focalboard/server/ws/websockets.go

438 lines
12 KiB
Go
Raw Permalink Normal View History

package ws
import (
"encoding/json"
"log"
"net/http"
"sync"
2020-11-06 10:11:01 -08:00
"time"
2020-10-16 11:41:56 +02:00
"github.com/gorilla/mux"
"github.com/gorilla/websocket"
2021-02-02 12:06:28 -08:00
"github.com/mattermost/focalboard/server/auth"
2021-01-26 14:13:46 -08:00
"github.com/mattermost/focalboard/server/model"
"github.com/mattermost/focalboard/server/services/mlog"
2021-03-26 11:01:54 -07:00
"github.com/mattermost/focalboard/server/services/store"
)
// IsValidSessionToken authenticates session tokens.
2021-02-02 12:06:28 -08:00
type IsValidSessionToken func(token string) bool
type Hub interface {
SendWSMessage(data []byte)
SetReceiveWSMessage(func(data []byte))
}
type wsClient struct {
*websocket.Conn
lock *sync.RWMutex
}
func (c *wsClient) WriteJSON(v interface{}) error {
c.lock.Lock()
defer c.lock.Unlock()
err := c.Conn.WriteJSON(v)
return err
}
2021-02-02 12:06:28 -08:00
// Server is a WebSocket server.
type Server struct {
upgrader websocket.Upgrader
listeners map[string][]*wsClient
mu sync.RWMutex
auth *auth.Auth
hub Hub
singleUserToken string
isMattermostAuth bool
logger *mlog.Logger
}
// UpdateMsg is sent on block updates.
2021-02-02 12:06:28 -08:00
type UpdateMsg struct {
Action string `json:"action"`
Block model.Block `json:"block"`
}
// clusterUpdateMsg is sent on block updates.
type clusterUpdateMsg struct {
UpdateMsg
BlockID string `json:"block_id"`
WorkspaceID string `json:"workspace_id"`
}
// ErrorMsg is sent on errors.
type ErrorMsg struct {
Error string `json:"error"`
}
2021-02-02 12:06:28 -08:00
// WebsocketCommand is an incoming command from the client.
type WebsocketCommand struct {
2021-03-26 18:04:23 -07:00
Action string `json:"action"`
WorkspaceID string `json:"workspaceId"`
Token string `json:"token"`
ReadToken string `json:"readToken"`
BlockIDs []string `json:"blockIds"`
}
2021-02-02 12:06:28 -08:00
type websocketSession struct {
client *wsClient
2021-02-02 12:06:28 -08:00
isAuthenticated bool
2021-03-26 18:04:23 -07:00
workspaceID string
}
// NewServer creates a new Server.
func NewServer(auth *auth.Auth, singleUserToken string, isMattermostAuth bool, logger *mlog.Logger) *Server {
return &Server{
listeners: make(map[string][]*wsClient),
upgrader: websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool {
return true
},
},
auth: auth,
singleUserToken: singleUserToken,
isMattermostAuth: isMattermostAuth,
logger: logger,
}
}
2021-02-02 12:06:28 -08:00
// RegisterRoutes registers routes.
