Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / external / subpack / net / nginx-util / src / nginx-util.cpp
blob: 3b4ad8c60e0fe5ed7ee9e7483f21dff5f39554cc [file] [log] [blame]
#include <iostream>
#include <numeric>
#include "nginx-ssl-util.hpp"
#include "nginx-util.hpp"
static auto constexpr file_comment_auto_created =
std::string_view{"# This file is re-created when Nginx starts.\n"};
// TODO(pst) replace it with blobmsg_get_string if upstream takes const:
#ifndef NO_UBUS
static inline auto _pst_get_string(const blob_attr* attr) -> char*
{
return static_cast<char*>(blobmsg_data(attr));
}
#endif
void create_lan_listen() // create empty files for compatibility:
{
// TODO(pst): replace by dummies after transitioning nginx config to UCI:
std::vector<std::string> ips;
#ifndef NO_UBUS
try {
auto loopback_status = ubus::call("network.interface.loopback", "status");
for (const auto* ip : loopback_status.filter("ipv4-address", "", "address")) {
ips.emplace_back(_pst_get_string(ip));
}
for (const auto* ip : loopback_status.filter("ipv6-address", "", "address")) {
ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
}
catch (const std::runtime_error&) { /* do nothing about it */
}
try {
auto lan_status = ubus::call("network.interface.lan", "status");
for (const auto* ip : lan_status.filter("ipv4-address", "", "address")) {
ips.emplace_back(_pst_get_string(ip));
}
for (const auto* ip : lan_status.filter("ipv6-address", "", "address")) {
ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
for (const auto* ip :
lan_status.filter("ipv6-prefix-assignment", "", "local-address", "address")) {
ips.emplace_back(std::string{"["} + _pst_get_string(ip) + "]");
}
}
catch (const std::runtime_error&) { /* do nothing about it */
}
#else
ips.emplace_back("127.0.0.1");
#endif
std::string listen = std::string{file_comment_auto_created};
std::string listen_default = std::string{file_comment_auto_created};
for (const auto& ip : ips) {
listen += "\tlisten " + ip + ":80;\n";
listen_default += "\tlisten " + ip + ":80 default_server;\n";
}
write_file(LAN_LISTEN, listen);
write_file(LAN_LISTEN_DEFAULT, listen_default);
std::string ssl_listen = std::string{file_comment_auto_created};
std::string ssl_listen_default = std::string{file_comment_auto_created};
for (const auto& ip : ips) {
ssl_listen += "\tlisten " + ip + ":443 ssl;\n";
ssl_listen_default += "\tlisten " + ip + ":443 ssl default_server;\n";
}
write_file(LAN_SSL_LISTEN, ssl_listen);
write_file(LAN_SSL_LISTEN_DEFAULT, ssl_listen_default);
}
inline auto change_if_starts_with(const std::string_view& subject,
const std::string_view& prefix,
const std::string_view& substitute,
const std::string_view& seperator = " \t\n;") -> std::string
{
auto view = subject;
view = view.substr(view.find_first_not_of(seperator));
if (view.rfind(prefix, 0) == 0) {
if (view.size() == prefix.size()) {
return std::string{substitute};
}
view = view.substr(prefix.size());
if (seperator.find(view[0]) != std::string::npos) {
auto ret = std::string{substitute};
ret += view;
return ret;
}
}
return std::string{subject};
}
inline auto create_server_conf(const uci::section& sec, const std::string& indent = "")
-> std::string
{
auto secname = sec.name();
