1// Copyright 2009 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// HTTP server. See RFC 7230 through 7235. 6 7package http 8 9import ( 10 "bufio" 11 "bytes" 12 "context" 13 "crypto/tls" 14 "errors" 15 "fmt" 16 "io" 17 "log" 18 "math/rand" 19 "net" 20 "net/textproto" 21 "net/url" 22 urlpkg "net/url" 23 "os" 24 "path" 25 "runtime" 26 "sort" 27 "strconv" 28 "strings" 29 "sync" 30 "sync/atomic" 31 "time" 32 33 "golang.org/x/net/http/httpguts" 34) 35 36// Errors used by the HTTP server. 37var ( 38 // ErrBodyNotAllowed is returned by ResponseWriter.Write calls 39 // when the HTTP method or response code does not permit a 40 // body. 41 ErrBodyNotAllowed = errors.New("http: request method or response status code does not allow body") 42 43 // ErrHijacked is returned by ResponseWriter.Write calls when 44 // the underlying connection has been hijacked using the 45 // Hijacker interface. A zero-byte write on a hijacked 46 // connection will return ErrHijacked without any other side 47 // effects. 48 ErrHijacked = errors.New("http: connection has been hijacked") 49 50 // ErrContentLength is returned by ResponseWriter.Write calls 51 // when a Handler set a Content-Length response header with a 52 // declared size and then attempted to write more bytes than 53 // declared. 54 ErrContentLength = errors.New("http: wrote more than the declared Content-Length") 55 56 // Deprecated: ErrWriteAfterFlush is no longer returned by 57 // anything in the net/http package. Callers should not 58 // compare errors against this variable. 59 ErrWriteAfterFlush = errors.New("unused") 60) 61 62// A Handler responds to an HTTP request. 63// 64// ServeHTTP should write reply headers and data to the ResponseWriter 65// and then return. Returning signals that the request is finished; it 66// is not valid to use the ResponseWriter or read from the 67// Request.Body after or concurrently with the completion of the 68// ServeHTTP call. 69// 70// Depending on the HTTP client software, HTTP protocol version, and 71// any intermediaries between the client and the Go server, it may not 72// be possible to read from the Request.Body after writing to the 73// ResponseWriter. Cautious handlers should read the Request.Body 74// first, and then reply. 75// 76// Except for reading the body, handlers should not modify the 77// provided Request. 78// 79// If ServeHTTP panics, the server (the caller of ServeHTTP) assumes 80// that the effect of the panic was isolated to the active request. 81// It recovers the panic, logs a stack trace to the server error log, 82// and either closes the network connection or sends an HTTP/2 83// RST_STREAM, depending on the HTTP protocol. To abort a handler so 84// the client sees an interrupted response but the server doesn't log 85// an error, panic with the value ErrAbortHandler. 86type Handler interface { 87 ServeHTTP(ResponseWriter, *Request) 88} 89 90// A ResponseWriter interface is used by an HTTP handler to 91// construct an HTTP response. 92// 93// A ResponseWriter may not be used after the Handler.ServeHTTP method 94// has returned. 95type ResponseWriter interface { 96 // Header returns the header map that will be sent by 97 // WriteHeader. The Header map also is the mechanism with which 98 // Handlers can set HTTP trailers. 99 // 100 // Changing the header map after a call to WriteHeader (or 101 // Write) has no effect unless the modified headers are 102 // trailers. 103 // 104 // There are two ways to set Trailers. The preferred way is to 105 // predeclare in the headers which trailers you will later 106 // send by setting the "Trailer" header to the names of the 107 // trailer keys which will come later. In this case, those 108 // keys of the Header map are treated as if they were 109 // trailers. See the example. The second way, for trailer 110 // keys not known to the Handler until after the first Write, 111 // is to prefix the Header map keys with the TrailerPrefix 112 // constant value. See TrailerPrefix. 113 // 114 // To suppress automatic response headers (such as "Date"), set 115 // their value to nil. 116 Header() Header 117 118 // Write writes the data to the connection as part of an HTTP reply. 119 // 120 // If WriteHeader has not yet been called, Write calls 121 // WriteHeader(http.StatusOK) before writing the data. If the Header 122 // does not contain a Content-Type line, Write adds a Content-Type set 123 // to the result of passing the initial 512 bytes of written data to 124 // DetectContentType. Additionally, if the total size of all written 125 // data is under a few KB and there are no Flush calls, the 126 // Content-Length header is added automatically. 127 // 128 // Depending on the HTTP protocol version and the client, calling 129 // Write or WriteHeader may prevent future reads on the 130 // Request.Body. For HTTP/1.x requests, handlers should read any 131 // needed request body data before writing the response. Once the 132 // headers have been flushed (due to either an explicit Flusher.Flush 133 // call or writing enough data to trigger a flush), the request body 134 // may be unavailable. For HTTP/2 requests, the Go HTTP server permits 135 // handlers to continue to read the request body while concurrently 136 // writing the response. However, such behavior may not be supported 137 // by all HTTP/2 clients. Handlers should read before writing if 138 // possible to maximize compatibility. 139 Write([]byte) (int, error) 140 141 // WriteHeader sends an HTTP response header with the provided 142 // status code. 143 // 144 // If WriteHeader is not called explicitly, the first call to Write 145 // will trigger an implicit WriteHeader(http.StatusOK). 146 // Thus explicit calls to WriteHeader are mainly used to 147 // send error codes. 148 // 149 // The provided code must be a valid HTTP 1xx-5xx status code. 150 // Only one header may be written. Go does not currently 151 // support sending user-defined 1xx informational headers, 152 // with the exception of 100-continue response header that the 153 // Server sends automatically when the Request.Body is read. 154 WriteHeader(statusCode int) 155} 156 157// The Flusher interface is implemented by ResponseWriters that allow 158// an HTTP handler to flush buffered data to the client. 159// 160// The default HTTP/1.x and HTTP/2 ResponseWriter implementations 161// support Flusher, but ResponseWriter wrappers may not. Handlers 162// should always test for this ability at runtime. 163// 164// Note that even for ResponseWriters that support Flush, 165// if the client is connected through an HTTP proxy, 166// the buffered data may not reach the client until the response 167// completes. 168type Flusher interface { 169 // Flush sends any buffered data to the client. 170 Flush() 171} 172 173// The Hijacker interface is implemented by ResponseWriters that allow 174// an HTTP handler to take over the connection. 175// 176// The default ResponseWriter for HTTP/1.x connections supports 177// Hijacker, but HTTP/2 connections intentionally do not. 178// ResponseWriter wrappers may also not support Hijacker. Handlers 179// should always test for this ability at runtime. 180type Hijacker interface { 181 // Hijack lets the caller take over the connection. 182 // After a call to Hijack the HTTP server library 183 // will not do anything else with the connection. 184 // 185 // It becomes the caller's responsibility to manage 186 // and close the connection. 187 // 188 // The returned net.Conn may have read or write deadlines 189 // already set, depending on the configuration of the 190 // Server. It is the caller's responsibility to set 191 // or clear those deadlines as needed. 192 // 193 // The returned bufio.Reader may contain unprocessed buffered 194 // data from the client. 195 // 196 // After a call to Hijack, the original Request.Body must not 197 // be used. The original Request's Context remains valid and 198 // is not canceled until the Request's ServeHTTP method 199 // returns. 200 Hijack() (net.Conn, *bufio.ReadWriter, error) 201} 202 203// The CloseNotifier interface is implemented by ResponseWriters which 204// allow detecting when the underlying connection has gone away. 205// 206// This mechanism can be used to cancel long operations on the server 207// if the client has disconnected before the response is ready. 208// 209// Deprecated: the CloseNotifier interface predates Go's context package. 210// New code should use Request.Context instead. 211type CloseNotifier interface { 212 // CloseNotify returns a channel that receives at most a 213 // single value (true) when the client connection has gone 214 // away. 215 // 216 // CloseNotify may wait to notify until Request.Body has been 217 // fully read. 218 // 219 // After the Handler has returned, there is no guarantee 220 // that the channel receives a value. 221 // 222 // If the protocol is HTTP/1.1 and CloseNotify is called while 223 // processing an idempotent request (such a GET) while 224 // HTTP/1.1 pipelining is in use, the arrival of a subsequent 225 // pipelined request may cause a value to be sent on the 226 // returned channel. In practice HTTP/1.1 pipelining is not 227 // enabled in browsers and not seen often in the wild. If this 228 // is a problem, use HTTP/2 or only use CloseNotify on methods 229 // such as POST. 230 CloseNotify() <-chan bool 231} 232 233var ( 234 // ServerContextKey is a context key. It can be used in HTTP 235 // handlers with Context.Value to access the server that 236 // started the handler. The associated value will be of 237 // type *Server. 238 ServerContextKey = &contextKey{"http-server"} 239 240 // LocalAddrContextKey is a context key. It can be used in 241 // HTTP handlers with Context.Value to access the local 242 // address the connection arrived on. 243 // The associated value will be of type net.Addr. 244 LocalAddrContextKey = &contextKey{"local-addr"} 245) 246 247// A conn represents the server side of an HTTP connection. 248type conn struct { 249 // server is the server on which the connection arrived. 250 // Immutable; never nil. 251 server *Server 252 253 // cancelCtx cancels the connection-level context. 254 cancelCtx context.CancelFunc 255 256 // rwc is the underlying network connection. 257 // This is never wrapped by other types and is the value given out 258 // to CloseNotifier callers. It is usually of type *net.TCPConn or 259 // *tls.Conn. 260 rwc net.Conn 261 262 // remoteAddr is rwc.RemoteAddr().String(). It is not populated synchronously 263 // inside the Listener's Accept goroutine, as some implementations block. 264 // It is populated immediately inside the (*conn).serve goroutine. 265 // This is the value of a Handler's (*Request).RemoteAddr. 266 remoteAddr string 267 268 // tlsState is the TLS connection state when using TLS. 269 // nil means not TLS. 270 tlsState *tls.ConnectionState 271 272 // werr is set to the first write error to rwc. 273 // It is set via checkConnErrorWriter{w}, where bufw writes. 274 werr error 275 276 // r is bufr's read source. It's a wrapper around rwc that provides 277 // io.LimitedReader-style limiting (while reading request headers) 278 // and functionality to support CloseNotifier. See *connReader docs. 279 r *connReader 280 281 // bufr reads from r. 282 bufr *bufio.Reader 283 284 // bufw writes to checkConnErrorWriter{c}, which populates werr on error. 285 bufw *bufio.Writer 286 287 // lastMethod is the method of the most recent request 288 // on this connection, if any. 289 lastMethod string 290 291 curReq atomic.Value // of *response (which has a Request in it) 292 293 curState struct{ atomic uint64 } // packed (unixtime<<8|uint8(ConnState)) 294 295 // mu guards hijackedv 296 mu sync.Mutex 297 298 // hijackedv is whether this connection has been hijacked 299 // by a Handler with the Hijacker interface. 300 // It is guarded by mu. 301 hijackedv bool 302} 303 304func (c *conn) hijacked() bool { 305 c.mu.Lock() 306 defer c.mu.Unlock() 307 return c.hijackedv 308} 309 310// c.mu must be held. 311func (c *conn) hijackLocked() (rwc net.Conn, buf *bufio.ReadWriter, err error) { 312 if c.hijackedv { 313 return nil, nil, ErrHijacked 314 } 315 c.r.abortPendingRead() 316 317 c.hijackedv = true 318 rwc = c.rwc 319 rwc.SetDeadline(time.Time{}) 320 321 buf = bufio.NewReadWriter(c.bufr, bufio.NewWriter(rwc)) 322 if c.r.hasByte { 323 if _, err := c.bufr.Peek(c.bufr.Buffered() + 1); err != nil { 324 return nil, nil, fmt.Errorf("unexpected Peek failure reading buffered byte: %v", err) 325 } 326 } 327 c.setState(rwc, StateHijacked, runHooks) 328 return 329} 330 331// This should be >= 512 bytes for DetectContentType, 332// but otherwise it's somewhat arbitrary. 333const bufferBeforeChunkingSize = 2048 334 335// chunkWriter writes to a response's conn buffer, and is the writer 336// wrapped by the response.bufw buffered writer. 337// 338// chunkWriter also is responsible for finalizing the Header, including 339// conditionally setting the Content-Type and setting a Content-Length 340// in cases where the handler's final output is smaller than the buffer 341// size. It also conditionally adds chunk headers, when in chunking mode. 342// 343// See the comment above (*response).Write for the entire write flow. 344type chunkWriter struct { 345 res *response 346 347 // header is either nil or a deep clone of res.handlerHeader 348 // at the time of res.writeHeader, if res.writeHeader is 349 // called and extra buffering is being done to calculate 350 // Content-Type and/or Content-Length. 351 header Header 352 353 // wroteHeader tells whether the header's been written to "the 354 // wire" (or rather: w.conn.buf). this is unlike 355 // (*response).wroteHeader, which tells only whether it was 356 // logically written. 357 wroteHeader bool 358 359 // set by the writeHeader method: 360 chunking bool // using chunked transfer encoding for reply body 361} 362 363var ( 364 crlf = []byte("\r\n") 365 colonSpace = []byte(": ") 366) 367 368func (cw *chunkWriter) Write(p []byte) (n int, err error) { 369 if !cw.wroteHeader { 370 cw.writeHeader(p) 371 } 372 if cw.res.req.Method == "HEAD" { 373 // Eat writes. 374 return len(p), nil 375 } 376 if cw.chunking { 377 _, err = fmt.Fprintf(cw.res.conn.bufw, "%x\r\n", len(p)) 378 if err != nil { 379 cw.res.conn.rwc.Close() 380 return 381 } 382 } 383 n, err = cw.res.conn.bufw.Write(p) 384 if cw.chunking && err == nil { 385 _, err = cw.res.conn.bufw.Write(crlf) 386 } 387 if err != nil { 388 cw.res.conn.rwc.Close() 389 } 390 return 391} 392 393func (cw *chunkWriter) flush() { 394 if !cw.wroteHeader { 395 cw.writeHeader(nil) 396 } 397 cw.res.conn.bufw.Flush() 398} 399 400func (cw *chunkWriter) close() { 401 if !cw.wroteHeader { 402 cw.writeHeader(nil) 403 } 404 if cw.chunking { 405 bw := cw.res.conn.bufw // conn's bufio writer 406 // zero chunk to mark EOF 407 bw.WriteString("0\r\n") 408 if trailers := cw.res.finalTrailers(); trailers != nil { 409 trailers.Write(bw) // the writer handles noting errors 410 } 411 // final blank line after the trailers (whether 412 // present or not) 413 bw.WriteString("\r\n") 414 } 415} 416 417// A response represents the server side of an HTTP response. 