func (ws *Server) RegisterRoutes(r *mux.Router) {
r.HandleFunc("/ws/onchange", ws.handleWebSocketOnChange)
}
func (ws *Server) handleWebSocketOnChange(w http.ResponseWriter, r *http.Request) {
// Upgrade initial GET request to a websocket
client, err := ws.upgrader.Upgrade(w, r, nil)
if err != nil {
ws.logger.Error("ERROR upgrading to websocket", mlog.Err(err))
2021-03-26 18:04:23 -07:00
return
}
userID := ""
if ws.isMattermostAuth {
userID = r.Header.Get("Mattermost-User-Id")
}
2021-02-02 12:06:28 -08:00
wsSession := websocketSession{
client: &wsClient{client, &sync.RWMutex{}},
isAuthenticated: userID != "",
2021-02-02 12:06:28 -08:00
}
// Make sure we close the connection when the function returns
defer func() {
ws.logger.Debug("DISCONNECT WebSocket onChange", mlog.Stringer("client", wsSession.client.RemoteAddr()))
// Remove client from listeners
ws.removeListener(wsSession.client)
wsSession.client.Close()
}()
// Simple message handling loop
for {
_, p, err := wsSession.client.ReadMessage()
if err != nil {
ws.logger.Error("ERROR WebSocket onChange",
mlog.Stringer("client", wsSession.client.RemoteAddr()),
mlog.Err(err),
)
ws.removeListener(wsSession.client)
break
}
var command WebsocketCommand
err = json.Unmarshal(p, &command)
if err != nil {
// handle this error
ws.logger.Error(`ERROR webSocket parsing command`, mlog.String("json", string(p)))
continue
}
if userID != "" {
if ws.auth.DoesUserHaveWorkspaceAccess(userID, command.WorkspaceID) {
wsSession.workspaceID = command.WorkspaceID
} else {
ws.logger.Error(`ERROR User doesn't have permissions to read the workspace`, mlog.String("workspaceID", command.WorkspaceID))
continue
}
}
switch command.Action {
2021-02-02 12:06:28 -08:00
case "AUTH":
ws.logger.Debug(`Command: AUTH`, mlog.Stringer("client", wsSession.client.RemoteAddr()))
2021-03-29 12:31:42 -07:00
ws.authenticateListener(&wsSession, command.WorkspaceID, command.Token)
case "ADD":
ws.logger.Debug(`Command: ADD`,
mlog.String("workspaceID", wsSession.workspaceID),
mlog.Array("blockIDs", command.BlockIDs),
mlog.Stringer("client", wsSession.client.RemoteAddr()),
)
2021-02-02 18:15:03 -08:00
ws.addListener(&wsSession, &command)
case "REMOVE":
ws.logger.Debug(`Command: REMOVE`,
mlog.String("workspaceID", wsSession.workspaceID),
mlog.Array("blockIDs", command.BlockIDs),
mlog.Stringer("client", wsSession.client.RemoteAddr()),
)
2021-02-02 18:15:03 -08:00
ws.removeListenerFromBlocks(&wsSession, &command)
default:
ws.logger.Error(`ERROR webSocket command, invalid action`, mlog.String("action", command.Action))
}
}
}
2021-03-26 18:04:23 -07:00
func (ws *Server) isValidSessionToken(token, workspaceID string) bool {
2021-02-09 12:27:34 -08:00
if len(ws.singleUserToken) > 0 {
return token == ws.singleUserToken
2021-02-02 12:06:28 -08:00
}
session, err := ws.auth.GetSession(token)
2021-03-26 18:04:23 -07:00
if session == nil || err != nil {
return false
2021-02-02 12:06:28 -08:00
}
2021-03-26 18:04:23 -07:00
// Check workspace permission
return ws.auth.DoesUserHaveWorkspaceAccess(session.UserID, workspaceID)
2021-02-02 12:06:28 -08:00
}
2021-03-29 12:31:42 -07:00
func (ws *Server) authenticateListener(wsSession *websocketSession, workspaceID, token string) {
2021-03-26 18:04:23 -07:00
if wsSession.isAuthenticated {
// Do not allow multiple auth calls (for security)
ws.logger.Debug("authenticateListener: Ignoring already authenticated session", mlog.String("workspaceID", workspaceID))
2021-03-26 18:04:23 -07:00
return
}
2021-02-02 18:15:03 -08:00
// Authenticate session
2021-03-26 18:04:23 -07:00
isValidSession := ws.isValidSessionToken(token, workspaceID)
2021-02-02 12:06:28 -08:00
if !isValidSession {
wsSession.client.Close()
return
}
// Authenticated
2021-03-26 18:04:23 -07:00
wsSession.workspaceID = workspaceID
2021-02-02 12:06:28 -08:00
wsSession.isAuthenticated = true
ws.logger.Debug("authenticateListener: Authenticated", mlog.String("workspaceID", workspaceID))
