HTTP access control (CORS) for pxArchives (pxscene#604)

npoltorapavlo · mfiess · commit b9d5a2778ce1 · 2017-09-25T11:35:49.000-04:00
* HTTP access control (CORS) for pxArchives

* build time option for PXCORE_ACCESS_CONTROL_CHECK

* disable server functionality for http/https js modules
diff --git a/examples/pxScene2d/src/pxArchive.cpp b/examples/pxScene2d/src/pxArchive.cpp
@@ -13,7 +13,7 @@ pxArchive::~pxArchive()
   gUIThreadQueue.removeAllTasksForObject(this);
 }
 
-rtError pxArchive::initFromUrl(const rtString& url)
+rtError pxArchive::initFromUrl(const rtString& url, const rtString& origin)
 {
   mReady = new rtPromise;
   mLoadStatus = new rtMapObject;
@@ -30,6 +30,12 @@ rtError pxArchive::initFromUrl(const rtString& url)
     mLoadStatus.set("sourceType", "http");
     mLoadStatus.set("statusCode", -1);
     mDownloadRequest = new rtFileDownloadRequest(url, this);
+    if (!origin.isEmpty())
+    {
+      rtString headerOrigin("Origin:");
+      headerOrigin.append(origin.cString());
+      mDownloadRequest->additionalHttpHeaders().push_back(headerOrigin);
+    }
     mDownloadRequest->setCallbackFunction(pxArchive::onDownloadComplete);
     rtFileDownloader::instance()->addToDownloadQueue(mDownloadRequest);
   }
diff --git a/examples/pxScene2d/src/pxArchive.h b/examples/pxScene2d/src/pxArchive.h
@@ -45,7 +45,7 @@ class pxArchive: public rtObject
   pxArchive();
   virtual ~pxArchive();
 
-  rtError initFromUrl(const rtString& url);
+  rtError initFromUrl(const rtString& url, const rtString& origin = rtString());
   rtError ready(rtObjectRef& r) const;
 
   rtError loadStatus(rtObjectRef& v) const;
diff --git a/examples/pxScene2d/src/pxScene2d.cpp b/examples/pxScene2d/src/pxScene2d.cpp
@@ -28,6 +28,7 @@
 #include "rtString.h"
 #include "rtNode.h"
 #include "rtPathUtils.h"
+#include "rtUrlUtils.h"
 
 #include "pxCore.h"
 #include "pxOffscreen.h"
@@ -1538,7 +1539,7 @@ rtDefineObject(pxRoot,pxObject);
 int gTag = 0;
 
 pxScene2d::pxScene2d(bool top, pxScriptView* scriptView)
-  : start(0), sigma_draw(0), sigma_update(0), end2(0), frameCount(0), mWidth(0), mHeight(0), mStopPropagation(false), mContainer(NULL), mShowDirtyRectangle(false), 
+  : start(0), sigma_draw(0), sigma_update(0), end2(0), frameCount(0), mWidth(0), mHeight(0), mStopPropagation(false), mContainer(NULL), mShowDirtyRectangle(false),
     mInnerpxObjects(), mDirty(true), mTestView(NULL), mDisposed(false)
 {
   mRoot = new pxRoot(this);
@@ -1548,6 +1549,11 @@ pxScene2d::pxScene2d(bool top, pxScriptView* scriptView)
   mScriptView = scriptView;
   mTag = gTag++;
 
+  if (scriptView != NULL)
+  {
+    mOrigin = rtUrlGetOrigin(scriptView->getUrl().cString());
+  }
+
   // make sure that initial onFocus is sent
   rtObjectRef e = new rtMapObject;
   mRoot->setFocusInternal(true);
diff --git a/examples/pxScene2d/src/pxScene2d.h b/examples/pxScene2d/src/pxScene2d.h
@@ -1297,7 +1297,7 @@ class pxScene2d: public rtObject, public pxIView
   rtMethodNoArgAndNoReturn("dispose",dispose);
 
