Sign upLogin

netdata/netdata

View on GitHub
Star
src/web/server/web_server.c

Summary

Maintainability
Test Coverage
// SPDX-License-Identifier: GPL-3.0-or-later

#define WEB_SERVER_INTERNALS 1
#include "web_server.h"

WEB_SERVER_MODE web_server_mode = WEB_SERVER_MODE_STATIC_THREADED;

// --------------------------------------------------------------------------------------

WEB_SERVER_MODE web_server_mode_id(const char *mode) {
    if(!strcmp(mode, "none"))
        return WEB_SERVER_MODE_NONE;
    else
        return WEB_SERVER_MODE_STATIC_THREADED;

}

const char *web_server_mode_name(WEB_SERVER_MODE id) {
    switch(id) {
        case WEB_SERVER_MODE_NONE:
            return "none";
        default:
        case WEB_SERVER_MODE_STATIC_THREADED:
            return "static-threaded";
    }
}

// --------------------------------------------------------------------------------------
// API sockets

LISTEN_SOCKETS api_sockets = {
        .config          = &netdata_config,
        .config_section  = CONFIG_SECTION_WEB,
        .default_bind_to = "*",
        .default_port    = API_LISTEN_PORT,
        .backlog         = API_LISTEN_BACKLOG
};

void debug_sockets() {
    BUFFER *wb = buffer_create(256 * sizeof(char), NULL);
    int i;

    for(i = 0 ; i < (int)api_sockets.opened ; i++) {
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_NOCHECK) ? "NONE " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_DASHBOARD) ? "dashboard " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_REGISTRY) ? "registry " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_BADGES) ? "badges " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_MANAGEMENT) ? "management " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_STREAMING) ? "streaming " : "");
        buffer_strcat(wb, (api_sockets.fds_acl_flags[i] & HTTP_ACL_NETDATACONF) ? "netdata.conf " : "");
        netdata_log_debug(D_WEB_CLIENT, "Socket fd %d name '%s' acl_flags: %s",
              i,
              api_sockets.fds_names[i],
              buffer_tostring(wb));
        buffer_reset(wb);
    }
    buffer_free(wb);
}

bool api_listen_sockets_setup(void) {
    int socks = listen_sockets_setup(&api_sockets);

    if(!socks)
        return false;

    if(unlikely(debug_flags & D_WEB_CLIENT))
        debug_sockets();

    return true;
}


// --------------------------------------------------------------------------------------
// access lists

SIMPLE_PATTERN *web_allow_connections_from = NULL;
int web_allow_connections_dns;

// WEB_CLIENT_ACL
SIMPLE_PATTERN *web_allow_dashboard_from = NULL;
int             web_allow_dashboard_dns;
SIMPLE_PATTERN *web_allow_registry_from = NULL;
int             web_allow_registry_dns;
SIMPLE_PATTERN *web_allow_badges_from = NULL;
int             web_allow_badges_dns;
SIMPLE_PATTERN *web_allow_mgmt_from = NULL;
int             web_allow_mgmt_dns;
SIMPLE_PATTERN *web_allow_streaming_from = NULL;
int             web_allow_streaming_dns;
SIMPLE_PATTERN *web_allow_netdataconf_from = NULL;
int             web_allow_netdataconf_dns;

void web_client_update_acl_matches(struct web_client *w) {
    w->acl = HTTP_ACL_TRANSPORTS;

    if(!(w->port_acl & HTTP_ACL_TRANSPORTS_WITHOUT_CLIENT_IP_VALIDATION)) {
        if (!web_allow_dashboard_from ||
            connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                               web_allow_dashboard_from, "dashboard", web_allow_dashboard_dns))
            w->acl |= HTTP_ACL_DASHBOARD;

        if (!web_allow_registry_from ||
            connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                               web_allow_registry_from, "registry", web_allow_registry_dns))
            w->acl |= HTTP_ACL_REGISTRY;

        if (!web_allow_badges_from ||
            connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                               web_allow_badges_from, "badges", web_allow_badges_dns))
            w->acl |= HTTP_ACL_BADGES;

        if (!web_allow_mgmt_from ||
            connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                               web_allow_mgmt_from, "management", web_allow_mgmt_dns))
            w->acl |= HTTP_ACL_MANAGEMENT;

        if (!web_allow_streaming_from ||
            connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                               web_allow_streaming_from, "streaming", web_allow_streaming_dns))
            w->acl |= HTTP_ACL_STREAMING;

        if (!web_allow_netdataconf_from ||
           connection_allowed(w->ifd, w->client_ip, w->client_host, sizeof(w->client_host),
                              web_allow_netdataconf_from, "netdata.conf", web_allow_netdataconf_dns))
            w->acl |= HTTP_ACL_NETDATACONF;
    }

    w->acl &= w->port_acl;
}


// --------------------------------------------------------------------------------------

void web_server_log_connection(struct web_client *w, const char *msg) {
    ND_LOG_STACK lgs[] = {
            ND_LOG_FIELD_U64(NDF_CONNECTION_ID, w->id),
#ifdef ENABLE_HTTPS
            ND_LOG_FIELD_TXT(NDF_SRC_TRANSPORT, SSL_connection(&w->ssl) ? "https" : "http"),
#else
            ND_LOG_FIELD_TXT(NDF_SRC_TRANSPORT, "http"),
#endif
            ND_LOG_FIELD_TXT(NDF_SRC_IP, w->client_ip),
            ND_LOG_FIELD_TXT(NDF_SRC_PORT, w->client_port),
            ND_LOG_FIELD_TXT(NDF_SRC_FORWARDED_HOST, w->forwarded_host),
            ND_LOG_FIELD_TXT(NDF_SRC_FORWARDED_FOR, w->forwarded_for),
            ND_LOG_FIELD_END(),
    };
    ND_LOG_STACK_PUSH(lgs);

    nd_log(NDLS_ACCESS, NDLP_DEBUG, "[%s]:%s %s", w->client_ip, w->client_port, msg);
}