2021-02-02 12:06:28 -08:00
}
type AuthWorkspaceError struct {
msg string
}
func (awe AuthWorkspaceError) Error() string {
return awe.msg
}
2021-03-29 12:54:37 -07:00
func (ws *Server) getAuthenticatedWorkspaceID(wsSession *websocketSession, command *WebsocketCommand) (string, error) {
2021-03-29 12:31:42 -07:00
if wsSession.isAuthenticated {
2021-03-29 12:54:37 -07:00
return wsSession.workspaceID, nil
2021-03-26 11:01:54 -07:00
}
2021-03-29 12:31:42 -07:00
// If not authenticated, try to authenticate the read token against the supplied workspaceID
workspaceID := command.WorkspaceID
if len(workspaceID) == 0 {
ws.logger.Error("getAuthenticatedWorkspaceID: No workspace")
return "", AuthWorkspaceError{"no workspace"}
2021-03-29 12:54:37 -07:00
}
2021-03-29 12:31:42 -07:00
container := store.Container{
WorkspaceID: workspaceID,
2021-03-26 11:01:54 -07:00
}
2021-02-02 18:15:03 -08:00
if len(command.ReadToken) > 0 {
// Read token must be valid for all block IDs
for _, blockID := range command.BlockIDs {
2021-03-26 11:01:54 -07:00
isValid, _ := ws.auth.IsValidReadToken(container, blockID, command.ReadToken)
2021-02-02 18:15:03 -08:00
if !isValid {
return "", AuthWorkspaceError{"invalid read token for workspace"}
2021-02-02 18:15:03 -08:00
}
}
2021-03-29 12:54:37 -07:00
return workspaceID, nil
2021-02-02 18:15:03 -08:00
}
return "", AuthWorkspaceError{"no read token"}
2021-02-02 18:15:03 -08:00
}
// TODO: Refactor workspace hashing.
2021-03-26 18:04:23 -07:00
func makeItemID(workspaceID, blockID string) string {
return workspaceID + "-" + blockID
}
2021-02-02 13:00:22 -08:00
// addListener adds a listener for a block's change.
2021-02-02 18:15:03 -08:00
func (ws *Server) addListener(wsSession *websocketSession, command *WebsocketCommand) {
2021-03-29 12:54:37 -07:00
workspaceID, err := ws.getAuthenticatedWorkspaceID(wsSession, command)
if err != nil {
ws.logger.Error("addListener: NOT AUTHENTICATED", mlog.Err(err))
ws.sendError(wsSession.client, "not authenticated")
2021-02-02 12:06:28 -08:00
return
}
ws.mu.Lock()
2021-02-02 18:15:03 -08:00
for _, blockID := range command.BlockIDs {
2021-03-26 18:04:23 -07:00
itemID := makeItemID(workspaceID, blockID)
if ws.listeners[itemID] == nil {
ws.listeners[itemID] = []*wsClient{}
2021-02-02 12:06:28 -08:00
}
2021-03-26 18:04:23 -07:00
ws.listeners[itemID] = append(ws.listeners[itemID], wsSession.client)
2021-02-02 12:06:28 -08:00
}
ws.mu.Unlock()
}
// removeListener removes a webSocket listener from all blocks.
func (ws *Server) removeListener(client *wsClient) {
2021-02-02 12:06:28 -08:00
ws.mu.Lock()
for key, clients := range ws.listeners {
listeners := []*wsClient{}
2021-02-02 12:06:28 -08:00
for _, existingClient := range clients {
if client != existingClient {
listeners = append(listeners, existingClient)
}
}
ws.listeners[key] = listeners
}
ws.mu.Unlock()
}
// removeListenerFromBlocks removes a webSocket listener from a set of blocks.
2021-02-02 18:15:03 -08:00
func (ws *Server) removeListenerFromBlocks(wsSession *websocketSession, command *WebsocketCommand) {
2021-03-29 12:54:37 -07:00
workspaceID, err := ws.getAuthenticatedWorkspaceID(wsSession, command)
if err != nil {
ws.logger.Error("addListener: NOT AUTHENTICATED", mlog.Err(err))
ws.sendError(wsSession.client, "not authenticated")
2021-02-02 12:06:28 -08:00
return
}
2021-03-26 18:04:23 -07:00
ws.mu.Lock()
2021-02-02 18:15:03 -08:00
for _, blockID := range command.BlockIDs {
2021-03-26 18:04:23 -07:00
itemID := makeItemID(workspaceID, blockID)
listeners := ws.listeners[itemID]
2021-02-02 12:06:28 -08:00
if listeners == nil {
return
}
// Remove the first instance of this client that's listening to this block
// Note: A client can listen multiple times to the same block
for index, listener := range listeners {
if wsSession.client == listener {
newListeners := listeners[:index]
newListeners = append(newListeners, listeners[index+1:]...)
