Refactor the webserver server class to separate the HTTP and HTTPS

implementation, and gather all server settings in the new
server_settings and ssl_server_settings.

Author: gaudryc

History.txt

@@ -43,6 +43,7 @@ Version 2.4xxx
 - Changed: OpenZwave, kWh sensor now maybe compatible with more hardware
 - Changed: OpenZwave, not sending cold-white in the colorclass, solved issues on different Zipato bulbs
 - Changed: OpenZWave, Renamed internally 'Color Control' to 'Color"
+- Changed: Webserver, Refactor the webserver server class to separate the HTTP and HTTPS implementation, and gather all server settings in the new server_settings and ssl_server_settings.
 - Fixed: Alert Sensor, displaying sValue again
 - Fixed: Blockly, Set user variables (you need to resave your blockly's)
 - Fixed: Blockly, string uservariables where saved with quotes when not using with set-after

main/WebServer.cpp

@@ -148,34 +148,27 @@ namespace http {
 				{
 					if (!m_bDoStop)
 					{
-						if (!m_bIsSecure)
-							_log.Log(LOG_ERROR, "WebServer(HTTP) stopped by exception, starting again..., %s",e.what());
-						else
-							_log.Log(LOG_ERROR, "WebServer(SSL) stopped by exception, starting again..., %s", e.what());
-						if (m_pWebEm)
+						_log.Log(LOG_ERROR, "WebServer(%s) stopped by exception, starting again..., %s", m_server_alias.c_str(), e.what());
+						if (m_pWebEm) {
 							m_pWebEm->Stop();
+						}
 						continue;
 					}
 				}
 				catch (...)
 				{
 					if (!m_bDoStop)
 					{
-						if (!m_bIsSecure)
-							_log.Log(LOG_ERROR, "WebServer(HTTP) stopped by exception, starting again...");
-						else
-							_log.Log(LOG_ERROR, "WebServer(SSL) stopped by exception, starting again...");
-						if (m_pWebEm)
+						_log.Log(LOG_ERROR, "WebServer(%s) stopped by exception, starting again...", m_server_alias.c_str());
+						if (m_pWebEm) {
 							m_pWebEm->Stop();
+						}
 						continue;
 					}
 				}
 				break;
 			}
-			if (!m_bIsSecure)
-				_log.Log(LOG_STATUS, "WebServer(HTTP) stopped...");
-			else
-				_log.Log(LOG_STATUS, "WebServer(SSL) stopped...");
+			_log.Log(LOG_STATUS, "WebServer(%s) stopped...", m_server_alias.c_str());
 		}
 
 		void CWebServer::ReloadCustomSwitchIcons()
@@ -273,66 +266,55 @@ namespace http {
 			}
 		}
 
-		bool CWebServer::StartServer(const std::string &listenaddress, const std::string &listenport, const std::string &serverpath, const bool bIgnoreUsernamePassword, const std::string &secure_cert_file, const std::string &secure_cert_passphrase)
+		bool CWebServer::StartServer(const server_settings & settings, const std::string &serverpath, const bool bIgnoreUsernamePassword)
 		{
+			m_server_alias = (settings.is_secure() == true) ? "SSL" : "HTTP";
+
 			StopServer();
 
-			if (listenport.empty())
+			if (settings.listening_port.empty())
 				return true;
 
 			ReloadCustomSwitchIcons();
 
 			if (m_pWebEm != NULL)
 				delete m_pWebEm;
 
-			m_bIsSecure = !secure_cert_file.empty();
-
 			int tries = 0;
 			bool exception = false;
-			std::string listen_address = listenaddress;
 
