[Fix] server: TLS handshake skipping, better body reading logic

sebastien · sebastien · commit c792b4268b9d · 2025-05-18T17:31:58.000+12:00
diff --git a/src/py/extra/http/model.py b/src/py/extra/http/model.py
@@ -58,6 +58,13 @@ def headername(name: str, *, headers: dict[str, str] = {}) -> str:
 # -----------------------------------------------------------------------------
 
 
+class TLSHandshake(NamedTuple):
+    """Represents a TLS handshake"""
+
+    # Empty for now
+    pass
+
+
 class HTTPRequestLine(NamedTuple):
     """Represents a request status line"""
 
@@ -165,7 +172,7 @@ async def _read(
         elif self.remaining:
             # FIXME: We should probably have a timeout there
             try:
-                payload = await self.reader.load()
+                payload = await self.reader.load(size=self.remaining)
             except TimeoutError:
                 warning(
                     "Request body loading timed out",
@@ -290,7 +297,7 @@ def __init__(self, transform: BytesTransform | None = None) -> None:
     async def read(
         self, timeout: float = BODY_READER_TIMEOUT, size: int | None = None
     ) -> bytes | None:
-        chunk = await self._read(timeout)
+        chunk = await self._read(timeout=timeout, size=size)
         if chunk is not None and self.transform:
             res = self.transform.feed(chunk)
             return res if res else None
@@ -304,15 +311,24 @@ async def _read(
 
     # NOTE: This is a dangerous operation, as this way bloat the whole memory.
     # Instead, loading should spool the file.
-    async def load(self, timeout: float = BODY_READER_TIMEOUT) -> bytes:
+    async def load(
+        self, timeout: float = BODY_READER_TIMEOUT, size: int | None = None
+    ) -> bytes:
         """Loads the entire body into a bytes array."""
         data = bytearray()
+        # We may have an expected size to read
+        left = size
         while True:
-            chunk = await self.read(timeout)
+            chunk = await self.read(timeout=timeout, size=left)
             if not chunk:
                 break
             else:
                 data += chunk
+            # If we had a size to read, then we update it
+            if size is not None:
+                left = size - len(chunk)
+                if left <= 0:
+                    break
         return data
 
     async def spool(
diff --git a/src/py/extra/http/parser.py b/src/py/extra/http/parser.py
@@ -9,18 +9,20 @@
     HTTPBodyBlob,
     HTTPAtom,
     HTTPProcessingStatus,
+    TLSHandshake,
     headername,
 )
 
 
 class MessageParser:
     """Parses an HTTP request or response line."""
 
-    __slots__ = ["line", "value"]
+    __slots__ = ["line", "value", "skipping"]
 
     def __init__(self) -> None:
         self.line: LineParser = LineParser()
-        self.value: HTTPRequestLine | HTTPResponseLine | None = None
+        self.value: HTTPRequestLine | HTTPResponseLine | TLSHandshake | None = None
+        self.skipping: int = 0
 
     def flush(self) -> "HTTPRequestLine|HTTPResponseLine|None":
         res = self.value
@@ -30,31 +32,50 @@ def flush(self) -> "HTTPRequestLine|HTTPResponseLine|None":
     def reset(self) -> "MessageParser":
         self.line.reset()
         self.value = None
+        self.skipping = 0
         return self
 
