// // Created by TheElixZammuto on 2021-05-09. // TODO: Authentication, better handling of routes common to nvhttp, cleanup #include "process.h" #include #include #include #include #include #include #include #include #include "config.h" #include "confighttp.h" #include "crypto.h" #include "httpcommon.h" #include "main.h" #include "network.h" #include "nvhttp.h" #include "platform/common.h" #include "rtsp.h" #include "utility.h" #include "uuid.h" std::string read_file(std::string path); namespace confighttp { using namespace std::literals; constexpr auto PORT_HTTP = 47990; namespace fs = std::filesystem; namespace pt = boost::property_tree; using https_server_t = SimpleWeb::Server; using args_t = SimpleWeb::CaseInsensitiveMultimap; using resp_https_t = std::shared_ptr::Response>; using req_https_t = std::shared_ptr::Request>; enum class op_e { ADD, REMOVE }; void send_unauthorized(resp_https_t response, req_https_t request) { auto address = request->remote_endpoint_address(); BOOST_LOG(info) << '[' << address << "] -- denied"sv; const SimpleWeb::CaseInsensitiveMultimap headers { { "WWW-Authenticate", R"(Basic realm="Sunshine Gamestream Host", charset="UTF-8")" } }; response->write(SimpleWeb::StatusCode::client_error_unauthorized, headers); } bool authenticate(resp_https_t response, req_https_t request) { auto address = request->remote_endpoint_address(); auto ip_type = net::from_address(address); if(ip_type > http::origin_pin_allowed) { BOOST_LOG(info) << '[' << address << "] -- denied"sv; response->write(SimpleWeb::StatusCode::client_error_forbidden); return false; } auto auth = request->header.find("authorization"); if(auth == request->header.end()) { send_unauthorized(response, request); return false; } std::string rawAuth = auth->second; std::string authData = rawAuth.substr("Basic "sv.length()); authData = SimpleWeb::Crypto::Base64::decode(authData); int index = authData.find(':'); std::string username = authData.substr(0, index); std::string password = authData.substr(index + 1); std::string hash = util::hex(crypto::hash(password + config::sunshine.salt)).to_string(); if(username == config::sunshine.username && hash == config::sunshine.password) return true; send_unauthorized(response, request); return false; } void not_found(resp_https_t response, req_https_t request) { pt::ptree tree; tree.put("root..status_code", 404); std::ostringstream data; pt::write_xml(data, tree); response->write(data.str()); *response << "HTTP/1.1 404 NOT FOUND\r\n" << data.str(); } void getIndexPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "index.html"); response->write(header + content); } void getPinPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "pin.html"); response->write(header + content); } void getAppsPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "apps.html"); response->write(header + content); } void getClientsPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "clients.html"); response->write(header + content); } void getConfigPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "config.html"); response->write(header + content); } void getPasswordPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "password.html"); response->write(header + content); } void getApps(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::string content = read_file(SUNSHINE_ASSETS_DIR "/" APPS_JSON); response->write(content); } void saveApp(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::stringstream ss; ss << request->content.rdbuf(); pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); pt::ptree inputTree, fileTree; try { //TODO: Input Validation pt::read_json(ss, inputTree); pt::read_json(SUNSHINE_ASSETS_DIR "/" APPS_JSON, fileTree); auto &apps_node = fileTree.get_child("apps"s); int index = inputTree.get("index"); BOOST_LOG(info) << inputTree.get_child("prep-cmd").empty(); if(inputTree.get_child("prep-cmd").empty()) inputTree.erase("prep-cmd"); inputTree.erase("index"); if(index == -1) { apps_node.push_back(std::make_pair("", inputTree)); } else { //Unfortuantely Boost PT does not allow to directly edit the array, copy should do the trick pt::ptree newApps; int i = 0; for(const auto &kv : apps_node) { if(i == index) { newApps.push_back(std::make_pair("", inputTree)); } else { newApps.push_back(std::make_pair("", kv.second)); } i++; } fileTree.erase("apps"); fileTree.push_back(std::make_pair("apps", newApps)); } pt::write_json(SUNSHINE_ASSETS_DIR "/" APPS_JSON, fileTree); outputTree.put("status", "true"); proc::refresh(SUNSHINE_ASSETS_DIR "/" APPS_JSON); } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); outputTree.put("status", "false"); outputTree.put("error", "Invalid Input JSON"); return; } } void deleteApp(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); pt::ptree fileTree; try { pt::read_json(config::stream.file_apps, fileTree); auto &apps_node = fileTree.get_child("apps"s); int index = stoi(request->path_match[1]); BOOST_LOG(info) << index; if(index <= 0) { outputTree.put("status", "false"); outputTree.put("error", "Invalid Index"); return; } else { //Unfortuantely Boost PT does not allow to directly edit the array, copy should do the trick pt::ptree newApps; int i = 0; for(const auto &kv : apps_node) { if(i != index) { newApps.push_back(std::make_pair("", kv.second)); } i++; } fileTree.erase("apps"); fileTree.push_back(std::make_pair("apps", newApps)); } pt::write_json(SUNSHINE_ASSETS_DIR "/" APPS_JSON, fileTree); outputTree.put("status", "true"); proc::refresh(SUNSHINE_ASSETS_DIR "/" APPS_JSON); } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); outputTree.put("status", "false"); outputTree.put("error", "Invalid File JSON"); return; } } void getConfig(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); try { outputTree.put("status", "true"); outputTree.put("platform", SUNSHINE_PLATFORM); const char *config_file = SUNSHINE_ASSETS_DIR "/sunshine.conf"; std::ifstream in { config_file }; if(!in.is_open()) { std::cout << "Error: Couldn't open "sv << config_file << std::endl; } auto vars = config::parse_config(std::string { // Quick and dirty std::istreambuf_iterator(in), std::istreambuf_iterator() }); for(auto &[name, value] : vars) { outputTree.put(std::move(name), std::move(value)); } } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); outputTree.put("status", "false"); outputTree.put("error", "Invalid File JSON"); return; } } void saveConfig(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::stringstream ss; std::stringstream configStream; ss << request->content.rdbuf(); pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); pt::ptree inputTree; try { //TODO: Input Validation pt::read_json(ss, inputTree); for(const auto &kv : inputTree) { std::string value = inputTree.get(kv.first); if(value.length() == 0 || value.compare("null") == 0) continue; configStream << kv.first << " = " << value << std::endl; } http::write_file(SUNSHINE_ASSETS_DIR "/sunshine.conf", configStream.str()); } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); outputTree.put("status", "false"); outputTree.put("error", e.what()); return; } } void savePassword(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; std::stringstream ss; std::stringstream configStream; ss << request->content.rdbuf(); pt::ptree inputTree,outputTree,fileTree; auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); try { //TODO: Input Validation pt::read_json(ss, inputTree); std::string username = inputTree.get("currentUsername"); std::string newUsername = inputTree.get("newUsername"); std::string password = inputTree.get("currentPassword"); std::string newPassword = inputTree.get("newPassword"); std::string confirmPassword = inputTree.get("confirmNewPassword"); if(newUsername.length() == 0) newUsername = username; std::string hash = util::hex(crypto::hash(password + config::sunshine.salt)).to_string(); if(username == config::sunshine.username && hash == config::sunshine.password){ if(newPassword != confirmPassword){ outputTree.put("status",false); outputTree.put("error","Password Mismatch"); } fileTree.put("username",newUsername); fileTree.put("password",util::hex(crypto::hash(newPassword + config::sunshine.salt)).to_string()); fileTree.put("salt",config::sunshine.salt); pt::write_json(config::sunshine.credentials_file,fileTree); http::reload_user_creds(config::sunshine.credentials_file); outputTree.put("status",true); } else { outputTree.put("status",false); outputTree.put("error","Invalid Current Credentials"); } } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); outputTree.put("status", false); outputTree.put("error", e.what()); return; } } void start(std::shared_ptr shutdown_event) { auto ctx = std::make_shared(boost::asio::ssl::context::tls); ctx->use_certificate_chain_file(config::nvhttp.cert); ctx->use_private_key_file(config::nvhttp.pkey, boost::asio::ssl::context::pem); https_server_t server { ctx, 0 }; server.default_resource = not_found; server.resource["^/$"]["GET"] = getIndexPage; server.resource["^/pin$"]["GET"] = getPinPage; server.resource["^/apps$"]["GET"] = getAppsPage; server.resource["^/clients$"]["GET"] = getClientsPage; server.resource["^/config$"]["GET"] = getConfigPage; server.resource["^/password$"]["GET"] = getPasswordPage; server.resource["^/pin/([0-9]+)$"]["GET"] = nvhttp::pin; server.resource["^/api/apps$"]["GET"] = getApps; server.resource["^/api/apps$"]["POST"] = saveApp; server.resource["^/api/config$"]["GET"] = getConfig; server.resource["^/api/config$"]["POST"] = saveConfig; server.resource["^/api/password$"]["POST"] = savePassword; server.resource["^/api/apps/([0-9]+)$"]["DELETE"] = deleteApp; server.config.reuse_address = true; server.config.address = "0.0.0.0"s; server.config.port = PORT_HTTP; try { server.bind(); BOOST_LOG(info) << "Configuration UI available at [https://localhost:"sv << PORT_HTTP << "]"; } catch(boost::system::system_error &err) { BOOST_LOG(fatal) << "Couldn't bind http server to ports ["sv << PORT_HTTP << "]: "sv << err.what(); shutdown_event->raise(true); return; } auto accept_and_run = [&](auto *server) { try { server->accept_and_run(); } catch(boost::system::system_error &err) { // It's possible the exception gets thrown after calling server->stop() from a different thread if(shutdown_event->peek()) { return; } BOOST_LOG(fatal) << "Couldn't start Configuration HTTP server to ports ["sv << PORT_HTTP << ", "sv << PORT_HTTP << "]: "sv << err.what(); shutdown_event->raise(true); return; } }; std::thread tcp { accept_and_run, &server }; // Wait for any event shutdown_event->view(); server.stop(); tcp.join(); } } // namespace confighttp std::string read_file(std::string path) { std::ifstream in(path); std::string input; std::string base64_cert; //FIXME: Being unable to read file could result in infinite loop while(!in.eof()) { std::getline(in, input); base64_cert += input + '\n'; } return base64_cert; }