o iHa@sdZddlZddlZddlZddlZddlZddlmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZddlmZmZmZmZddlmZmZdZdZdZ dZ!e"d e#e!Z$e"d Z%e"d Z&e"d Z'd dZ(GdddZ)dS)z Async version of gunicorn/http/message.py for ASGI workers. Reuses the parsing logic from the sync version, adapted for async I/O. N)ExpectationFailed InvalidHeaderInvalidHeaderName NoMoreDataInvalidRequestLineInvalidRequestMethodInvalidHTTPVersionLimitRequestLineLimitRequestHeadersUnsupportedTransferCodingObsoleteFoldingInvalidProxyLineInvalidProxyHeaderForbiddenProxyRequestInvalidSchemeHeaders)PP_V2_SIGNATURE PPCommandPPFamily PPProtocol) bytes_to_strsplit_request_uriiiz!#$%&'*+-.^_`|~z[%s0-9a-zA-Z]+z[a-z#]zHTTP/(\d)\.(\d)z[\0\r\n]cCsLd|vrdSzt|}Wn tyYdSw|D] }||vr#dSqdS)zCheck if IP address is in the allow list. Args: ip_str: The IP address string to check allow_list: The original allow list (strings, may contain "*") networks: Pre-computed ipaddress.ip_network objects from config *TF) ipaddress ip_address ValueError)ip_str allow_listnetworksipnetworkr I/home/ubuntu/.local/lib/python3.10/site-packages/gunicorn/asgi/message.py_ip_in_allow_list+s r"c@seZdZdZd3ddZed3ddZddZd d Zd4d d Z ddZ ddZ ddZ ddZ ddZd5ddZddZddZdd Zd!d"Zd6d$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0d1Zd2S)7 AsyncRequestzAsync HTTP request parser. Parses HTTP/1.x requests using async I/O, reusing gunicorn's parsing logic where possible. cCs||_||_||_||_||_d|_d|_d|_d|_d|_ d|_ g|_ g|_ |j r,dnd|_d|_d|_d|_|j|_|jdksF|jtkrIt|_|j|_|jdksW|jtkrZt|_|j|_|jdkrft|_|jpjt}|j|dd|_d|_d|_d|_d|_dS)NhttpshttpFr)cfgunreader peer_addr remote_addr req_numberversionmethoduripathqueryfragmentheaderstrailersis_sslscheme must_close_expected_100_continueproxy_protocol_infolimit_request_lineMAX_REQUEST_LINElimit_request_fields MAX_HEADERSlimit_request_field_sizeDEFAULT_MAX_HEADERFIELD_SIZEmax_buffer_headerscontent_lengthchunked _body_reader_body_remaining)selfr)r*r+r-max_header_field_sizer r r!__init__FsL       zAsyncRequest.__init__cs"|||||}|IdH|S)aParse an HTTP request from the stream. Args: cfg: gunicorn config object unreader: AsyncUnreader instance peer_addr: client address tuple req_number: request number on this connection (for keepalive) Returns: AsyncRequest: Parsed request object Raises: NoMoreData: If no data available Various parsing errors for malformed requests N)_parse)clsr)r*r+r-reqr r r!parsevszAsyncRequest.parsecs t}||IdH|jj}|dkr"|jdkr"|||IdH}|||jIdH\}}||t |} | d}|dddk}|dkrc|sc||IdHt |}t ||j krbt d nnq8|rr|j|ddn|j|d|d d |_|j||d d|dS) z$Parse the request from the unreader.Noffr$T r' rzmax buffer headersF) from_trailerr() bytearray _read_intor)proxy_protocolr-_handle_proxy_protocol _read_liner;_parse_request_linebytesfindlenrAr r*unread_parse_headersr4_set_body_reader)rFbufmodelinedataidxdoner r r!rIs2     zAsyncRequest._parsecs0|jIdH}|stt|||dS)z7Read data from unreader and append to bytearray buffer.N)r*readrrWextendrFr]r`r r r!rRs  zAsyncRequest._read_intorcst|} |d}|dkr!||krdkr nnt||n$t|d|kr/dkr8nntt||||IdHt|}q|d|t||ddfS)zt|jtrt|jd|jj|jst|jddSdS)z2Check if proxy protocol is allowed from this peer.rN) isinstancer+tupler"r)proxy_allow_ipsproxy_allow_networksrrFr r r!rls z)AsyncRequest._proxy_protocol_access_checkc st|}d|vr||IdHt|}d|vs |d}t|d|}t||dd}|d}t|dkr?t||d}|d}|d} |dvrUtd ||d kruzt tj |t tj | Wn+t ytt|w|d krzt tj |t tj | Wn t yt|wzt |d } t |d } Wn tytd|wd| krdkrnn d| krdksntd|||| | | d|_|S)z`Parse PROXY protocol v1 (text format). Returns buffer with v1 header consumed. rONr' rkr$)TCP4TCP6zprotocol '%s' not supportedrvrwr(zinvalid port %srirS client_addr client_port proxy_addr proxy_port)rWrRrXrrQsplitrYr socket inet_ptonAF_INETOSErrorAF_INET6intrr:) rFr]r`rar_ remainingbitsprotos_addrd_addrs_portd_portr r r!rns\         . z%AsyncRequest._parse_proxy_protocol_v1cst|dkr||IdHt|dks|d}|d}tdt|ddd}|d@d ?