418type response struct { 419 conn *conn 420 req *Request // request for this response 421 reqBody io.ReadCloser 422 cancelCtx context.CancelFunc // when ServeHTTP exits 423 wroteHeader bool // reply header has been (logically) written 424 wroteContinue bool // 100 Continue response was written 425 wants10KeepAlive bool // HTTP/1.0 w/ Connection "keep-alive" 426 wantsClose bool // HTTP request has Connection "close" 427 428 // canWriteContinue is a boolean value accessed as an atomic int32 429 // that says whether or not a 100 Continue header can be written 430 // to the connection. 431 // writeContinueMu must be held while writing the header. 432 // These two fields together synchronize the body reader 433 // (the expectContinueReader, which wants to write 100 Continue) 434 // against the main writer. 435 canWriteContinue atomicBool 436 writeContinueMu sync.Mutex 437 438 w *bufio.Writer // buffers output in chunks to chunkWriter 439 cw chunkWriter 440 441 // handlerHeader is the Header that Handlers get access to, 442 // which may be retained and mutated even after WriteHeader. 443 // handlerHeader is copied into cw.header at WriteHeader 444 // time, and privately mutated thereafter. 445 handlerHeader Header 446 calledHeader bool // handler accessed handlerHeader via Header 447 448 written int64 // number of bytes written in body 449 contentLength int64 // explicitly-declared Content-Length; or -1 450 status int // status code passed to WriteHeader 451 452 // close connection after this reply. set on request and 453 // updated after response from handler if there's a 454 // "Connection: keep-alive" response header and a 455 // Content-Length. 456 closeAfterReply bool 457 458 // requestBodyLimitHit is set by requestTooLarge when 459 // maxBytesReader hits its max size. It is checked in 460 // WriteHeader, to make sure we don't consume the 461 // remaining request body to try to advance to the next HTTP 462 // request. Instead, when this is set, we stop reading 463 // subsequent requests on this connection and stop reading 464 // input from it. 465 requestBodyLimitHit bool 466 467 // trailers are the headers to be sent after the handler 468 // finishes writing the body. This field is initialized from 469 // the Trailer response header when the response header is 470 // written. 471 trailers []string 472 473 handlerDone atomicBool // set true when the handler exits 474 475 // Buffers for Date, Content-Length, and status code 476 dateBuf [len(TimeFormat)]byte 477 clenBuf [10]byte 478 statusBuf [3]byte 479 480 // closeNotifyCh is the channel returned by CloseNotify. 481 // TODO(bradfitz): this is currently (for Go 1.8) always 482 // non-nil. Make this lazily-created again as it used to be? 483 closeNotifyCh chan bool 484 didCloseNotify int32 // atomic (only 0->1 winner should send) 485} 486 487// TrailerPrefix is a magic prefix for ResponseWriter.Header map keys 488// that, if present, signals that the map entry is actually for 489// the response trailers, and not the response headers. The prefix 490// is stripped after the ServeHTTP call finishes and the values are 491// sent in the trailers. 492// 493// This mechanism is intended only for trailers that are not known 494// prior to the headers being written. If the set of trailers is fixed 495// or known before the header is written, the normal Go trailers mechanism 496// is preferred: 497// https://golang.org/pkg/net/http/#ResponseWriter 498// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers 499const TrailerPrefix = "Trailer:" 500 501// finalTrailers is called after the Handler exits and returns a non-nil 502// value if the Handler set any trailers. 503func (w *response) finalTrailers() Header { 504 var t Header 505 for k, vv := range w.handlerHeader { 506 if strings.HasPrefix(k, TrailerPrefix) { 507 if t == nil { 508 t = make(Header) 509 } 510 t[strings.TrimPrefix(k, TrailerPrefix)] = vv 511 } 512 } 513 for _, k := range w.trailers { 514 if t == nil { 515 t = make(Header) 516 } 517 for _, v := range w.handlerHeader[k] { 518 t.Add(k, v) 519 } 520 } 521 return t 522} 523 524type atomicBool int32 525 526func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 } 527func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) } 528func (b *atomicBool) setFalse() { atomic.StoreInt32((*int32)(b), 0) } 529 530// declareTrailer is called for each Trailer header when the 531// response header is written. It notes that a header will need to be 532// written in the trailers at the end of the response. 533func (w *response) declareTrailer(k string) { 534 k = CanonicalHeaderKey(k) 535 if !httpguts.ValidTrailerHeader(k) { 536 // Forbidden by RFC 7230, section 4.1.2 537 return 538 } 539 w.trailers = append(w.trailers, k) 540} 541 542// requestTooLarge is called by maxBytesReader when too much input has 543// been read from the client. 544func (w *response) requestTooLarge() { 545 w.closeAfterReply = true 546 w.requestBodyLimitHit = true 547 if !w.wroteHeader { 548 w.Header().Set("Connection", "close") 549 } 550} 551 552// needsSniff reports whether a Content-Type still needs to be sniffed. 553func (w *response) needsSniff() bool { 554 _, haveType := w.handlerHeader["Content-Type"] 555 return !w.cw.wroteHeader && !haveType && w.written < sniffLen 556} 557 558// writerOnly hides an io.Writer value's optional ReadFrom method 559// from io.Copy. 560type writerOnly struct { 561 io.Writer 562} 563 564// ReadFrom is here to optimize copying from an *os.File regular file 565// to a *net.TCPConn with sendfile, or from a supported src type such 566// as a *net.TCPConn on Linux with splice. 567func (w *response) ReadFrom(src io.Reader) (n int64, err error) { 568 bufp := copyBufPool.Get().(*[]byte) 569 buf := *bufp 570 defer copyBufPool.Put(bufp) 571 572 // Our underlying w.conn.rwc is usually a *TCPConn (with its 573 // own ReadFrom method). If not, just fall back to the normal 574 // copy method. 575 rf, ok := w.conn.rwc.(io.ReaderFrom) 576 if !ok { 577 return io.CopyBuffer(writerOnly{w}, src, buf) 578 } 579 580 // sendfile path: 581 582 // Do not start actually writing response until src is readable. 583 // If body length is <= sniffLen, sendfile/splice path will do 584 // little anyway. This small read also satisfies sniffing the 585 // body in case Content-Type is missing. 586 nr, er := src.Read(buf[:sniffLen]) 587 atEOF := errors.Is(er, io.EOF) 588 n += int64(nr) 589 590 if nr > 0 { 591 // Write the small amount read normally. 592 nw, ew := w.Write(buf[:nr]) 593 if ew != nil { 594 err = ew 595 } else if nr != nw { 596 err = io.ErrShortWrite 597 } 598 } 599 if err == nil && er != nil && !atEOF { 600 err = er 601 } 602 603 // Do not send StatusOK in the error case where nothing has been written. 604 if err == nil && !w.wroteHeader { 605 w.WriteHeader(StatusOK) // nr == 0, no error (or EOF) 606 } 607 608 if err != nil || atEOF { 609 return n, err 610 } 611 612 w.w.Flush() // get rid of any previous writes 613 w.cw.flush() // make sure Header is written; flush data to rwc 614 615 // Now that cw has been flushed, its chunking field is guaranteed initialized. 616 if !w.cw.chunking && w.bodyAllowed() { 617 n0, err := rf.ReadFrom(src) 618 n += n0 619 w.written += n0 620 return n, err 621 } 622 623 n0, err := io.Copy(writerOnly{w}, src) 624 n += n0 625 return n, err 626} 627 628// debugServerConnections controls whether all server connections are wrapped 629// with a verbose logging wrapper. 630const debugServerConnections = false 631 632// Create new connection from rwc. 633func (srv *Server) newConn(rwc net.Conn) *conn { 634 c := &conn{ 635 server: srv, 636 rwc: rwc, 637 } 638 if debugServerConnections { 639 c.rwc = newLoggingConn("server", c.rwc) 640 } 641 return c 642} 643 644type readResult struct { 645 _ incomparable 646 n int 647 err error 648 b byte // byte read, if n == 1 649} 650 651// connReader is the io.Reader wrapper used by *conn. It combines a 652// selectively-activated io.LimitedReader (to bound request header 653// read sizes) with support for selectively keeping an io.Reader.Read 654// call blocked in a background goroutine to wait for activity and 655// trigger a CloseNotifier channel. 656type connReader struct { 657 conn *conn 658 659 mu sync.Mutex // guards following 660 hasByte bool 661 byteBuf [1]byte 662 cond *sync.Cond 663 inRead bool 664 aborted bool // set true before conn.rwc deadline is set to past 665 remain int64 // bytes remaining 666} 667 668func (cr *connReader) lock() { 669 cr.mu.Lock() 670 if cr.cond == nil { 671 cr.cond = sync.NewCond(&cr.mu) 672 } 673} 674 675func (cr *connReader) unlock() { cr.mu.Unlock() } 676 677func (cr *connReader) startBackgroundRead() { 678 cr.lock() 679 defer cr.unlock() 680 if cr.inRead { 681 panic("invalid concurrent Body.Read call") 682 } 683 if cr.hasByte { 684 return 685 } 686 cr.inRead = true 687 cr.conn.rwc.SetReadDeadline(time.Time{}) 688 go cr.backgroundRead() 689} 690 691func (cr *connReader) backgroundRead() { 692 n, err := cr.conn.rwc.Read(cr.byteBuf[:]) 693 cr.lock() 694 if n == 1 { 695 cr.hasByte = true 696 // We were past the end of the previous request's body already 697 // (since we wouldn't be in a background read otherwise), so 698 // this is a pipelined HTTP request. Prior to Go 1.11 we used to 699 // send on the CloseNotify channel and cancel the context here, 700 // but the behavior was documented as only "may", and we only 701 // did that because that's how CloseNotify accidentally behaved 702 // in very early Go releases prior to context support. Once we 703 // added context support, people used a Handler's 704 // Request.Context() and passed it along. Having that context 705 // cancel on pipelined HTTP requests caused problems. 706 // Fortunately, almost nothing uses HTTP/1.x pipelining. 707 // Unfortunately, apt-get does, or sometimes does. 708 // New Go 1.11 behavior: don't fire CloseNotify or cancel 709 // contexts on pipelined requests. Shouldn't affect people, but 710 // fixes cases like Issue 23921. This does mean that a client 711 // closing their TCP connection after sending a pipelined 712 // request won't cancel the context, but we'll catch that on any 713 // write failure (in checkConnErrorWriter.Write). 714 // If the server never writes, yes, there are still contrived 715 // server & client behaviors where this fails to ever cancel the 716 // context, but that's kinda why HTTP/1.x pipelining died 717 // anyway. 718 } 719 if ne, ok := err.(net.Error); ok && cr.aborted && ne.Timeout() { 720 // Ignore this error. It's the expected error from 721 // another goroutine calling abortPendingRead. 722 } else if err != nil { 723 cr.handleReadError(err) 724 } 725 cr.aborted = false 726 cr.inRead = false 727 cr.unlock() 728 cr.cond.Broadcast() 729} 730 731func (cr *connReader) abortPendingRead() { 732 cr.lock() 733 defer cr.unlock() 734 if !cr.inRead { 735 return 736 } 737 cr.aborted = true 738 cr.conn.rwc.SetReadDeadline(aLongTimeAgo) 739 for cr.inRead { 740 cr.cond.Wait() 741 } 742 cr.conn.rwc.SetReadDeadline(time.Time{}) 743} 744 745func (cr *connReader) setReadLimit(remain int64) { cr.remain = remain } 746func (cr *connReader) setInfiniteReadLimit() { cr.remain = maxInt64 } 747func (cr *connReader) hitReadLimit() bool { return cr.remain <= 0 } 748 749// handleReadError is called whenever a Read from the client returns a 750// non-nil error. 751// 752// The provided non-nil err is almost always io.EOF or a "use of 753// closed network connection". In any case, the error is not 754// particularly interesting, except perhaps for debugging during 755// development. Any error means the connection is dead and we should 756// down its context. 757// 758// It may be called from multiple goroutines. 759func (cr *connReader) handleReadError(_ error) { 760 cr.conn.cancelCtx() 761 cr.closeNotify() 762} 763 764// may be called from multiple goroutines. 765func (cr *connReader) closeNotify() { 766 res, _ := cr.conn.curReq.Load().(*response) 767 if res != nil && atomic.CompareAndSwapInt32(&res.didCloseNotify, 0, 1) { 768 res.closeNotifyCh <- true 769 } 770} 771 772func (cr *connReader) Read(p []byte) (n int, err error) { 773 cr.lock() 774 if cr.inRead { 775 cr.unlock() 776 if cr.conn.hijacked() { 777 panic("invalid Body.Read call. After hijacked, the original Request must not be used") 778 } 779 panic("invalid concurrent Body.Read call") 780 } 781 if cr.hitReadLimit() { 782 cr.unlock() 783 return 0, io.EOF 784 } 785 if len(p) == 0 { 786 cr.unlock() 787 return 0, nil 788 } 789 if int64(len(p)) > cr.remain { 790 p = p[:cr.remain] 791 } 792 if cr.hasByte { 793 p[0] = cr.byteBuf[0] 794 cr.hasByte = false 795 cr.unlock() 796 return 1, nil 797 } 798 cr.inRead = true 799 cr.unlock() 800 n, err = cr.conn.rwc.Read(p) 801 802 cr.lock() 803 cr.inRead = false 804 if err != nil { 805 cr.handleReadError(err) 806 } 807 cr.remain -= int64(n) 808 cr.unlock() 809 810 cr.cond.Broadcast() 811 return n, err 812} 813 814var ( 815 bufioReaderPool sync.Pool 816 bufioWriter2kPool sync.Pool 817 bufioWriter4kPool sync.Pool 818) 819 820var copyBufPool = sync.Pool{ 821 New: func() interface{} { 822 b := make([]byte, 32*1024) 823 return &b 824 }, 825} 826 827func bufioWriterPool(size int) *sync.Pool { 828 switch size { 829 case 2 << 10: 830 return &bufioWriter2kPool 831 case 4 << 10: 832 return &bufioWriter4kPool 833 } 834 return nil 835} 836 837func newBufioReader(r io.Reader) *bufio.Reader { 838 if v := bufioReaderPool.Get(); v != nil { 839 br := v.(*bufio.Reader) 840 br.Reset(r) 841 return br 842 } 843 // Note: if this reader size is ever changed, update 844 // TestHandlerBodyClose's assumptions. 845 return bufio.NewReader(r) 846} 847 848func putBufioReader(br *bufio.Reader) { 849 br.Reset(nil) 850 bufioReaderPool.Put(br) 851} 852 853func newBufioWriterSize(w io.Writer, size int) *bufio.Writer { 854 pool := bufioWriterPool(size) 855 if pool != nil { 856 if v := pool.Get(); v != nil { 857 bw := v.(*bufio.Writer) 858 bw.Reset(w) 859 return bw 860 } 861 } 862 return bufio.NewWriterSize(w, size) 863} 864 865func putBufioWriter(bw *bufio.Writer) { 866 bw.Reset(nil) 867 if pool := bufioWriterPool(bw.Available()); pool != nil { 868 pool.Put(bw) 869 } 870} 871 872// DefaultMaxHeaderBytes is the maximum permitted size of the headers 873// in an HTTP request. 874// This can be overridden by setting Server.MaxHeaderBytes. 875const DefaultMaxHeaderBytes = 1 << 20 // 1 MB 876 877func (srv *Server) maxHeaderBytes() int { 878 if srv.MaxHeaderBytes > 0 { 879 return srv.MaxHeaderBytes 880 } 881 return DefaultMaxHeaderBytes 882} 883 884func (srv *Server) initialReadLimitSize() int64 { 885 return int64(srv.maxHeaderBytes()) + 4096 // bufio slop 886} 887 888// wrapper around io.ReadCloser which on first read, sends an 889// HTTP/1.1 100 Continue header 890type expectContinueReader struct { 891 resp *response 892 readCloser io.ReadCloser 893 closed atomicBool 894 sawEOF atomicBool 895} 896 897func (ecr *expectContinueReader) Read(p []byte) (n int, err error) { 898 if ecr.closed.isSet() { 899 return 0, ErrBodyReadAfterClose 900 } 901 w := ecr.resp 902 if !w.wroteContinue && w.canWriteContinue.isSet() && !w.conn.hijacked() { 903 w.wroteContinue = true 904 w.writeContinueMu.Lock() 905 if w.canWriteContinue.isSet() { 906 w.