   pxScene2d(bool top = true, pxScriptView* scriptView = NULL);
-  virtual ~pxScene2d() 
+  virtual ~pxScene2d()
   {
      rtLogDebug("***** deleting pxScene2d\n");
     if (mTestView != NULL)
@@ -1456,7 +1456,7 @@ class pxScene2d: public rtObject, public pxIView
   {
     rtError e = RT_FAIL;
     rtRef<pxArchive> a = new pxArchive;
-    if (a->initFromUrl(url) == RT_OK)
+    if (a->initFromUrl(url, mOrigin) == RT_OK)
     {
       archive = a;
       e = RT_OK;
@@ -1519,6 +1519,7 @@ class pxScene2d: public rtObject, public pxIView
   #endif
   bool mPointerHidden;
   std::vector<rtObjectRef> mInnerpxObjects;
+  rtString mOrigin;
 public:
   void hidePointer( bool hide )
   {
diff --git a/examples/pxScene2d/src/rcvrcore/http_wrap.js b/examples/pxScene2d/src/rcvrcore/http_wrap.js
@@ -9,12 +9,14 @@ function HttpWrap(accessControl) {
   HttpWrap.prototype.IncomingMessage = http.IncomingMessage;
   HttpWrap.prototype.METHODS = http.METHODS;
   HttpWrap.prototype.OutgoingMessage = http.OutgoingMessage;
-  HttpWrap.prototype.ServerResponse = http.ServerResponse;
-  HttpWrap.prototype.STATUS_CODES = http.STATUS_CODES;
-  HttpWrap.prototype.Server = http.Server;
-  HttpWrap.prototype.createServer = http.createServer;
   HttpWrap.prototype.globalAgent = http.globalAgent;
 
+  // Server functionality needs to be disabled.
+  //HttpWrap.prototype.ServerResponse = http.ServerResponse;
+  //HttpWrap.prototype.STATUS_CODES = http.STATUS_CODES;
+  //HttpWrap.prototype.Server = http.Server;
+  //HttpWrap.prototype.createServer = http.createServer;
+
   HttpWrap.prototype.request = function (options, cb) {
     if (_accessControl) {
       if (_accessControl.isLocalAccessFromRemote(options)) {
diff --git a/examples/pxScene2d/src/rcvrcore/https_wrap.js b/examples/pxScene2d/src/rcvrcore/https_wrap.js
@@ -7,8 +7,10 @@ function HttpsWrap(accessControl) {
   var _accessControl = accessControl;
 
   HttpsWrap.prototype.globalAgent = https.globalAgent;
-  HttpsWrap.prototype.Server = https.Server;
-  HttpsWrap.prototype.createServer = https.createServer;
+
+  // Server functionality needs to be disabled.
+  //HttpsWrap.prototype.Server = https.Server;
+  //HttpsWrap.prototype.createServer = https.createServer;
 
   HttpsWrap.prototype.request = function (options, cb) {
     if (_accessControl) {
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -6,6 +6,7 @@ set(CMAKE_CXX_STANDARD 11)
 option(WINDOWLESS_EGL "WINDOWLESS_EGL" OFF)
 option(PXCORE_WAYLAND_EGL "PXCORE_WAYLAND_EGL" OFF)
 option(PXCORE_MATRIX_HELPERS "PXCORE_MATRIX_HELPERS" ON)
+option(PXCORE_ACCESS_CONTROL_CHECK "PXCORE_ACCESS_CONTROL_CHECK" ON)
 option(BUILD_RTCORE_LIBS "BUILD_RTCORE_LIBS" ON)
 option(BUILD_PXCORE_LIBS "BUILD_PXCORE_LIBS" ON)
 option(OUTPUT_LIBS_LOCAL "OUTPUT_LIBS_LOCAL" OFF)
@@ -201,3 +202,7 @@ if (BUILD_RTCORE_LIBS)
       add_library(rtCore SHARED ${RTCORE_FILES})
     endif(BUILD_RTCORE_SHARED_LIBRARY GREATER 0)
 endif (BUILD_RTCORE_LIBS)
+
+if (PXCORE_ACCESS_CONTROL_CHECK)
+    add_definitions(-DENABLE_ACCESS_CONTROL_CHECK)
+endif (PXCORE_ACCESS_CONTROL_CHECK)
diff --git a/src/rtFileDownloader.cpp b/src/rtFileDownloader.cpp
@@ -655,6 +655,9 @@ bool rtFileDownloader::downloadFromNetwork(rtFileDownloadRequest* downloadReques
     if (false == headerOnly)
     {
       downloadRequest->setDownloadedData(chunk.contentsBuffer, chunk.contentsSize);
+#ifdef ENABLE_ACCESS_CONTROL_CHECK
+      checkAccessControlHeaders(downloadRequest);
+#endif
     }
     else if (chunk.contentsBuffer != NULL)
     {
@@ -789,3 +792,123 @@ void rtFileDownloader::checkForExpiredHandles()
   downloadHandleMutex.unlock();
 }
 
