664 lines
23 KiB
Go
664 lines
23 KiB
Go
package ws
|
||
|
||
import (
|
||
"bufio"
|
||
"bytes"
|
||
"fmt"
|
||
"io"
|
||
"net"
|
||
"net/http"
|
||
"strings"
|
||
"time"
|
||
|
||
"github.com/gobwas/httphead"
|
||
"github.com/gobwas/pool/pbufio"
|
||
)
|
||
|
||
// Constants used by ConnUpgrader.
|
||
const (
|
||
DefaultServerReadBufferSize = 4096
|
||
DefaultServerWriteBufferSize = 512
|
||
)
|
||
|
||
// Errors used by both client and server when preparing WebSocket handshake.
|
||
var (
|
||
ErrHandshakeBadProtocol = RejectConnectionError(
|
||
RejectionStatus(http.StatusHTTPVersionNotSupported),
|
||
RejectionReason("handshake error: bad HTTP protocol version"),
|
||
)
|
||
ErrHandshakeBadMethod = RejectConnectionError(
|
||
RejectionStatus(http.StatusMethodNotAllowed),
|
||
RejectionReason("handshake error: bad HTTP request method"),
|
||
)
|
||
ErrHandshakeBadHost = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerHost)),
|
||
)
|
||
ErrHandshakeBadUpgrade = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerUpgrade)),
|
||
)
|
||
ErrHandshakeBadConnection = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerConnection)),
|
||
)
|
||
ErrHandshakeBadSecAccept = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerSecAccept)),
|
||
)
|
||
ErrHandshakeBadSecKey = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerSecKey)),
|
||
)
|
||
ErrHandshakeBadSecVersion = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerSecVersion)),
|
||
)
|
||
)
|
||
|
||
// ErrMalformedResponse is returned by Dialer to indicate that server response
|
||
// can not be parsed.
|
||
var ErrMalformedResponse = fmt.Errorf("malformed HTTP response")
|
||
|
||
// ErrMalformedRequest is returned when HTTP request can not be parsed.
|
||
var ErrMalformedRequest = RejectConnectionError(
|
||
RejectionStatus(http.StatusBadRequest),
|
||
RejectionReason("malformed HTTP request"),
|
||
)
|
||
|
||
// ErrHandshakeUpgradeRequired is returned by Upgrader to indicate that
|
||
// connection is rejected because given WebSocket version is malformed.
|
||
//
|
||
// According to RFC6455:
|
||
// If this version does not match a version understood by the server, the
|
||
// server MUST abort the WebSocket handshake described in this section and
|
||
// instead send an appropriate HTTP error code (such as 426 Upgrade Required)
|
||
// and a |Sec-WebSocket-Version| header field indicating the version(s) the
|
||
// server is capable of understanding.
|
||
var ErrHandshakeUpgradeRequired = RejectConnectionError(
|
||
RejectionStatus(http.StatusUpgradeRequired),
|
||
RejectionHeader(HandshakeHeaderString(headerSecVersion+": 13\r\n")),
|
||
RejectionReason(fmt.Sprintf("handshake error: bad %q header", headerSecVersion)),
|
||
)
|
||
|
||
// ErrNotHijacker is an error returned when http.ResponseWriter does not
|
||
// implement http.Hijacker interface.
|
||
var ErrNotHijacker = RejectConnectionError(
|
||
RejectionStatus(http.StatusInternalServerError),
|
||
RejectionReason("given http.ResponseWriter is not a http.Hijacker"),
|
||
)
|
||
|
||
// DefaultHTTPUpgrader is an HTTPUpgrader that holds no options and is used by
|
||
// UpgradeHTTP function.
|
||
var DefaultHTTPUpgrader HTTPUpgrader
|
||
|
||
// UpgradeHTTP is like HTTPUpgrader{}.Upgrade().