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n") 907 w.conn.bufw.Flush() 908 w.canWriteContinue.setFalse() 909 } 910 w.writeContinueMu.Unlock() 911 } 912 n, err = ecr.readCloser.Read(p) 913 if err == io.EOF { 914 ecr.sawEOF.setTrue() 915 } 916 return 917} 918 919func (ecr *expectContinueReader) Close() error { 920 ecr.closed.setTrue() 921 return ecr.readCloser.Close() 922} 923 924// TimeFormat is the time format to use when generating times in HTTP 925// headers. It is like time.RFC1123 but hard-codes GMT as the time 926// zone. The time being formatted must be in UTC for Format to 927// generate the correct format. 928// 929// For parsing this time format, see ParseTime. 930const TimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" 931 932// appendTime is a non-allocating version of []byte(t.UTC().Format(TimeFormat)) 933func appendTime(b []byte, t time.Time) []byte { 934 const days = "SunMonTueWedThuFriSat" 935 const months = "JanFebMarAprMayJunJulAugSepOctNovDec" 936 937 t = t.UTC() 938 yy, mm, dd := t.Date() 939 hh, mn, ss := t.Clock() 940 day := days[3*t.Weekday():] 941 mon := months[3*(mm-1):] 942 943 return append(b, 944 day[0], day[1], day[2], ',', ' ', 945 byte('0'+dd/10), byte('0'+dd%10), ' ', 946 mon[0], mon[1], mon[2], ' ', 947 byte('0'+yy/1000), byte('0'+(yy/100)%10), byte('0'+(yy/10)%10), byte('0'+yy%10), ' ', 948 byte('0'+hh/10), byte('0'+hh%10), ':', 949 byte('0'+mn/10), byte('0'+mn%10), ':', 950 byte('0'+ss/10), byte('0'+ss%10), ' ', 951 'G', 'M', 'T') 952} 953 954var errTooLarge = errors.New("http: request too large") 955 956// Read next request from connection. 957func (c *conn) readRequest(ctx context.Context) (w *response, err error) { 958 if c.hijacked() { 959 return nil, ErrHijacked 960 } 961 962 var ( 963 wholeReqDeadline time.Time // or zero if none 964 hdrDeadline time.Time // or zero if none 965 ) 966 t0 := time.Now() 967 if d := c.server.readHeaderTimeout(); d != 0 { 968 hdrDeadline = t0.Add(d) 969 } 970 if d := c.server.ReadTimeout; d != 0 { 971 wholeReqDeadline = t0.Add(d) 972 } 973 c.rwc.SetReadDeadline(hdrDeadline) 974 if d := c.server.WriteTimeout; d != 0 { 975 defer func() { 976 c.rwc.SetWriteDeadline(time.Now().Add(d)) 977 }() 978 } 979 980 c.r.setReadLimit(c.server.initialReadLimitSize()) 981 if c.lastMethod == "POST" { 982 // RFC 7230 section 3 tolerance for old buggy clients. 983 peek, _ := c.bufr.Peek(4) // ReadRequest will get err below 984 c.bufr.Discard(numLeadingCRorLF(peek)) 985 } 986 req, err := readRequest(c.bufr, keepHostHeader) 987 if err != nil { 988 if c.r.hitReadLimit() { 989 return nil, errTooLarge 990 } 991 return nil, err 992 } 993 994 if !http1ServerSupportsRequest(req) { 995 return nil, statusError{StatusHTTPVersionNotSupported, "unsupported protocol version"} 996 } 997 998 c.lastMethod = req.Method 999 c.r.setInfiniteReadLimit() 1000 1001 hosts, haveHost := req.Header["Host"] 1002 isH2Upgrade := req.isH2Upgrade() 1003 if req.ProtoAtLeast(1, 1) && (!haveHost || len(hosts) == 0) && !isH2Upgrade && req.Method != "CONNECT" { 1004 return nil, badRequestError("missing required Host header") 1005 } 1006 if len(hosts) > 1 { 1007 return nil, badRequestError("too many Host headers") 1008 } 1009 if len(hosts) == 1 && !httpguts.ValidHostHeader(hosts[0]) { 1010 return nil, badRequestError("malformed Host header") 1011 } 1012 for k, vv := range req.Header { 1013 if !httpguts.ValidHeaderFieldName(k) { 1014 return nil, badRequestError("invalid header name") 1015 } 1016 for _, v := range vv { 1017 if !httpguts.ValidHeaderFieldValue(v) { 1018 return nil, badRequestError("invalid header value") 1019 } 1020 } 1021 } 1022 delete(req.Header, "Host") 1023 1024 ctx, cancelCtx := context.WithCancel(ctx) 1025 req.ctx = ctx 1026 req.RemoteAddr = c.remoteAddr 1027 req.TLS = c.tlsState 1028 if body, ok := req.Body.(*body); ok { 1029 body.doEarlyClose = true 1030 } 1031 1032 // Adjust the read deadline if necessary. 1033 if !hdrDeadline.Equal(wholeReqDeadline) { 1034 c.rwc.SetReadDeadline(wholeReqDeadline) 1035 } 1036 1037 w = &response{ 1038 conn: c, 1039 cancelCtx: cancelCtx, 1040 req: req, 1041 reqBody: req.Body, 1042 handlerHeader: make(Header), 1043 contentLength: -1, 1044 closeNotifyCh: make(chan bool, 1), 1045 1046 // We populate these ahead of time so we're not 1047 // reading from req.Header after their Handler starts 1048 // and maybe mutates it (Issue 14940) 1049 wants10KeepAlive: req.wantsHttp10KeepAlive(), 1050 wantsClose: req.wantsClose(), 1051 } 1052 if isH2Upgrade { 1053 w.closeAfterReply = true 1054 } 1055 w.cw.res = w 1056 w.w = newBufioWriterSize(&w.cw, bufferBeforeChunkingSize) 1057 return w, nil 1058} 1059 1060// http1ServerSupportsRequest reports whether Go's HTTP/1.x server 1061// supports the given request. 1062func http1ServerSupportsRequest(req *Request) bool { 1063 if req.ProtoMajor == 1 { 1064 return true 1065 } 1066 // Accept "PRI * HTTP/2.0" upgrade requests, so Handlers can 1067 // wire up their own HTTP/2 upgrades. 1068 if req.ProtoMajor == 2 && req.ProtoMinor == 0 && 1069 req.Method == "PRI" && req.RequestURI == "*" { 1070 return true 1071 } 1072 // Reject HTTP/0.x, and all other HTTP/2+ requests (which 1073 // aren't encoded in ASCII anyway). 1074 return false 1075} 1076 1077func (w *response) Header() Header { 1078 if w.cw.header == nil && w.wroteHeader && !w.cw.wroteHeader { 1079 // Accessing the header between logically writing it 1080 // and physically writing it means we need to allocate 1081 // a clone to snapshot the logically written state. 1082 w.cw.header = w.handlerHeader.Clone() 1083 } 1084 w.calledHeader = true 1085 return w.handlerHeader 1086} 1087 1088// maxPostHandlerReadBytes is the max number of Request.Body bytes not 1089// consumed by a handler that the server will read from the client 1090// in order to keep a connection alive. If there are more bytes than 1091// this then the server to be paranoid instead sends a "Connection: 1092// close" response. 1093// 1094// This number is approximately what a typical machine's TCP buffer 1095// size is anyway. (if we have the bytes on the machine, we might as 1096// well read them) 1097const maxPostHandlerReadBytes = 256 << 10 1098 1099func checkWriteHeaderCode(code int) { 1100 // Issue 22880: require valid WriteHeader status codes. 1101 // For now we only enforce that it's three digits. 1102 // In the future we might block things over 599 (600 and above aren't defined 1103 // at https://httpwg.org/specs/rfc7231.html#status.codes) 1104 // and we might block under 200 (once we have more mature 1xx support). 1105 // But for now any three digits. 1106 // 1107 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's 1108 // no equivalent bogus thing we can realistically send in HTTP/2, 1109 // so we'll consistently panic instead and help people find their bugs 1110 // early. (We can't return an error from WriteHeader even if we wanted to.) 1111 if code < 100 || code > 999 { 1112 panic(fmt.Sprintf("invalid WriteHeader code %v", code)) 1113 } 1114} 1115 1116// relevantCaller searches the call stack for the first function outside of net/http. 1117// The purpose of this function is to provide more helpful error messages. 1118func relevantCaller() runtime.Frame { 1119 pc := make([]uintptr, 16) 1120 n := runtime.Callers(1, pc) 1121 frames := runtime.CallersFrames(pc[:n]) 1122 prefix1 := "net/http." 1123 prefix2 := "net/http." 1124 if runtime.Compiler == "gccgo" { 1125 prefix2 = "http." 1126 } 1127 var frame runtime.Frame 1128 for { 1129 frame, more := frames.Next() 1130 if !strings.HasPrefix(frame.Function, prefix1) && !strings.HasPrefix(frame.Function, prefix2) { 1131 return frame 1132 } 1133 if !more { 1134 break 1135 } 1136 } 1137 return frame 1138} 1139 1140func (w *response) WriteHeader(code int) { 1141 if w.conn.hijacked() { 1142 caller := relevantCaller() 1143 w.conn.server.logf("http: response.WriteHeader on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1144 return 1145 } 1146 if w.wroteHeader { 1147 caller := relevantCaller() 1148 w.conn.server.logf("http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1149 return 1150 } 1151 checkWriteHeaderCode(code) 1152 w.wroteHeader = true 1153 w.status = code 1154 1155 if w.calledHeader && w.cw.header == nil { 1156 w.cw.header = w.handlerHeader.Clone() 1157 } 1158 1159 if cl := w.handlerHeader.get("Content-Length"); cl != "" { 1160 v, err := strconv.ParseInt(cl, 10, 64) 1161 if err == nil && v >= 0 { 1162 w.contentLength = v 1163 } else { 1164 w.conn.server.logf("http: invalid Content-Length of %q", cl) 1165 w.handlerHeader.Del("Content-Length") 1166 } 1167 } 1168} 1169 1170// extraHeader is the set of headers sometimes added by chunkWriter.writeHeader. 1171// This type is used to avoid extra allocations from cloning and/or populating 1172// the response Header map and all its 1-element slices. 1173type extraHeader struct { 1174 contentType string 1175 connection string 1176 transferEncoding string 1177 date []byte // written if not nil 1178 contentLength []byte // written if not nil 1179} 1180 1181// Sorted the same as extraHeader.Write's loop. 1182var extraHeaderKeys = [][]byte{ 1183 []byte("Content-Type"), 1184 []byte("Connection"), 1185 []byte("Transfer-Encoding"), 1186} 1187 1188var ( 1189 headerContentLength = []byte("Content-Length: ") 1190 headerDate = []byte("Date: ") 1191) 1192 1193// Write writes the headers described in h to w. 1194// 1195// This method has a value receiver, despite the somewhat large size 1196// of h, because it prevents an allocation. The escape analysis isn't 1197// smart enough to realize this function doesn't mutate h. 1198func (h extraHeader) Write(w *bufio.Writer) { 1199 if h.date != nil { 1200 w.Write(headerDate) 1201 w.Write(h.date) 1202 w.Write(crlf) 1203 } 1204 if h.contentLength != nil { 1205 w.Write(headerContentLength) 1206 w.Write(h.contentLength) 1207 w.Write(crlf) 1208 } 1209 for i, v := range []string{h.contentType, h.connection, h.transferEncoding} { 1210 if v != "" { 1211 w.Write(extraHeaderKeys[i]) 1212 w.Write(colonSpace) 1213 w.WriteString(v) 1214 w.Write(crlf) 1215 } 1216 } 1217} 1218 1219// writeHeader finalizes the header sent to the client and writes it 1220// to cw.res.conn.bufw. 1221// 1222// p is not written by writeHeader, but is the first chunk of the body 1223// that will be written. It is sniffed for a Content-Type if none is 1224// set explicitly. It's also used to set the Content-Length, if the 1225// total body size was small and the handler has already finished 1226// running. 1227func (cw *chunkWriter) writeHeader(p []byte) { 1228 if cw.wroteHeader { 1229 return 1230 } 1231 cw.wroteHeader = true 1232 1233 w := cw.res 1234 keepAlivesEnabled := w.conn.server.doKeepAlives() 1235 isHEAD := w.req.Method == "HEAD" 1236 1237 // header is written out to w.conn.buf below. Depending on the 1238 // state of the handler, we either own the map or not. If we 1239 // don't own it, the exclude map is created lazily for 1240 // WriteSubset to remove headers. The setHeader struct holds 1241 // headers we need to add. 1242 header := cw.header 1243 owned := header != nil 1244 if !owned { 1245 header = w.handlerHeader 1246 } 1247 var excludeHeader map[string]bool 1248 delHeader := func(key string) { 1249 if owned { 1250 header.Del(key) 1251 return 1252 } 1253 if _, ok := header[key]; !ok { 1254 return 1255 } 1256 if excludeHeader == nil { 1257 excludeHeader = make(map[string]bool) 1258 } 1259 excludeHeader[key] = true 1260 } 1261 var setHeader extraHeader 1262 1263 // Don't write out the fake "Trailer:foo" keys. See TrailerPrefix. 1264 trailers := false 1265 for k := range cw.header { 1266 if strings.HasPrefix(k, TrailerPrefix) { 1267 if excludeHeader == nil { 1268 excludeHeader = make(map[string]bool) 1269 } 1270 excludeHeader[k] = true 1271 trailers = true 1272 } 1273 } 1274 for _, v := range cw.header["Trailer"] { 1275 trailers = true 1276 foreachHeaderElement(v, cw.res.declareTrailer) 1277 } 1278 1279 te := header.get("Transfer-Encoding") 1280 hasTE := te != "" 1281 1282 // If the handler is done but never sent a Content-Length 1283 // response header and this is our first (and last) write, set 1284 // it, even to zero. This helps HTTP/1.0 clients keep their 1285 // "keep-alive" connections alive. 1286 // Exceptions: 304/204/1xx responses never get Content-Length, and if 1287 // it was a HEAD request, we don't know the difference between 1288 // 0 actual bytes and 0 bytes because the handler noticed it 1289 // was a HEAD request and chose not to write anything. So for 1290 // HEAD, the handler should either write the Content-Length or 1291 // write non-zero bytes. If it's actually 0 bytes and the 1292 // handler never looked at the Request.Method, we just don't 1293 // send a Content-Length header. 1294 // Further, we don't send an automatic Content-Length if they 1295 // set a Transfer-Encoding, because they're generally incompatible. 1296 if w.handlerDone.isSet() && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) { 1297 w.contentLength = int64(len(p)) 1298 setHeader.contentLength = strconv.AppendInt(cw.res.clenBuf[:0], int64(len(p)), 10) 1299 } 1300 1301 // If this was an HTTP/1.0 request with keep-alive and we sent a 1302 // Content-Length back, we can make this a keep-alive response ... 1303 if w.wants10KeepAlive && keepAlivesEnabled { 1304 sentLength := header.get("Content-Length") != "" 1305 if sentLength && header.get("Connection") == "keep-alive" { 1306 w.closeAfterReply = false 1307 } 1308 } 1309 1310 // Check for an explicit (and valid) Content-Length header. 1311 hasCL := w.contentLength != -1 1312 1313 if w.wants10KeepAlive && (isHEAD || hasCL || !bodyAllowedForStatus(w.status)) { 1314 _, connectionHeaderSet := header["Connection"] 1315 if !connectionHeaderSet { 1316 setHeader.connection = "keep-alive" 1317 } 1318 } else if !w.req.ProtoAtLeast(1, 1) || w.wantsClose { 1319 w.closeAfterReply = true 1320 } 1321 1322 if header.get("Connection") == "close" || !keepAlivesEnabled { 1323 w.closeAfterReply = true 1324 } 1325 1326 // If the client wanted a 100-continue but we never sent it to 1327 // them (or, more strictly: we never finished reading their 1328 // request body), don't reuse this connection because it's now 1329 // in an unknown state: we might be sending this response at 1330 // the same time the client is now sending its request body 1331 // after a timeout. (Some HTTP clients send Expect: 1332 // 100-continue but knowing that some servers don't support 1333 // it, the clients set a timer and send the body later anyway) 1334 // If we haven't seen EOF, we can't skip over the unread body 1335 // because we don't know if the next bytes on the wire will be 1336 // the body-following-the-timer or the subsequent request. 1337 // See Issue 11549. 