     def feed(self, chunk: bytes, start: int = 0) -> tuple[bool | None, int]:
-        line, read = self.line.feed(chunk, start)
-        if line:
-            # NOTE: This is safe
-            l = line.decode("ascii")
-            if l.startswith("HTTP/"):
-                protocol, status, message = l.split(" ", 2)
-                self.value = HTTPResponseLine(
-                    protocol,
-                    int(status),
-                    message,
-                )
+        n = len(chunk)
+        available = n - start
+        # FIXME: In the future, we may want to do something with the TLS
+        # handshake. This is something you can trigger with Firefox.
+        if self.skipping:
+            # We have reamining data to read/skip, so we do that
+            read = min(available, self.skipping)
+            self.skipping -= read
+            return None, read
+        elif (n - start) >= 5 and chunk[start] == 0x16:
+            # This is a TLS Handshake, we parse the length
+            size = 5 + (chunk[start + 3] << 8) + chunk[start + 4]
+            if available >= size:
+                return None, size
             else:
-                i = l.find(" ")
-                j = l.rfind(" ")
-                p: list[str] = l[i + 1 : j].split("?", 1)
-                # NOTE: There may be junk before the method name
-                self.value = HTTPRequestLine(
-                    l[0:i], p[0], p[1] if len(p) > 1 else "", l[j + 1 :]
-                )
-            return True, read
+                self.skipping = size - available
+                return None, available
         else:
-            return None, read
+            line, read = self.line.feed(chunk, start)
+            if line:
+                # NOTE: This is safe
+                l = line.decode("ascii")
+                if l.startswith("HTTP/"):
+                    protocol, status, message = l.split(" ", 2)
+                    self.value = HTTPResponseLine(
+                        protocol,
+                        int(status),
+                        message,
+                    )
+                else:
+                    i = l.find(" ")
+                    j = l.rfind(" ")
+                    p: list[str] = l[i + 1 : j].split("?", 1)
+                    # NOTE: There may be junk before the method name
+                    self.value = HTTPRequestLine(
+                        l[0:i], p[0], p[1] if len(p) > 1 else "", l[j + 1 :]
+                    )
+                return True, read
+            else:
+                return None, read
 
     def __str__(self) -> str:
         return f"MessageParser({self.value})"
diff --git a/src/py/extra/server.py b/src/py/extra/server.py
@@ -5,7 +5,7 @@
 import socket
 import asyncio
 import threading
-from .utils.logging import exception, info, warning, event
+from .utils.logging import exception, info, warning, event, debug, logged
 from .utils.codec import BytesTransform
 from .utils.limits import LimitType, unlimit
 from .model import Application, Service, mount
@@ -100,10 +100,10 @@ def __init__(
     async def _read(
         self, timeout: float = 1.0, size: int | None = None
     ) -> bytes | None:
-        info(
+        logged(debug) and debug(
             "Reading Body",
             Client=f"{id(self.socket):x}",
-            Size=size,
+            Size=size or self.size,
             Timeout=timeout,
         )
         return await asyncio.wait_for(
@@ -218,9 +218,9 @@ async def OnRequest(
                 # NOTE: With HTTP Pipelining, we may receive more than one
                 # request in the same payload, so we need to be prepared
                 # to answer more than one request.
-                stream = parser.feed(buffer[:n] if n != size else buffer)
-                # TODO: Should be debug
-                info(
+                chunk = buffer[:n] if n != size else buffer
+                stream = parser.feed(chunk)
+                debug(
                     "Reading Requests(s)",
                     Client=f"{id(client):x}",
                     Read=n,
@@ -231,11 +231,10 @@ async def OnRequest(
 
                     try:
                         atom = next(stream)
-                        # TODO: Should be debug
-                        info("Request Atom", Atom=atom.__class__.__name__)
+                        debug("Request Atom", Atom=atom.__class__.__name__)
                     except StopIteration:
                         # TODO: Should be debug
-                        info("Request End")
+                        debug("Requests End", Iteration=iteration, Count=res_count)
                         break
                     if atom is HTTPProcessingStatus.Complete:
                         status = atom
diff --git a/src/py/extra/utils/logging.py b/src/py/extra/utils/logging.py
@@ -144,6 +144,28 @@ def entry(
     )
 
 
+def debug(
+    message: str,
+    *,
+    origin: str | None = None,
+    at: float | None = None,
+    icon: str | None = None,
+    stack: TStack | bool | None = None,
+    **context: TPrimitive,
+) -> LogEntry:
+    return send(
+        entry(
+            message=message,
+            level=LogLevel.Debug,
+            origin=origin,
+            at=at,
+            context=context,
+            icon=icon,
+            stack=callstack(1) if stack is True else stack if stack else None,
+        )
+    )
+
+
 def info(
     message: str,
     *,
@@ -278,4 +300,12 @@ def exception(
     return exception
 
 
+def logged(item) -> bool:
+    """Takes one of the logging function, and tells if it is currently
+    supported. This is used to guard against running the whole entry
+    building when not necessary."""
+    # TODO: Implement based on log level
+    return True
+
+
 # EOF