+void rtFileDownloader::checkAccessControlHeaders(rtFileDownloadRequest* downloadRequest)
+{
+  rtLogDebug("checkAccessControlHeaders");
+
+  rtString origin;
+  const char* originFieldStart = "origin:";
+  const std::vector<rtString>& headers = downloadRequest->additionalHttpHeaders();
+  for (std::vector<rtString>::const_iterator it = headers.begin(); it != headers.end(); it++)
+  {
+    const rtString& header = (*it);
+    if (!header.isEmpty())
+    {
+      rtLogDebug("request header: '%s'", header.cString());
+
+      // Case-insensitive compare.
+      const char* h = header.cString();
+      const char* o = originFieldStart;
+      size_t start = 0;
+      for (; *h && *o && tolower(*h) == *o; h++, o++, start++);
+      if (*o == 0)
+      {
+        // Trim left.
+        for (; *h == ' ' || *h == '\t'; h++, start++);
+        if (*h != 0)
+          origin = header.substring(start);
+        break;
+      }
+    }
+  }
+  if (origin.isEmpty())
+  {
+    // Did not send Origin, do not check anything.
+    rtLogDebug("no origin in request headers");
+    return;
+  }
+
+  rtLogDebug("origin in request is: '%s'", origin.cString());
+  rtString reqUrl = downloadRequest->fileUrl();
+  if (reqUrl.isEmpty() ||
+    reqUrl.beginsWith(origin.cString()))
+  {
+    // Don't expect CORS response headers on same-origin requests.
+    rtLogDebug("request is same-origin: '%s'", reqUrl.cString());
+    return;
+  }
+
+  rtString allowOrigin;
+  const char* allowOriginFieldStart = "access-control-allow-origin:";
+  rtString resHeaders(downloadRequest->headerData(), downloadRequest->headerDataSize());
+  if (!resHeaders.isEmpty())
+  {
+    rtLogDebug("response headers are: '%s'", resHeaders.cString());
+
+    // Case-insensitive search.
+    const char* h = resHeaders.cString();
+    const char* o = allowOriginFieldStart;
+    size_t start = 0;
+    for (; *h && *o && tolower(*h) == *o; h++, o++, start++);
+    if (*o != 0)
+    {
+      allowOriginFieldStart = "\r\naccess-control-allow-origin:";
+      o = allowOriginFieldStart;
+      for (; *h && *o; h++, start++)
+        o = tolower(*h) == *o ? o + 1 : allowOriginFieldStart;
+    }
+    if (*o == 0)
+    {
+      // Trim left.
+      for (; *h == ' ' || *h == '\t'; h++, start++);
+      if (*h != 0)
+      {
+        size_t end = resHeaders.find(start, "\r\n");
+        end = end >= start ? end : 0;
+        allowOrigin = resHeaders.substring(start, end - start);
+      }
+    }
+  }
+  if (!allowOrigin.isEmpty())
+  {
+    rtLogDebug("allow-origin in response is: '%s'", allowOrigin.cString());
+
+    // If the value of Access-Control-Allow-Origin is not a case-sensitive match, return fail.
+    if (allowOrigin.compare("*") == 0 ||
+      allowOrigin.compare(origin.cString()) == 0)
+    {
+      // Allow access to the resource's contents.
+      rtLogDebug("allow access for origin '%s'", origin.cString());
+      return;
+    }
+  }
+
+  // Disallow access to the resource's contents.
+  if (downloadRequest->downloadedData() != NULL)
+  {
+    free(downloadRequest->downloadedData());
+  }
+  downloadRequest->setDownloadedData(NULL, 0);
+  stringstream errorStream;
+  // If the response includes zero Access-Control-Allow-Origin header values, return fail.
+  if (allowOrigin.isEmpty())
+  {
+    errorStream << "No 'Access-Control-Allow-Origin' header is present on the requested resource.";
+    errorStream << " Origin '";
+    errorStream << origin.cString();
+    errorStream << "' is therefore not allowed access";
+  }
+  else
+  {
+    errorStream << "The 'Access-Control-Allow-Origin' header has a value '";
+    errorStream << allowOrigin.cString();
+    errorStream << "' that is not equal to the supplied origin.";
+    errorStream << " Origin '";
+    errorStream << origin.cString();
+    errorStream << "' is therefore not allowed access";
+  }
+  const std::string& errorStr = errorStream.str();
+  rtLogWarn("disallow access for origin '%s' because: %s", origin.cString(), errorStr.c_str());
+  downloadRequest->setDownloadStatusCode(-1);
+  downloadRequest->setErrorString(errorStr.c_str());
+}
diff --git a/src/rtFileDownloader.h b/src/rtFileDownloader.h
@@ -146,6 +146,7 @@ class rtFileDownloader
 #endif
     CURL* retrieveDownloadHandle();
     void releaseDownloadHandle(CURL* curlHandle, int expiresTime);
+    static void checkAccessControlHeaders(rtFileDownloadRequest* downloadRequest);
     //todo: hash mPendingDownloadRequests;
     //todo: string list mPendingDownloadOrderList;
     //todo: list mActiveDownloads;
diff --git a/src/rtUrlUtils.cpp b/src/rtUrlUtils.cpp
@@ -20,6 +20,7 @@
 
