diff options
Diffstat (limited to 'server/_build/default/lib/cowboy/src/cowboy_http2.erl')
| -rw-r--r-- | server/_build/default/lib/cowboy/src/cowboy_http2.erl | 1225 |
1 files changed, 1225 insertions, 0 deletions
diff --git a/server/_build/default/lib/cowboy/src/cowboy_http2.erl b/server/_build/default/lib/cowboy/src/cowboy_http2.erl new file mode 100644 index 0000000..7440d91 --- /dev/null +++ b/server/_build/default/lib/cowboy/src/cowboy_http2.erl @@ -0,0 +1,1225 @@ +%% Copyright (c) 2015-2017, Loïc Hoguin <essen@ninenines.eu> +%% +%% Permission to use, copy, modify, and/or distribute this software for any +%% purpose with or without fee is hereby granted, provided that the above +%% copyright notice and this permission notice appear in all copies. +%% +%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +-module(cowboy_http2). + +-export([init/6]). +-export([init/10]). +-export([init/12]). + +-export([system_continue/3]). +-export([system_terminate/4]). +-export([system_code_change/4]). + +-type opts() :: #{ + active_n => pos_integer(), + compress_buffering => boolean(), + compress_threshold => non_neg_integer(), + connection_type => worker | supervisor, + connection_window_margin_size => 0..16#7fffffff, + connection_window_update_threshold => 0..16#7fffffff, + enable_connect_protocol => boolean(), + env => cowboy_middleware:env(), + goaway_initial_timeout => timeout(), + goaway_complete_timeout => timeout(), + idle_timeout => timeout(), + inactivity_timeout => timeout(), + initial_connection_window_size => 65535..16#7fffffff, + initial_stream_window_size => 0..16#7fffffff, + linger_timeout => timeout(), + logger => module(), + max_concurrent_streams => non_neg_integer() | infinity, + max_connection_buffer_size => non_neg_integer(), + max_connection_window_size => 0..16#7fffffff, + max_decode_table_size => non_neg_integer(), + max_encode_table_size => non_neg_integer(), + max_frame_size_received => 16384..16777215, + max_frame_size_sent => 16384..16777215 | infinity, + max_received_frame_rate => {pos_integer(), timeout()}, + max_reset_stream_rate => {pos_integer(), timeout()}, + max_stream_buffer_size => non_neg_integer(), + max_stream_window_size => 0..16#7fffffff, + metrics_callback => cowboy_metrics_h:metrics_callback(), + metrics_req_filter => fun((cowboy_req:req()) -> map()), + metrics_resp_headers_filter => fun((cowboy:http_headers()) -> cowboy:http_headers()), + middlewares => [module()], + preface_timeout => timeout(), + proxy_header => boolean(), + sendfile => boolean(), + settings_timeout => timeout(), + shutdown_timeout => timeout(), + stream_handlers => [module()], + stream_window_data_threshold => 0..16#7fffffff, + stream_window_margin_size => 0..16#7fffffff, + stream_window_update_threshold => 0..16#7fffffff, + tracer_callback => cowboy_tracer_h:tracer_callback(), + tracer_flags => [atom()], + tracer_match_specs => cowboy_tracer_h:tracer_match_specs(), + %% Open ended because configured stream handlers might add options. + _ => _ +}. +-export_type([opts/0]). + +-record(stream, { + %% Whether the stream is currently stopping. + status = running :: running | stopping, + + %% Flow requested for this stream. + flow = 0 :: non_neg_integer(), + + %% Stream state. + state :: {module, any()} +}). + +-record(state, { + parent = undefined :: pid(), + ref :: ranch:ref(), + socket = undefined :: inet:socket(), + transport :: module(), + proxy_header :: undefined | ranch_proxy_header:proxy_info(), + opts = #{} :: opts(), + + %% Timer for idle_timeout; also used for goaway timers. + timer = undefined :: undefined | reference(), + + %% Remote address and port for the connection. + peer = undefined :: {inet:ip_address(), inet:port_number()}, + + %% Local address and port for the connection. + sock = undefined :: {inet:ip_address(), inet:port_number()}, + + %% Client certificate (TLS only). + cert :: undefined | binary(), + + %% HTTP/2 state machine. + http2_status :: sequence | settings | upgrade | connected | closing_initiated | closing, + http2_machine :: cow_http2_machine:http2_machine(), + + %% HTTP/2 frame rate flood protection. + frame_rate_num :: undefined | pos_integer(), + frame_rate_time :: undefined | integer(), + + %% HTTP/2 reset stream flood protection. + reset_rate_num :: undefined | pos_integer(), + reset_rate_time :: undefined | integer(), + + %% Flow requested for all streams. + flow = 0 :: non_neg_integer(), + + %% Currently active HTTP/2 streams. Streams may be initiated either + %% by the client or by the server through PUSH_PROMISE frames. + streams = #{} :: #{cow_http2:streamid() => #stream{}}, + + %% Streams can spawn zero or more children which are then managed + %% by this module if operating as a supervisor. + children = cowboy_children:init() :: cowboy_children:children() +}). + +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info() | undefined, cowboy:opts()) -> ok. +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts) -> + Peer0 = Transport:peername(Socket), + Sock0 = Transport:sockname(Socket), + Cert1 = case Transport:name() of + ssl -> + case ssl:peercert(Socket) of + {error, no_peercert} -> + {ok, undefined}; + Cert0 -> + Cert0 + end; + _ -> + {ok, undefined} + end, + case {Peer0, Sock0, Cert1} of + {{ok, Peer}, {ok, Sock}, {ok, Cert}} -> + init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, <<>>); + {{error, Reason}, _, _} -> + terminate(undefined, {socket_error, Reason, + 'A socket error occurred when retrieving the peer name.'}); + {_, {error, Reason}, _} -> + terminate(undefined, {socket_error, Reason, + 'A socket error occurred when retrieving the sock name.'}); + {_, _, {error, Reason}} -> + terminate(undefined, {socket_error, Reason, + 'A socket error occurred when retrieving the client TLS certificate.'