1338 if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() { 1339 w.closeAfterReply = true 1340 } 1341 1342 // Per RFC 2616, we should consume the request body before 1343 // replying, if the handler hasn't already done so. But we 1344 // don't want to do an unbounded amount of reading here for 1345 // DoS reasons, so we only try up to a threshold. 1346 // TODO(bradfitz): where does RFC 2616 say that? See Issue 15527 1347 // about HTTP/1.x Handlers concurrently reading and writing, like 1348 // HTTP/2 handlers can do. Maybe this code should be relaxed? 1349 if w.req.ContentLength != 0 && !w.closeAfterReply { 1350 var discard, tooBig bool 1351 1352 switch bdy := w.req.Body.(type) { 1353 case *expectContinueReader: 1354 if bdy.resp.wroteContinue { 1355 discard = true 1356 } 1357 case *body: 1358 bdy.mu.Lock() 1359 switch { 1360 case bdy.closed: 1361 if !bdy.sawEOF { 1362 // Body was closed in handler with non-EOF error. 1363 w.closeAfterReply = true 1364 } 1365 case bdy.unreadDataSizeLocked() >= maxPostHandlerReadBytes: 1366 tooBig = true 1367 default: 1368 discard = true 1369 } 1370 bdy.mu.Unlock() 1371 default: 1372 discard = true 1373 } 1374 1375 if discard { 1376 _, err := io.CopyN(io.Discard, w.reqBody, maxPostHandlerReadBytes+1) 1377 switch err { 1378 case nil: 1379 // There must be even more data left over. 1380 tooBig = true 1381 case ErrBodyReadAfterClose: 1382 // Body was already consumed and closed. 1383 case io.EOF: 1384 // The remaining body was just consumed, close it. 1385 err = w.reqBody.Close() 1386 if err != nil { 1387 w.closeAfterReply = true 1388 } 1389 default: 1390 // Some other kind of error occurred, like a read timeout, or 1391 // corrupt chunked encoding. In any case, whatever remains 1392 // on the wire must not be parsed as another HTTP request. 1393 w.closeAfterReply = true 1394 } 1395 } 1396 1397 if tooBig { 1398 w.requestTooLarge() 1399 delHeader("Connection") 1400 setHeader.connection = "close" 1401 } 1402 } 1403 1404 code := w.status 1405 if bodyAllowedForStatus(code) { 1406 // If no content type, apply sniffing algorithm to body. 1407 _, haveType := header["Content-Type"] 1408 1409 // If the Content-Encoding was set and is non-blank, 1410 // we shouldn't sniff the body. See Issue 31753. 1411 ce := header.Get("Content-Encoding") 1412 hasCE := len(ce) > 0 1413 if !hasCE && !haveType && !hasTE && len(p) > 0 { 1414 setHeader.contentType = DetectContentType(p) 1415 } 1416 } else { 1417 for _, k := range suppressedHeaders(code) { 1418 delHeader(k) 1419 } 1420 } 1421 1422 if !header.has("Date") { 1423 setHeader.date = appendTime(cw.res.dateBuf[:0], time.Now()) 1424 } 1425 1426 if hasCL && hasTE && te != "identity" { 1427 // TODO: return an error if WriteHeader gets a return parameter 1428 // For now just ignore the Content-Length. 1429 w.conn.server.logf("http: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %d", 1430 te, w.contentLength) 1431 delHeader("Content-Length") 1432 hasCL = false 1433 } 1434 1435 if w.req.Method == "HEAD" || !bodyAllowedForStatus(code) { 1436 // do nothing 1437 } else if code == StatusNoContent { 1438 delHeader("Transfer-Encoding") 1439 } else if hasCL { 1440 delHeader("Transfer-Encoding") 1441 } else if w.req.ProtoAtLeast(1, 1) { 1442 // HTTP/1.1 or greater: Transfer-Encoding has been set to identity, and no 1443 // content-length has been provided. The connection must be closed after the 1444 // reply is written, and no chunking is to be done. This is the setup 1445 // recommended in the Server-Sent Events candidate recommendation 11, 1446 // section 8. 1447 if hasTE && te == "identity" { 1448 cw.chunking = false 1449 w.closeAfterReply = true 1450 } else { 1451 // HTTP/1.1 or greater: use chunked transfer encoding 1452 // to avoid closing the connection at EOF. 1453 cw.chunking = true 1454 setHeader.transferEncoding = "chunked" 1455 if hasTE && te == "chunked" { 1456 // We will send the chunked Transfer-Encoding header later. 1457 delHeader("Transfer-Encoding") 1458 } 1459 } 1460 } else { 1461 // HTTP version < 1.1: cannot do chunked transfer 1462 // encoding and we don't know the Content-Length so 1463 // signal EOF by closing connection. 1464 w.closeAfterReply = true 1465 delHeader("Transfer-Encoding") // in case already set 1466 } 1467 1468 // Cannot use Content-Length with non-identity Transfer-Encoding. 1469 if cw.chunking { 1470 delHeader("Content-Length") 1471 } 1472 if !w.req.ProtoAtLeast(1, 0) { 1473 return 1474 } 1475 1476 // Only override the Connection header if it is not a successful 1477 // protocol switch response and if KeepAlives are not enabled. 1478 // See https://golang.org/issue/36381. 1479 delConnectionHeader := w.closeAfterReply && 1480 (!keepAlivesEnabled || !hasToken(cw.header.get("Connection"), "close")) && 1481 !isProtocolSwitchResponse(w.status, header) 1482 if delConnectionHeader { 1483 delHeader("Connection") 1484 if w.req.ProtoAtLeast(1, 1) { 1485 setHeader.connection = "close" 1486 } 1487 } 1488 1489 writeStatusLine(w.conn.bufw, w.req.ProtoAtLeast(1, 1), code, w.statusBuf[:]) 1490 cw.header.WriteSubset(w.conn.bufw, excludeHeader) 1491 setHeader.Write(w.conn.bufw) 1492 w.conn.bufw.Write(crlf) 1493} 1494 1495// foreachHeaderElement splits v according to the "#rule" construction 1496// in RFC 7230 section 7 and calls fn for each non-empty element. 1497func foreachHeaderElement(v string, fn func(string)) { 1498 v = textproto.TrimString(v) 1499 if v == "" { 1500 return 1501 } 1502 if !strings.Contains(v, ",") { 1503 fn(v) 1504 return 1505 } 1506 for _, f := range strings.Split(v, ",") { 1507 if f = textproto.TrimString(f); f != "" { 1508 fn(f) 1509 } 1510 } 1511} 1512 1513// writeStatusLine writes an HTTP/1.x Status-Line (RFC 7230 Section 3.1.2) 1514// to bw. is11 is whether the HTTP request is HTTP/1.1. false means HTTP/1.0. 1515// code is the response status code. 1516// scratch is an optional scratch buffer. If it has at least capacity 3, it's used. 1517func writeStatusLine(bw *bufio.Writer, is11 bool, code int, scratch []byte) { 1518 if is11 { 1519 bw.WriteString("HTTP/1.1 ") 1520 } else { 1521 bw.WriteString("HTTP/1.0 ") 1522 } 1523 if text, ok := statusText[code]; ok { 1524 bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) 1525 bw.WriteByte(' ') 1526 bw.WriteString(text) 1527 bw.WriteString("\r\n") 1528 } else { 1529 // don't worry about performance 1530 fmt.Fprintf(bw, "%03d status code %d\r\n", code, code) 1531 } 1532} 1533 1534// bodyAllowed reports whether a Write is allowed for this response type. 1535// It's illegal to call this before the header has been flushed. 1536func (w *response) bodyAllowed() bool { 1537 if !w.wroteHeader { 1538 panic("") 1539 } 1540 return bodyAllowedForStatus(w.status) 1541} 1542 1543// The Life Of A Write is like this: 1544// 1545// Handler starts. No header has been sent. The handler can either 1546// write a header, or just start writing. Writing before sending a header 1547// sends an implicitly empty 200 OK header. 1548// 1549// If the handler didn't declare a Content-Length up front, we either 1550// go into chunking mode or, if the handler finishes running before 1551// the chunking buffer size, we compute a Content-Length and send that 1552// in the header instead. 1553// 1554// Likewise, if the handler didn't set a Content-Type, we sniff that 1555// from the initial chunk of output. 1556// 1557// The Writers are wired together like: 1558// 1559// 1. *response (the ResponseWriter) -> 1560// 2. (*response).w, a *bufio.Writer of bufferBeforeChunkingSize bytes 1561// 3. chunkWriter.Writer (whose writeHeader finalizes Content-Length/Type) 1562// and which writes the chunk headers, if needed. 1563// 4. conn.buf, a bufio.Writer of default (4kB) bytes, writing to -> 1564// 5. checkConnErrorWriter{c}, which notes any non-nil error on Write 1565// and populates c.werr with it if so. but otherwise writes to: 1566// 6. the rwc, the net.Conn. 1567// 1568// TODO(bradfitz): short-circuit some of the buffering when the 1569// initial header contains both a Content-Type and Content-Length. 1570// Also short-circuit in (1) when the header's been sent and not in 1571// chunking mode, writing directly to (4) instead, if (2) has no 1572// buffered data. More generally, we could short-circuit from (1) to 1573// (3) even in chunking mode if the write size from (1) is over some 1574// threshold and nothing is in (2). The answer might be mostly making 1575// bufferBeforeChunkingSize smaller and having bufio's fast-paths deal 1576// with this instead. 1577func (w *response) Write(data []byte) (n int, err error) { 1578 return w.write(len(data), data, "") 1579} 1580 1581func (w *response) WriteString(data string) (n int, err error) { 1582 return w.write(len(data), nil, data) 1583} 1584 1585// either dataB or dataS is non-zero. 1586func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err error) { 1587 if w.conn.hijacked() { 1588 if lenData > 0 { 1589 caller := relevantCaller() 1590 w.conn.server.logf("http: response.Write on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 1591 } 1592 return 0, ErrHijacked 1593 } 1594 1595 if w.canWriteContinue.isSet() { 1596 // Body reader wants to write 100 Continue but hasn't yet. 1597 // Tell it not to. The store must be done while holding the lock 1598 // because the lock makes sure that there is not an active write 1599 // this very moment. 1600 w.writeContinueMu.Lock() 1601 w.canWriteContinue.setFalse() 1602 w.writeContinueMu.Unlock() 1603 } 1604 1605 if !w.wroteHeader { 1606 w.WriteHeader(StatusOK) 1607 } 1608 if lenData == 0 { 1609 return 0, nil 1610 } 1611 if !w.bodyAllowed() { 1612 return 0, ErrBodyNotAllowed 1613 } 1614 1615 w.written += int64(lenData) // ignoring errors, for errorKludge 1616 if w.contentLength != -1 && w.written > w.contentLength { 1617 return 0, ErrContentLength 1618 } 1619 if dataB != nil { 1620 return w.w.Write(dataB) 1621 } else { 1622 return w.w.WriteString(dataS) 1623 } 1624} 1625 1626func (w *response) finishRequest() { 1627 w.handlerDone.setTrue() 1628 1629 if !w.wroteHeader { 1630 w.WriteHeader(StatusOK) 1631 } 1632 1633 w.w.Flush() 1634 putBufioWriter(w.w) 1635 w.cw.close() 1636 w.conn.bufw.Flush() 1637 1638 w.conn.r.abortPendingRead() 1639 1640 // Close the body (regardless of w.closeAfterReply) so we can 1641 // re-use its bufio.Reader later safely. 1642 w.reqBody.Close() 1643 1644 if w.req.MultipartForm != nil { 1645 w.req.MultipartForm.RemoveAll() 1646 } 1647} 1648 1649// shouldReuseConnection reports whether the underlying TCP connection can be reused. 1650// It must only be called after the handler is done executing. 1651func (w *response) shouldReuseConnection() bool { 1652 if w.closeAfterReply { 1653 // The request or something set while executing the 1654 // handler indicated we shouldn't reuse this 1655 // connection. 1656 return false 1657 } 1658 1659 if w.req.Method != "HEAD" && w.contentLength != -1 && w.bodyAllowed() && w.contentLength != w.written { 1660 // Did not write enough. Avoid getting out of sync. 1661 return false 1662 } 1663 1664 // There was some error writing to the underlying connection 1665 // during the request, so don't re-use this conn. 1666 if w.conn.werr != nil { 1667 return false 1668 } 1669 1670 if w.closedRequestBodyEarly() { 1671 return false 1672 } 1673 1674 return true 1675} 1676 1677func (w *response) closedRequestBodyEarly() bool { 1678 body, ok := w.req.Body.(*body) 1679 return ok && body.didEarlyClose() 1680} 1681 1682func (w *response) Flush() { 1683 if !w.wroteHeader { 1684 w.WriteHeader(StatusOK) 1685 } 1686 w.w.Flush() 1687 w.cw.flush() 1688} 1689 1690func (c *conn) finalFlush() { 1691 if c.bufr != nil { 1692 // Steal the bufio.Reader (~4KB worth of memory) and its associated 1693 // reader for a future connection. 1694 putBufioReader(c.bufr) 1695 c.bufr = nil 1696 } 1697 1698 if c.bufw != nil { 1699 c.bufw.Flush() 1700 // Steal the bufio.Writer (~4KB worth of memory) and its associated 1701 // writer for a future connection. 1702 putBufioWriter(c.bufw) 1703 c.bufw = nil 1704 } 1705} 1706 1707// Close the connection. 1708func (c *conn) close() { 1709 c.finalFlush() 1710 c.rwc.Close() 1711} 1712 1713// rstAvoidanceDelay is the amount of time we sleep after closing the 1714// write side of a TCP connection before closing the entire socket. 1715// By sleeping, we increase the chances that the client sees our FIN 1716// and processes its final data before they process the subsequent RST 1717// from closing a connection with known unread data. 1718// This RST seems to occur mostly on BSD systems. (And Windows?) 1719// This timeout is somewhat arbitrary (~latency around the planet). 1720const rstAvoidanceDelay = 500 * time.Millisecond 1721 1722type closeWriter interface { 1723 CloseWrite() error 1724} 1725 1726var _ closeWriter = (*net.TCPConn)(nil) 1727 1728// closeWrite flushes any outstanding data and sends a FIN packet (if 1729// client is connected via TCP), signalling that we're done. We then 1730// pause for a bit, hoping the client processes it before any 1731// subsequent RST. 1732// 1733// See https://golang.org/issue/3595 1734func (c *conn) closeWriteAndWait() { 1735 c.finalFlush() 1736 if tcp, ok := c.rwc.(closeWriter); ok { 1737 tcp.CloseWrite() 1738 } 1739 time.Sleep(rstAvoidanceDelay) 1740} 1741 1742// validNextProto reports whether the proto is a valid ALPN protocol name. 1743// Everything is valid except the empty string and built-in protocol types, 1744// so that those can't be overridden with alternate implementations. 1745func validNextProto(proto string) bool { 1746 switch proto { 1747 case "", "http/1.1", "http/1.0": 1748 return false 1749 } 1750 return true 1751} 1752 1753const ( 1754 runHooks = true 1755 skipHooks = false 1756) 1757 1758func (c *conn) setState(nc net.Conn, state ConnState, runHook bool) { 1759 srv := c.server 1760 switch state { 1761 case StateNew: 1762 srv.trackConn(c, true) 1763 case StateHijacked, StateClosed: 1764 srv.trackConn(c, false) 1765 } 1766 if state > 0xff || state < 0 { 1767 panic("internal error") 1768 } 1769 packedState := uint64(time.Now().Unix()<<8) | uint64(state) 1770 atomic.StoreUint64(&c.curState.atomic, packedState) 1771 if !runHook { 1772 return 1773 } 1774 if hook := srv.ConnState; hook != nil { 1775 hook(nc, state) 1776 } 1777} 1778 1779func (c *conn) getState() (state ConnState, unixSec int64) { 1780 packedState := atomic.LoadUint64(&c.curState.atomic) 1781 return ConnState(packedState & 0xff), int64(packedState >> 8) 1782} 1783 1784// badRequestError is a literal string (used by in the server in HTML, 1785// unescaped) to tell the user why their request was bad. It should 1786// be plain text without user info or other embedded errors. 1787func badRequestError(e string) error { return statusError{StatusBadRequest, e} } 1788 1789// statusError is an error used to respond to a request with an HTTP status. 1790// The text should be plain text without user info or other embedded errors. 1791type statusError struct { 1792 code int 1793 text string 1794} 1795 1796func (e statusError) Error() string { return StatusText(e.code) + ": " + e.text } 1797 1798// ErrAbortHandler is a sentinel panic value to abort a handler. 