+			server_settings * settings_copy = settings.clone(); // copy to change listening address
+			//_log.Log(LOG_STATUS, "CWebServer::StartServer() : settings_copy : %s", settings_copy->to_string().c_str());
 			do {
 				try {
 					exception = false;
-					m_pWebEm = new http::server::cWebem(
-						listen_address.c_str(),						// address
-						listenport.c_str(),							// port
-						serverpath.c_str(), secure_cert_file, secure_cert_passphrase);
+					m_pWebEm = new http::server::cWebem(*settings_copy, serverpath.c_str());
 				}
 				catch (std::exception& e) {
 					exception = true;
 					switch (tries) {
 					case 0:
-						listen_address = "::";
+						settings_copy->listening_address = "::";
 						break;
 					case 1:
-						listen_address = "0.0.0.0";
+						settings_copy->listening_address = "0.0.0.0";
 						break;
 					case 2:
 						_log.Log(LOG_ERROR, "Failed to start the web server: %s", e.what());
-						if (atoi(listenport.c_str()) < 1024)
+						if (atoi(settings_copy->listening_port.c_str()) < 1024)
 							_log.Log(LOG_ERROR, "check privileges for opening ports below 1024");
 						else
-							_log.Log(LOG_ERROR, "check if no other application is using port: %s", listenport.c_str());
+							_log.Log(LOG_ERROR, "check if no other application is using port: %s", settings_copy->listening_port.c_str());
 						return false;
 					}
 					tries++;
 				}
 			} while (exception);
-			if (!m_bIsSecure)
-			{
-				if (listen_address != "0.0.0.0" && listen_address != "::")
-					_log.Log(LOG_STATUS, "Webserver(HTTP) started on address: %s, port: %s", listen_address.c_str(), listenport.c_str());
-				else
-					_log.Log(LOG_STATUS, "Webserver(HTTP) started on port: %s", listenport.c_str());
-			}
+
+			if (settings_copy->listening_address != "0.0.0.0" && settings_copy->listening_address != "::")
+				_log.Log(LOG_STATUS, "Webserver(%s) started on address: %s, port: %s", m_server_alias.c_str(), settings_copy->listening_address.c_str(), settings_copy->listening_port.c_str());
 			else
-			{
-				if (listen_address != "0.0.0.0" && listen_address != "::")
-					_log.Log(LOG_STATUS, "Webserver(SSL) started on address: %s, port: %s", listen_address.c_str(), listenport.c_str());
-				else
-					_log.Log(LOG_STATUS, "Webserver(SSL) started on port: %s", listenport.c_str());
-			}
+				_log.Log(LOG_STATUS, "Webserver(%s) started on port: %s", m_server_alias.c_str(), settings_copy->listening_port.c_str());
 
 			m_pWebEm->SetDigistRealm("Domoticz.com");
 			m_pWebEm->SetSessionStore(this);

main/WebServer.h

@@ -31,7 +31,7 @@ class CWebServer : public session_store
 	};
 	CWebServer(void);
 	~CWebServer(void);
-	bool StartServer(const std::string &listenaddress, const std::string &listenport, const std::string &serverpath, const bool bIgnoreUsernamePassword, const std::string &secure_cert_file = "", const std::string &secure_cert_passphrase = "");
+	bool StartServer(const server_settings & settings, const std::string &serverpath, const bool bIgnoreUsernamePassword);
 	void StopServer();
 	void RegisterCommandCode(const char* idname, webserver_response_function ResponseFunction, bool bypassAuthentication=false);
 	void RegisterRType(const char* idname, webserver_response_function ResponseFunction);
@@ -307,7 +307,7 @@ class CWebServer : public session_store
 	std::vector<_tCustomIcon> m_custom_light_icons;
 	std::map<int, int> m_custom_light_icons_lookup;
 	bool m_bDoStop;
-	bool m_bIsSecure;
+	std::string m_server_alias;
 
 	void luaThread(lua_State *lua_state, const std::string &filename);
 	static void luaStop(lua_State *L, lua_Debug *ar);

main/WebServerHelper.cpp

@@ -35,26 +35,26 @@ namespace http {
 #endif
 		}
 
-		bool CWebServerHelper::StartServers(const std::string &listenaddress, const std::string &listenport, const std::string &secure_listenport, const std::string &serverpath, const std::string &secure_cert_file, const std::string &secure_cert_passphrase, const bool bIgnoreUsernamePassword, tcp::server::CTCPServer *sharedServer)
+		bool CWebServerHelper::StartServers(const server_settings & web_settings, const ssl_server_settings & secure_web_settings, const std::string &serverpath, const bool bIgnoreUsernamePassword, tcp::server::CTCPServer *sharedServer)
 		{
 			bool bRet = false;
 
 			m_pDomServ = sharedServer;
 