}) + end. + +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info() | undefined, cowboy:opts(), + {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, + binary() | undefined, binary()) -> ok. +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer) -> + {ok, Preface, HTTP2Machine} = cow_http2_machine:init(server, Opts), + State = set_idle_timeout(init_rate_limiting(#state{parent=Parent, ref=Ref, socket=Socket, + transport=Transport, proxy_header=ProxyHeader, + opts=Opts, peer=Peer, sock=Sock, cert=Cert, + http2_status=sequence, http2_machine=HTTP2Machine})), + Transport:send(Socket, Preface), + setopts_active(State), + case Buffer of + <<>> -> loop(State, Buffer); + _ -> parse(State, Buffer) + end. + +init_rate_limiting(State) -> + CurrentTime = erlang:monotonic_time(millisecond), + init_reset_rate_limiting(init_frame_rate_limiting(State, CurrentTime), CurrentTime). + +init_frame_rate_limiting(State=#state{opts=Opts}, CurrentTime) -> + {FrameRateNum, FrameRatePeriod} = maps:get(max_received_frame_rate, Opts, {10000, 10000}), + State#state{ + frame_rate_num=FrameRateNum, frame_rate_time=add_period(CurrentTime, FrameRatePeriod) + }. + +init_reset_rate_limiting(State=#state{opts=Opts}, CurrentTime) -> + {ResetRateNum, ResetRatePeriod} = maps:get(max_reset_stream_rate, Opts, {10, 10000}), + State#state{ + reset_rate_num=ResetRateNum, reset_rate_time=add_period(CurrentTime, ResetRatePeriod) + }. + +add_period(_, infinity) -> infinity; +add_period(Time, Period) -> Time + Period. + +%% @todo Add an argument for the request body. +-spec init(pid(), ranch:ref(), inet:socket(), module(), + ranch_proxy_header:proxy_info() | undefined, cowboy:opts(), + {inet:ip_address(), inet:port_number()}, {inet:ip_address(), inet:port_number()}, + binary() | undefined, binary(), map() | undefined, cowboy_req:req()) -> ok. +init(Parent, Ref, Socket, Transport, ProxyHeader, Opts, Peer, Sock, Cert, Buffer, + _Settings, Req=#{method := Method}) -> + {ok, Preface, HTTP2Machine0} = cow_http2_machine:init(server, Opts), + {ok, StreamID, HTTP2Machine} + = cow_http2_machine:init_upgrade_stream(Method, HTTP2Machine0), + State0 = #state{parent=Parent, ref=Ref, socket=Socket, + transport=Transport, proxy_header=ProxyHeader, + opts=Opts, peer=Peer, sock=Sock, cert=Cert, + http2_status=upgrade, http2_machine=HTTP2Machine}, + State1 = headers_frame(State0#state{ + http2_machine=HTTP2Machine}, StreamID, Req), + %% We assume that the upgrade will be applied. A stream handler + %% must not prevent the normal operations of the server. + State2 = info(State1, 1, {switch_protocol, #{ + <<"connection">> => <<"Upgrade">>, + <<"upgrade">> => <<"h2c">> + }, ?MODULE, undefined}), %% @todo undefined or #{}? + State = set_idle_timeout(init_rate_limiting(State2#state{http2_status=sequence})), + Transport:send(Socket, Preface), + setopts_active(State), + case Buffer of + <<>> -> loop(State, Buffer); + _ -> parse(State, Buffer) + end. + +%% Because HTTP/2 has flow control and Cowboy has other rate limiting +%% mechanisms implemented, a very large active_n value should be fine, +%% as long as the stream handlers do their work in a timely manner. +setopts_active(#state{socket=Socket, transport=Transport, opts=Opts}) -> + N = maps:get(active_n, Opts, 100), + Transport:setopts(Socket, [{active, N}]). + +loop(State=#state{parent=Parent, socket=Socket, transport=Transport, + opts=Opts, timer=TimerRef, children=Children}, Buffer) -> + Messages = Transport:messages(), + InactivityTimeout = maps:get(inactivity_timeout, Opts, 300000), + receive + %% Socket messages. + {OK, Socket, Data} when OK =:= element(1, Messages) -> + parse(set_idle_timeout(State), << Buffer/binary, Data/binary >>); + {Closed, Socket} when Closed =:= element(2, Messages) -> + Reason = case State#state.http2_status of + closing -> {stop, closed, 'The client is going away.'}; + _ -> {socket_error, closed, 'The socket has been closed.'} + end, + terminate(State, Reason); + {Error, Socket, Reason} when Error =:= element(3, Messages) -> + terminate(State, {socket_error, Reason, 'An error has occurred on the socket.'}); + {Passive, Socket} when Passive =:= element(4, Messages); + %% Hardcoded for compatibility with Ranch 1.x. + Passive =:= tcp_passive; Passive =:= ssl_passive -> + setopts_active(State), + loop(State, Buffer); + %% System messages. + {'EXIT', Parent, shutdown} -> + Reason = {stop, {exit, shutdown}, 'Parent process requested shutdown.'}, + loop(initiate_closing(State, Reason), Buffer); + {'EXIT', Parent, Reason} -> + terminate(State, {stop, {exit, Reason}, 'Parent process terminated.'}); + {system, From, Request} -> + sys:handle_system_msg(Request, From, Parent, ?MODULE, [], {State, Buffer}); + %% Timeouts. + {timeout, TimerRef, idle_timeout} -> + terminate(State, {stop, timeout, + 'Connection idle longer than configuration allows.'}); + {timeout, Ref, {shutdown, Pid}} -> + cowboy_children:shutdown_timeout(Children, Ref, Pid), + loop(State, Buffer); + {timeout, TRef, {cow_http2_machine, Name}} -> + loop(timeout(State, Name, TRef), Buffer); + {timeout, TimerRef, {goaway_initial_timeout, Reason}} -> + loop(closing(State, Reason), Buffer); + {timeout, TimerRef, {goaway_complete_timeout, Reason}} -> + terminate(State, {stop, stop_reason(Reason), + 'Graceful shutdown timed out.'}); + %% Messages pertaining to a stream. + {{Pid, StreamID}, Msg} when Pid =:= self() -> + loop(info(State, StreamID, Msg), Buffer); + %% Exit signal from children. + Msg = {'EXIT', Pid, _} -> + loop(down(State, Pid, Msg), Buffer); + %% Calls from supervisor module. + {'$gen_call', From, Call} -> + cowboy_children:handle_supervisor_call(Call, From, Children, ?MODULE), + loop(State, Buffer); + Msg -> + cowboy:log(warning, "Received stray message ~p.", [Msg], Opts), + loop(State, Buffer) + after InactivityTimeout -> + terminate(State, {internal_error, timeout, 'No message or data received before timeout.'}) + end. + +set_idle_timeout(State=#state{http2_status=Status, timer=TimerRef}) + when Status =:= closing_initiated orelse Status =:= closing, + TimerRef =/= undefined -> + State; +set_idle_timeout(State=#state{opts=Opts}) -> + set_timeout(State, maps:get(idle_timeout, Opts, 60000), idle_timeout). + +set_timeout(State=#state{timer=TimerRef0}, Timeout, Message) -> + ok = case TimerRef0 of + undefined -> ok; + _ -> erlang:cancel_timer(TimerRef0, [{async, true}, {info, false}]) + end, + TimerRef = case Timeout of + infinity -> undefined; + Timeout -> erlang:start_timer(Timeout, self(), Message) + end, + State#state{timer=TimerRef}. + +%% HTTP/2 protocol parsing. + +parse(State=#state{http2_status=sequence}, Data) -> + case cow_http2:parse_sequence(Data) of + {ok, Rest} -> + parse(State#state{http2_status=settings}, Rest); + more -> + loop(State, Data); + Error = {connection_error, _, _} -> + terminate(State, Error) + end; +parse(State=#state{http2_status=Status, http2_machine=HTTP2Machine, streams=Streams}, Data) -> + MaxFrameSize = cow_http2_machine:get_local_setting(max_frame_size, HTTP2Machine), + case cow_http2:parse(Data, MaxFrameSize) of + {ok, Frame, Rest} -> + parse(frame_rate(State, Frame), Rest); + {ignore, Rest} -> + parse(frame_rate(State, ignore), Rest); + {stream_error, StreamID, Reason, Human, Rest} -> + parse(reset_stream(State, StreamID, {stream_error, Reason, Human}), Rest); + Error = {connection_error, _, _} -> + terminate(State, Error); + %% Terminate the connection if we are closing and all streams have completed. + more when Status =:= closing, Streams =:= #{} -> + terminate(State, {stop, normal, 'The connection is going away.'