1799// While any panic from ServeHTTP aborts the response to the client, 1800// panicking with ErrAbortHandler also suppresses logging of a stack 1801// trace to the server's error log. 1802var ErrAbortHandler = errors.New("net/http: abort Handler") 1803 1804// isCommonNetReadError reports whether err is a common error 1805// encountered during reading a request off the network when the 1806// client has gone away or had its read fail somehow. This is used to 1807// determine which logs are interesting enough to log about. 1808func isCommonNetReadError(err error) bool { 1809 if err == io.EOF { 1810 return true 1811 } 1812 if neterr, ok := err.(net.Error); ok && neterr.Timeout() { 1813 return true 1814 } 1815 if oe, ok := err.(*net.OpError); ok && oe.Op == "read" { 1816 return true 1817 } 1818 return false 1819} 1820 1821// Serve a new connection. 1822func (c *conn) serve(ctx context.Context) { 1823 c.remoteAddr = c.rwc.RemoteAddr().String() 1824 ctx = context.WithValue(ctx, LocalAddrContextKey, c.rwc.LocalAddr()) 1825 defer func() { 1826 if err := recover(); err != nil && err != ErrAbortHandler { 1827 const size = 64 << 10 1828 buf := make([]byte, size) 1829 buf = buf[:runtime.Stack(buf, false)] 1830 c.server.logf("http: panic serving %v: %v\n%s", c.remoteAddr, err, buf) 1831 } 1832 if !c.hijacked() { 1833 c.close() 1834 c.setState(c.rwc, StateClosed, runHooks) 1835 } 1836 }() 1837 1838 if tlsConn, ok := c.rwc.(*tls.Conn); ok { 1839 if d := c.server.ReadTimeout; d != 0 { 1840 c.rwc.SetReadDeadline(time.Now().Add(d)) 1841 } 1842 if d := c.server.WriteTimeout; d != 0 { 1843 c.rwc.SetWriteDeadline(time.Now().Add(d)) 1844 } 1845 if err := tlsConn.Handshake(); err != nil { 1846 // If the handshake failed due to the client not speaking 1847 // TLS, assume they're speaking plaintext HTTP and write a 1848 // 400 response on the TLS conn's underlying net.Conn. 1849 if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) { 1850 io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n") 1851 re.Conn.Close() 1852 return 1853 } 1854 c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err) 1855 return 1856 } 1857 c.tlsState = new(tls.ConnectionState) 1858 *c.tlsState = tlsConn.ConnectionState() 1859 if proto := c.tlsState.NegotiatedProtocol; validNextProto(proto) { 1860 if fn := c.server.TLSNextProto[proto]; fn != nil { 1861 h := initALPNRequest{ctx, tlsConn, serverHandler{c.server}} 1862 // Mark freshly created HTTP/2 as active and prevent any server state hooks 1863 // from being run on these connections. This prevents closeIdleConns from 1864 // closing such connections. See issue https://golang.org/issue/39776. 1865 c.setState(c.rwc, StateActive, skipHooks) 1866 fn(c.server, tlsConn, h) 1867 } 1868 return 1869 } 1870 } 1871 1872 // HTTP/1.x from here on. 1873 1874 ctx, cancelCtx := context.WithCancel(ctx) 1875 c.cancelCtx = cancelCtx 1876 defer cancelCtx() 1877 1878 c.r = &connReader{conn: c} 1879 c.bufr = newBufioReader(c.r) 1880 c.bufw = newBufioWriterSize(checkConnErrorWriter{c}, 4<<10) 1881 1882 for { 1883 w, err := c.readRequest(ctx) 1884 if c.r.remain != c.server.initialReadLimitSize() { 1885 // If we read any bytes off the wire, we're active. 1886 c.setState(c.rwc, StateActive, runHooks) 1887 } 1888 if err != nil { 1889 const errorHeaders = "\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n" 1890 1891 switch { 1892 case err == errTooLarge: 1893 // Their HTTP client may or may not be 1894 // able to read this if we're 1895 // responding to them and hanging up 1896 // while they're still writing their 1897 // request. Undefined behavior. 1898 const publicErr = "431 Request Header Fields Too Large" 1899 fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr) 1900 c.closeWriteAndWait() 1901 return 1902 1903 case isUnsupportedTEError(err): 1904 // Respond as per RFC 7230 Section 3.3.1 which says, 1905 // A server that receives a request message with a 1906 // transfer coding it does not understand SHOULD 1907 // respond with 501 (Unimplemented). 1908 code := StatusNotImplemented 1909 1910 // We purposefully aren't echoing back the transfer-encoding's value, 1911 // so as to mitigate the risk of cross side scripting by an attacker. 1912 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s%sUnsupported transfer encoding", code, StatusText(code), errorHeaders) 1913 return 1914 1915 case isCommonNetReadError(err): 1916 return // don't reply 1917 1918 default: 1919 if v, ok := err.(statusError); ok { 1920 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s: %s%s%d %s: %s", v.code, StatusText(v.code), v.text, errorHeaders, v.code, StatusText(v.code), v.text) 1921 return 1922 } 1923 publicErr := "400 Bad Request" 1924 fmt.Fprintf(c.rwc, "HTTP/1.1 "+publicErr+errorHeaders+publicErr) 1925 return 1926 } 1927 } 1928 1929 // Expect 100 Continue support 1930 req := w.req 1931 if req.expectsContinue() { 1932 if req.ProtoAtLeast(1, 1) && req.ContentLength != 0 { 1933 // Wrap the Body reader with one that replies on the connection 1934 req.Body = &expectContinueReader{readCloser: req.Body, resp: w} 1935 w.canWriteContinue.setTrue() 1936 } 1937 } else if req.Header.get("Expect") != "" { 1938 w.sendExpectationFailed() 1939 return 1940 } 1941 1942 c.curReq.Store(w) 1943 1944 if requestBodyRemains(req.Body) { 1945 registerOnHitEOF(req.Body, w.conn.r.startBackgroundRead) 1946 } else { 1947 w.conn.r.startBackgroundRead() 1948 } 1949 1950 // HTTP cannot have multiple simultaneous active requests.[*] 1951 // Until the server replies to this request, it can't read another, 1952 // so we might as well run the handler in this goroutine. 1953 // [*] Not strictly true: HTTP pipelining. We could let them all process 1954 // in parallel even if their responses need to be serialized. 1955 // But we're not going to implement HTTP pipelining because it 1956 // was never deployed in the wild and the answer is HTTP/2. 1957 serverHandler{c.server}.ServeHTTP(w, w.req) 1958 w.cancelCtx() 1959 if c.hijacked() { 1960 return 1961 } 1962 w.finishRequest() 1963 if !w.shouldReuseConnection() { 1964 if w.requestBodyLimitHit || w.closedRequestBodyEarly() { 1965 c.closeWriteAndWait() 1966 } 1967 return 1968 } 1969 c.setState(c.rwc, StateIdle, runHooks) 1970 c.curReq.Store((*response)(nil)) 1971 1972 if !w.conn.server.doKeepAlives() { 1973 // We're in shutdown mode. We might've replied 1974 // to the user without "Connection: close" and 1975 // they might think they can send another 1976 // request, but such is life with HTTP/1.1. 1977 return 1978 } 1979 1980 if d := c.server.idleTimeout(); d != 0 { 1981 c.rwc.SetReadDeadline(time.Now().Add(d)) 1982 if _, err := c.bufr.Peek(4); err != nil { 1983 return 1984 } 1985 } 1986 c.rwc.SetReadDeadline(time.Time{}) 1987 } 1988} 1989 1990func (w *response) sendExpectationFailed() { 1991 // TODO(bradfitz): let ServeHTTP handlers handle 1992 // requests with non-standard expectation[s]? Seems 1993 // theoretical at best, and doesn't fit into the 1994 // current ServeHTTP model anyway. We'd need to 1995 // make the ResponseWriter an optional 1996 // "ExpectReplier" interface or something. 1997 // 1998 // For now we'll just obey RFC 7231 5.1.1 which says 1999 // "A server that receives an Expect field-value other 2000 // than 100-continue MAY respond with a 417 (Expectation 2001 // Failed) status code to indicate that the unexpected 2002 // expectation cannot be met." 2003 w.Header().Set("Connection", "close") 2004 w.WriteHeader(StatusExpectationFailed) 2005 w.finishRequest() 2006} 2007 2008// Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter 2009// and a Hijacker. 2010func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) { 2011 if w.handlerDone.isSet() { 2012 panic("net/http: Hijack called after ServeHTTP finished") 2013 } 2014 if w.wroteHeader { 2015 w.cw.flush() 2016 } 2017 2018 c := w.conn 2019 c.mu.Lock() 2020 defer c.mu.Unlock() 2021 2022 // Release the bufioWriter that writes to the chunk writer, it is not 2023 // used after a connection has been hijacked. 2024 rwc, buf, err = c.hijackLocked() 2025 if err == nil { 2026 putBufioWriter(w.w) 2027 w.w = nil 2028 } 2029 return rwc, buf, err 2030} 2031 2032func (w *response) CloseNotify() <-chan bool { 2033 if w.handlerDone.isSet() { 2034 panic("net/http: CloseNotify called after ServeHTTP finished") 2035 } 2036 return w.closeNotifyCh 2037} 2038 2039func registerOnHitEOF(rc io.ReadCloser, fn func()) { 2040 switch v := rc.(type) { 2041 case *expectContinueReader: 2042 registerOnHitEOF(v.readCloser, fn) 2043 case *body: 2044 v.registerOnHitEOF(fn) 2045 default: 2046 panic("unexpected type " + fmt.Sprintf("%T", rc)) 2047 } 2048} 2049 2050// requestBodyRemains reports whether future calls to Read 2051// on rc might yield more data. 2052func requestBodyRemains(rc io.ReadCloser) bool { 2053 if rc == NoBody { 2054 return false 2055 } 2056 switch v := rc.(type) { 2057 case *expectContinueReader: 2058 return requestBodyRemains(v.readCloser) 2059 case *body: 2060 return v.bodyRemains() 2061 default: 2062 panic("unexpected type " + fmt.Sprintf("%T", rc)) 2063 } 2064} 2065 2066// The HandlerFunc type is an adapter to allow the use of 2067// ordinary functions as HTTP handlers. If f is a function 2068// with the appropriate signature, HandlerFunc(f) is a 2069// Handler that calls f. 2070type HandlerFunc func(ResponseWriter, *Request) 2071 2072// ServeHTTP calls f(w, r). 2073func (f HandlerFunc) ServeHTTP(w ResponseWriter, r *Request) { 2074 f(w, r) 2075} 2076 2077// Helper handlers 2078 2079// Error replies to the request with the specified error message and HTTP code. 2080// It does not otherwise end the request; the caller should ensure no further 2081// writes are done to w. 2082// The error message should be plain text. 2083func Error(w ResponseWriter, error string, code int) { 2084 w.Header().Set("Content-Type", "text/plain; charset=utf-8") 2085 w.Header().Set("X-Content-Type-Options", "nosniff") 2086 w.WriteHeader(code) 2087 fmt.Fprintln(w, error) 2088} 2089 2090// NotFound replies to the request with an HTTP 404 not found error. 2091func NotFound(w ResponseWriter, r *Request) { Error(w, "404 page not found", StatusNotFound) } 2092 2093// NotFoundHandler returns a simple request handler 2094// that replies to each request with a ``404 page not found'' reply. 2095func NotFoundHandler() Handler { return HandlerFunc(NotFound) } 2096 2097// StripPrefix returns a handler that serves HTTP requests by removing the 2098// given prefix from the request URL's Path (and RawPath if set) and invoking 2099// the handler h. StripPrefix handles a request for a path that doesn't begin 2100// with prefix by replying with an HTTP 404 not found error. The prefix must 2101// match exactly: if the prefix in the request contains escaped characters 2102// the reply is also an HTTP 404 not found error. 2103func StripPrefix(prefix string, h Handler) Handler { 2104 if prefix == "" { 2105 return h 2106 } 2107 return HandlerFunc(func(w ResponseWriter, r *Request) { 2108 p := strings.TrimPrefix(r.URL.Path, prefix) 2109 rp := strings.TrimPrefix(r.URL.RawPath, prefix) 2110 if len(p) < len(r.URL.Path) && (r.URL.RawPath == "" || len(rp) < len(r.URL.RawPath)) { 2111 r2 := new(Request) 2112 *r2 = *r 2113 r2.URL = new(url.URL) 2114 *r2.URL = *r.URL 2115 r2.URL.Path = p 2116 r2.URL.RawPath = rp 2117 h.ServeHTTP(w, r2) 2118 } else { 2119 NotFound(w, r) 2120 } 2121 }) 2122} 2123 2124// Redirect replies to the request with a redirect to url, 2125// which may be a path relative to the request path. 2126// 2127// The provided code should be in the 3xx range and is usually 2128// StatusMovedPermanently, StatusFound or StatusSeeOther. 2129// 2130// If the Content-Type header has not been set, Redirect sets it 2131// to "text/html; charset=utf-8" and writes a small HTML body. 2132// Setting the Content-Type header to any value, including nil, 2133// disables that behavior. 2134func Redirect(w ResponseWriter, r *Request, url string, code int) { 2135 if u, err := urlpkg.Parse(url); err == nil { 2136 // If url was relative, make its path absolute by 2137 // combining with request path. 2138 // The client would probably do this for us, 2139 // but doing it ourselves is more reliable. 2140 // See RFC 7231, section 7.1.2 2141 if u.Scheme == "" && u.Host == "" { 2142 oldpath := r.URL.Path 2143 if oldpath == "" { // should not happen, but avoid a crash if it does 2144 oldpath = "/" 2145 } 2146 2147 // no leading http://server 2148 if url == "" || url[0] != '/' { 2149 // make relative path absolute 2150 olddir, _ := path.Split(oldpath) 2151 url = olddir + url 2152 } 2153 2154 var query string 2155 if i := strings.Index(url, "?"); i != -1 { 2156 url, query = url[:i], url[i:] 2157 } 2158 2159 // clean up but preserve trailing slash 2160 trailing := strings.HasSuffix(url, "/") 2161 url = path.Clean(url) 2162 if trailing && !strings.HasSuffix(url, "/") { 2163 url += "/" 2164 } 2165 url += query 2166 } 2167 } 2168 2169 h := w.Header() 2170 2171 // RFC 7231 notes that a short HTML body is usually included in 2172 // the response because older user agents may not understand 301/307. 2173 // Do it only if the request didn't already have a Content-Type header. 2174 _, hadCT := h["Content-Type"] 2175 2176 h.Set("Location", hexEscapeNonASCII(url)) 2177 if !hadCT && (r.Method == "GET" || r.Method == "HEAD") { 2178 h.Set("Content-Type", "text/html; charset=utf-8") 2179 } 2180 w.WriteHeader(code) 2181 2182 // Shouldn't send the body for POST or HEAD; that leaves GET. 2183 if !hadCT && r.Method == "GET" { 2184 body := "<a href=\"" + htmlEscape(url) + "\">" + statusText[code] + "</a>.\n" 2185 fmt.Fprintln(w, body) 2186 } 2187} 2188 2189var htmlReplacer = strings.NewReplacer( 2190 "&", "&", 2191 "<", "<", 2192 ">", ">", 2193 // """ is shorter than """. 2194 `"`, """, 2195 // "'" is shorter than "'" and apos was not in HTML until HTML5. 2196 "'", "'", 2197) 2198 2199func htmlEscape(s string) string { 2200 return htmlReplacer.Replace(s) 2201} 2202 2203// Redirect to a fixed URL 2204type redirectHandler struct { 2205 url string 2206 code int 2207} 2208 2209func (rh *redirectHandler) ServeHTTP(w ResponseWriter, r *Request) { 2210 Redirect(w, r, rh.url, rh.code) 2211} 2212 2213// RedirectHandler returns a request handler that redirects 2214// each request it receives to the given url using the given 2215// status code. 2216// 2217// The provided code should be in the 3xx range and is usually 2218// StatusMovedPermanently, StatusFound or StatusSeeOther. 2219func RedirectHandler(url string, code int) Handler { 2220 return &redirectHandler{url, code} 2221} 2222 2223// ServeMux is an HTTP request multiplexer. 2224// It matches the URL of each incoming request against a list of registered 2225// patterns and calls the handler for the pattern that 2226// most closely matches the URL. 2227// 2228// Patterns name fixed, rooted paths, like "/favicon.ico", 2229// or rooted subtrees, like "/images/" (note the trailing slash). 2230// Longer patterns take precedence over shorter ones, so that 2231// if there are handlers registered for both "/images/" 2232// and "/images/thumbnails/", the latter handler will be 2233// called for paths beginning "/images/thumbnails/" and the 2234// former will receive requests for any other paths in the 2235// "/images/" subtree. 