auto legacypath = std::string{CONF_DIR} + secname + ".conf";
if (access(legacypath.c_str(), R_OK) == 0) {
auto message = std::string{"skipped UCI server 'nginx."} + secname;
message += "' as it could conflict with: " + legacypath + "\n";
// TODO(pst) std::cerr<<"create_server_conf notice: "<<message;
return indent + "# " + message;
} // else:
auto conf = indent + "server { #see uci show 'nginx." + secname + "'\n";
for (auto opt : sec) {
for (auto itm : opt) {
if (opt.name().rfind("uci_", 0) == 0) {
continue;
}
// else: standard opt.name()
auto val = itm.name();
if (opt.name() == "error_log") {
val = change_if_starts_with(val, "logd", "/proc/self/fd/1");
}
else if (opt.name() == "access_log") {
val = change_if_starts_with(val, "logd", "stderr");
}
conf += indent + "\t" + opt.name() + " " + itm.name() + ";\n";
}
}
conf += indent + "}\n";
return conf;
}
void init_uci(const uci::package& pkg)
{
auto conf = std::string{file_comment_auto_created};
static const auto uci_http_config = std::string_view{"#UCI_HTTP_CONFIG\n"};
const auto tmpl = read_file(std::string{UCI_CONF} + ".template");
auto pos = tmpl.find(uci_http_config);
if (pos == std::string::npos) {
conf += tmpl;
}
else {
const auto index = tmpl.find_last_not_of(" \t", pos - 1);
const auto before = tmpl.begin() + index + 1;
const auto middle = tmpl.begin() + pos;
const auto after = middle + uci_http_config.length();
conf.append(tmpl.begin(), before);
const auto indent = std::string{before, middle};
for (auto sec : pkg) {
if (sec.type() == std::string_view{"server"}) {
conf += create_server_conf(sec, indent) + "\n";
}
}
conf.append(after, tmpl.end());
}
write_file(VAR_UCI_CONF, conf);
}
auto is_enabled(const uci::package& pkg) -> bool
{
for (auto sec : pkg) {
if (sec.type() != std::string_view{"main"}) {
continue;
}
if (sec.name() != std::string_view{"global"}) {
continue;
}
for (auto opt : sec) {
if (opt.name() != "uci_enable") {
continue;
}
for (auto itm : opt) {
if (itm) {
return true;
}
}
}
}
return false;
}
/*
* ___________main_thread________________|______________thread_1________________
* create_lan_listen() or do nothing | config = uci::package("nginx")
* if config_enabled (set in thread_1): | config_enabled = is_enabled(config)
* then init_uci(config) | check_ssl(config, config_enabled)
*/
void init_lan()
{
std::exception_ptr ex;
std::unique_ptr<uci::package> config;
bool config_enabled = false;
std::mutex configuring;
configuring.lock();
auto thrd = std::thread([&config, &config_enabled, &configuring, &ex] {
try {
config = std::make_unique<uci::package>("nginx");
config_enabled = is_enabled(*config);
configuring.unlock();
check_ssl(*config, config_enabled);
}
catch (...) {
std::cerr << "init_lan error: checking UCI file /etc/config/nginx\n";
ex = std::current_exception();
}
});
try {
create_lan_listen();
}
catch (...) {
std::cerr << "init_lan error: cannot create listen files of local IPs.\n";
ex = std::current_exception();
}
configuring.lock();
if (config_enabled) {
try {
init_uci(*config);
}
catch (...) {
std::cerr << "init_lan error: cannot create " << VAR_UCI_CONF << " from ";
std::cerr << UCI_CONF << ".template using UCI file /etc/config/nginx\n";
ex = std::current_exception();
}
}
thrd.join();
if (ex) {
std::rethrow_exception(ex);
}
}
void get_env()