}); + more -> + loop(State, Data) + end. + +%% Frame rate flood protection. + +frame_rate(State0=#state{frame_rate_num=Num0, frame_rate_time=Time}, Frame) -> + {Result, State} = case Num0 - 1 of + 0 -> + CurrentTime = erlang:monotonic_time(millisecond), + if + CurrentTime < Time -> + {error, State0}; + true -> + %% When the option has a period of infinity we cannot reach this clause. + {ok, init_frame_rate_limiting(State0, CurrentTime)} + end; + Num -> + {ok, State0#state{frame_rate_num=Num}} + end, + case {Result, Frame} of + {ok, ignore} -> ignored_frame(State); + {ok, _} -> frame(State, Frame); + {error, _} -> terminate(State, {connection_error, enhance_your_calm, + 'Frame rate larger than configuration allows. Flood? (CVE-2019-9512, CVE-2019-9515, CVE-2019-9518)'}) + end. + +%% Frames received. + +%% We do nothing when receiving a lingering DATA frame. +%% We already removed the stream flow from the connection +%% flow and are therefore already accounting for the window +%% being reduced by these frames. +frame(State=#state{http2_machine=HTTP2Machine0}, Frame) -> + case cow_http2_machine:frame(Frame, HTTP2Machine0) of + {ok, HTTP2Machine} -> + maybe_ack(State#state{http2_machine=HTTP2Machine}, Frame); + {ok, {data, StreamID, IsFin, Data}, HTTP2Machine} -> + data_frame(State#state{http2_machine=HTTP2Machine}, StreamID, IsFin, Data); + {ok, {headers, StreamID, IsFin, Headers, PseudoHeaders, BodyLen}, HTTP2Machine} -> + headers_frame(State#state{http2_machine=HTTP2Machine}, + StreamID, IsFin, Headers, PseudoHeaders, BodyLen); + {ok, {trailers, _StreamID, _Trailers}, HTTP2Machine} -> + %% @todo Propagate trailers. + State#state{http2_machine=HTTP2Machine}; + {ok, {rst_stream, StreamID, Reason}, HTTP2Machine} -> + rst_stream_frame(State#state{http2_machine=HTTP2Machine}, StreamID, Reason); + {ok, GoAway={goaway, _, _, _}, HTTP2Machine} -> + goaway(State#state{http2_machine=HTTP2Machine}, GoAway); + {send, SendData, HTTP2Machine} -> + %% We may need to send an alarm for each of the streams sending data. + lists:foldl( + fun({StreamID, _, _}, S) -> maybe_send_data_alarm(S, HTTP2Machine0, StreamID) end, + send_data(maybe_ack(State#state{http2_machine=HTTP2Machine}, Frame), SendData, []), + SendData); + {error, {stream_error, StreamID, Reason, Human}, HTTP2Machine} -> + reset_stream(State#state{http2_machine=HTTP2Machine}, + StreamID, {stream_error, Reason, Human}); + {error, Error={connection_error, _, _}, HTTP2Machine} -> + terminate(State#state{http2_machine=HTTP2Machine}, Error) + end. + +%% We use this opportunity to mark the HTTP/2 status as connected +%% if we were still waiting for a SETTINGS frame. +maybe_ack(State=#state{http2_status=settings}, Frame) -> + maybe_ack(State#state{http2_status=connected}, Frame); +maybe_ack(State=#state{socket=Socket, transport=Transport}, Frame) -> + case Frame of + {settings, _} -> Transport:send(Socket, cow_http2:settings_ack()); + {ping, Opaque} -> Transport:send(Socket, cow_http2:ping_ack(Opaque)); + _ -> ok + end, + State. + +data_frame(State0=#state{opts=Opts, flow=Flow, streams=Streams}, StreamID, IsFin, Data) -> + case Streams of + #{StreamID := Stream=#stream{status=running, flow=StreamFlow, state=StreamState0}} -> + try cowboy_stream:data(StreamID, IsFin, Data, StreamState0) of + {Commands, StreamState} -> + %% Remove the amount of data received from the flow. + %% We may receive more data than we requested. We ensure + %% that the flow value doesn't go lower than 0. + Size = byte_size(Data), + State = update_window(State0#state{flow=max(0, Flow - Size), + streams=Streams#{StreamID => Stream#stream{ + flow=max(0, StreamFlow - Size), state=StreamState}}}, + StreamID), + commands(State, StreamID, Commands) + catch Class:Exception:Stacktrace -> + cowboy:log(cowboy_stream:make_error_log(data, + [StreamID, IsFin, Data, StreamState0], + Class, Exception, Stacktrace), Opts), + reset_stream(State0, StreamID, {internal_error, {Class, Exception}, + 'Unhandled exception in cowboy_stream:data/4.'}) + end; + %% We ignore DATA frames for streams that are stopping. + #{} -> + State0 + end. + +headers_frame(State, StreamID, IsFin, Headers, + PseudoHeaders=#{method := <<"CONNECT">>}, _) + when map_size(PseudoHeaders) =:= 2 -> + early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501, + 'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'); +headers_frame(State, StreamID, IsFin, Headers, + PseudoHeaders=#{method := <<"TRACE">>}, _) -> + early_error(State, StreamID, IsFin, Headers, PseudoHeaders, 501, + 'The TRACE method is currently not implemented. (RFC7231 4.3.8)'); +headers_frame(State, StreamID, IsFin, Headers, PseudoHeaders=#{authority := Authority}, BodyLen) -> + headers_frame_parse_host(State, StreamID, IsFin, Headers, PseudoHeaders, BodyLen, Authority); +headers_frame(State, StreamID, IsFin, Headers, PseudoHeaders, BodyLen) -> + case lists:keyfind(<<"host">>, 1, Headers) of + {_, Authority} -> + headers_frame_parse_host(State, StreamID, IsFin, Headers, PseudoHeaders, BodyLen, Authority); + _ -> + reset_stream(State, StreamID, {stream_error, protocol_error, + 'Requests translated from HTTP/1.1 must include a host header. (RFC7540 8.1.2.3, RFC7230 5.4)'}) + end. + +headers_frame_parse_host(State=#state{ref=Ref, peer=Peer, sock=Sock, cert=Cert, proxy_header=ProxyHeader}, + StreamID, IsFin, Headers, PseudoHeaders=#{method := Method, scheme := Scheme, path := PathWithQs}, + BodyLen, Authority) -> + try cow_http_hd:parse_host(Authority) of + {Host, Port0} -> + Port = ensure_port(Scheme, Port0), + try cow_http:parse_fullpath(PathWithQs) of + {<<>>, _} -> + reset_stream(State, StreamID, {stream_error, protocol_error, + 'The path component must not be empty. (RFC7540 8.1.2.3)'}); + {Path, Qs} -> + Req0 = #{ + ref => Ref, + pid => self(), + streamid => StreamID, + peer => Peer, + sock => Sock, + cert => Cert, + method => Method, + scheme => Scheme, + host => Host, + port => Port, + path => Path, + qs => Qs, + version => 'HTTP/2', + headers => headers_to_map(Headers, #{}), + has_body => IsFin =:= nofin, + body_length => BodyLen + }, + %% We add the PROXY header information if any. + Req1 = case ProxyHeader of + undefined -> Req0; + _ -> Req0#{proxy_header => ProxyHeader} + end, + %% We add the protocol information for extended CONNECTs. + Req = case PseudoHeaders of + #{protocol := Protocol} -> Req1#{protocol => Protocol}; + _ -> Req1 + end, + headers_frame(State, StreamID, Req) + catch _:_ -> + reset_stream(State, StreamID, {stream_error, protocol_error, + 'The :path pseudo-header is invalid. (RFC7540 8.1.2.3)'}) + end + catch _:_ -> + reset_stream(State, StreamID, {stream_error, protocol_error, + 'The :authority pseudo-header is invalid. (RFC7540 8.1.2.3)'}) + end. + +ensure_port(<<"http">>, undefined) -> 80; +ensure_port(<<"https">>, undefined) -> 443; +ensure_port(_, Port) -> Port. + +%% This function is necessary to properly handle duplicate headers +%% and the special-case cookie header. +headers_to_map([], Acc) -> + Acc; +headers_to_map([{Name, Value}|Tail], Acc0) -> + Acc = case Acc0 of + %% The cookie header does not use proper HTTP header lists. + #{Name := Value0} when Name =:= <<"cookie">> -> + Acc0#{Name => << Value0/binary, "; ", Value/binary >>}; + #{Name := Value0} -> + Acc0#{Name => << Value0/binary, ", ", Value/binary >>}; + _ -> + Acc0#{Name => Value} + end, + headers_to_map(Tail, Acc). + +headers_frame(State=#state{opts=Opts, streams=Streams}, StreamID, Req) -> + try cowboy_stream:init(StreamID, Req, Opts) of + {Commands, StreamState} -> + commands(State#state{ + streams=Streams#{StreamID => #stream{state=StreamState}}}, + StreamID, Commands) + catch Class:Exception:Stacktrace -> + cowboy:log(cowboy_stream:make_error_log(init, + [StreamID, Req, Opts], + Class, Exception, Stacktrace), Opts), + reset_stream(State, StreamID, {internal_error, {Class, Exception}, + 'Unhandled exception in cowboy_stream:init/3.'}) + end. + +early_error(State0=#state{ref=Ref, opts=Opts, peer=Peer}, + StreamID, _IsFin, Headers, #{method := Method}, + StatusCode0, HumanReadable) -> + %% We automatically terminate the stream but it is not an error + %% per se (at least not in the first implementation). + Reason = {stream_error, no_error, HumanReadable}, + %% The partial Req is minimal for now. We only have one case + %% where it can be called (when a method is completely disabled). + %% @todo Fill in the other elements. + PartialReq = #{ + ref => Ref, + peer => Peer, + method => Method, + headers => headers_to_map(Headers, #{}) + }, + Resp = {response, StatusCode0, RespHeaders0=#{<<"content-length">> => <<"0">>}, <<>>}, + try cowboy_stream:early_error(StreamID, Reason, PartialReq, Resp, Opts) of + {response, StatusCode, RespHeaders, RespBody} -> + send_response(State0, StreamID, StatusCode, RespHeaders, RespBody) + catch Class:Exception:Stacktrace -> + cowboy:log(cowboy_stream:make_error_log(early_error, + [StreamID, Reason, PartialReq, Resp, Opts], + Class, Exception, Stacktrace), Opts), + %% We still need to send an error response, so send what we initially + %% wanted to send. It's better than nothing. + send_headers(State0, StreamID, fin, StatusCode0, RespHeaders0) + end. + +rst_stream_frame(State=#state{streams=Streams0, children=Children0}, StreamID, Reason) -> + case maps:take(StreamID, Streams0) of + {#stream{state=StreamState}, Streams} -> + terminate_stream_handler(State, StreamID, Reason, StreamState), + Children = cowboy_children:shutdown(Children0, StreamID), + State#state{streams=Streams, children=Children}; + error -> + State + end. + +ignored_frame(State=#state{http2_machine=HTTP2Machine0}) -> + case cow_http2_machine:ignored_frame(HTTP2Machine0) of + {ok, HTTP2Machine} -> + State#state{http2_machine=HTTP2Machine}; + {error, Error={connection_error, _, _}, HTTP2Machine} -> + terminate(State#state{http2_machine=HTTP2Machine}, Error) + end. + +%% HTTP/2 timeouts. + +timeout(State=#state{http2_machine=HTTP2Machine0}, Name, TRef) -> + case cow_http2_machine:timeout(Name, TRef, HTTP2Machine0) of + {ok, HTTP2Machine} -> + State#state{http2_machine=HTTP2Machine}; + {error, Error={connection_error, _, _}, HTTP2Machine} -> + terminate(State#state{http2_machine=HTTP2Machine}, Error) + end. + +%% Erlang messages. + +down(State0=#state{opts=Opts, children=Children0}, Pid, Msg) -> + State = case cowboy_children:down(Children0, Pid) of + %% The stream was terminated already. + {ok, undefined, Children} -> + State0#state{children=Children}; + %% The stream is still running. + {ok, StreamID, Children} -> + info(State0#state{children=Children}, StreamID, Msg); + %% The process was unknown. + error -> + cowboy:log(warning, "Received EXIT signal ~p for unknown process ~p.~n", + [Msg, Pid], Opts), + State0 + end, + if + State#state.http2_status =:= closing, State#state.streams =:= #{} -> + terminate(State, {stop, normal, 'The connection is going away.'}); + true -> + State + end. + +info(State=#state{opts=Opts, http2_machine=HTTP2Machine, streams=Streams}, StreamID, Msg) -> + case Streams of + #{StreamID := Stream=#stream{state=StreamState0}} -> + try cowboy_stream:info(StreamID, Msg, StreamState0) of + {Commands, StreamState} -> + commands(State#state{streams=Streams#{StreamID => Stream#stream{state=StreamState}}}, + StreamID, Commands) + catch Class:Exception:Stacktrace -> + cowboy:log(cowboy_stream:make_error_log(info, + [StreamID, Msg, StreamState0], + Class, Exception, Stacktrace), Opts), + reset_stream(State, StreamID, {internal_error, {Class, Exception}, + 'Unhandled exception in cowboy_stream:info/3.'