 #ifdef NS_ENABLE_SSL
 			SSL_library_init();
-			serverCollection.resize(secure_listenport.empty() ? 1 : 2);
+			serverCollection.resize(secure_web_settings.listening_port.empty() ? 1 : 2);
 #else
 			serverCollection.resize(1);
 #endif
 			our_serverpath = serverpath;
 			plainServer_ = new CWebServer();
 			serverCollection[0] = plainServer_;
-			bRet |= plainServer_->StartServer(listenaddress, listenport, serverpath, bIgnoreUsernamePassword);
+			bRet |= plainServer_->StartServer(web_settings, serverpath, bIgnoreUsernamePassword);
 #ifdef NS_ENABLE_SSL
-			if (!secure_listenport.empty()) {
+			if (!secure_web_settings.listening_port.empty()) {
 				secureServer_ = new CWebServer();
-				bRet |= secureServer_->StartServer(listenaddress, secure_listenport, serverpath, bIgnoreUsernamePassword, secure_cert_file, secure_cert_passphrase);
+				bRet |= secureServer_->StartServer(secure_web_settings, serverpath, bIgnoreUsernamePassword);
 				serverCollection[1] = secureServer_;
 			}
 #endif

main/WebServerHelper.h

@@ -16,7 +16,7 @@ namespace http {
 			~CWebServerHelper();
 
 			// called from mainworker():
-			bool StartServers(const std::string &listenaddress, const std::string &listenport, const std::string &secure_listenport, const std::string &serverpath, const std::string &secure_cert_file, const std::string &secure_cert_passphrase, const bool bIgnoreUsernamePassword, tcp::server::CTCPServer *sharedServer);
+			bool StartServers(const server_settings & web_settings, const ssl_server_settings & secure_web_settings, const std::string &serverpath, const bool bIgnoreUsernamePassword, tcp::server::CTCPServer *sharedServer);
 			void StopServers();
 #ifndef NOCLOUD
 			void RestartProxy();

main/domoticz.cpp

@@ -585,15 +585,15 @@ int main(int argc, char**argv)
 		sleep_seconds(DelaySeconds);
 	}
 
+	http::server::server_settings webserver_settings;
 	if (cmdLine.HasSwitch("-wwwbind"))
 	{
 		if (cmdLine.GetArgumentCount("-wwwbind") != 1)
 		{
 			_log.Log(LOG_ERROR, "Please specify an address");
 			return 1;
 		}
-		std::string wwwbind = cmdLine.GetSafeArgument("-wwwbind", 0, "0.0.0.0");
-		m_mainworker.SetWebserverAddress(wwwbind);
+		webserver_settings.listening_address = cmdLine.GetSafeArgument("-wwwbind", 0, "0.0.0.0");
 	}
 