|
||
func UpgradeHTTP(r *http.Request, w http.ResponseWriter) (net.Conn, *bufio.ReadWriter, Handshake, error) {
|
||
return DefaultHTTPUpgrader.Upgrade(r, w)
|
||
}
|
||
|
||
// DefaultUpgrader is an Upgrader that holds no options and is used by Upgrade
|
||
// function.
|
||
var DefaultUpgrader Upgrader
|
||
|
||
// Upgrade is like Upgrader{}.Upgrade().
|
||
func Upgrade(conn io.ReadWriter) (Handshake, error) {
|
||
return DefaultUpgrader.Upgrade(conn)
|
||
}
|
||
|
||
// HTTPUpgrader contains options for upgrading connection to websocket from
|
||
// net/http Handler arguments.
|
||
type HTTPUpgrader struct {
|
||
// Timeout is the maximum amount of time an Upgrade() will spent while
|
||
// writing handshake response.
|
||
//
|
||
// The default is no timeout.
|
||
Timeout time.Duration
|
||
|
||
// Header is an optional http.Header mapping that could be used to
|
||
// write additional headers to the handshake response.
|
||
//
|
||
// Note that if present, it will be written in any result of handshake.
|
||
Header http.Header
|
||
|
||
// Protocol is the select function that is used to select subprotocol from
|
||
// list requested by client. If this field is set, then the first matched
|
||
// protocol is sent to a client as negotiated.
|
||
Protocol func(string) bool
|
||
|
||
// Extension is the select function that is used to select extensions from
|
||
// list requested by client. If this field is set, then the all matched
|
||
// extensions are sent to a client as negotiated.
|
||
//
|
||
// Deprecated: use Negotiate instead.
|
||
Extension func(httphead.Option) bool
|
||
|
||
// Negotiate is the callback that is used to negotiate extensions from
|
||
// the client's offer. If this field is set, then the returned non-zero
|
||
// extensions are sent to the client as accepted extensions in the
|
||
// response.
|
||
//
|
||
// The argument is only valid until the Negotiate callback returns.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
Negotiate func(httphead.Option) (httphead.Option, error)
|
||
}
|
||
|
||
// Upgrade upgrades http connection to the websocket connection.
|
||
//
|
||
// It hijacks net.Conn from w and returns received net.Conn and
|
||
// bufio.ReadWriter. On successful handshake it returns Handshake struct
|
||
// describing handshake info.
|
||
func (u HTTPUpgrader) Upgrade(r *http.Request, w http.ResponseWriter) (conn net.Conn, rw *bufio.ReadWriter, hs Handshake, err error) {
|
||
// Hijack connection first to get the ability to write rejection errors the
|
||
// same way as in Upgrader.
|
||
hj, ok := w.(http.Hijacker)
|
||
if ok {
|
||
conn, rw, err = hj.Hijack()
|
||
} else {
|
||
err = ErrNotHijacker
|
||
}
|
||
if err != nil {
|
||
httpError(w, err.Error(), http.StatusInternalServerError)
|
||
return conn, rw, hs, err
|
||
}
|
||
|
||
// See https://tools.ietf.org/html/rfc6455#section-4.1
|
||
// The method of the request MUST be GET, and the HTTP version MUST be at least 1.1.
|
||
var nonce string
|
||
if r.Method != http.MethodGet {
|
||
err = ErrHandshakeBadMethod
|
||
} else if r.ProtoMajor < 1 || (r.ProtoMajor == 1 && r.ProtoMinor < 1) {
|
||
err = ErrHandshakeBadProtocol
|
||
} else if r.Host == "" {
|
||
err = ErrHandshakeBadHost
|
||
} else if u := httpGetHeader(r.Header, headerUpgradeCanonical); u != "websocket" && !strings.EqualFold(u, "websocket") {
|
||
err = ErrHandshakeBadUpgrade
|
||
} else if c := httpGetHeader(r.Header, headerConnectionCanonical); c != "Upgrade" && !strHasToken(c, "upgrade") {
|
||
err = ErrHandshakeBadConnection
|
||
} else if nonce = httpGetHeader(r.Header, headerSecKeyCanonical); len(nonce) != nonceSize {
|
||
err = ErrHandshakeBadSecKey
|
||
} else if v := httpGetHeader(r.Header, headerSecVersionCanonical); v != "13" {
|
||
// According to RFC6455:
|
||
//
|
||
// If this version does not match a version understood by the server,
|
||
// the server MUST abort the WebSocket handshake described in this
|
||
// section and instead send an appropriate HTTP error code (such as 426
|
||
// Upgrade Required) and a |Sec-WebSocket-Version| header field
|
||
// indicating the version(s) the server is capable of understanding.
