# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com># # Permission is hereby granted, free of charge, to any person obtaining a copy# of this software and associated documentation files (the "Software"), to deal# in the Software without restriction, including without limitation the rights# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell# copies of the Software, and to permit persons to whom the Software is# furnished to do so, subject to the following conditions:# # The above copyright notice and this permission notice shall be included in# all copies or substantial portions of the Software.# # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN# THE SOFTWARE.require'async/io/endpoint'require_relative'proxy'require_relative'redirection'require'async/container'require'async/container/controller'require'async/http/endpoint'moduleFalconclassHostdefinitialize(environment)@environment=environment.flatten@evaluator=@environment.evaluatorenddefname"Falcon Host for #{self.authority}"enddefauthority@evaluator.authorityenddefendpoint@evaluator.endpointenddefssl_context@evaluator.ssl_contextenddefroot@evaluator.rootenddefbound_endpoint@evaluator.bound_endpointenddefto_s"\#<#{self.class}#{@evaluator.authority}>"enddefassume_privileges(path)stat=File.stat(path)Process::GID.change_privilege(stat.gid)Process::UID.change_privilege(stat.uid)enddefrun(container)if@environment.include?(:server)bound_endpoint=self.bound_endpointcontainer.run(count: 1,name: self.name)do|task,instance|Async.logger.info(self){"Starting application server..."}ifroot=self.rootDir.chdir(root)endserver=@evaluator.server# Drop root privileges:assume_privileges(root)server.runtask.children.each(&:wait)endendendendclassHostsDEFAULT_ALPN_PROTOCOLS=['h2','http/1.1'].freezedefinitialize(configuration)@named={}@server_context=nil@server_endpoint=nilconfiguration.eachdo|environment|add(Host.new(environment))endenddefeach(&block)@named.each(&block)enddefendpoint@server_endpoint||=Async::HTTP::Endpoint.parse('https://[::]',ssl_context: self.ssl_context,reuse_address: true)enddefssl_context@server_context||=OpenSSL::SSL::SSLContext.new.tapdo|context|context.servername_cb=Proc.newdo|socket,hostname|self.host_context(socket,hostname)endcontext.session_id_context="falcon"context.alpn_protocols=DEFAULT_ALPN_PROTOCOLScontext.set_paramscontext.setupendenddefhost_context(socket,hostname)ifhost=@named[hostname]Async.logger.debug(self){"Resolving #{hostname} -> #{host}"}socket.hostname=hostnamereturnhost.ssl_contextelseAsync.logger.warn(self){"Unable to resolve #{hostname}!"}returnnilendenddefadd(host)@named[host.authority]=hostenddefproxyProxy.new(Falcon::BadRequest,@named)enddefredirection(secure_endpoint)Redirection.new(Falcon::BadRequest,@named,secure_endpoint)enddefrun(container=Async::Container::Forked.new,**options)@named.eachdo|name,host|host.run(container)endsecure_endpoint=Async::HTTP::Endpoint.parse(options[:bind_secure],ssl_context: self.ssl_context)insecure_endpoint=Async::HTTP::Endpoint.parse(options[:bind_insecure])container.run(count: 1,name: "Falcon Proxy")do|task,instance|proxy=self.proxyproxy_server=Falcon::Server.new(proxy,secure_endpoint)proxy_server.runendcontainer.run(count: 1,name: "Falcon Redirector")do|task,instance|redirection=self.redirection(secure_endpoint)redirection_server=Falcon::Server.new(redirection,insecure_endpoint)redirection_server.runendreturncontainerendendend