 #include "rtUrlUtils.h"
 #include <string.h>
+#include <ctype.h>
 
 
 #if !defined(WIN32) && !defined(ENABLE_DFB)
@@ -85,3 +86,31 @@ rtString rtUrlEncodeParameters(const char* url)
   // printf("Returning %s\n",retVal.cString());
   return retVal;
 }
+
+/*
+ * rtUrlGetOrigin: Takes an url in the form of
+ *  "http://blahblah/index.js?some=some1&parm=value" and
+ *  returns an rtString in form scheme://host or
+ *  an empty rtString if url is not http:// or https://
+ */
+rtString rtUrlGetOrigin(const char* url)
+{
+  if (url != NULL)
+  {
+    // See http://www.ietf.org/rfc/rfc3986.txt.
+    const char* u = url;
+    const char* s = "http";
+    for (; *u && *s && tolower(*u) == *s; u++, s++);
+    if (*s == 0)
+    {
+      for (s = "s"; *u && *s && tolower(*u) == *s; u++, s++);
+      for (s = "://"; *u && *s && *u == *s; u++, s++);
+      if (*s == 0)
+      {
+        for (; *u && *u != '/' && *u != '?' && *u != '#'; u++);
+        return rtString(url, u - url);
+      }
+    }
+  }
+  return rtString();
+}
diff --git a/src/rtUrlUtils.h b/src/rtUrlUtils.h
@@ -22,5 +22,6 @@
 #include "rtString.h"
 
 rtString rtUrlEncodeParameters(const char* url);
+rtString rtUrlGetOrigin(const char* url);
 
 #endif

Original file line number	Diff line number	Diff line change
`@@ -1297,7 +1297,7 @@ class pxScene2d: public rtObject, public pxIView`
`1297`	`1297`	`rtMethodNoArgAndNoReturn("dispose",dispose);`
`1298`	`1298`
`1299`	`1299`	`pxScene2d(bool top = true, pxScriptView* scriptView = NULL);`
`1300`		`- virtual ~pxScene2d()`
	`1300`	`+ virtual ~pxScene2d()`
`1301`	`1301`	`{`
`1302`	`1302`	`rtLogDebug("***** deleting pxScene2d\n");`
`1303`	`1303`	`if (mTestView != NULL)`
`@@ -1456,7 +1456,7 @@ class pxScene2d: public rtObject, public pxIView`
`1456`	`1456`	`{`
`1457`	`1457`	`rtError e = RT_FAIL;`
`1458`	`1458`	`rtRef<pxArchive> a = new pxArchive;`
`1459`		`- if (a->initFromUrl(url) == RT_OK)`
	`1459`	`+ if (a->initFromUrl(url, mOrigin) == RT_OK)`
`1460`	`1460`	`{`
`1461`	`1461`	`archive = a;`
`1462`	`1462`	`e = RT_OK;`
`@@ -1519,6 +1519,7 @@ class pxScene2d: public rtObject, public pxIView`
`1519`	`1519`	`#endif`
`1520`	`1520`	`bool mPointerHidden;`
`1521`	`1521`	`std::vector<rtObjectRef> mInnerpxObjects;`
	`1522`	`+ rtString mOrigin;`
`1522`	`1523`	`public:`
`1523`	`1524`	`void hidePointer( bool hide )`
`1524`	`1525`	`{`