|
||
//
|
||
// So we branching here cause empty or not present version does not
|
||
// meet the ABNF rules of RFC6455:
|
||
//
|
||
// version = DIGIT | (NZDIGIT DIGIT) |
|
||
// ("1" DIGIT DIGIT) | ("2" DIGIT DIGIT)
|
||
// ; Limited to 0-255 range, with no leading zeros
|
||
//
|
||
// That is, if version is really invalid – we sent 426 status, if it
|
||
// not present or empty – it is 400.
|
||
if v != "" {
|
||
err = ErrHandshakeUpgradeRequired
|
||
} else {
|
||
err = ErrHandshakeBadSecVersion
|
||
}
|
||
}
|
||
if check := u.Protocol; err == nil && check != nil {
|
||
ps := r.Header[headerSecProtocolCanonical]
|
||
for i := 0; i < len(ps) && err == nil && hs.Protocol == ""; i++ {
|
||
var ok bool
|
||
hs.Protocol, ok = strSelectProtocol(ps[i], check)
|
||
if !ok {
|
||
err = ErrMalformedRequest
|
||
}
|
||
}
|
||
}
|
||
if f := u.Negotiate; err == nil && f != nil {
|
||
for _, h := range r.Header[headerSecExtensionsCanonical] {
|
||
hs.Extensions, err = negotiateExtensions(strToBytes(h), hs.Extensions, f)
|
||
if err != nil {
|
||
break
|
||
}
|
||
}
|
||
}
|
||
// DEPRECATED path.
|
||
if check := u.Extension; err == nil && check != nil && u.Negotiate == nil {
|
||
xs := r.Header[headerSecExtensionsCanonical]
|
||
for i := 0; i < len(xs) && err == nil; i++ {
|
||
var ok bool
|
||
hs.Extensions, ok = btsSelectExtensions(strToBytes(xs[i]), hs.Extensions, check)
|
||
if !ok {
|
||
err = ErrMalformedRequest
|
||
}
|
||
}
|
||
}
|
||
|
||
// Clear deadlines set by server.
|
||
conn.SetDeadline(noDeadline)
|
||
if t := u.Timeout; t != 0 {
|
||
conn.SetWriteDeadline(time.Now().Add(t))
|
||
defer conn.SetWriteDeadline(noDeadline)
|
||
}
|
||
|
||
var header handshakeHeader
|
||
if h := u.Header; h != nil {
|
||
header[0] = HandshakeHeaderHTTP(h)
|
||
}
|
||
if err == nil {
|
||
httpWriteResponseUpgrade(rw.Writer, strToBytes(nonce), hs, header.WriteTo)
|
||
err = rw.Writer.Flush()
|
||
} else {
|
||
var code int
|
||
if rej, ok := err.(*ConnectionRejectedError); ok {
|
||
code = rej.code
|
||
header[1] = rej.header
|
||
}
|
||
if code == 0 {
|
||
code = http.StatusInternalServerError
|
||
}
|
||
httpWriteResponseError(rw.Writer, err, code, header.WriteTo)
|
||
// Do not store Flush() error to not override already existing one.
|
||
_ = rw.Writer.Flush()
|
||
}
|
||
return conn, rw, hs, err
|
||
}
|
||
|
||
// Upgrader contains options for upgrading connection to websocket.
|
||
type Upgrader struct {
|
||
// ReadBufferSize and WriteBufferSize is an I/O buffer sizes.