 	if (cmdLine.HasSwitch("-www"))
@@ -606,9 +606,11 @@ int main(int argc, char**argv)
 		std::string wwwport = cmdLine.GetSafeArgument("-www", 0, "8080");
 		if (wwwport == "0")
 			wwwport.clear();//HTTP server disabled
-		m_mainworker.SetWebserverPort(wwwport);
+		webserver_settings.listening_port = wwwport;
 	}
+	m_mainworker.SetWebserverSettings(webserver_settings);
 #ifdef NS_ENABLE_SSL
+	http::server::ssl_server_settings secure_webserver_settings;
 	if (cmdLine.HasSwitch("-sslwww"))
 	{
 		if (cmdLine.GetArgumentCount("-sslwww") != 1)
@@ -619,7 +621,7 @@ int main(int argc, char**argv)
 		std::string wwwport = cmdLine.GetSafeArgument("-sslwww", 0, "443");
 		if (wwwport == "0")
 			wwwport.clear();//HTTPS server disabled
-		m_mainworker.SetSecureWebserverPort(wwwport);
+		secure_webserver_settings.listening_port = wwwport;
 	}
 	if (cmdLine.HasSwitch("-sslcert"))
 	{
@@ -628,8 +630,7 @@ int main(int argc, char**argv)
 			_log.Log(LOG_ERROR, "Please specify the file path");
 			return 1;
 		}
-		std::string ca_cert = cmdLine.GetSafeArgument("-sslcert", 0, "./server_cert.pem");
-		m_mainworker.SetSecureWebserverCert(ca_cert);
+		secure_webserver_settings.cert_file_path = cmdLine.GetSafeArgument("-sslcert", 0, "./server_cert.pem");
 	}
 	if (cmdLine.HasSwitch("-sslpass"))
 	{
@@ -638,9 +639,9 @@ int main(int argc, char**argv)
 			_log.Log(LOG_ERROR, "Please specify a passphrase for your certificate file");
 			return 1;
 		}
-		std::string ca_passphrase = cmdLine.GetSafeArgument("-sslpass", 0, "");
-		m_mainworker.SetSecureWebserverPass(ca_passphrase);
+		secure_webserver_settings.private_key_pass_phrase = cmdLine.GetSafeArgument("-sslpass", 0, "");
 	}
+	m_mainworker.SetSecureWebserverSettings(secure_webserver_settings);
 #endif
 	if (cmdLine.HasSwitch("-nowwwpwd"))
 	{

main/mainworker.cpp

@@ -145,11 +145,24 @@ m_LastSunriseSet("")
 
 	m_bStartHardware=false;
 	m_hardwareStartCounter=0;
-	m_webserverport="8080";
-	m_webserveraddress="::";
-	m_secure_webserverport = "";
-	m_secure_web_cert_file = "./server_cert.pem";
-	m_secure_web_passphrase = "";
+
+	// Set default settings for web servers
+	m_webserver_settings.listening_address = "::"; // listen to all network interfaces
+	m_webserver_settings.listening_port = "8080";
+	m_secure_webserver_settings.listening_address = "::"; // listen to all network interfaces
+	m_secure_webserver_settings.listening_port = ""; // disabled
+	m_secure_webserver_settings.ssl_method = "sslv23";
+	m_secure_webserver_settings.certificate_chain_file_path = "./server_cert.pem";
+	m_secure_webserver_settings.ca_cert_file_path = m_secure_webserver_settings.certificate_chain_file_path; // not used
+	m_secure_webserver_settings.cert_file_path = m_secure_webserver_settings.certificate_chain_file_path;
+	m_secure_webserver_settings.private_key_file_path = m_secure_webserver_settings.certificate_chain_file_path;
+	m_secure_webserver_settings.private_key_pass_phrase = "";
+	m_secure_webserver_settings.options  = "default_workarounds,no_sslv2,single_dh_use";
+	m_secure_webserver_settings.tmp_dh_file_path = m_secure_webserver_settings.certificate_chain_file_path;
+	m_secure_webserver_settings.verify_peer = false;
+	m_secure_webserver_settings.verify_fail_if_no_peer_cert = false;
+	m_secure_webserver_settings.verify_file_path = "";
+
 	m_bIgnoreUsernamePassword=false;
 
 	time_t atime=mytime(NULL);
@@ -486,44 +499,29 @@ eVerboseLevel MainWorker::GetVerboseLevel()
   return m_verboselevel;
 }
 