2236// 2237// Note that since a pattern ending in a slash names a rooted subtree, 2238// the pattern "/" matches all paths not matched by other registered 2239// patterns, not just the URL with Path == "/". 2240// 2241// If a subtree has been registered and a request is received naming the 2242// subtree root without its trailing slash, ServeMux redirects that 2243// request to the subtree root (adding the trailing slash). This behavior can 2244// be overridden with a separate registration for the path without 2245// the trailing slash. For example, registering "/images/" causes ServeMux 2246// to redirect a request for "/images" to "/images/", unless "/images" has 2247// been registered separately. 2248// 2249// Patterns may optionally begin with a host name, restricting matches to 2250// URLs on that host only. Host-specific patterns take precedence over 2251// general patterns, so that a handler might register for the two patterns 2252// "/codesearch" and "codesearch.google.com/" without also taking over 2253// requests for "http://www.google.com/". 2254// 2255// ServeMux also takes care of sanitizing the URL request path and the Host 2256// header, stripping the port number and redirecting any request containing . or 2257// .. elements or repeated slashes to an equivalent, cleaner URL. 2258type ServeMux struct { 2259 mu sync.RWMutex 2260 m map[string]muxEntry 2261 es []muxEntry // slice of entries sorted from longest to shortest. 2262 hosts bool // whether any patterns contain hostnames 2263} 2264 2265type muxEntry struct { 2266 h Handler 2267 pattern string 2268} 2269 2270// NewServeMux allocates and returns a new ServeMux. 2271func NewServeMux() *ServeMux { return new(ServeMux) } 2272 2273// DefaultServeMux is the default ServeMux used by Serve. 2274var DefaultServeMux = &defaultServeMux 2275 2276var defaultServeMux ServeMux 2277 2278// cleanPath returns the canonical path for p, eliminating . and .. elements. 2279func cleanPath(p string) string { 2280 if p == "" { 2281 return "/" 2282 } 2283 if p[0] != '/' { 2284 p = "/" + p 2285 } 2286 np := path.Clean(p) 2287 // path.Clean removes trailing slash except for root; 2288 // put the trailing slash back if necessary. 2289 if p[len(p)-1] == '/' && np != "/" { 2290 // Fast path for common case of p being the string we want: 2291 if len(p) == len(np)+1 && strings.HasPrefix(p, np) { 2292 np = p 2293 } else { 2294 np += "/" 2295 } 2296 } 2297 return np 2298} 2299 2300// stripHostPort returns h without any trailing ":<port>". 2301func stripHostPort(h string) string { 2302 // If no port on host, return unchanged 2303 if strings.IndexByte(h, ':') == -1 { 2304 return h 2305 } 2306 host, _, err := net.SplitHostPort(h) 2307 if err != nil { 2308 return h // on error, return unchanged 2309 } 2310 return host 2311} 2312 2313// Find a handler on a handler map given a path string. 2314// Most-specific (longest) pattern wins. 2315func (mux *ServeMux) match(path string) (h Handler, pattern string) { 2316 // Check for exact match first. 2317 v, ok := mux.m[path] 2318 if ok { 2319 return v.h, v.pattern 2320 } 2321 2322 // Check for longest valid match. mux.es contains all patterns 2323 // that end in / sorted from longest to shortest. 2324 for _, e := range mux.es { 2325 if strings.HasPrefix(path, e.pattern) { 2326 return e.h, e.pattern 2327 } 2328 } 2329 return nil, "" 2330} 2331 2332// redirectToPathSlash determines if the given path needs appending "/" to it. 2333// This occurs when a handler for path + "/" was already registered, but 2334// not for path itself. If the path needs appending to, it creates a new 2335// URL, setting the path to u.Path + "/" and returning true to indicate so. 2336func (mux *ServeMux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) { 2337 mux.mu.RLock() 2338 shouldRedirect := mux.shouldRedirectRLocked(host, path) 2339 mux.mu.RUnlock() 2340 if !shouldRedirect { 2341 return u, false 2342 } 2343 path = path + "/" 2344 u = &url.URL{Path: path, RawQuery: u.RawQuery} 2345 return u, true 2346} 2347 2348// shouldRedirectRLocked reports whether the given path and host should be redirected to 2349// path+"/". This should happen if a handler is registered for path+"/" but 2350// not path -- see comments at ServeMux. 2351func (mux *ServeMux) shouldRedirectRLocked(host, path string) bool { 2352 p := []string{path, host + path} 2353 2354 for _, c := range p { 2355 if _, exist := mux.m[c]; exist { 2356 return false 2357 } 2358 } 2359 2360 n := len(path) 2361 if n == 0 { 2362 return false 2363 } 2364 for _, c := range p { 2365 if _, exist := mux.m[c+"/"]; exist { 2366 return path[n-1] != '/' 2367 } 2368 } 2369 2370 return false 2371} 2372 2373// Handler returns the handler to use for the given request, 2374// consulting r.Method, r.Host, and r.URL.Path. It always returns 2375// a non-nil handler. If the path is not in its canonical form, the 2376// handler will be an internally-generated handler that redirects 2377// to the canonical path. If the host contains a port, it is ignored 2378// when matching handlers. 2379// 2380// The path and host are used unchanged for CONNECT requests. 2381// 2382// Handler also returns the registered pattern that matches the 2383// request or, in the case of internally-generated redirects, 2384// the pattern that will match after following the redirect. 2385// 2386// If there is no registered handler that applies to the request, 2387// Handler returns a ``page not found'' handler and an empty pattern. 2388func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) { 2389 2390 // CONNECT requests are not canonicalized. 2391 if r.Method == "CONNECT" { 2392 // If r.URL.Path is /tree and its handler is not registered, 2393 // the /tree -> /tree/ redirect applies to CONNECT requests 2394 // but the path canonicalization does not. 2395 if u, ok := mux.redirectToPathSlash(r.URL.Host, r.URL.Path, r.URL); ok { 2396 return RedirectHandler(u.String(), StatusMovedPermanently), u.Path 2397 } 2398 2399 return mux.handler(r.Host, r.URL.Path) 2400 } 2401 2402 // All other requests have any port stripped and path cleaned 2403 // before passing to mux.handler. 2404 host := stripHostPort(r.Host) 2405 path := cleanPath(r.URL.Path) 2406 2407 // If the given path is /tree and its handler is not registered, 2408 // redirect for /tree/. 2409 if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok { 2410 return RedirectHandler(u.String(), StatusMovedPermanently), u.Path 2411 } 2412 2413 if path != r.URL.Path { 2414 _, pattern = mux.handler(host, path) 2415 url := *r.URL 2416 url.Path = path 2417 return RedirectHandler(url.String(), StatusMovedPermanently), pattern 2418 } 2419 2420 return mux.handler(host, r.URL.Path) 2421} 2422 2423// handler is the main implementation of Handler. 2424// The path is known to be in canonical form, except for CONNECT methods. 2425func (mux *ServeMux) handler(host, path string) (h Handler, pattern string) { 2426 mux.mu.RLock() 2427 defer mux.mu.RUnlock() 2428 2429 // Host-specific pattern takes precedence over generic ones 2430 if mux.hosts { 2431 h, pattern = mux.match(host + path) 2432 } 2433 if h == nil { 2434 h, pattern = mux.match(path) 2435 } 2436 if h == nil { 2437 h, pattern = NotFoundHandler(), "" 2438 } 2439 return 2440} 2441 2442// ServeHTTP dispatches the request to the handler whose 2443// pattern most closely matches the request URL. 2444func (mux *ServeMux) ServeHTTP(w ResponseWriter, r *Request) { 2445 if r.RequestURI == "*" { 2446 if r.ProtoAtLeast(1, 1) { 2447 w.Header().Set("Connection", "close") 2448 } 2449 w.WriteHeader(StatusBadRequest) 2450 return 2451 } 2452 h, _ := mux.Handler(r) 2453 h.ServeHTTP(w, r) 2454} 2455 2456// Handle registers the handler for the given pattern. 2457// If a handler already exists for pattern, Handle panics. 2458func (mux *ServeMux) Handle(pattern string, handler Handler) { 2459 mux.mu.Lock() 2460 defer mux.mu.Unlock() 2461 2462 if pattern == "" { 2463 panic("http: invalid pattern") 2464 } 2465 if handler == nil { 2466 panic("http: nil handler") 2467 } 2468 if _, exist := mux.m[pattern]; exist { 2469 panic("http: multiple registrations for " + pattern) 2470 } 2471 2472 if mux.m == nil { 2473 mux.m = make(map[string]muxEntry) 2474 } 2475 e := muxEntry{h: handler, pattern: pattern} 2476 mux.m[pattern] = e 2477 if pattern[len(pattern)-1] == '/' { 2478 mux.es = appendSorted(mux.es, e) 2479 } 2480 2481 if pattern[0] != '/' { 2482 mux.hosts = true 2483 } 2484} 2485 2486func appendSorted(es []muxEntry, e muxEntry) []muxEntry { 2487 n := len(es) 2488 i := sort.Search(n, func(i int) bool { 2489 return len(es[i].pattern) < len(e.pattern) 2490 }) 2491 if i == n { 2492 return append(es, e) 2493 } 2494 // we now know that i points at where we want to insert 2495 es = append(es, muxEntry{}) // try to grow the slice in place, any entry works. 2496 copy(es[i+1:], es[i:]) // Move shorter entries down 2497 es[i] = e 2498 return es 2499} 2500 2501// HandleFunc registers the handler function for the given pattern. 2502func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Request)) { 2503 if handler == nil { 2504 panic("http: nil handler") 2505 } 2506 mux.Handle(pattern, HandlerFunc(handler)) 2507} 2508 2509// Handle registers the handler for the given pattern 2510// in the DefaultServeMux. 2511// The documentation for ServeMux explains how patterns are matched. 2512func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) } 2513 2514// HandleFunc registers the handler function for the given pattern 2515// in the DefaultServeMux. 2516// The documentation for ServeMux explains how patterns are matched. 2517func HandleFunc(pattern string, handler func(ResponseWriter, *Request)) { 2518 DefaultServeMux.HandleFunc(pattern, handler) 2519} 2520 2521// Serve accepts incoming HTTP connections on the listener l, 2522// creating a new service goroutine for each. The service goroutines 2523// read requests and then call handler to reply to them. 2524// 2525// The handler is typically nil, in which case the DefaultServeMux is used. 2526// 2527// HTTP/2 support is only enabled if the Listener returns *tls.Conn 2528// connections and they were configured with "h2" in the TLS 2529// Config.NextProtos. 2530// 2531// Serve always returns a non-nil error. 2532func Serve(l net.Listener, handler Handler) error { 2533 srv := &Server{Handler: handler} 2534 return srv.Serve(l) 2535} 2536 2537// ServeTLS accepts incoming HTTPS connections on the listener l, 2538// creating a new service goroutine for each. The service goroutines 2539// read requests and then call handler to reply to them. 2540// 2541// The handler is typically nil, in which case the DefaultServeMux is used. 2542// 2543// Additionally, files containing a certificate and matching private key 2544// for the server must be provided. If the certificate is signed by a 2545// certificate authority, the certFile should be the concatenation 2546// of the server's certificate, any intermediates, and the CA's certificate. 2547// 2548// ServeTLS always returns a non-nil error. 2549func ServeTLS(l net.Listener, handler Handler, certFile, keyFile string) error { 2550 srv := &Server{Handler: handler} 2551 return srv.ServeTLS(l, certFile, keyFile) 2552} 2553 2554// A Server defines parameters for running an HTTP server. 2555// The zero value for Server is a valid configuration. 2556type Server struct { 2557 // Addr optionally specifies the TCP address for the server to listen on, 2558 // in the form "host:port". If empty, ":http" (port 80) is used. 2559 // The service names are defined in RFC 6335 and assigned by IANA. 2560 // See net.Dial for details of the address format. 2561 Addr string 2562 2563 Handler Handler // handler to invoke, http.DefaultServeMux if nil 2564 2565 // TLSConfig optionally provides a TLS configuration for use 2566 // by ServeTLS and ListenAndServeTLS. Note that this value is 2567 // cloned by ServeTLS and ListenAndServeTLS, so it's not 2568 // possible to modify the configuration with methods like 2569 // tls.Config.SetSessionTicketKeys. To use 2570 // SetSessionTicketKeys, use Server.Serve with a TLS Listener 2571 // instead. 2572 TLSConfig *tls.Config 2573 2574 // ReadTimeout is the maximum duration for reading the entire 2575 // request, including the body. 2576 // 2577 // Because ReadTimeout does not let Handlers make per-request 2578 // decisions on each request body's acceptable deadline or 2579 // upload rate, most users will prefer to use 2580 // ReadHeaderTimeout. It is valid to use them both. 2581 ReadTimeout time.Duration 2582 2583 // ReadHeaderTimeout is the amount of time allowed to read 2584 // request headers. The connection's read deadline is reset 2585 // after reading the headers and the Handler can decide what 2586 // is considered too slow for the body. If ReadHeaderTimeout 2587 // is zero, the value of ReadTimeout is used. If both are 2588 // zero, there is no timeout. 2589 ReadHeaderTimeout time.Duration 2590 2591 // WriteTimeout is the maximum duration before timing out 2592 // writes of the response. It is reset whenever a new 2593 // request's header is read. Like ReadTimeout, it does not 2594 // let Handlers make decisions on a per-request basis. 2595 WriteTimeout time.Duration 2596 2597 // IdleTimeout is the maximum amount of time to wait for the 2598 // next request when keep-alives are enabled. If IdleTimeout 2599 // is zero, the value of ReadTimeout is used. If both are 2600 // zero, there is no timeout. 2601 IdleTimeout time.Duration 2602 2603 // MaxHeaderBytes controls the maximum number of bytes the 2604 // server will read parsing the request header's keys and 2605 // values, including the request line. It does not limit the 2606 // size of the request body. 2607 // If zero, DefaultMaxHeaderBytes is used. 2608 MaxHeaderBytes int 2609 2610 // TLSNextProto optionally specifies a function to take over 2611 // ownership of the provided TLS connection when an ALPN 2612 // protocol upgrade has occurred. The map key is the protocol 2613 // name negotiated. The Handler argument should be used to 2614 // handle HTTP requests and will initialize the Request's TLS 2615 // and RemoteAddr if not already set. The connection is 2616 // automatically closed when the function returns. 2617 // If TLSNextProto is not nil, HTTP/2 support is not enabled 2618 // automatically. 2619 TLSNextProto map[string]func(*Server, *tls.Conn, Handler) 2620 2621 // ConnState specifies an optional callback function that is 2622 // called when a client connection changes state. See the 2623 // ConnState type and associated constants for details. 2624 ConnState func(net.Conn, ConnState) 2625 2626 // ErrorLog specifies an optional logger for errors accepting 2627 // connections, unexpected behavior from handlers, and 2628 // underlying FileSystem errors. 2629 // If nil, logging is done via the log package's standard logger. 2630 ErrorLog *log.Logger 2631 2632 // BaseContext optionally specifies a function that returns 2633 // the base context for incoming requests on this server. 