2021-03-26 18:04:23 -07:00
ws.listeners[itemID] = newListeners
2021-02-02 12:06:28 -08:00
break
}
}
}
ws.mu.Unlock()
}
func (ws *Server) sendError(wsClient *wsClient, message string) {
errorMsg := ErrorMsg{
Error: message,
}
err := wsClient.WriteJSON(errorMsg)
if err != nil {
ws.logger.Error("sendError error", mlog.Err(err))
wsClient.Close()
}
}
func (ws *Server) SetHub(hub Hub) {
ws.hub = hub
ws.hub.SetReceiveWSMessage(func(data []byte) {
var msg clusterUpdateMsg
err := json.Unmarshal(data, &msg)
if err != nil {
log.Printf("unable to unmarshal cluster message")
return
}
listeners := ws.getListeners(msg.WorkspaceID, msg.BlockID)
log.Printf("%d listener(s) for blockID: %s", len(listeners), msg.BlockID)
message := UpdateMsg{
Action: msg.Action,
Block: msg.Block,
}
for _, listener := range listeners {
log.Printf("Broadcast change, workspaceID: %s, blockID: %s, remoteAddr: %s", msg.WorkspaceID, msg.BlockID, listener.RemoteAddr())
err := listener.WriteJSON(message)
if err != nil {
log.Printf("broadcast error: %v", err)
listener.Close()
}
}
})
}
2021-02-02 13:00:22 -08:00
// getListeners returns the listeners to a blockID's changes.
func (ws *Server) getListeners(workspaceID string, blockID string) []*wsClient {
2021-02-02 12:06:28 -08:00
ws.mu.Lock()
2021-03-26 18:04:23 -07:00
itemID := makeItemID(workspaceID, blockID)
listeners := ws.listeners[itemID]
2021-02-02 12:06:28 -08:00
ws.mu.Unlock()
return listeners
}
// BroadcastBlockDelete broadcasts delete messages to clients.
2021-03-26 18:04:23 -07:00
func (ws *Server) BroadcastBlockDelete(workspaceID, blockID, parentID string) {
2020-11-06 10:11:01 -08:00
now := time.Now().Unix()
block := model.Block{}
block.ID = blockID
block.ParentID = parentID
block.UpdateAt = now
block.DeleteAt = now
2021-03-26 18:04:23 -07:00
ws.BroadcastBlockChange(workspaceID, block)
2020-11-06 10:11:01 -08:00
}
// BroadcastBlockChange broadcasts update messages to clients.
2021-03-26 18:04:23 -07:00
func (ws *Server) BroadcastBlockChange(workspaceID string, block model.Block) {
2020-11-06 10:11:01 -08:00
blockIDsToNotify := []string{block.ID, block.ParentID}
for _, blockID := range blockIDsToNotify {
2021-03-26 18:04:23 -07:00
listeners := ws.getListeners(workspaceID, blockID)
ws.logger.Debug("listener(s) for blockID",
mlog.Int("listener_count", len(listeners)),
mlog.String("blockID", blockID),
)
2020-11-06 10:11:01 -08:00
message := UpdateMsg{
Action: "UPDATE_BLOCK",
Block: block,
}
if ws.hub != nil {
data, err := json.Marshal(clusterUpdateMsg{UpdateMsg: message, WorkspaceID: workspaceID, BlockID: blockID})
if err != nil {
log.Printf("unable to serialize websocket message %v with the error: %v", message, err)
2020-11-06 10:11:01 -08:00
}
ws.hub.SendWSMessage(data)
}
2020-11-06 10:11:01 -08:00
for _, listener := range listeners {
ws.logger.Debug("Broadcast change",
mlog.String("workspaceID", workspaceID),
mlog.String("blockID", blockID),
mlog.Stringer("remoteAddr", listener.RemoteAddr()),
)
err := listener.WriteJSON(message)
if err != nil {
ws.logger.Error("broadcast error", mlog.Err(err))
listener.Close()
2020-11-06 10:11:01 -08:00
}
}
}
}