}) + end; + _ -> + case cow_http2_machine:is_lingering_stream(StreamID, HTTP2Machine) of + true -> + ok; + false -> + cowboy:log(warning, "Received message ~p for unknown stream ~p.", + [Msg, StreamID], Opts) + end, + State + end. + +%% Stream handler commands. +%% +%% @todo Kill the stream if it tries to send a response, headers, +%% data or push promise when the stream is closed or half-closed. + +commands(State, _, []) -> + State; +%% Error responses are sent only if a response wasn't sent already. +commands(State=#state{http2_machine=HTTP2Machine}, StreamID, + [{error_response, StatusCode, Headers, Body}|Tail]) -> + case cow_http2_machine:get_stream_local_state(StreamID, HTTP2Machine) of + {ok, idle, _} -> + commands(State, StreamID, [{response, StatusCode, Headers, Body}|Tail]); + _ -> + commands(State, StreamID, Tail) + end; +%% Send an informational response. +commands(State0, StreamID, [{inform, StatusCode, Headers}|Tail]) -> + State = send_headers(State0, StreamID, idle, StatusCode, Headers), + commands(State, StreamID, Tail); +%% Send response headers. +commands(State0, StreamID, [{response, StatusCode, Headers, Body}|Tail]) -> + State = send_response(State0, StreamID, StatusCode, Headers, Body), + commands(State, StreamID, Tail); +%% Send response headers. +commands(State0, StreamID, [{headers, StatusCode, Headers}|Tail]) -> + State = send_headers(State0, StreamID, nofin, StatusCode, Headers), + commands(State, StreamID, Tail); +%% Send a response body chunk. +commands(State0, StreamID, [{data, IsFin, Data}|Tail]) -> + State = maybe_send_data(State0, StreamID, IsFin, Data, []), + commands(State, StreamID, Tail); +%% Send trailers. +commands(State0, StreamID, [{trailers, Trailers}|Tail]) -> + State = maybe_send_data(State0, StreamID, fin, {trailers, maps:to_list(Trailers)}, []), + commands(State, StreamID, Tail); +%% Send a push promise. +%% +%% @todo Responses sent as a result of a push_promise request +%% must not send push_promise frames themselves. +%% +%% @todo We should not send push_promise frames when we are +%% in the closing http2_status. +commands(State0=#state{socket=Socket, transport=Transport, http2_machine=HTTP2Machine0}, + StreamID, [{push, Method, Scheme, Host, Port, Path, Qs, Headers0}|Tail]) -> + Authority = case {Scheme, Port} of + {<<"http">>, 80} -> Host; + {<<"https">>, 443} -> Host; + _ -> iolist_to_binary([Host, $:, integer_to_binary(Port)]) + end, + PathWithQs = iolist_to_binary(case Qs of + <<>> -> Path; + _ -> [Path, $?, Qs] + end), + PseudoHeaders = #{ + method => Method, + scheme => Scheme, + authority => Authority, + path => PathWithQs + }, + %% We need to make sure the header value is binary before we can + %% create the Req object, as it expects them to be flat. + Headers = maps:to_list(maps:map(fun(_, V) -> iolist_to_binary(V) end, Headers0)), + State = case cow_http2_machine:prepare_push_promise(StreamID, HTTP2Machine0, + PseudoHeaders, Headers) of + {ok, PromisedStreamID, HeaderBlock, HTTP2Machine} -> + Transport:send(Socket, cow_http2:push_promise( + StreamID, PromisedStreamID, HeaderBlock)), + headers_frame(State0#state{http2_machine=HTTP2Machine}, + PromisedStreamID, fin, Headers, PseudoHeaders, 0); + {error, no_push} -> + State0 + end, + commands(State, StreamID, Tail); +%% Read the request body. +commands(State0=#state{flow=Flow, streams=Streams}, StreamID, [{flow, Size}|Tail]) -> + #{StreamID := Stream=#stream{flow=StreamFlow}} = Streams, + State = update_window(State0#state{flow=Flow + Size, + streams=Streams#{StreamID => Stream#stream{flow=StreamFlow + Size}}}, + StreamID), + commands(State, StreamID, Tail); +%% Supervise a child process. +commands(State=#state{children=Children}, StreamID, [{spawn, Pid, Shutdown}|Tail]) -> + commands(State#state{children=cowboy_children:up(Children, Pid, StreamID, Shutdown)}, + StreamID, Tail); +%% Error handling. +commands(State, StreamID, [Error = {internal_error, _, _}|_Tail]) -> + %% @todo Do we want to run the commands after an internal_error? + %% @todo Do we even allow commands after? + %% @todo Only reset when the stream still exists. + reset_stream(State, StreamID, Error); +%% Upgrade to HTTP/2. This is triggered by cowboy_http2 itself. +commands(State=#state{socket=Socket, transport=Transport, http2_status=upgrade}, + StreamID, [{switch_protocol, Headers, ?MODULE, _}|Tail]) -> + %% @todo This 101 response needs to be passed through stream handlers. + Transport:send(Socket, cow_http:response(101, 'HTTP/1.1', maps:to_list(Headers))), + commands(State, StreamID, Tail); +%% Use a different protocol within the stream (CONNECT :protocol). +%% @todo Make sure we error out when the feature is disabled. +commands(State0, StreamID, [{switch_protocol, Headers, _Mod, _ModState}|Tail]) -> + State = info(State0, StreamID, {headers, 200, Headers}), + commands(State, StreamID, Tail); +%% Set options dynamically. +commands(State, StreamID, [{set_options, _Opts}|Tail]) -> + commands(State, StreamID, Tail); +commands(State, StreamID, [stop|_Tail]) -> + %% @todo Do we want to run the commands after a stop? + %% @todo Do we even allow commands after? + stop_stream(State, StreamID); +%% Log event. +commands(State=#state{opts=Opts}, StreamID, [Log={log, _, _, _}|Tail]) -> + cowboy:log(Log, Opts), + commands(State, StreamID, Tail). + +%% Tentatively update the window after the flow was updated. + +update_window(State=#state{socket=Socket, transport=Transport, + http2_machine=HTTP2Machine0, flow=Flow, streams=Streams}, StreamID) -> + #{StreamID := #stream{flow=StreamFlow}} = Streams, + {Data1, HTTP2Machine2} = case cow_http2_machine:ensure_window(Flow, HTTP2Machine0) of + ok -> {<<>>, HTTP2Machine0}; + {ok, Increment1, HTTP2Machine1} -> {cow_http2:window_update(Increment1), HTTP2Machine1} + end, + {Data2, HTTP2Machine} = case cow_http2_machine:ensure_window(StreamID, StreamFlow, HTTP2Machine2) of + ok -> {<<>>, HTTP2Machine2}; + {ok, Increment2, HTTP2Machine3} -> {cow_http2:window_update(StreamID, Increment2), HTTP2Machine3} + end, + case {Data1, Data2} of + {<<>>, <<>>} -> ok; + _ -> Transport:send(Socket, [Data1, Data2]) + end, + State#state{http2_machine=HTTP2Machine}. + +%% Send the response, trailers or data. + +send_response(State0=#state{http2_machine=HTTP2Machine0}, StreamID, StatusCode, Headers, Body) -> + Size = case Body of + {sendfile, _, Bytes, _} -> Bytes; + _ -> iolist_size(Body) + end, + case Size of + 0 -> + State = send_headers(State0, StreamID, fin, StatusCode, Headers), + maybe_terminate_stream(State, StreamID, fin); + _ -> + %% @todo Add a test for HEAD to make sure we don't send the body when + %% returning {response...