-void MainWorker::SetWebserverAddress(const std::string &Address)
-{
-	m_webserveraddress = Address;
-}
-
-void MainWorker::SetWebserverPort(const std::string &Port)
+void MainWorker::SetWebserverSettings(const server_settings & settings)
 {
-	m_webserverport=Port;
+	m_webserver_settings.set(settings);
 }
 
 std::string MainWorker::GetWebserverAddress()
 {
-	return m_webserveraddress;
+	return m_webserver_settings.listening_address;
 }
 
 std::string MainWorker::GetWebserverPort()
 {
-	return m_webserverport;
-}
-
-void MainWorker::SetSecureWebserverPort(const std::string &Port)
-{
-	m_secure_webserverport = Port;
+	return m_webserver_settings.listening_port;
 }
 
 std::string MainWorker::GetSecureWebserverPort()
 {
-	return m_secure_webserverport;
-}
-
-void MainWorker::SetSecureWebserverCert(const std::string &CertFile)
-{
-	m_secure_web_cert_file = CertFile;
+	return m_secure_webserver_settings.listening_port;
 }
 
-void MainWorker::SetSecureWebserverPass(const std::string &passphrase)
+void MainWorker::SetSecureWebserverSettings(const ssl_server_settings & ssl_settings)
 {
-	m_secure_web_passphrase = passphrase;
+	m_secure_webserver_settings.set(ssl_settings);
 }
 
 bool MainWorker::RestartHardware(const std::string &idx)
@@ -954,10 +952,10 @@ bool MainWorker::Stop()
 
 bool MainWorker::StartThread()
 {
-	if (!m_webserverport.empty())
+	if (!m_webserver_settings.listening_port.empty())
 	{
 		//Start WebServer
-		if (!m_webservers.StartServers(m_webserveraddress, m_webserverport, m_secure_webserverport, szWWWFolder, m_secure_web_cert_file, m_secure_web_passphrase, m_bIgnoreUsernamePassword, &m_sharedserver))
+		if (!m_webservers.StartServers(m_webserver_settings, m_secure_webserver_settings, szWWWFolder, m_bIgnoreUsernamePassword, &m_sharedserver))
 		{
 #ifdef WIN32
 			MessageBox(0,"Error starting webserver, check if ports are not in use!", MB_OK, MB_ICONERROR);

main/mainworker.h

@@ -12,6 +12,7 @@
 #include "DataPush.h"
 #include "HttpPush.h"
 #include "concurrent_queue.h"
+#include "../webserver/server_settings.hpp"
 
 enum eVerboseLevel
 {
@@ -46,14 +47,11 @@ class MainWorker
 
 	void SetVerboseLevel(eVerboseLevel Level);
 	eVerboseLevel GetVerboseLevel();
-	void SetWebserverAddress(const std::string &Address);
-	void SetWebserverPort(const std::string &Port);
+	void SetWebserverSettings(const http::server::server_settings & settings);
 	std::string GetWebserverAddress();
 	std::string GetWebserverPort();
-	void SetSecureWebserverPort(const std::string &Port);
+	void SetSecureWebserverSettings(const http::server::ssl_server_settings & ssl_settings);
 	std::string GetSecureWebserverPort();
-	void SetSecureWebserverCert(const std::string &CertFile);
-	void SetSecureWebserverPass(const std::string &passphrase);
 
 	void DecodeRXMessage(const CDomoticzHardwareBase *pHardware, const unsigned char *pRXCommand, const char *defaultName, const int BatteryLevel);
 	void PushAndWaitRxMessage(const CDomoticzHardwareBase *pHardware, const unsigned char *pRXCommand, const char *defaultName, const int BatteryLevel);
@@ -169,11 +167,8 @@ class MainWorker
 
 	std::vector<CDomoticzHardwareBase*> m_hardwaredevices;
 	eVerboseLevel m_verboselevel;
-	std::string m_webserverport;
-	std::string m_webserveraddress;
-	std::string m_secure_webserverport;
-	std::string m_secure_web_cert_file;
-	std::string m_secure_web_passphrase;
+	http::server::server_settings m_webserver_settings;
+	http::server::ssl_server_settings m_secure_webserver_settings;
 
 	volatile bool m_stoprequested;
 	boost::shared_ptr<boost::thread> m_thread;