2634 // The provided Listener is the specific Listener that's 2635 // about to start accepting requests. 2636 // If BaseContext is nil, the default is context.Background(). 2637 // If non-nil, it must return a non-nil context. 2638 BaseContext func(net.Listener) context.Context 2639 2640 // ConnContext optionally specifies a function that modifies 2641 // the context used for a new connection c. The provided ctx 2642 // is derived from the base context and has a ServerContextKey 2643 // value. 2644 ConnContext func(ctx context.Context, c net.Conn) context.Context 2645 2646 inShutdown atomicBool // true when when server is in shutdown 2647 2648 disableKeepAlives int32 // accessed atomically. 2649 nextProtoOnce sync.Once // guards setupHTTP2_* init 2650 nextProtoErr error // result of http2.ConfigureServer if used 2651 2652 mu sync.Mutex 2653 listeners map[*net.Listener]struct{} 2654 activeConn map[*conn]struct{} 2655 doneChan chan struct{} 2656 onShutdown []func() 2657} 2658 2659func (s *Server) getDoneChan() <-chan struct{} { 2660 s.mu.Lock() 2661 defer s.mu.Unlock() 2662 return s.getDoneChanLocked() 2663} 2664 2665func (s *Server) getDoneChanLocked() chan struct{} { 2666 if s.doneChan == nil { 2667 s.doneChan = make(chan struct{}) 2668 } 2669 return s.doneChan 2670} 2671 2672func (s *Server) closeDoneChanLocked() { 2673 ch := s.getDoneChanLocked() 2674 select { 2675 case <-ch: 2676 // Already closed. Don't close again. 2677 default: 2678 // Safe to close here. We're the only closer, guarded 2679 // by s.mu. 2680 close(ch) 2681 } 2682} 2683 2684// Close immediately closes all active net.Listeners and any 2685// connections in state StateNew, StateActive, or StateIdle. For a 2686// graceful shutdown, use Shutdown. 2687// 2688// Close does not attempt to close (and does not even know about) 2689// any hijacked connections, such as WebSockets. 2690// 2691// Close returns any error returned from closing the Server's 2692// underlying Listener(s). 2693func (srv *Server) Close() error { 2694 srv.inShutdown.setTrue() 2695 srv.mu.Lock() 2696 defer srv.mu.Unlock() 2697 srv.closeDoneChanLocked() 2698 err := srv.closeListenersLocked() 2699 for c := range srv.activeConn { 2700 c.rwc.Close() 2701 delete(srv.activeConn, c) 2702 } 2703 return err 2704} 2705 2706// shutdownPollIntervalMax is the max polling interval when checking 2707// quiescence during Server.Shutdown. Polling starts with a small 2708// interval and backs off to the max. 2709// Ideally we could find a solution that doesn't involve polling, 2710// but which also doesn't have a high runtime cost (and doesn't 2711// involve any contentious mutexes), but that is left as an 2712// exercise for the reader. 2713const shutdownPollIntervalMax = 500 * time.Millisecond 2714 2715// Shutdown gracefully shuts down the server without interrupting any 2716// active connections. Shutdown works by first closing all open 2717// listeners, then closing all idle connections, and then waiting 2718// indefinitely for connections to return to idle and then shut down. 2719// If the provided context expires before the shutdown is complete, 2720// Shutdown returns the context's error, otherwise it returns any 2721// error returned from closing the Server's underlying Listener(s). 2722// 2723// When Shutdown is called, Serve, ListenAndServe, and 2724// ListenAndServeTLS immediately return ErrServerClosed. Make sure the 2725// program doesn't exit and waits instead for Shutdown to return. 2726// 2727// Shutdown does not attempt to close nor wait for hijacked 2728// connections such as WebSockets. The caller of Shutdown should 2729// separately notify such long-lived connections of shutdown and wait 2730// for them to close, if desired. See RegisterOnShutdown for a way to 2731// register shutdown notification functions. 2732// 2733// Once Shutdown has been called on a server, it may not be reused; 2734// future calls to methods such as Serve will return ErrServerClosed. 2735func (srv *Server) Shutdown(ctx context.Context) error { 2736 srv.inShutdown.setTrue() 2737 2738 srv.mu.Lock() 2739 lnerr := srv.closeListenersLocked() 2740 srv.closeDoneChanLocked() 2741 for _, f := range srv.onShutdown { 2742 go f() 2743 } 2744 srv.mu.Unlock() 2745 2746 pollIntervalBase := time.Millisecond 2747 nextPollInterval := func() time.Duration { 2748 // Add 10% jitter. 2749 interval := pollIntervalBase + time.Duration(rand.Intn(int(pollIntervalBase/10))) 2750 // Double and clamp for next time. 2751 pollIntervalBase *= 2 2752 if pollIntervalBase > shutdownPollIntervalMax { 2753 pollIntervalBase = shutdownPollIntervalMax 2754 } 2755 return interval 2756 } 2757 2758 timer := time.NewTimer(nextPollInterval()) 2759 defer timer.Stop() 2760 for { 2761 if srv.closeIdleConns() && srv.numListeners() == 0 { 2762 return lnerr 2763 } 2764 select { 2765 case <-ctx.Done(): 2766 return ctx.Err() 2767 case <-timer.C: 2768 timer.Reset(nextPollInterval()) 2769 } 2770 } 2771} 2772 2773// RegisterOnShutdown registers a function to call on Shutdown. 2774// This can be used to gracefully shutdown connections that have 2775// undergone ALPN protocol upgrade or that have been hijacked. 2776// This function should start protocol-specific graceful shutdown, 2777// but should not wait for shutdown to complete. 2778func (srv *Server) RegisterOnShutdown(f func()) { 2779 srv.mu.Lock() 2780 srv.onShutdown = append(srv.onShutdown, f) 2781 srv.mu.Unlock() 2782} 2783 2784func (s *Server) numListeners() int { 2785 s.mu.Lock() 2786 defer s.mu.Unlock() 2787 return len(s.listeners) 2788} 2789 2790// closeIdleConns closes all idle connections and reports whether the 2791// server is quiescent. 2792func (s *Server) closeIdleConns() bool { 2793 s.mu.Lock() 2794 defer s.mu.Unlock() 2795 quiescent := true 2796 for c := range s.activeConn { 2797 st, unixSec := c.getState() 2798 // Issue 22682: treat StateNew connections as if 2799 // they're idle if we haven't read the first request's 2800 // header in over 5 seconds. 2801 if st == StateNew && unixSec < time.Now().Unix()-5 { 2802 st = StateIdle 2803 } 2804 if st != StateIdle || unixSec == 0 { 2805 // Assume unixSec == 0 means it's a very new 2806 // connection, without state set yet. 2807 quiescent = false 2808 continue 2809 } 2810 c.rwc.Close() 2811 delete(s.activeConn, c) 2812 } 2813 return quiescent 2814} 2815 2816func (s *Server) closeListenersLocked() error { 2817 var err error 2818 for ln := range s.listeners { 2819 if cerr := (*ln).Close(); cerr != nil && err == nil { 2820 err = cerr 2821 } 2822 } 2823 return err 2824} 2825 2826// A ConnState represents the state of a client connection to a server. 2827// It's used by the optional Server.ConnState hook. 2828type ConnState int 2829 2830const ( 2831 // StateNew represents a new connection that is expected to 2832 // send a request immediately. Connections begin at this 2833 // state and then transition to either StateActive or 2834 // StateClosed. 2835 StateNew ConnState = iota 2836 2837 // StateActive represents a connection that has read 1 or more 2838 // bytes of a request. The Server.ConnState hook for 2839 // StateActive fires before the request has entered a handler 2840 // and doesn't fire again until the request has been 2841 // handled. After the request is handled, the state 2842 // transitions to StateClosed, StateHijacked, or StateIdle. 2843 // For HTTP/2, StateActive fires on the transition from zero 2844 // to one active request, and only transitions away once all 2845 // active requests are complete. That means that ConnState 2846 // cannot be used to do per-request work; ConnState only notes 2847 // the overall state of the connection. 2848 StateActive 2849 2850 // StateIdle represents a connection that has finished 2851 // handling a request and is in the keep-alive state, waiting 2852 // for a new request. Connections transition from StateIdle 2853 // to either StateActive or StateClosed. 2854 StateIdle 2855 2856 // StateHijacked represents a hijacked connection. 2857 // This is a terminal state. It does not transition to StateClosed. 2858 StateHijacked 2859 2860 // StateClosed represents a closed connection. 2861 // This is a terminal state. Hijacked connections do not 2862 // transition to StateClosed. 2863 StateClosed 2864) 2865 2866var stateName = map[ConnState]string{ 2867 StateNew: "new", 2868 StateActive: "active", 2869 StateIdle: "idle", 2870 StateHijacked: "hijacked", 2871 StateClosed: "closed", 2872} 2873 2874func (c ConnState) String() string { 2875 return stateName[c] 2876} 2877 2878// serverHandler delegates to either the server's Handler or 2879// DefaultServeMux and also handles "OPTIONS *" requests. 2880type serverHandler struct { 2881 srv *Server 2882} 2883 2884func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request) { 2885 handler := sh.srv.Handler 2886 if handler == nil { 2887 handler = DefaultServeMux 2888 } 2889 if req.RequestURI == "*" && req.Method == "OPTIONS" { 2890 handler = globalOptionsHandler{} 2891 } 2892 handler.ServeHTTP(rw, req) 2893} 2894 2895// ListenAndServe listens on the TCP network address srv.Addr and then 2896// calls Serve to handle requests on incoming connections. 2897// Accepted connections are configured to enable TCP keep-alives. 2898// 2899// If srv.Addr is blank, ":http" is used. 2900// 2901// ListenAndServe always returns a non-nil error. After Shutdown or Close, 2902// the returned error is ErrServerClosed. 2903func (srv *Server) ListenAndServe() error { 2904 if srv.shuttingDown() { 2905 return ErrServerClosed 2906 } 2907 addr := srv.Addr 2908 if addr == "" { 2909 addr = ":http" 2910 } 2911 ln, err := net.Listen("tcp", addr) 2912 if err != nil { 2913 return err 2914 } 2915 return srv.Serve(ln) 2916} 2917 2918var testHookServerServe func(*Server, net.Listener) // used if non-nil 2919 2920// shouldDoServeHTTP2 reports whether Server.Serve should configure 2921// automatic HTTP/2. (which sets up the srv.TLSNextProto map) 2922func (srv *Server) shouldConfigureHTTP2ForServe() bool { 2923 if srv.TLSConfig == nil { 2924 // Compatibility with Go 1.6: 2925 // If there's no TLSConfig, it's possible that the user just 2926 // didn't set it on the http.Server, but did pass it to 2927 // tls.NewListener and passed that listener to Serve. 2928 // So we should configure HTTP/2 (to set up srv.TLSNextProto) 2929 // in case the listener returns an "h2" *tls.Conn. 2930 return true 2931 } 2932 // The user specified a TLSConfig on their http.Server. 2933 // In this, case, only configure HTTP/2 if their tls.Config 2934 // explicitly mentions "h2". Otherwise http2.ConfigureServer 2935 // would modify the tls.Config to add it, but they probably already 2936 // passed this tls.Config to tls.NewListener. And if they did, 2937 // it's too late anyway to fix it. It would only be potentially racy. 2938 // See Issue 15908. 2939 return strSliceContains(srv.TLSConfig.NextProtos, http2NextProtoTLS) 2940} 2941 2942// ErrServerClosed is returned by the Server's Serve, ServeTLS, ListenAndServe, 2943// and ListenAndServeTLS methods after a call to Shutdown or Close. 2944var ErrServerClosed = errors.New("http: Server closed") 2945 2946// Serve accepts incoming connections on the Listener l, creating a 2947// new service goroutine for each. The service goroutines read requests and 2948// then call srv.Handler to reply to them. 2949// 2950// HTTP/2 support is only enabled if the Listener returns *tls.Conn 2951// connections and they were configured with "h2" in the TLS 2952// Config.NextProtos. 2953// 2954// Serve always returns a non-nil error and closes l. 2955// After Shutdown or Close, the returned error is ErrServerClosed. 2956func (srv *Server) Serve(l net.Listener) error { 2957 if fn := testHookServerServe; fn != nil { 2958 fn(srv, l) // call hook with unwrapped listener 2959 } 2960 2961 origListener := l 2962 l = &onceCloseListener{Listener: l} 2963 defer l.Close() 2964 2965 if err := srv.setupHTTP2_Serve(); err != nil { 2966 return err 2967 } 2968 2969 if !srv.trackListener(&l, true) { 2970 return ErrServerClosed 2971 } 2972 defer srv.trackListener(&l, false) 2973 2974 baseCtx := context.Background() 2975 if srv.BaseContext != nil { 2976 baseCtx = srv.BaseContext(origListener) 2977 if baseCtx == nil { 2978 panic("BaseContext returned a nil context") 2979 } 2980 } 2981 2982 var tempDelay time.Duration // how long to sleep on accept failure 2983 2984 ctx := context.WithValue(baseCtx, ServerContextKey, srv) 2985 for { 2986 rw, err := l.Accept() 2987 if err != nil { 2988 select { 2989 case <-srv.getDoneChan(): 2990 return ErrServerClosed 2991 default: 2992 } 2993 if ne, ok := err.(net.Error); ok && ne.Temporary() { 2994 if tempDelay == 0 { 2995 tempDelay = 5 * time.Millisecond 2996 } else { 2997 tempDelay *= 2 2998 } 2999 if max := 1 * time.Second; tempDelay > max { 3000 tempDelay = max 3001 } 3002 srv.logf("http: Accept error: %v; retrying in %v", err, tempDelay) 3003 time.Sleep(tempDelay) 3004 continue 3005 } 3006 return err 3007 } 3008 connCtx := ctx 3009 if cc := srv.ConnContext; cc != nil { 3010 connCtx = cc(connCtx, rw) 3011 if connCtx == nil { 3012 panic("ConnContext returned nil") 3013 } 3014 } 3015 tempDelay = 0 3016 c := srv.newConn(rw) 3017 c.setState(c.rwc, StateNew, runHooks) // before Serve can return 3018 go c.serve(connCtx) 3019 } 3020} 3021 3022// ServeTLS accepts incoming connections on the Listener l, creating a 3023// new service goroutine for each. The service goroutines perform TLS 3024// setup and then read requests, calling srv.Handler to reply to them. 3025// 3026// Files containing a certificate and matching private key for the 3027// server must be provided if neither the Server's 3028// TLSConfig.Certificates nor TLSConfig.GetCertificate are populated. 3029// If the certificate is signed by a certificate authority, the 3030// certFile should be the concatenation of the server's certificate, 3031// any intermediates, and the CA's certificate. 3032// 3033// ServeTLS always returns a non-nil error. After Shutdown or Close, the 3034// returned error is ErrServerClosed. 3035func (srv *Server) ServeTLS(l net.Listener, certFile, keyFile string) error { 3036 // Setup HTTP/2 before srv.Serve, to initialize srv.TLSConfig 3037 // before we clone it and create the TLS Listener. 3038 if err := srv.setupHTTP2_ServeTLS(); err != nil { 3039 return err 3040 } 3041 3042 config := cloneTLSConfig(srv.TLSConfig) 3043 if !strSliceContains(config.NextProtos, "http/1.1") { 3044 config.NextProtos = append(config.NextProtos, "http/1.1") 3045 } 3046 3047 configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil 3048 if !configHasCert || certFile != "" || keyFile != "" { 3049 var err error 3050 config.Certificates = make([]tls.Certificate, 1) 3051 config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) 3052 if err != nil { 3053 return err 3054 } 3055 } 3056 3057 tlsListener := tls.NewListener(l, config) 3058 return srv.Serve(tlsListener) 3059} 3060 3061// trackListener adds or removes a net.Listener to the set of tracked 3062// listeners. 