|
||
// They used to read and write http data while upgrading to WebSocket.
|
||
// Allocated buffers are pooled with sync.Pool to avoid extra allocations.
|
||
//
|
||
// If a size is zero then default value is used.
|
||
//
|
||
// Usually it is useful to set read buffer size bigger than write buffer
|
||
// size because incoming request could contain long header values, such as
|
||
// Cookie. Response, in other way, could be big only if user write multiple
|
||
// custom headers. Usually response takes less than 256 bytes.
|
||
ReadBufferSize, WriteBufferSize int
|
||
|
||
// Protocol is a select function that is used to select subprotocol
|
||
// from list requested by client. If this field is set, then the first matched
|
||
// protocol is sent to a client as negotiated.
|
||
//
|
||
// The argument is only valid until the callback returns.
|
||
Protocol func([]byte) bool
|
||
|
||
// ProtocolCustrom allow user to parse Sec-WebSocket-Protocol header manually.
|
||
// Note that returned bytes must be valid until Upgrade returns.
|
||
// If ProtocolCustom is set, it used instead of Protocol function.
|
||
ProtocolCustom func([]byte) (string, bool)
|
||
|
||
// Extension is a select function that is used to select extensions
|
||
// from list requested by client. If this field is set, then the all matched
|
||
// extensions are sent to a client as negotiated.
|
||
//
|
||
// Note that Extension may be called multiple times and implementations
|
||
// must track uniqueness of accepted extensions manually.
|
||
//
|
||
// The argument is only valid until the callback returns.
|
||
//
|
||
// According to the RFC6455 order of extensions passed by a client is
|
||
// significant. That is, returning true from this function means that no
|
||
// other extension with the same name should be checked because server
|
||
// accepted the most preferable extension right now:
|
||
// "Note that the order of extensions is significant. Any interactions between
|
||
// multiple extensions MAY be defined in the documents defining the extensions.
|
||
// In the absence of such definitions, the interpretation is that the header
|
||
// fields listed by the client in its request represent a preference of the
|
||
// header fields it wishes to use, with the first options listed being most
|
||
// preferable."
|
||
//
|
||
// Deprecated: use Negotiate instead.
|
||
Extension func(httphead.Option) bool
|
||
|
||
// ExtensionCustom allow user to parse Sec-WebSocket-Extensions header
|
||
// manually.
|
||
//
|
||
// If ExtensionCustom() decides to accept received extension, it must
|
||
// append appropriate option to the given slice of httphead.Option.
|
||
// It returns results of append() to the given slice and a flag that
|
||
// reports whether given header value is wellformed or not.
|
||
//
|
||
// Note that ExtensionCustom may be called multiple times and
|
||
// implementations must track uniqueness of accepted extensions manually.
|
||
//
|
||
// Note that returned options should be valid until Upgrade returns.
|
||
// If ExtensionCustom is set, it used instead of Extension function.
|
||
ExtensionCustom func([]byte, []httphead.Option) ([]httphead.Option, bool)
|
||
|
||
// Negotiate is the callback that is used to negotiate extensions from
|
||
// the client's offer. If this field is set, then the returned non-zero
|
||
// extensions are sent to the client as accepted extensions in the
|
||
// response.
|
||
//
|
||
// The argument is only valid until the Negotiate callback returns.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
Negotiate func(httphead.Option) (httphead.Option, error)
|
||
|
||
// Header is an optional HandshakeHeader instance that could be used to
|
||
// write additional headers to the handshake response.
|
||
//
|
||
// It used instead of any key-value mappings to avoid allocations in user
|
||
// land.
|
||
//
|
||
// Note that if present, it will be written in any result of handshake.
|
||
Header HandshakeHeader
|
||
|
||
// OnRequest is a callback that will be called after request line
|
||
// successful parsing.
|
||
//
|
||
// The arguments are only valid until the callback returns.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
OnRequest func(uri []byte) error
|
||
|
||
// OnHost is a callback that will be called after "Host" header successful
|
||
// parsing.
