source: code/trunk/server.go@ 706

Last change on this file since 706 was 705, checked in by contact, 4 years ago

Add per-user IP addresses

The new upstream-user-ip directive allows bouncer operators to
assign one IP address per user.
File size: 6.3 KB
RevLine 
[98]1package soju
[1]2
3import (
[652]4 "context"
[656]5 "errors"
[1]6 "fmt"
[656]7 "io"
[37]8 "log"
[472]9 "mime"
[1]10 "net"
[323]11 "net/http"
[689]12 "runtime/debug"
[24]13 "sync"
[323]14 "sync/atomic"
[67]15 "time"
[1]16
17 "gopkg.in/irc.v3"
[323]18 "nhooyr.io/websocket"
[370]19
20 "git.sr.ht/~emersion/soju/config"
[1]21)
22
[67]23// TODO: make configurable
[398]24var retryConnectDelay = time.Minute
[206]25var connectTimeout = 15 * time.Second
[205]26var writeTimeout = 10 * time.Second
[398]27var upstreamMessageDelay = 2 * time.Second
28var upstreamMessageBurst = 10
[675]29var backlogTimeout = 10 * time.Second
30var handleDownstreamMessageTimeout = 10 * time.Second
[704]31var downstreamRegisterTimeout = 30 * time.Second
[670]32var chatHistoryLimit = 1000
33var backlogLimit = 4000
[67]34
[9]35type Logger interface {
36 Print(v ...interface{})
37 Printf(format string, v ...interface{})
38}
39
[21]40type prefixLogger struct {
41 logger Logger
42 prefix string
43}
44
45var _ Logger = (*prefixLogger)(nil)
46
47func (l *prefixLogger) Print(v ...interface{}) {
48 v = append([]interface{}{l.prefix}, v...)
49 l.logger.Print(v...)
50}
51
52func (l *prefixLogger) Printf(format string, v ...interface{}) {
53 v = append([]interface{}{l.prefix}, v...)
54 l.logger.Printf("%v"+format, v...)
55}
56
[691]57type Config struct {
[612]58 Hostname string
[662]59 Title string
[612]60 LogPath string
61 Debug bool
62 HTTPOrigins []string
63 AcceptProxyIPs config.IPSet
64 MaxUserNetworks int
[694]65 MultiUpstream bool
[691]66 MOTD string
[705]67 UpstreamUserIPs []*net.IPNet
[691]68}
[22]69
[691]70type Server struct {
71 Logger Logger
72 Identd *Identd // can be nil
73
74 config atomic.Value // *Config
[605]75 db Database
76 stopWG sync.WaitGroup
77 connCount int64 // atomic
[77]78
[449]79 lock sync.Mutex
80 listeners map[net.Listener]struct{}
81 users map[string]*user
[10]82}
83
[531]84func NewServer(db Database) *Server {
[636]85 srv := &Server{
[691]86 Logger: log.New(log.Writer(), "", log.LstdFlags),
87 db: db,
88 listeners: make(map[net.Listener]struct{}),
89 users: make(map[string]*user),
[37]90 }
[694]91 srv.config.Store(&Config{
92 Hostname: "localhost",
93 MaxUserNetworks: -1,
94 MultiUpstream: true,
95 })
[636]96 return srv
[37]97}
98
[5]99func (s *Server) prefix() *irc.Prefix {
[691]100 return &irc.Prefix{Name: s.Config().Hostname}
[5]101}
102
[691]103func (s *Server) Config() *Config {
104 return s.config.Load().(*Config)
105}
106
107func (s *Server) SetConfig(cfg *Config) {
108 s.config.Store(cfg)
109}
110
[449]111func (s *Server) Start() error {
[652]112 users, err := s.db.ListUsers(context.TODO())
[77]113 if err != nil {
114 return err
115 }
[71]116
[77]117 s.lock.Lock()
[378]118 for i := range users {
119 s.addUserLocked(&users[i])
[71]120 }
[37]121 s.lock.Unlock()
122
[449]123 return nil
[10]124}
125
[449]126func (s *Server) Shutdown() {
127 s.lock.Lock()
128 for ln := range s.listeners {
129 if err := ln.Close(); err != nil {
130 s.Logger.Printf("failed to stop listener: %v", err)
131 }
132 }
133 for _, u := range s.users {
134 u.events <- eventStop{}
135 }
136 s.lock.Unlock()
137
138 s.stopWG.Wait()
[599]139
140 if err := s.db.Close(); err != nil {
141 s.Logger.Printf("failed to close DB: %v", err)
142 }
[449]143}
144
[680]145func (s *Server) createUser(ctx context.Context, user *User) (*user, error) {
[329]146 s.lock.Lock()
147 defer s.lock.Unlock()
148
149 if _, ok := s.users[user.Username]; ok {
150 return nil, fmt.Errorf("user %q already exists", user.Username)
151 }
152
[680]153 err := s.db.StoreUser(ctx, user)
[329]154 if err != nil {
155 return nil, fmt.Errorf("could not create user in db: %v", err)
156 }
157
[378]158 return s.addUserLocked(user), nil
[329]159}
160