} from a stream handler (or {headers...} then {data...}). + {ok, _IsFin, HeaderBlock, HTTP2Machine} + = cow_http2_machine:prepare_headers(StreamID, HTTP2Machine0, nofin, + #{status => cow_http:status_to_integer(StatusCode)}, + headers_to_list(Headers)), + maybe_send_data(State0#state{http2_machine=HTTP2Machine}, StreamID, fin, Body, + [cow_http2:headers(StreamID, nofin, HeaderBlock)]) + end. + +send_headers(State=#state{socket=Socket, transport=Transport, + http2_machine=HTTP2Machine0}, StreamID, IsFin0, StatusCode, Headers) -> + {ok, IsFin, HeaderBlock, HTTP2Machine} + = cow_http2_machine:prepare_headers(StreamID, HTTP2Machine0, IsFin0, + #{status => cow_http:status_to_integer(StatusCode)}, + headers_to_list(Headers)), + Transport:send(Socket, cow_http2:headers(StreamID, IsFin, HeaderBlock)), + State#state{http2_machine=HTTP2Machine}. + +%% The set-cookie header is special; we can only send one cookie per header. +headers_to_list(Headers0=#{<<"set-cookie">> := SetCookies}) -> + Headers = maps:to_list(maps:remove(<<"set-cookie">>, Headers0)), + Headers ++ [{<<"set-cookie">>, Value} || Value <- SetCookies]; +headers_to_list(Headers) -> + maps:to_list(Headers). + +maybe_send_data(State0=#state{socket=Socket, transport=Transport, + http2_machine=HTTP2Machine0}, StreamID, IsFin, Data0, Prefix) -> + Data = case is_tuple(Data0) of + false -> {data, Data0}; + true -> Data0 + end, + case cow_http2_machine:send_or_queue_data(StreamID, HTTP2Machine0, IsFin, Data) of + {ok, HTTP2Machine} -> + %% If we have prefix data (like a HEADERS frame) we need to send it + %% even if we do not send any DATA frames. + case Prefix of + [] -> ok; + _ -> Transport:send(Socket, Prefix) + end, + maybe_send_data_alarm(State0#state{http2_machine=HTTP2Machine}, HTTP2Machine0, StreamID); + {send, SendData, HTTP2Machine} -> + State = #state{http2_status=Status, streams=Streams} + = send_data(State0#state{http2_machine=HTTP2Machine}, SendData, Prefix), + %% Terminate the connection if we are closing and all streams have completed. + if + Status =:= closing, Streams =:= #{} -> + terminate(State, {stop, normal, 'The connection is going away.'}); + true -> + maybe_send_data_alarm(State, HTTP2Machine0, StreamID) + end + end. + +send_data(State0=#state{socket=Socket, transport=Transport, opts=Opts}, SendData, Prefix) -> + {Acc, State} = prepare_data(State0, SendData, [], Prefix), + _ = [case Data of + {sendfile, Offset, Bytes, Path} -> + %% When sendfile is disabled we explicitly use the fallback. + _ = case maps:get(sendfile, Opts, true) of + true -> Transport:sendfile(Socket, Path, Offset, Bytes); + false -> ranch_transport:sendfile(Transport, Socket, Path, Offset, Bytes, []) + end; + _ -> + Transport:send(Socket, Data) + end || Data <- Acc], + send_data_terminate(State, SendData). + +send_data_terminate(State, []) -> + State; +send_data_terminate(State0, [{StreamID, IsFin, _}|Tail]) -> + State = maybe_terminate_stream(State0, StreamID, IsFin), + send_data_terminate(State, Tail). + +prepare_data(State, [], Acc, []) -> + {lists:reverse(Acc), State}; +prepare_data(State, [], Acc, Buffer) -> + {lists:reverse([lists:reverse(Buffer)|Acc]), State}; +prepare_data(State0, [{StreamID, IsFin, SendData}|Tail], Acc0, Buffer0) -> + {Acc, Buffer, State} = prepare_data(State0, StreamID, IsFin, SendData, Acc0, Buffer0), + prepare_data(State, Tail, Acc, Buffer). + +prepare_data(State, _, _, [], Acc, Buffer) -> + {Acc, Buffer, State}; +prepare_data(State0, StreamID, IsFin, [FrameData|Tail], Acc, Buffer) -> + FrameIsFin = case Tail of + [] -> IsFin; + _ -> nofin + end, + case prepare_data_frame(State0, StreamID, FrameIsFin, FrameData) of + {{MoreData, Sendfile}, State} when is_tuple(Sendfile) -> + case Buffer of + [] -> + prepare_data(State, StreamID, IsFin, Tail, + [Sendfile, MoreData|Acc], []); + _ -> + prepare_data(State, StreamID, IsFin, Tail, + [Sendfile, lists:reverse([MoreData|Buffer])|Acc], []) + end; + {MoreData, State} -> + prepare_data(State, StreamID, IsFin, Tail, + Acc, [MoreData|Buffer]) + end. + +prepare_data_frame(State, StreamID, IsFin, {data, Data}) -> + {cow_http2:data(StreamID, IsFin, Data), + State}; +prepare_data_frame(State, StreamID, IsFin, Sendfile={sendfile, _, Bytes, _}) -> + {{cow_http2:data_header(StreamID, IsFin, Bytes), Sendfile}, + State}; +%% The stream is terminated in cow_http2_machine:prepare_trailers. +prepare_data_frame(State=#state{http2_machine=HTTP2Machine0}, + StreamID, nofin, {trailers, Trailers}) -> + {ok, HeaderBlock, HTTP2Machine} + = cow_http2_machine:prepare_trailers(StreamID, HTTP2Machine0, Trailers), + {cow_http2:headers(StreamID, fin, HeaderBlock), + State#state{http2_machine=HTTP2Machine}}. + +%% After we have sent or queued data we may need to set or clear an alarm. +%% We do this by comparing the HTTP2Machine buffer state before/after for +%% the relevant streams. +maybe_send_data_alarm(State=#state{opts=Opts, http2_machine=HTTP2Machine}, HTTP2Machine0, StreamID) -> + ConnBufferSizeBefore = cow_http2_machine:get_connection_local_buffer_size(HTTP2Machine0), + ConnBufferSizeAfter = cow_http2_machine:get_connection_local_buffer_size(HTTP2Machine), + {ok, StreamBufferSizeBefore} = cow_http2_machine:get_stream_local_buffer_size(StreamID, HTTP2Machine0), + %% When the stream ends up closed after it finished sending data, + %% we do not want to trigger an alarm. We act as if the buffer + %% size did not change. + StreamBufferSizeAfter = case cow_http2_machine:get_stream_local_buffer_size(StreamID, HTTP2Machine) of + {ok, BSA} -> BSA; + {error, closed} -> StreamBufferSizeBefore + end, + MaxConnBufferSize = maps:get(max_connection_buffer_size, Opts, 16000000), + MaxStreamBufferSize = maps:get(max_stream_buffer_size, Opts, 8000000), + %% I do not want to document these internal events yet. I am not yet + %% convinced it should be {alarm, Name, on|off} and not {internal_event, E} + %% or something else entirely. Though alarms are probably right. + if + ConnBufferSizeBefore >= MaxConnBufferSize, ConnBufferSizeAfter < MaxConnBufferSize -> + connection_alarm(State, connection_buffer_full, off); + ConnBufferSizeBefore < MaxConnBufferSize, ConnBufferSizeAfter >= MaxConnBufferSize -> + connection_alarm(State, connection_buffer_full, on); + StreamBufferSizeBefore >= MaxStreamBufferSize, StreamBufferSizeAfter < MaxStreamBufferSize -> + stream_alarm(State, StreamID, stream_buffer_full, off); + StreamBufferSizeBefore < MaxStreamBufferSize, StreamBufferSizeAfter >= MaxStreamBufferSize -> + stream_alarm(State, StreamID, stream_buffer_full, on); + true -> + State + end. + +connection_alarm(State0=#state{streams=Streams}, Name, Value) -> + lists:foldl(fun(StreamID, State) -> + stream_alarm(State, StreamID, Name, Value) + end, State0, maps:keys(Streams)). + +stream_alarm(State, StreamID, Name, Value) -> + info(State, StreamID, {alarm, Name, Value}). + +%% Terminate a stream or the connection. + +%% We may have to cancel streams even if we receive multiple +%% GOAWAY frames as the LastStreamID value may be lower than +%% the one previously received. +goaway(State0=#state{socket=Socket, transport=Transport, http2_machine=HTTP2Machine0, + http2_status=Status, streams=Streams0}, {goaway, LastStreamID, Reason, _}) + when Status =:= connected; Status =:= closing_initiated; Status =:= closing -> + Streams = goaway_streams(State0, maps:to_list(Streams0), LastStreamID, + {stop, {goaway, Reason}, 'The connection is going away.'}, []), + State = State0#state{streams=maps:from_list(Streams)}, + if + Status =:= connected; Status =:= closing_initiated -> + {OurLastStreamID, HTTP2Machine} = + cow_http2_machine:set_last_streamid(HTTP2Machine0), + Transport:send(Socket, cow_http2:goaway( + OurLastStreamID, no_error, <<>>)), + State#state{http2_status=closing, + http2_machine=HTTP2Machine}; + true -> + State + end; +%% We terminate the connection immediately if it hasn't fully been initialized. +goaway(State, {goaway, _, Reason, _}) -> + terminate(State, {stop, {goaway, Reason}, 'The connection is going away.'}). + +%% Cancel client-initiated streams that are above LastStreamID. +goaway_streams(_, [], _, _, Acc) -> + Acc; +goaway_streams(State, [{StreamID, #stream{state=StreamState}}|Tail], LastStreamID, Reason, Acc) + when StreamID > LastStreamID, (StreamID rem 2) =:= 0 -> + terminate_stream_handler(State, StreamID, Reason, StreamState), + goaway_streams(State, Tail, LastStreamID, Reason, Acc); +goaway_streams(State, [Stream|Tail], LastStreamID, Reason, Acc) -> + goaway_streams(State, Tail, LastStreamID, Reason, [Stream|Acc]). + +%% A server that is attempting to gracefully shut down a connection SHOULD send +%% an initial GOAWAY frame with the last stream identifier set to 2^31-1 and a +%% NO_ERROR code. This signals to the client that a shutdown is imminent and +%% that initiating further requests is prohibited. After allowing time for any +%% in-flight stream creation (at least one round-trip time), the server can send +%% another GOAWAY frame with an updated last stream identifier. This ensures +%% that a connection can be cleanly shut down without losing requests. +-spec initiate_closing(#state{}, _) -> #state{}. +initiate_closing(State=#state{http2_status=connected, socket=Socket, + transport=Transport, opts=Opts}, Reason) -> + Transport:send(Socket, cow_http2:goaway(16#7fffffff, no_error, <<>>)), + Timeout = maps:get(goaway_initial_timeout, Opts, 1000), + Message = {goaway_initial_timeout, Reason}, + set_timeout(State#state{http2_status=closing_initiated}, Timeout, Message); +initiate_closing(State=#state{http2_status=Status}, _Reason) + when Status =:= closing_initiated; Status =:= closing -> + %% This happens if sys:terminate/2,3 is called twice or if the supervisor + %% tells us to shutdown after sys:terminate/2,3 is called or vice versa. + State; +initiate_closing(State, Reason) -> + terminate(State, {stop, stop_reason(Reason), 'The connection is going away.'}). + +%% Switch to 'closing' state and stop accepting new streams. +-spec closing(#state{}, Reason :: term()) -> #state{}. +closing(State=#state{streams=Streams}, Reason) when Streams =:= #{} -> + terminate(State, Reason); +closing(State=#state{http2_status=closing_initiated, + http2_machine=HTTP2Machine0, socket=Socket, transport=Transport}, + Reason) -> + %% Stop accepting new streams. + {LastStreamID, HTTP2Machine} = + cow_http2_machine:set_last_streamid(HTTP2Machine0), + Transport:send(Socket, cow_http2:goaway(LastStreamID, no_error, <<>>)), + closing(State#state{http2_status=closing, http2_machine=HTTP2Machine}, Reason); +closing(State=#state{http2_status=closing, opts=Opts}, Reason) -> + %% If client sent GOAWAY, we may already be in 'closing' but without the + %% goaway complete timeout set. + Timeout = maps:get(goaway_complete_timeout, Opts, 3000), + Message = {goaway_complete_timeout, Reason}, + set_timeout(State, Timeout, Message). + +stop_reason({stop, Reason, _}) -> Reason; +stop_reason(Reason) -> Reason. + +-spec terminate(#state{}, _) -> no_return(). +terminate(undefined, Reason) -> + exit({shutdown, Reason}); +terminate(State=#state{socket=Socket, transport=Transport, http2_status=Status, + http2_machine=HTTP2Machine, streams=Streams, children=Children}, Reason) + when Status =:= connected; Status =:= closing_initiated; Status =:= closing -> + %% @todo We might want to optionally send the Reason value + %% as debug data in the GOAWAY frame here. Perhaps more. + if + Status =:= connected; Status =:= closing_initiated -> + Transport:send(Socket, cow_http2:goaway( + cow_http2_machine:get_last_streamid(HTTP2Machine), + terminate_reason(Reason), <<>>)); + %% We already sent the GOAWAY frame. + Status =:= closing -> + ok + end, + terminate_all_streams(State, maps:to_list(Streams), Reason), + cowboy_children:terminate(Children), + terminate_linger(State), + exit({shutdown, Reason}); +terminate(#state{socket=Socket, transport=Transport}, Reason) -> + Transport:close(Socket), + exit({shutdown, Reason}). + +terminate_reason({connection_error, Reason, _}) -> Reason; +terminate_reason({stop, _, _}) -> no_error; +terminate_reason({socket_error, _, _}) -> internal_error; +terminate_reason({internal_error, _, _}) -> internal_error. + +terminate_all_streams(_, [], _) -> + ok; +terminate_all_streams(State, [{StreamID, #stream{state=StreamState}}|Tail], Reason) -> + terminate_stream_handler(State, StreamID, Reason, StreamState), + terminate_all_streams(State, Tail, Reason). + +%% This