|
||
//
|
||
// It is separated from OnHeader callback because the Host header must be
|
||
// present in each request since HTTP/1.1. Thus Host header is non-optional
|
||
// and required for every WebSocket handshake.
|
||
//
|
||
// The arguments are only valid until the callback returns.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
OnHost func(host []byte) error
|
||
|
||
// OnHeader is a callback that will be called after successful parsing of
|
||
// header, that is not used during WebSocket handshake procedure. That is,
|
||
// it will be called with non-websocket headers, which could be relevant
|
||
// for application-level logic.
|
||
//
|
||
// The arguments are only valid until the callback returns.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
OnHeader func(key, value []byte) error
|
||
|
||
// OnBeforeUpgrade is a callback that will be called before sending
|
||
// successful upgrade response.
|
||
//
|
||
// Setting OnBeforeUpgrade allows user to make final application-level
|
||
// checks and decide whether this connection is allowed to successfully
|
||
// upgrade to WebSocket.
|
||
//
|
||
// It must return non-nil either HandshakeHeader or error and never both.
|
||
//
|
||
// If returned error is non-nil then connection is rejected and response is
|
||
// sent with appropriate HTTP error code and body set to error message.
|
||
//
|
||
// RejectConnectionError could be used to get more control on response.
|
||
OnBeforeUpgrade func() (header HandshakeHeader, err error)
|
||
}
|
||
|
||
// Upgrade zero-copy upgrades connection to WebSocket. It interprets given conn
|
||
// as connection with incoming HTTP Upgrade request.
|
||
//
|
||
// It is a caller responsibility to manage i/o timeouts on conn.
|
||
//
|
||
// Non-nil error means that request for the WebSocket upgrade is invalid or
|
||
// malformed and usually connection should be closed.
|
||
// Even when error is non-nil Upgrade will write appropriate response into
|
||
// connection in compliance with RFC.
|
||
func (u Upgrader) Upgrade(conn io.ReadWriter) (hs Handshake, err error) {
|
||
// headerSeen constants helps to report whether or not some header was seen
|
||
// during reading request bytes.
|
||
const (
|
||
headerSeenHost = 1 << iota
|
||
headerSeenUpgrade
|
||
headerSeenConnection
|
||
headerSeenSecVersion
|
||
headerSeenSecKey
|
||
|
||
// headerSeenAll is the value that we expect to receive at the end of
|
||
// headers read/parse loop.
|
||
headerSeenAll = 0 |
|
||
headerSeenHost |
|
||
headerSeenUpgrade |
|
||
headerSeenConnection |
|
||
headerSeenSecVersion |
|
||
headerSeenSecKey
|
||
)
|
||
|
||
// Prepare I/O buffers.
|
||
// TODO(gobwas): make it configurable.
|
||
br := pbufio.GetReader(conn,
|
||
nonZero(u.ReadBufferSize, DefaultServerReadBufferSize),
|
||
)
|
||
bw := pbufio.GetWriter(conn,
|
||
nonZero(u.WriteBufferSize, DefaultServerWriteBufferSize),
|
||
)
|
||
defer func() {
|
||
pbufio.PutReader(br)
|
||
pbufio.PutWriter(bw)
|
||
}()
|
||
|
||
// Read HTTP request line like "GET /ws HTTP/1.1".
|
||
rl, err := readLine(br)
|
||
if err != nil {
|
||
return hs, err
|
||
}
|
||
// Parse request line data like HTTP version, uri and method.
|
||
req, err := httpParseRequestLine(rl)
|
||
if err != nil {
|
||
return hs, err
|
||
}
|
||
|
||
// Prepare stack-based handshake header list.
|
||
header := handshakeHeader{
|
||
0: u.Header,
|
||
}
|
||
|
||
// Parse and check HTTP request.
