From e4af79d85f85e82a4abc74d4183f0bdd79decee7 Mon Sep 17 00:00:00 2001 From: WeebDataHoarder <57538841+WeebDataHoarder@users.noreply.github.com> Date: Sun, 16 Jan 2022 19:47:19 +0100 Subject: [PATCH] Rewrite using fasthttp --- OrbitalBeat.go | 212 ++++++++++++++++--------------------------------- go.mod | 1 + go.sum | 17 ++++ 3 files changed, 87 insertions(+), 143 deletions(-) diff --git a/OrbitalBeat.go b/OrbitalBeat.go index 01fe694..18dcf76 100644 --- a/OrbitalBeat.go +++ b/OrbitalBeat.go @@ -19,10 +19,10 @@ import ( "github.com/ipfs/go-cid" _ "github.com/lib/pq" "github.com/multiformats/go-multihash" + "github.com/valyala/fasthttp" "log" "math/big" "net" - "net/http" "net/url" "os" "path" @@ -34,7 +34,6 @@ import ( type ContentCacheEntry struct { Entry ContentEntry - File *os.File RefCount int64 AccessTime time.Time } @@ -57,7 +56,6 @@ func (e *ContentCacheEntry) borrow() *ContentCacheEntry { func (e *ContentCacheEntry) release() { objectCacheMutex.Lock() if atomic.AddInt64(&e.RefCount, -1) == 0 { - defer e.File.Close() delete(objectCache, e.Entry.Identifier) } objectCacheMutex.Unlock() @@ -70,6 +68,7 @@ var sniAddress string var sha256Statement *sql.Stmt var md5Statement *sql.Stmt var fdlimit int +var fsHandler fasthttp.RequestHandler var objectCacheMutex sync.RWMutex var objectCache = make(map[cid.Cid]*ContentCacheEntry) @@ -97,7 +96,7 @@ func getFirstValidContentEntry(entries *[]ContentEntry) *ContentEntry { return nil } -func handleQueryRequest(w http.ResponseWriter, r *http.Request, identifier cid.Cid, extraArguments []string) { +func handleQueryRequest(ctx *fasthttp.RequestCtx, identifier cid.Cid, extraArguments []string) { var cacheEntry = tryGetCacheEntryForIdentifier(identifier) @@ -114,10 +113,10 @@ func handleQueryRequest(w http.ResponseWriter, r *http.Request, identifier cid.C if cacheEntry == nil { var origin string - if r.Header.Get("Referer") != "" { - origin = r.Header.Get("Referer") - } else if r.Header.Get("Origin") != "" { - origin = r.Header.Get("Origin") + if len(ctx.Referer()) > 0 { + origin = string(ctx.Referer()) + } else if len(ctx.Request.Header.Peek("Origin")) > 0 { + origin = string(ctx.Request.Header.Peek("Origin")) } //Try to redirect back to origin @@ -130,45 +129,46 @@ func handleQueryRequest(w http.ResponseWriter, r *http.Request, identifier cid.C kind = "md5" } if kind != "" { - http.Redirect(w, r, fmt.Sprintf("%s/%s/%s/%s", origin, kind, hex.EncodeToString(mh.Digest), strings.Join(extraArguments, "/")), http.StatusFound) + ctx.Redirect(fmt.Sprintf("%s/%s/%s/%s", origin, kind, hex.EncodeToString(mh.Digest), strings.Join(extraArguments, "/")), fasthttp.StatusFound) return } } - w.WriteHeader(http.StatusNotFound) + ctx.SetStatusCode(fasthttp.StatusNotFound) return } defer cacheEntry.release() - w.Header().Set("Accept-Ranges", "bytes") - w.Header().Set("ETag", cacheEntry.Entry.Identifier.String()) - w.Header().Set("Cache-Control", "public, max-age=2592000, immutable") + ctx.Response.Header.Set("Accept-Ranges", "bytes") + ctx.Response.Header.Set("ETag", cacheEntry.Entry.Identifier.String()) + ctx.Response.Header.Set("Cache-Control", "public, max-age=2592000, immutable") filename := path.Base(cacheEntry.Entry.Path) //TODO: setting to hide filename - w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename*=utf-8''%s", url.PathEscape(filename))) + ctx.Response.Header.Set("Content-Disposition", fmt.Sprintf("inline; filename*=utf-8''%s", url.PathEscape(filename))) - http.ServeContent(w, r, filename, time.Date(1970, 0, 0, 0, 0, 0, 0, time.UTC), cacheEntry.File) + ctx.Request.SetRequestURI(cacheEntry.Entry.Path) + fsHandler(ctx) } -func setOtherHeaders(w http.ResponseWriter) { - w.Header().Set("Server", "OrbitalBeat") - w.Header().Set("Connection", "close") - w.Header().Set("Vary", "Content-Encoding") - w.Header().Set("X-Content-Type-Options", "nosniff") +func setOtherHeaders(ctx *fasthttp.RequestCtx) { + ctx.Response.Header.Set("Server", "OrbitalBeat") + ctx.Response.Header.Set("Connection", "close") + ctx.Response.Header.Set("Vary", "Content-Encoding") + ctx.Response.Header.Set("X-Content-Type-Options", "nosniff") } -func setCORSHeaders(w http.ResponseWriter) { - w.Header().Set("Access-Control-Allow-Credentials", "true") - w.Header().Set("Access-Control-Max-Age", "7200") //Firefox caps this to 86400, Chrome to 7200. Default is 5 seconds (!!!) - w.Header().Set("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS") - w.Header().Set("Access-Control-Allow-Headers", "DNT,ETag,Origin,Accept,Accept-Language,X-Requested-With,Range") - w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-Control-Expose-Headers", "*") +func setCORSHeaders(ctx *fasthttp.RequestCtx) { + ctx.Response.Header.Set("Access-Control-Allow-Credentials", "true") + ctx.Response.Header.Set("Access-Control-Max-Age", "7200") //Firefox caps this to 86400, Chrome to 7200. Default is 5 seconds (!!!) + ctx.Response.Header.Set("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS") + ctx.Response.Header.Set("Access-Control-Allow-Headers", "DNT,ETag,Origin,Accept,Accept-Language,X-Requested-With,Range") + ctx.Response.Header.Set("Access-Control-Allow-Origin", "*") + ctx.Response.Header.Set("Access-Control-Expose-Headers", "*") //CORP, COEP, COOP - w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp") - w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin") - w.Header().Set("Cross-Origin-Opener-Policy", "unsafe-none") + ctx.Response.Header.Set("Cross-Origin-Embedder-Policy", "require-corp") + ctx.Response.Header.Set("Cross-Origin-Resource-Policy", "cross-origin") + ctx.Response.Header.Set("Cross-Origin-Opener-Policy", "unsafe-none") } func getCacheEntryForContentEntry(entry *ContentEntry) *ContentCacheEntry { @@ -196,14 +196,8 @@ func getCacheEntryForContentEntry(entry *ContentEntry) *ContentCacheEntry { } } - f, err := os.Open(entry.Path) - if err != nil { - return nil - } - objectCache[entry.Identifier] = &ContentCacheEntry{ Entry: *entry, - File: f, RefCount: 1, AccessTime: time.Now(), } @@ -235,52 +229,52 @@ func IsTrustedPublicKey(key ed25519.PublicKey) bool { return false } -func handle(w http.ResponseWriter, r *http.Request) { - if len(r.Host) > 0 && r.Host == r.TLS.ServerName { //Prevents rebinding / DNS stuff - w.WriteHeader(http.StatusNotFound) +func handle(ctx *fasthttp.RequestCtx) { + if len(ctx.Host()) > 0 && string(ctx.Host()) == ctx.TLSConnectionState().ServerName { //Prevents rebinding / DNS stuff + ctx.SetStatusCode(fasthttp.StatusNotFound) return } - if r.Method == "GET" || r.Method == "HEAD" { - log.Printf("Serve %s", r.URL.Path) - setOtherHeaders(w) - setCORSHeaders(w) - pathElements := strings.Split(r.URL.Path, "/") + if ctx.IsGet() || ctx.IsHead() { + log.Printf("Serve %s", string(ctx.Path())) + setOtherHeaders(ctx) + setCORSHeaders(ctx) + pathElements := strings.Split(string(ctx.Path()), "/") if len(pathElements) < 2 { - w.WriteHeader(http.StatusBadRequest) + ctx.SetStatusCode(fasthttp.StatusBadRequest) return } messageBytes, err := base32Encoding.DecodeString(pathElements[1]) if err != nil { - w.WriteHeader(http.StatusBadRequest) + ctx.SetStatusCode(fasthttp.StatusBadRequest) return } message := DecodeContentMessage(messageBytes) if message == nil { - w.WriteHeader(http.StatusBadRequest) + ctx.SetStatusCode(fasthttp.StatusBadRequest) return } if !IsTrustedPublicKey(message.PublicKey) { - w.WriteHeader(http.StatusForbidden) + ctx.SetStatusCode(fasthttp.StatusForbidden) return } if !message.verify() { - w.WriteHeader(http.StatusForbidden) + ctx.SetStatusCode(fasthttp.StatusForbidden) return } - log.Printf("Valid %s %s", r.URL.Path, message.Identifier.String()) + log.Printf("Valid %s %s", string(ctx.Path()), message.Identifier.String()) - handleQueryRequest(w, r, message.Identifier, pathElements[2:]) - } else if r.Method == "OPTIONS" { - setOtherHeaders(w) - setCORSHeaders(w) - w.WriteHeader(http.StatusNoContent) + handleQueryRequest(ctx, message.Identifier, pathElements[2:]) + } else if ctx.IsOptions() { + setOtherHeaders(ctx) + setCORSHeaders(ctx) + ctx.SetStatusCode(fasthttp.StatusNoContent) } else { - w.WriteHeader(http.StatusNotImplemented) + ctx.SetStatusCode(fasthttp.StatusNotImplemented) } } @@ -594,12 +588,25 @@ func main() { serverCertificate = bogusCertificate } - server := &http.Server{ - Addr: *listenAddress, - Handler: http.HandlerFunc(handle), - ReadTimeout: 5 * time.Second, - IdleTimeout: 15 * time.Second, + fs := fasthttp.FS{ + Root: "/", + AcceptByteRange: true, + Compress: false, + CompressBrotli: false, + CacheDuration: time.Minute * 15, + } + fsHandler = fs.NewRequestHandler() + + server := &fasthttp.Server{ + ReadTimeout: 5 * time.Second, + IdleTimeout: 15 * time.Second, + WriteTimeout: 15 * time.Second, + Handler: handle, + NoDefaultServerHeader: true, + NoDefaultDate: true, + TCPKeepalive: false, + DisableKeepalive: true, TLSConfig: &tls.Config{ MinVersion: tls.VersionTLS12, MaxVersion: 0, //max supported, currently TLS 1.3 @@ -629,11 +636,9 @@ func main() { }, } - server.SetKeepAlivesEnabled(false) - log.Printf("Serving on %s", *listenAddress) - ln, err := newListener("tcp", server.Addr, 5*time.Second, 15*time.Second) + ln, err := net.Listen("tcp", *listenAddress) if err != nil { log.Panic(err) } @@ -643,82 +648,3 @@ func main() { log.Panic(err) } } - -type listener struct { - net.Listener - ReadTimeout time.Duration - WriteTimeout time.Duration -} - -func (l *listener) Accept() (net.Conn, error) { - c, err := l.Listener.Accept() - if err != nil { - return nil, err - } - tc := &Conn{ - Conn: c, - ReadTimeout: l.ReadTimeout, - WriteTimeout: l.WriteTimeout, - ReadThreshold: int32((l.ReadTimeout * 1024) / time.Second), - WriteThreshold: int32((l.WriteTimeout * 1024) / time.Second), - BytesReadFromDeadline: 0, - BytesWrittenFromDeadline: 0, - } - return tc, nil -} - -// Conn wraps a net.Conn, and sets a deadline for every read -// and write operation. -type Conn struct { - net.Conn - ReadTimeout time.Duration - WriteTimeout time.Duration - ReadThreshold int32 - WriteThreshold int32 - BytesReadFromDeadline int32 - BytesWrittenFromDeadline int32 -} - -func (c *Conn) Read(b []byte) (n int, err error) { - if atomic.LoadInt32(&c.BytesReadFromDeadline) > c.ReadThreshold { - atomic.StoreInt32(&c.BytesReadFromDeadline, 0) - // we set both read and write deadlines here otherwise after the request - // is read writing the response fails with an i/o timeout error - err = c.Conn.SetDeadline(time.Now().Add(c.ReadTimeout)) - if err != nil { - return 0, err - } - } - n, err = c.Conn.Read(b) - atomic.AddInt32(&c.BytesReadFromDeadline, int32(n)) - return -} - -func (c *Conn) Write(b []byte) (n int, err error) { - if atomic.LoadInt32(&c.BytesWrittenFromDeadline) > c.WriteThreshold { - atomic.StoreInt32(&c.BytesWrittenFromDeadline, 0) - // we extend the read deadline too, not sure it's necessary, - // but it doesn't hurt - err = c.Conn.SetDeadline(time.Now().Add(c.WriteTimeout)) - if err != nil { - return - } - } - n, err = c.Conn.Write(b) - atomic.AddInt32(&c.BytesWrittenFromDeadline, int32(n)) - return -} - -func newListener(network, addr string, readTimeout, writeTimeout time.Duration) (net.Listener, error) { - l, err := net.Listen(network, addr) - if err != nil { - return nil, err - } - - tl := &listener{ - Listener: l, - ReadTimeout: readTimeout, - WriteTimeout: writeTimeout, - } - return tl, nil -} diff --git a/go.mod b/go.mod index 11c8af5..1a114ef 100644 --- a/go.mod +++ b/go.mod @@ -6,4 +6,5 @@ require ( github.com/ipfs/go-cid v0.1.0 github.com/lib/pq v1.10.4 github.com/multiformats/go-multihash v0.0.15 + github.com/valyala/fasthttp v1.32.0 ) diff --git a/go.sum b/go.sum index 018d04e..38bada1 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,10 @@ +github.com/andybalholm/brotli v1.0.2 h1:JKnhI/XQ75uFBTiuzXpzFrUriDPiZjlOSzh6wXogP0E= +github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/ipfs/go-cid v0.1.0 h1:YN33LQulcRHjfom/i25yoOZR4Telp1Hr/2RU3d0PnC0= github.com/ipfs/go-cid v0.1.0/go.mod h1:rH5/Xv83Rfy8Rw6xG+id3DYAMUVmem1MowoKwdXmN2o= +github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s= +github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid/v2 v2.0.4 h1:g0I61F2K2DjRHz1cnxlkNSBIaePVoJIjjnHui8QHbiw= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= @@ -21,19 +26,31 @@ github.com/multiformats/go-multihash v0.0.15 h1:hWOPdrNqDjwHDx82vsYGSDZNyktOJJ2d github.com/multiformats/go-multihash v0.0.15/go.mod h1:D6aZrWNLFTV/ynMpKsNtB40mJzmCl4jb1alC0OvHiHg= github.com/multiformats/go-varint v0.0.6 h1:gk85QWKxh3TazbLxED/NlDVv8+q+ReFJk7Y2W/KhfNY= github.com/multiformats/go-varint v0.0.6/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE= +github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasthttp v1.32.0 h1:keswgWzyKyNIIjz2a7JmCYHOOIkRp6HMx9oTV6QrZWY= +github.com/valyala/fasthttp v1.32.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus= +github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf h1:B2n+Zi5QeYRDAEodEu72OS36gmTWjgpXr2+cWcBW90o= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2 h1:46ULzRKLh1CwgRq2dC5SlBzEqqNCi8rreOZnNrbqcIY= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 h1:hZR0X1kPW+nwyJ9xRxqZk1vx5RUObAPBdKVvXPDUH/E= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=