Merge pull request #428 from Unrud/patch-22
Add timeout to connections, limit size of request body and limit number of parallel connections
This commit is contained in:
commit
ef63865e31
9
config
9
config
@ -24,6 +24,15 @@
|
||||
# File storing the PID in daemon mode
|
||||
#pid =
|
||||
|
||||
# Max parallel connections
|
||||
#max_connections = 20
|
||||
|
||||
# Max size of request body (bytes)
|
||||
#max_content_length = 10000000
|
||||
|
||||
# Socket timeout (seconds)
|
||||
#timeout = 10
|
||||
|
||||
# SSL flag, enable HTTPS protocol
|
||||
#ssl = False
|
||||
|
||||
|
@ -29,9 +29,11 @@ should have been included in this package.
|
||||
import os
|
||||
import pprint
|
||||
import base64
|
||||
import contextlib
|
||||
import socket
|
||||
import socketserver
|
||||
import ssl
|
||||
import threading
|
||||
import wsgiref.simple_server
|
||||
import re
|
||||
import zlib
|
||||
@ -54,6 +56,11 @@ WELL_KNOWN_RE = re.compile(r"/\.well-known/(carddav|caldav)/?$")
|
||||
|
||||
class HTTPServer(wsgiref.simple_server.WSGIServer):
|
||||
"""HTTP server."""
|
||||
|
||||
# These class attributes must be set before creating instance
|
||||
client_timeout = None
|
||||
max_connections = None
|
||||
|
||||
def __init__(self, address, handler, bind_and_activate=True):
|
||||
"""Create server."""
|
||||
ipv6 = ":" in address[0]
|
||||
@ -72,6 +79,20 @@ class HTTPServer(wsgiref.simple_server.WSGIServer):
|
||||
self.server_bind()
|
||||
self.server_activate()
|
||||
|
||||
if self.max_connections:
|
||||
self.connections_guard = threading.BoundedSemaphore(
|
||||
self.max_connections)
|
||||
else:
|
||||
# use dummy context manager
|
||||
self.connections_guard = contextlib.suppress()
|
||||
|
||||
def get_request(self):
|
||||
# Set timeout for client
|
||||
_socket, address = super().get_request()
|
||||
if self.client_timeout:
|
||||
_socket.settimeout(self.client_timeout)
|
||||
return _socket, address
|
||||
|
||||
|
||||
class HTTPSServer(HTTPServer):
|
||||
"""HTTPS server."""
|
||||
@ -95,11 +116,15 @@ class HTTPSServer(HTTPServer):
|
||||
|
||||
|
||||
class ThreadedHTTPServer(socketserver.ThreadingMixIn, HTTPServer):
|
||||
pass
|
||||
def process_request_thread(self, request, client_address):
|
||||
with self.connections_guard:
|
||||
return super().process_request_thread(request, client_address)
|
||||
|
||||
|
||||
class ThreadedHTTPSServer(socketserver.ThreadingMixIn, HTTPSServer):
|
||||
pass
|
||||
def process_request_thread(self, request, client_address):
|
||||
with self.connections_guard:
|
||||
return super().process_request_thread(request, client_address)
|
||||
|
||||
|
||||
class RequestHandler(wsgiref.simple_server.WSGIRequestHandler):
|
||||
@ -218,6 +243,15 @@ class Application:
|
||||
|
||||
def __call__(self, environ, start_response):
|
||||
"""Manage a request."""
|
||||
def response(status, headers={}, answer=None):
|
||||
# Start response
|
||||
status = "%i %s" % (status,
|
||||
client.responses.get(status, "Unknown"))
|
||||
self.logger.debug("Answer status: %s" % status)
|
||||
start_response(status, list(headers.items()))
|
||||
# Return response content
|
||||
return [answer] if answer else []
|
||||
|
||||
self.logger.info("%s request at %s received" % (
|
||||
environ["REQUEST_METHOD"], environ["PATH_INFO"]))
|
||||
headers = pprint.pformat(self.headers_log(environ))
|
||||
@ -234,9 +268,7 @@ class Application:
|
||||
# Request path not starting with base_prefix, not allowed
|
||||
self.logger.debug(
|
||||
"Path not starting with prefix: %s", environ["PATH_INFO"])
|
||||
status, headers, _ = NOT_ALLOWED
|
||||
start_response(status, list(headers.items()))
|
||||
return []
|
||||
return response(*NOT_ALLOWED)
|
||||
|
||||
# Sanitize request URI
|
||||
environ["PATH_INFO"] = storage.sanitize_path(
|
||||
@ -275,10 +307,7 @@ class Application:
|
||||
status = client.SEE_OTHER
|
||||
self.logger.info("/.well-known/ redirection to: %s" % redirect)
|
||||
headers = {"Location": redirect}
|
||||
status = "%i %s" % (
|
||||
status, client.responses.get(status, "Unknown"))
|
||||
start_response(status, list(headers.items()))
|
||||
return []
|
||||
return response(status, headers)
|
||||
|
||||
is_authenticated = self.is_authenticated(user, password)
|
||||
is_valid_user = is_authenticated or not user
|
||||
@ -286,8 +315,17 @@ class Application:
|
||||
# Get content
|
||||
content_length = int(environ.get("CONTENT_LENGTH") or 0)
|
||||
if content_length:
|
||||
max_content_length = self.configuration.getint(
|
||||
"server", "max_content_length")
|
||||
if max_content_length and content_length > max_content_length:
|
||||
self.logger.debug(
|
||||
"Request body too large: %d", content_length)
|
||||
return response(client.REQUEST_ENTITY_TOO_LARGE)
|
||||
try:
|
||||
content = self.decode(
|
||||
environ["wsgi.input"].read(content_length), environ)
|
||||
except socket.timeout:
|
||||
return response(client.REQUEST_TIMEOUT)
|
||||
self.logger.debug("Request content:\n%s" % content)
|
||||
else:
|
||||
content = None
|
||||
@ -345,13 +383,7 @@ class Application:
|
||||
for key in self.configuration.options("headers"):
|
||||
headers[key] = self.configuration.get("headers", key)
|
||||
|
||||
# Start response
|
||||
status = "%i %s" % (status, client.responses.get(status, "Unknown"))
|
||||
self.logger.debug("Answer status: %s" % status)
|
||||
start_response(status, list(headers.items()))
|
||||
|
||||
# Return response content
|
||||
return [answer] if answer else []
|
||||
return response(status, headers, answer)
|
||||
|
||||
# All these functions must have the same parameters, some are useless
|
||||
# pylint: disable=W0612,W0613,R0201
|
||||
|
@ -175,6 +175,9 @@ def serve(configuration, logger):
|
||||
name, filename, exception))
|
||||
else:
|
||||
server_class = ThreadedHTTPServer
|
||||
server_class.client_timeout = configuration.getint("server", "timeout")
|
||||
server_class.max_connections = configuration.getint("server",
|
||||
"max_connections")
|
||||
|
||||
if not configuration.getboolean("server", "dns_lookup"):
|
||||
RequestHandler.address_string = lambda self: self.client_address[0]
|
||||
|
@ -32,6 +32,9 @@ INITIAL_CONFIG = {
|
||||
"hosts": "0.0.0.0:5232",
|
||||
"daemon": "False",
|
||||
"pid": "",
|
||||
"max_connections": "20",
|
||||
"max_content_length": "10000000",
|
||||
"timeout": "10",
|
||||
"ssl": "False",
|
||||
"certificate": "/etc/apache2/ssl/server.crt",
|
||||
"key": "/etc/apache2/ssl/server.key",
|
||||
|
Loading…
Reference in New Issue
Block a user