|
||
// As RFC6455 says:
|
||
// The client's opening handshake consists of the following parts. If the
|
||
// server, while reading the handshake, finds that the client did not
|
||
// send a handshake that matches the description below (note that as per
|
||
// [RFC2616], the order of the header fields is not important), including
|
||
// but not limited to any violations of the ABNF grammar specified for
|
||
// the components of the handshake, the server MUST stop processing the
|
||
// client's handshake and return an HTTP response with an appropriate
|
||
// error code (such as 400 Bad Request).
|
||
//
|
||
// See https://tools.ietf.org/html/rfc6455#section-4.2.1
|
||
|
||
// An HTTP/1.1 or higher GET request, including a "Request-URI".
|
||
//
|
||
// Even if RFC says "1.1 or higher" without mentioning the part of the
|
||
// version, we apply it only to minor part.
|
||
switch {
|
||
case req.major != 1 || req.minor < 1:
|
||
// Abort processing the whole request because we do not even know how
|
||
// to actually parse it.
|
||
err = ErrHandshakeBadProtocol
|
||
|
||
case btsToString(req.method) != http.MethodGet:
|
||
err = ErrHandshakeBadMethod
|
||
|
||
default:
|
||
if onRequest := u.OnRequest; onRequest != nil {
|
||
err = onRequest(req.uri)
|
||
}
|
||
}
|
||
// Start headers read/parse loop.
|
||
var (
|
||
// headerSeen reports which header was seen by setting corresponding
|
||
// bit on.
|
||
headerSeen byte
|
||
|
||
nonce = make([]byte, nonceSize)
|
||
)
|
||
for err == nil {
|
||
line, e := readLine(br)
|
||
if e != nil {
|
||
return hs, e
|
||
}
|
||
if len(line) == 0 {
|
||
// Blank line, no more lines to read.
|
||
break
|
||
}
|
||
|
||
k, v, ok := httpParseHeaderLine(line)
|
||
if !ok {
|
||
err = ErrMalformedRequest
|
||
break
|
||
}
|
||
|
||
switch btsToString(k) {
|
||
case headerHostCanonical:
|
||
headerSeen |= headerSeenHost
|
||
if onHost := u.OnHost; onHost != nil {
|
||
err = onHost(v)
|
||
}
|
||
|
||
case headerUpgradeCanonical:
|
||
headerSeen |= headerSeenUpgrade
|
||
if !bytes.Equal(v, specHeaderValueUpgrade) && !bytes.EqualFold(v, specHeaderValueUpgrade) {
|
||
err = ErrHandshakeBadUpgrade
|
||
}
|
||
|
||
case headerConnectionCanonical:
|
||
headerSeen |= headerSeenConnection
|
||
if !bytes.Equal(v, specHeaderValueConnection) && !btsHasToken(v, specHeaderValueConnectionLower) {
|
||
err = ErrHandshakeBadConnection
|
||
}
|
||
|
||
case headerSecVersionCanonical:
|
||
headerSeen |= headerSeenSecVersion
|
||
if !bytes.Equal(v, specHeaderValueSecVersion) {
|
||
err = ErrHandshakeUpgradeRequired
|
||
}
|
||
|
||
case headerSecKeyCanonical:
|
||
headerSeen |= headerSeenSecKey
|
||
if len(v) != nonceSize {
|
||
err = ErrHandshakeBadSecKey
|
||
} else {
|
||
copy(nonce, v)
|
||
}
|
||
|
||
case headerSecProtocolCanonical:
|
||
if custom, check := u.ProtocolCustom, u.Protocol; hs.Protocol == "" && (custom != nil || check != nil) {
|
||
var ok bool
|
||
if custom != nil {
|
||
hs.Protocol, ok = custom(v)
|
||
} else {
|
||
hs.Protocol, ok = btsSelectProtocol(v, check)
|
||
}
|
||
if !ok {
|
||
err = ErrMalformedRequest
|
||
}
|
||
}
|
||
|
||
case headerSecExtensionsCanonical:
|
||
if f := u.Negotiate; err == nil && f != nil {
|
||
hs.Extensions, err = negotiateExtensions(v, hs.Extensions, f)
|
||
}
|
||
// DEPRECATED path.