[563]161func (s *Server) forEachUser(f func(*user)) {
162 s.lock.Lock()
163 for _, u := range s.users {
164 f(u)
165 }
166 s.lock.Unlock()
167}
168
[38]169func (s *Server) getUser(name string) *user {
170 s.lock.Lock()
171 u := s.users[name]
172 s.lock.Unlock()
173 return u
174}
175
[378]176func (s *Server) addUserLocked(user *User) *user {
177 s.Logger.Printf("starting bouncer for user %q", user.Username)
178 u := newUser(s, user)
179 s.users[u.Username] = u
180
[449]181 s.stopWG.Add(1)
182
[378]183 go func() {
[689]184 defer func() {
185 if err := recover(); err != nil {
186 s.Logger.Printf("panic serving user %q: %v\n%v", user.Username, err, debug.Stack())
187 }
188 }()
189
[378]190 u.run()
191
192 s.lock.Lock()
193 delete(s.users, u.Username)
194 s.lock.Unlock()
[449]195
196 s.stopWG.Done()
[378]197 }()
198
199 return u
200}
201
[323]202var lastDownstreamID uint64 = 0
203
[347]204func (s *Server) handle(ic ircConn) {
[689]205 defer func() {
206 if err := recover(); err != nil {
207 s.Logger.Printf("panic serving downstream %q: %v\n%v", ic.RemoteAddr(), err, debug.Stack())
208 }
209 }()
210
[605]211 atomic.AddInt64(&s.connCount, 1)
[323]212 id := atomic.AddUint64(&lastDownstreamID, 1)
[347]213 dc := newDownstreamConn(s, ic, id)
[323]214 if err := dc.runUntilRegistered(); err != nil {
[655]215 if !errors.Is(err, io.EOF) {
216 dc.logger.Print(err)
217 }
[323]218 } else {
219 dc.user.events <- eventDownstreamConnected{dc}
220 if err := dc.readMessages(dc.user.events); err != nil {
221 dc.logger.Print(err)
222 }
223 dc.user.events <- eventDownstreamDisconnected{dc}
224 }
225 dc.Close()
[605]226 atomic.AddInt64(&s.connCount, -1)
[323]227}
228
[3]229func (s *Server) Serve(ln net.Listener) error {
[449]230 s.lock.Lock()
231 s.listeners[ln] = struct{}{}
232 s.lock.Unlock()
233
234 s.stopWG.Add(1)
235
236 defer func() {
237 s.lock.Lock()
238 delete(s.listeners, ln)
239 s.lock.Unlock()
240
241 s.stopWG.Done()
242 }()
243
[1]244 for {
[323]245 conn, err := ln.Accept()
[601]246 if isErrClosed(err) {
[449]247 return nil
248 } else if err != nil {
[1]249 return fmt.Errorf("failed to accept connection: %v", err)
250 }
251
[347]252 go s.handle(newNetIRCConn(conn))
[1]253 }
254}
[323]255
256func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
257 conn, err := websocket.Accept(w, req, &websocket.AcceptOptions{
[597]258 Subprotocols: []string{"text.ircv3.net"}, // non-compliant, fight me
[691]259 OriginPatterns: s.Config().HTTPOrigins,
[323]260 })
261 if err != nil {
262 s.Logger.Printf("failed to serve HTTP connection: %v", err)
263 return
264 }
[345]265
[370]266 isProxy := false
[345]267 if host, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
268 if ip := net.ParseIP(host); ip != nil {
[691]269 isProxy = s.Config().AcceptProxyIPs.Contains(ip)
[345]270 }
271 }
272
[474]273 // Only trust the Forwarded header field if this is a trusted proxy IP
[345]274 // to prevent users from spoofing the remote address
[344]275 remoteAddr := req.RemoteAddr
[472]276 if isProxy {
277 forwarded := parseForwarded(req.Header)
[473]278 if forwarded["for"] != "" {
279 remoteAddr = forwarded["for"]
[472]280 }
[344]281 }
[345]282
[347]283 s.handle(newWebsocketIRCConn(conn, remoteAddr))
[323]284}
[472]285
286func parseForwarded(h http.Header) map[string]string {
287 forwarded := h.Get("Forwarded")
288 if forwarded == "" {
[474]289 return map[string]string{
290 "for": h.Get("X-Forwarded-For"),
291 "proto": h.Get("X-Forwarded-Proto"),
292 "host": h.Get("X-Forwarded-Host"),
293 }
[472]294 }
295 // Hack to easily parse header parameters
296 _, params, _ := mime.ParseMediaType("hack; " + forwarded)
297 return params
298}
[605]299
300type ServerStats struct {
301 Users int
302 Downstreams int64
303}
304
305func (s *Server) Stats() *ServerStats {
306 var stats ServerStats
307 s.lock.Lock()
308 stats.Users = len(s.users)
309 s.lock.Unlock()
310 stats.Downstreams = atomic.LoadInt64(&s.connCount)
311 return &stats
312}
Note: See TracBrowser for help on using the repository browser.