{
std::cout << "UCI_CONF="
<< "'" << UCI_CONF << "'" << std::endl;
std::cout << "NGINX_CONF="
<< "'" << NGINX_CONF << "'" << std::endl;
std::cout << "CONF_DIR="
<< "'" << CONF_DIR << "'" << std::endl;
std::cout << "LAN_NAME="
<< "'" << LAN_NAME << "'" << std::endl;
std::cout << "LAN_LISTEN="
<< "'" << LAN_LISTEN << "'" << std::endl;
std::cout << "LAN_SSL_LISTEN="
<< "'" << LAN_SSL_LISTEN << "'" << std::endl;
std::cout << "SSL_SESSION_CACHE_ARG="
<< "'" << SSL_SESSION_CACHE_ARG(LAN_NAME) << "'" << std::endl;
std::cout << "SSL_SESSION_TIMEOUT_ARG="
<< "'" << SSL_SESSION_TIMEOUT_ARG << "'\n";
std::cout << "ADD_SSL_FCT="
<< "'" << ADD_SSL_FCT << "'" << std::endl;
std::cout << "MANAGE_SSL="
<< "'" << MANAGE_SSL << "'" << std::endl;
}
auto main(int argc, char* argv[]) -> int
{
// TODO(pst): use std::span when available:
auto args = std::basic_string_view<char*>{argv, static_cast<size_t>(argc)};
auto cmds = std::array{
std::array<std::string_view, 2>{"init_lan", ""},
std::array<std::string_view, 2>{"get_env", ""},
std::array<std::string_view, 2>{
ADD_SSL_FCT, "server_name [manager /path/to/ssl_certificate /path/to/ssl_key]"},
std::array<std::string_view, 2>{"del_ssl", "server_name [manager]"},
std::array<std::string_view, 2>{"check_ssl", ""},
};
try {
if (argc == 2 && args[1] == cmds[0][0]) {
init_lan();
}
else if (argc == 2 && args[1] == cmds[1][0]) {
get_env();
}
else if (argc == 3 && args[1] == cmds[2][0]) {
add_ssl_if_needed(std::string{args[2]});
}
// NOLINTNEXTLINE(readability-magic-numbers,cppcoreguidelines-avoid-magic-numbers): 6
else if (argc == 6 && args[1] == cmds[2][0]) {
// NOLINTNEXTLINE(readability-magic-numbers,cppcoreguidelines-avoid-magic-numbers): 5
add_ssl_if_needed(std::string{args[2]}, args[3], args[4], args[5]);
}
else if (argc == 3 && args[1] == cmds[3][0]) {
del_ssl(std::string{args[2]});
}
else if (argc == 4 && args[1] == cmds[3][0]) {
del_ssl(std::string{args[2]}, args[3]);
}
else if (argc == 2 && args[1] == cmds[3][0]) // TODO(pst) deprecate
{
try {
auto name = std::string{LAN_NAME};
if (del_ssl_legacy(name)) {
auto crtpath = std::string{CONF_DIR} + name + ".crt";
remove(crtpath.c_str());
auto keypath = std::string{CONF_DIR} + name + ".key";
remove(keypath.c_str());
}
}
catch (...) { /* do nothing. */
}
}
else if (argc == 2 && args[1] == cmds[4][0]) {
check_ssl(uci::package{"nginx"});
}
else {
std::cerr << "Tool for creating Nginx configuration files (";
#ifdef VERSION
std::cerr << "version " << VERSION << " ";
#endif
std::cerr << "with libuci, ";
#ifndef NO_UBUS
std::cerr << "libubus, ";
#endif
std::cerr << "libopenssl, ";
#ifndef NO_PCRE
std::cerr << "PCRE, ";
#endif
std::cerr << "pthread and libstdcpp)." << std::endl;
auto usage =
std::accumulate(cmds.begin(), cmds.end(), std::string{"usage: "} + *argv + " [",
[](const auto& use, const auto& cmd) {
return use + std::string{cmd[0]} + (cmd[1].empty() ? "" : " ") +
std::string{cmd[1]} + "|";
});
usage[usage.size() - 1] = ']';
std::cerr << usage << std::endl;
throw std::runtime_error("main error: argument not recognized");
}
return 0;
}
catch (const std::exception& e) {
std::cerr << " * " << *argv << " " << e.what() << "\n";
}
catch (...) {
std::cerr << " * * " << *argv;
perror(" main error");
}
return 1;
}