|
||
if custom, check := u.ExtensionCustom, u.Extension; u.Negotiate == nil && (custom != nil || check != nil) {
|
||
var ok bool
|
||
if custom != nil {
|
||
hs.Extensions, ok = custom(v, hs.Extensions)
|
||
} else {
|
||
hs.Extensions, ok = btsSelectExtensions(v, hs.Extensions, check)
|
||
}
|
||
if !ok {
|
||
err = ErrMalformedRequest
|
||
}
|
||
}
|
||
|
||
default:
|
||
if onHeader := u.OnHeader; onHeader != nil {
|
||
err = onHeader(k, v)
|
||
}
|
||
}
|
||
}
|
||
switch {
|
||
case err == nil && headerSeen != headerSeenAll:
|
||
switch {
|
||
case headerSeen&headerSeenHost == 0:
|
||
// As RFC2616 says:
|
||
// A client MUST include a Host header field in all HTTP/1.1
|
||
// request messages. If the requested URI does not include an
|
||
// Internet host name for the service being requested, then the
|
||
// Host header field MUST be given with an empty value. An
|
||
// HTTP/1.1 proxy MUST ensure that any request message it
|
||
// forwards does contain an appropriate Host header field that
|
||
// identifies the service being requested by the proxy. All
|
||
// Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad
|
||
// Request) status code to any HTTP/1.1 request message which
|
||
// lacks a Host header field.
|
||
err = ErrHandshakeBadHost
|
||
case headerSeen&headerSeenUpgrade == 0:
|
||
err = ErrHandshakeBadUpgrade
|
||
case headerSeen&headerSeenConnection == 0:
|
||
err = ErrHandshakeBadConnection
|
||
case headerSeen&headerSeenSecVersion == 0:
|
||
// In case of empty or not present version we do not send 426 status,
|
||
// because it does not meet the ABNF rules of RFC6455:
|
||
//
|
||
// version = DIGIT | (NZDIGIT DIGIT) |
|
||
// ("1" DIGIT DIGIT) | ("2" DIGIT DIGIT)
|
||
// ; Limited to 0-255 range, with no leading zeros
|
||
//
|
||
// That is, if version is really invalid – we sent 426 status as above, if it
|
||
// not present – it is 400.
|
||
err = ErrHandshakeBadSecVersion
|
||
case headerSeen&headerSeenSecKey == 0:
|
||
err = ErrHandshakeBadSecKey
|
||
default:
|
||
panic("unknown headers state")
|
||
}
|
||
|
||
case err == nil && u.OnBeforeUpgrade != nil:
|
||
header[1], err = u.OnBeforeUpgrade()
|
||
}
|
||
if err != nil {
|
||
var code int
|
||
if rej, ok := err.(*ConnectionRejectedError); ok {
|
||
code = rej.code
|
||
header[1] = rej.header
|
||
}
|
||
if code == 0 {
|
||
code = http.StatusInternalServerError
|
||
}
|
||
httpWriteResponseError(bw, err, code, header.WriteTo)
|
||
// Do not store Flush() error to not override already existing one.
|
||
_ = bw.Flush()
|
||
return hs, err
|
||
}
|
||
|
||
httpWriteResponseUpgrade(bw, nonce, hs, header.WriteTo)
|
||
err = bw.Flush()
|
||
|
||
return hs, err
|
||
}
|
||
|
||
type handshakeHeader [2]HandshakeHeader
|
||
|
||
func (hs handshakeHeader) WriteTo(w io.Writer) (n int64, err error) {
|
||
for i := 0; i < len(hs) && err == nil; i++ {
|
||
if h := hs[i]; h != nil {
|
||
var m int64
|
||
m, err = h.WriteTo(w)
|
||
n += m
|
||
}
|
||
}
|
||
return n, err
|
||
}
|