3063// 3064// We store a pointer to interface in the map set, in case the 3065// net.Listener is not comparable. This is safe because we only call 3066// trackListener via Serve and can track+defer untrack the same 3067// pointer to local variable there. We never need to compare a 3068// Listener from another caller. 3069// 3070// It reports whether the server is still up (not Shutdown or Closed). 3071func (s *Server) trackListener(ln *net.Listener, add bool) bool { 3072 s.mu.Lock() 3073 defer s.mu.Unlock() 3074 if s.listeners == nil { 3075 s.listeners = make(map[*net.Listener]struct{}) 3076 } 3077 if add { 3078 if s.shuttingDown() { 3079 return false 3080 } 3081 s.listeners[ln] = struct{}{} 3082 } else { 3083 delete(s.listeners, ln) 3084 } 3085 return true 3086} 3087 3088func (s *Server) trackConn(c *conn, add bool) { 3089 s.mu.Lock() 3090 defer s.mu.Unlock() 3091 if s.activeConn == nil { 3092 s.activeConn = make(map[*conn]struct{}) 3093 } 3094 if add { 3095 s.activeConn[c] = struct{}{} 3096 } else { 3097 delete(s.activeConn, c) 3098 } 3099} 3100 3101func (s *Server) idleTimeout() time.Duration { 3102 if s.IdleTimeout != 0 { 3103 return s.IdleTimeout 3104 } 3105 return s.ReadTimeout 3106} 3107 3108func (s *Server) readHeaderTimeout() time.Duration { 3109 if s.ReadHeaderTimeout != 0 { 3110 return s.ReadHeaderTimeout 3111 } 3112 return s.ReadTimeout 3113} 3114 3115func (s *Server) doKeepAlives() bool { 3116 return atomic.LoadInt32(&s.disableKeepAlives) == 0 && !s.shuttingDown() 3117} 3118 3119func (s *Server) shuttingDown() bool { 3120 return s.inShutdown.isSet() 3121} 3122 3123// SetKeepAlivesEnabled controls whether HTTP keep-alives are enabled. 3124// By default, keep-alives are always enabled. Only very 3125// resource-constrained environments or servers in the process of 3126// shutting down should disable them. 3127func (srv *Server) SetKeepAlivesEnabled(v bool) { 3128 if v { 3129 atomic.StoreInt32(&srv.disableKeepAlives, 0) 3130 return 3131 } 3132 atomic.StoreInt32(&srv.disableKeepAlives, 1) 3133 3134 // Close idle HTTP/1 conns: 3135 srv.closeIdleConns() 3136 3137 // TODO: Issue 26303: close HTTP/2 conns as soon as they become idle. 3138} 3139 3140func (s *Server) logf(format string, args ...interface{}) { 3141 if s.ErrorLog != nil { 3142 s.ErrorLog.Printf(format, args...) 3143 } else { 3144 log.Printf(format, args...) 3145 } 3146} 3147 3148// logf prints to the ErrorLog of the *Server associated with request r 3149// via ServerContextKey. If there's no associated server, or if ErrorLog 3150// is nil, logging is done via the log package's standard logger. 3151func logf(r *Request, format string, args ...interface{}) { 3152 s, _ := r.Context().Value(ServerContextKey).(*Server) 3153 if s != nil && s.ErrorLog != nil { 3154 s.ErrorLog.Printf(format, args...) 3155 } else { 3156 log.Printf(format, args...) 3157 } 3158} 3159 3160// ListenAndServe listens on the TCP network address addr and then calls 3161// Serve with handler to handle requests on incoming connections. 3162// Accepted connections are configured to enable TCP keep-alives. 3163// 3164// The handler is typically nil, in which case the DefaultServeMux is used. 3165// 3166// ListenAndServe always returns a non-nil error. 3167func ListenAndServe(addr string, handler Handler) error { 3168 server := &Server{Addr: addr, Handler: handler} 3169 return server.ListenAndServe() 3170} 3171 3172// ListenAndServeTLS acts identically to ListenAndServe, except that it 3173// expects HTTPS connections. Additionally, files containing a certificate and 3174// matching private key for the server must be provided. If the certificate 3175// is signed by a certificate authority, the certFile should be the concatenation 3176// of the server's certificate, any intermediates, and the CA's certificate. 3177func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error { 3178 server := &Server{Addr: addr, Handler: handler} 3179 return server.ListenAndServeTLS(certFile, keyFile) 3180} 3181 3182// ListenAndServeTLS listens on the TCP network address srv.Addr and 3183// then calls ServeTLS to handle requests on incoming TLS connections. 3184// Accepted connections are configured to enable TCP keep-alives. 3185// 3186// Filenames containing a certificate and matching private key for the 3187// server must be provided if neither the Server's TLSConfig.Certificates 3188// nor TLSConfig.GetCertificate are populated. If the certificate is 3189// signed by a certificate authority, the certFile should be the 3190// concatenation of the server's certificate, any intermediates, and 3191// the CA's certificate. 3192// 3193// If srv.Addr is blank, ":https" is used. 3194// 3195// ListenAndServeTLS always returns a non-nil error. After Shutdown or 3196// Close, the returned error is ErrServerClosed. 3197func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error { 3198 if srv.shuttingDown() { 3199 return ErrServerClosed 3200 } 3201 addr := srv.Addr 3202 if addr == "" { 3203 addr = ":https" 3204 } 3205 3206 ln, err := net.Listen("tcp", addr) 3207 if err != nil { 3208 return err 3209 } 3210 3211 defer ln.Close() 3212 3213 return srv.ServeTLS(ln, certFile, keyFile) 3214} 3215 3216// setupHTTP2_ServeTLS conditionally configures HTTP/2 on 3217// srv and reports whether there was an error setting it up. If it is 3218// not configured for policy reasons, nil is returned. 3219func (srv *Server) setupHTTP2_ServeTLS() error { 3220 srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults) 3221 return srv.nextProtoErr 3222} 3223 3224// setupHTTP2_Serve is called from (*Server).Serve and conditionally 3225// configures HTTP/2 on srv using a more conservative policy than 3226// setupHTTP2_ServeTLS because Serve is called after tls.Listen, 3227// and may be called concurrently. See shouldConfigureHTTP2ForServe. 3228// 3229// The tests named TestTransportAutomaticHTTP2* and 3230// TestConcurrentServerServe in server_test.go demonstrate some 3231// of the supported use cases and motivations. 3232func (srv *Server) setupHTTP2_Serve() error { 3233 srv.nextProtoOnce.Do(srv.onceSetNextProtoDefaults_Serve) 3234 return srv.nextProtoErr 3235} 3236 3237func (srv *Server) onceSetNextProtoDefaults_Serve() { 3238 if srv.shouldConfigureHTTP2ForServe() { 3239 srv.onceSetNextProtoDefaults() 3240 } 3241} 3242 3243// onceSetNextProtoDefaults configures HTTP/2, if the user hasn't 3244// configured otherwise. (by setting srv.TLSNextProto non-nil) 3245// It must only be called via srv.nextProtoOnce (use srv.setupHTTP2_*). 3246func (srv *Server) onceSetNextProtoDefaults() { 3247 if omitBundledHTTP2 || strings.Contains(os.Getenv("GODEBUG"), "http2server=0") { 3248 return 3249 } 3250 // Enable HTTP/2 by default if the user hasn't otherwise 3251 // configured their TLSNextProto map. 3252 if srv.TLSNextProto == nil { 3253 conf := &http2Server{ 3254 NewWriteScheduler: func() http2WriteScheduler { return http2NewPriorityWriteScheduler(nil) }, 3255 } 3256 srv.nextProtoErr = http2ConfigureServer(srv, conf) 3257 } 3258} 3259 3260// TimeoutHandler returns a Handler that runs h with the given time limit. 3261// 3262// The new Handler calls h.ServeHTTP to handle each request, but if a 3263// call runs for longer than its time limit, the handler responds with 3264// a 503 Service Unavailable error and the given message in its body. 3265// (If msg is empty, a suitable default message will be sent.) 3266// After such a timeout, writes by h to its ResponseWriter will return 3267// ErrHandlerTimeout. 3268// 3269// TimeoutHandler supports the Pusher interface but does not support 3270// the Hijacker or Flusher interfaces. 3271func TimeoutHandler(h Handler, dt time.Duration, msg string) Handler { 3272 return &timeoutHandler{ 3273 handler: h, 3274 body: msg, 3275 dt: dt, 3276 } 3277} 3278 3279// ErrHandlerTimeout is returned on ResponseWriter Write calls 3280// in handlers which have timed out. 3281var ErrHandlerTimeout = errors.New("http: Handler timeout") 3282 3283type timeoutHandler struct { 3284 handler Handler 3285 body string 3286 dt time.Duration 3287 3288 // When set, no context will be created and this context will 3289 // be used instead. 3290 testContext context.Context 3291} 3292 3293func (h *timeoutHandler) errorBody() string { 3294 if h.body != "" { 3295 return h.body 3296 } 3297 return "<html><head><title>Timeout</title></head><body><h1>Timeout</h1></body></html>" 3298} 3299 3300func (h *timeoutHandler) ServeHTTP(w ResponseWriter, r *Request) { 3301 ctx := h.testContext 3302 if ctx == nil { 3303 var cancelCtx context.CancelFunc 3304 ctx, cancelCtx = context.WithTimeout(r.Context(), h.dt) 3305 defer cancelCtx() 3306 } 3307 r = r.WithContext(ctx) 3308 done := make(chan struct{}) 3309 tw := &timeoutWriter{ 3310 w: w, 3311 h: make(Header), 3312 req: r, 3313 } 3314 panicChan := make(chan interface{}, 1) 3315 go func() { 3316 defer func() { 3317 if p := recover(); p != nil { 3318 panicChan <- p 3319 } 3320 }() 3321 h.handler.ServeHTTP(tw, r) 3322 close(done) 3323 }() 3324 select { 3325 case p := <-panicChan: 3326 panic(p) 3327 case <-done: 3328 tw.mu.Lock() 3329 defer tw.mu.Unlock() 3330 dst := w.Header() 3331 for k, vv := range tw.h { 3332 dst[k] = vv 3333 } 3334 if !tw.wroteHeader { 3335 tw.code = StatusOK 3336 } 3337 w.WriteHeader(tw.code) 3338 w.Write(tw.wbuf.Bytes()) 3339 case <-ctx.Done(): 3340 tw.mu.Lock() 3341 defer tw.mu.Unlock() 3342 w.WriteHeader(StatusServiceUnavailable) 3343 io.WriteString(w, h.errorBody()) 3344 tw.timedOut = true 3345 } 3346} 3347 3348type timeoutWriter struct { 3349 w ResponseWriter 3350 h Header 3351 wbuf bytes.Buffer 3352 req *Request 3353 3354 mu sync.Mutex 3355 timedOut bool 3356 wroteHeader bool 3357 code int 3358} 3359 3360var _ Pusher = (*timeoutWriter)(nil) 3361 3362// Push implements the Pusher interface. 3363func (tw *timeoutWriter) Push(target string, opts *PushOptions) error { 3364 if pusher, ok := tw.w.(Pusher); ok { 3365 return pusher.Push(target, opts) 3366 } 3367 return ErrNotSupported 3368} 3369 3370func (tw *timeoutWriter) Header() Header { return tw.h } 3371 3372func (tw *timeoutWriter) Write(p []byte) (int, error) { 3373 tw.mu.Lock() 3374 defer tw.mu.Unlock() 3375 if tw.timedOut { 3376 return 0, ErrHandlerTimeout 3377 } 3378 if !tw.wroteHeader { 3379 tw.writeHeaderLocked(StatusOK) 3380 } 3381 return tw.wbuf.Write(p) 3382} 3383 3384func (tw *timeoutWriter) writeHeaderLocked(code int) { 3385 checkWriteHeaderCode(code) 3386 3387 switch { 3388 case tw.timedOut: 3389 return 3390 case tw.wroteHeader: 3391 if tw.req != nil { 3392 caller := relevantCaller() 3393 logf(tw.req, "http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line) 3394 } 3395 default: 3396 tw.wroteHeader = true 3397 tw.code = code 3398 } 3399} 3400 3401func (tw *timeoutWriter) WriteHeader(code int) { 3402 tw.mu.Lock() 3403 defer tw.mu.Unlock() 3404 tw.writeHeaderLocked(code) 3405} 3406 3407// onceCloseListener wraps a net.Listener, protecting it from 3408// multiple Close calls. 3409type onceCloseListener struct { 3410 net.Listener 3411 once sync.Once 3412 closeErr error 3413} 3414 3415func (oc *onceCloseListener) Close() error { 3416 oc.once.Do(oc.close) 3417 return oc.closeErr 3418} 3419 3420func (oc *onceCloseListener) close() { oc.closeErr = oc.Listener.Close() } 3421 3422// globalOptionsHandler responds to "OPTIONS *" requests. 3423type globalOptionsHandler struct{} 3424 3425func (globalOptionsHandler) ServeHTTP(w ResponseWriter, r *Request) { 3426 w.Header().Set("Content-Length", "0") 3427 if r.ContentLength != 0 { 3428 // Read up to 4KB of OPTIONS body (as mentioned in the 3429 // spec as being reserved for future use), but anything 3430 // over that is considered a waste of server resources 3431 // (or an attack) and we abort and close the connection, 3432 // courtesy of MaxBytesReader's EOF behavior. 3433 mb := MaxBytesReader(w, r.Body, 4<<10) 3434 io.Copy(io.Discard, mb) 3435 } 3436} 3437 3438// initALPNRequest is an HTTP handler that initializes certain 3439// uninitialized fields in its *Request. Such partially-initialized 3440// Requests come from ALPN protocol handlers. 3441type initALPNRequest struct { 3442 ctx context.Context 3443 c *tls.Conn 3444 h serverHandler 3445} 3446 3447// BaseContext is an exported but unadvertised http.Handler method 3448// recognized by x/net/http2 to pass down a context; the TLSNextProto 3449// API predates context support so we shoehorn through the only 3450// interface we have available. 3451func (h initALPNRequest) BaseContext() context.Context { return h.ctx } 3452 3453func (h initALPNRequest) ServeHTTP(rw ResponseWriter, req *Request) { 3454 if req.TLS == nil { 3455 req.TLS = &tls.ConnectionState{} 3456 *req.TLS = h.c.ConnectionState() 3457 } 3458 if req.Body == nil { 3459 req.Body = NoBody 3460 } 3461 if req.RemoteAddr == "" { 3462 req.RemoteAddr = h.c.RemoteAddr().String() 3463 } 3464 h.h.ServeHTTP(rw, req) 3465} 3466 3467// loggingConn is used for debugging. 3468type loggingConn struct { 3469 name string 3470 net.Conn 3471} 3472 3473var ( 3474 uniqNameMu sync.Mutex 3475 uniqNameNext = make(map[string]int) 3476) 3477 3478func newLoggingConn(baseName string, c net.Conn) net.Conn { 3479 uniqNameMu.Lock() 3480 defer uniqNameMu.Unlock() 3481 uniqNameNext[baseName]++ 3482 return &loggingConn{ 3483 name: fmt.Sprintf("%s-%d", baseName, uniqNameNext[baseName]), 3484 Conn: c, 3485 } 3486} 3487 3488func (c *loggingConn) Write(p []byte) (n int, err error) { 3489 log.Printf("%s.Write(%d) = ....", c.name, len(p)) 3490 n, err = c.Conn.Write(p) 3491 log.Printf("%s.Write(%d) = %d, %v", c.name, len(p), n, err) 3492 return 3493} 3494 3495func (c *loggingConn) Read(p []byte) (n int, err error) { 3496 log.Printf("%s.Read(%d) = ....", c.name, len(p)) 3497 n, err = c.Conn.Read(p) 3498 log.Printf("%s.Read(%d) = %d, %v", c.name, len(p), n, err) 3499 return 3500} 3501 3502func (c *loggingConn) Close() (err error) { 3503 log.Printf("%s.Close() = ...", c.name) 3504 err = c.Conn.Close() 3505 log.Printf("%s.Close() = %v", c.name, err) 3506 return 3507} 3508 3509// checkConnErrorWriter writes to c.rwc and records any write errors to c.werr. 3510// It only contains one field (and a pointer field at that), so it 3511// fits in an interface value without an extra allocation. 3512type checkConnErrorWriter struct { 3513 c *conn 3514} 3515 3516func (w checkConnErrorWriter) Write(p []byte) (n int, err error) { 3517 n, err = w.c.rwc.Write(p) 3518 if err != nil && w.c.werr == nil { 3519 w.c.werr = err 3520 w.c.cancelCtx() 3521 } 3522 return 3523} 3524 3525func numLeadingCRorLF(v []byte) (n int) { 3526 for _, b := range v { 3527 if b == '\r' || b == '\n' { 3528 n++ 3529 continue 3530 } 3531 break 3532 } 3533 return 3534 3535} 3536 3537func strSliceContains(ss []string, s string) bool { 3538 for _, v := range ss { 3539 if v == s { 3540 return true 3541 } 3542 } 3543 return false 3544} 3545 3546// tlsRecordHeaderLooksLikeHTTP reports whether a TLS record header 3547// looks like it might've been a misdirected plaintext HTTP request. 3548func tlsRecordHeaderLooksLikeHTTP(hdr [5]byte) bool { 3549 switch string(hdr[:]) { 3550 case "GET /", "HEAD ", "POST ", "PUT /", "OPTIO": 3551 return true 3552 } 3553 return false 3554} 3555