hostname = remainder.substr(0, port_start);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
port = (use_tls) ? wss_port : ws_port;
|
||||||
|
hostname = remainder;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
24
src/webfuse/ws/url.hpp
Normal file
24
src/webfuse/ws/url.hpp
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#ifndef WEBFUSE_URL_HPP
|
||||||
|
#define WEBFUSE_URL_HPP
|
||||||
|
|
||||||
|
#include <cinttypes>
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
namespace webfuse
|
||||||
|
{
|
||||||
|
|
||||||
|
class ws_url
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
ws_url(std::string const & url);
|
||||||
|
~ws_url() = default;
|
||||||
|
|
||||||
|
bool use_tls;
|
||||||
|
std::string hostname;
|
||||||
|
uint16_t port;
|
||||||
|
std::string path;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
@ -10,7 +10,7 @@ namespace webfuse
|
|||||||
fixture::fixture(filesystem_i & fs)
|
fixture::fixture(filesystem_i & fs)
|
||||||
: shutdown_requested(false)
|
: shutdown_requested(false)
|
||||||
, provider_running(false)
|
, provider_running(false)
|
||||||
, fs_provider(fs)
|
, fs_provider(fs, "")
|
||||||
, app(working_dir.name())
|
, app(working_dir.name())
|
||||||
{
|
{
|
||||||
fs_provider.set_connection_listener([this](bool is_connected) {
|
fs_provider.set_connection_listener([this](bool is_connected) {
|
||||||
|
Loading…
Reference in New Issue
Block a user