code is copied from cowboy_http. +terminate_linger(State=#state{socket=Socket, transport=Transport, opts=Opts}) -> + case Transport:shutdown(Socket, write) of + ok -> + case maps:get(linger_timeout, Opts, 1000) of + 0 -> + ok; + infinity -> + terminate_linger_before_loop(State, undefined, Transport:messages()); + Timeout -> + TimerRef = erlang:start_timer(Timeout, self(), linger_timeout), + terminate_linger_before_loop(State, TimerRef, Transport:messages()) + end; + {error, _} -> + ok + end. + +terminate_linger_before_loop(State, TimerRef, Messages) -> + %% We may already be in active mode when we do this + %% but it's OK because we are shutting down anyway. + case setopts_active(State) of + ok -> + terminate_linger_loop(State, TimerRef, Messages); + {error, _} -> + ok + end. + +terminate_linger_loop(State=#state{socket=Socket}, TimerRef, Messages) -> + receive + {OK, Socket, _} when OK =:= element(1, Messages) -> + terminate_linger_loop(State, TimerRef, Messages); + {Closed, Socket} when Closed =:= element(2, Messages) -> + ok; + {Error, Socket, _} when Error =:= element(3, Messages) -> + ok; + {Passive, Socket} when Passive =:= tcp_passive; Passive =:= ssl_passive -> + terminate_linger_before_loop(State, TimerRef, Messages); + {timeout, TimerRef, linger_timeout} -> + ok; + _ -> + terminate_linger_loop(State, TimerRef, Messages) + end. + +%% @todo Don't send an RST_STREAM if one was already sent. +reset_stream(State0=#state{socket=Socket, transport=Transport, + http2_machine=HTTP2Machine0}, StreamID, Error) -> + Reason = case Error of + {internal_error, _, _} -> internal_error; + {stream_error, Reason0, _} -> Reason0 + end, + Transport:send(Socket, cow_http2:rst_stream(StreamID, Reason)), + State1 = case cow_http2_machine:reset_stream(StreamID, HTTP2Machine0) of + {ok, HTTP2Machine} -> + terminate_stream(State0#state{http2_machine=HTTP2Machine}, StreamID, Error); + {error, not_found} -> + terminate_stream(State0, StreamID, Error) + end, + case reset_rate(State1) of + {ok, State} -> + State; + error -> + terminate(State1, {connection_error, enhance_your_calm, + 'Stream reset rate larger than configuration allows. Flood? (CVE-2019-9514)'}) + end. + +reset_rate(State0=#state{reset_rate_num=Num0, reset_rate_time=Time}) -> + case Num0 - 1 of + 0 -> + CurrentTime = erlang:monotonic_time(millisecond), + if + CurrentTime < Time -> + error; + true -> + %% When the option has a period of infinity we cannot reach this clause. + {ok, init_reset_rate_limiting(State0, CurrentTime)} + end; + Num -> + {ok, State0#state{reset_rate_num=Num}} + end. + +stop_stream(State=#state{http2_machine=HTTP2Machine}, StreamID) -> + case cow_http2_machine:get_stream_local_state(StreamID, HTTP2Machine) of + %% When the stream terminates normally (without sending RST_STREAM) + %% and no response was sent, we need to send a proper response back to the client. + %% We delay the termination of the stream until the response is fully sent. + {ok, idle, _} -> + info(stopping(State, StreamID), StreamID, {response, 204, #{}, <<>>}); + %% When a response was sent but not terminated, we need to close the stream. + %% We delay the termination of the stream until the response is fully sent. + {ok, nofin, fin} -> + stopping(State, StreamID); + %% We only send a final DATA frame if there isn't one queued yet. + {ok, nofin, _} -> + info(stopping(State, StreamID), StreamID, {data, fin, <<>>}); + %% When a response was sent fully we can terminate the stream, + %% regardless of the stream being in half-closed or closed state. + _ -> + terminate_stream(State, StreamID) + end. + +stopping(State=#state{streams=Streams}, StreamID) -> + #{StreamID := Stream} = Streams, + State#state{streams=Streams#{StreamID => Stream#stream{status=stopping}}}. + +%% If we finished sending data and the stream is stopping, terminate it. +maybe_terminate_stream(State=#state{streams=Streams}, StreamID, fin) -> + case Streams of + #{StreamID := #stream{status=stopping}} -> + terminate_stream(State, StreamID); + _ -> + State + end; +maybe_terminate_stream(State, _, _) -> + State. + +%% When the stream stops normally without reading the request +%% body fully we need to tell the client to stop sending it. +%% We do this by sending an RST_STREAM with reason NO_ERROR. (RFC7540 8.1.0) +terminate_stream(State0=#state{socket=Socket, transport=Transport, + http2_machine=HTTP2Machine0}, StreamID) -> + State = case cow_http2_machine:get_stream_local_state(StreamID, HTTP2Machine0) of + {ok, fin, _} -> + Transport:send(Socket, cow_http2:rst_stream(StreamID, no_error)), + {ok, HTTP2Machine} = cow_http2_machine:reset_stream(StreamID, HTTP2Machine0), + State0#state{http2_machine=HTTP2Machine}; + {error, closed} -> + State0 + end, + terminate_stream(State, StreamID, normal). + +%% We remove the stream flow from the connection flow. Any further +%% data received for this stream is therefore fully contained within +%% the extra window we allocated for this stream. +terminate_stream(State=#state{flow=Flow, streams=Streams0, children=Children0}, StreamID, Reason) -> + case maps:take(StreamID, Streams0) of + {#stream{flow=StreamFlow, state=StreamState}, Streams} -> + terminate_stream_handler(State, StreamID, Reason, StreamState), + Children = cowboy_children:shutdown(Children0, StreamID), + State#state{flow=Flow - StreamFlow, streams=Streams, children=Children}; + error -> + State + end. + +terminate_stream_handler(#state{opts=Opts}, StreamID, Reason, StreamState) -> + try + cowboy_stream:terminate(StreamID, Reason, StreamState) + catch Class:Exception:Stacktrace -> + cowboy:log(cowboy_stream:make_error_log(terminate, + [StreamID, Reason, StreamState], + Class, Exception, Stacktrace), Opts) + end. + +%% System callbacks. + +-spec system_continue(_, _, {#state{}, binary()}) -> ok. +system_continue(_, _, {State, Buffer}) -> + loop(State, Buffer). + +-spec system_terminate(any(), _, _, {#state{}, binary()}) -> no_return(). +system_terminate(Reason0, _, _, {State, Buffer}) -> + Reason = {stop, {exit, Reason0}, 'sys:terminate/2,3 was called.'}, + loop(initiate_closing(State, Reason), Buffer). + +-spec system_code_change(Misc, _, _, _) -> {ok, Misc} when Misc::{#state{}, binary()}. +system_code_change(Misc, _, _, _) -> + {ok, Misc}. |