}|d kr;td ||d @}|tjtjfvrMtd |d|}t||kre||IdHt||ksW|tjkr{dddddd|_ t ||dS|d@d ?}|d @} | t j krtdt|dd|} |t jkr|dkrtdttj| dd } ttj| d d} td| ddd} td| ddd}d}n\|t jkr|dkrtdttj| dd} ttj| dd} td| ddd} td| ddd}d}n|t jkr,dddddd|_ t ||dStd||| | | |d|_ t ||dS)zbParse PROXY protocol v2 (binary format). Returns buffer with v2 header consumed. Nrg z>Hrr(r'zunsupported version %dzunsupported command %dLOCALryzonly TCP protocol is supportedz"insufficient address data for IPv4 rv$z"insufficient address data for IPv6 "rwUNSPECzunsupported address family %d)rYrRstructunpackrWrrrPROXYr:rQrSTREAMrINETr inet_ntoprINET6rr)rFr]ver_cmd fam_protolengthr.commandtotal_header_sizefamilyprotocol addr_datarrrrrr r r!rm!s|             z%AsyncRequest._parse_proxy_protocol_v2cCsdd|ddD}t|dkrtt||d|_|jjs?t|jr+t |jdt|dkr9dks?nt |jt |jsJt |j|jj rT|j |_|d|_t|jdkrftt|zt|j}Wn tyztt|w|jpd |_|jpd |_|jpd |_t |d}|d urt|dt|dt|df|_d |jkrd ksn|jjst|jd Sd S) zParse the HTTP request line.cSg|]}t|qSr r).0bitr r r! z4AsyncRequest._parse_request_line.. r'rurr$Nr$r)r'r)r~rYrrr/r)!permit_unconventional_http_methodMETHOD_BADCHAR_REsearchrTOKEN_RE fullmatchcasefold_http_methodupperr0rrr1r2r3 VERSION_RErrgroupr."permit_unconventional_http_version)rF line_bytesrpartsmatchr r r!rV~sB                  z AsyncRequest._parse_request_lineFcCs|j}g}dd|dD}d}i}g}|rnt|jtr*t|jd|j|r0|j}|j }|rBt ||j kr>t d| d} t | t d} | ddkrVt| | dd \} } |jjrg| d } t| spt| | } | d g} |r|dd r|jjst| | d} | t | t d7} | |jkrdkrt d | | d |r|dd sd| } t| rt| | |jkrdkrt d |s| dkr| dkr|j dkrnd|_!nt"| | |vr| || k} | rdnd}|r||j#krt$nd}||_#d| vr9| |vs$d|vr%n|jj%dkr-n |jj%dkr5q0t| || | f|s3|S)z!Parse HTTP headers from raw data.cSrr r)rr_r r r!rrz/AsyncRequest._parse_headers..rOFrzlimit request headers fieldsz :r$ )rt z!limit request headers fields sizez rtEXPECTz 100-continuer$r$Tr%r&_r dangerousdrop)&r)r~ror+rpr"forwarded_allow_ipsforwarded_allow_networkssecure_scheme_headersforwarder_headersrYr=r poprXrstrip_header_spacesrstriprrrrstrip startswithpermit_obsolete_foldingr r?appendjoin!RFC9110_5_5_INVALID_AND_DANGEROUSrlowerr.r9rr7r header_map)rFr`rPr)r4lines scheme_headerrrcurr header_lengthnamevaluesecurer7r r r!r[s               GzAsyncRequest._parse_headerscCsd}d}|jD]^\}}|dkr|durtd|d|}q|dkredd|dD}|D]8}|d kr?|r.,rCTidentity)compressdeflategziprr)r4rr~r force_closer r.rCrBrEstr isnumericrr)rFrCrBrrvalsvalr r r!r\s^                    zAsyncRequest._set_body_readercCs d|_dS)z/Mark connection for closing after this request.TN)r8rsr r r!r:s zAsyncRequest.force_closecCsZ|jrdS|jD]\}}|dkr'|d}|dkrdS|dkr%dSnq|jdkS)z8Check if connection should be closed after this request.T CONNECTIONrclosez keep-aliveFr)r8r4rrr.)rFhrr r r! should_close>s zAsyncRequest.should_closecCs,|}|jD] \}}||kr|SqdS)z.Get a header value by name (case-insensitive).N)rr4)rFrrrr r r! get_headerLs zAsyncRequest.get_header cs6|jdkrdS|jr||IdHS||IdHS)zRead a chunk of the request body. Args: size: Maximum bytes to read Returns: bytes: Body data, empty bytes when body is exhausted rN)rErC_read_chunked_body_read_length_bodyrFsizer r r! read_bodyTs  zAsyncRequest.read_bodycsH|jdkrdSt||j}|j|IdH}|r"|jt|8_|S)z"Read from a length-delimited body.rrN)rEminr*rcrY)rFrto_readr`r r r!res  zAsyncRequest._read_length_bodycsD|jdur ||_z t|jIdHWSty!d|_YdSw)zRead from a chunked body.Nrr)rD_chunked_body_readeranextStopAsyncIterationrErr r r!rps   zAsyncRequest._read_chunked_bodycCs6 |IdH}|dd^}}|r|d}tdd|Dr%tdt|d kr/tdt|d }|d krA|IdHdS|}|d kre|j t |d IdH}|sXt |t|8}|V|d ksG|j d IdH}|d krt|d kr|j d t|IdH}|sn ||7}t|d ksx|d krtdq)z)Async generator for reading chunked body.TN;r$s css|]}|dvVqdS)s0123456789abcdefABCDEFNr )rnr r r! sz4AsyncRequest._chunked_body_reader..zInvalid chunk sizerrrr'rOzMissing chunk terminator) _read_chunk_size_liner~ranyrrYr_skip_trailersr*rcrr)rF size_line chunk_sizerrr`crlfmorer r r!r{sB      z!AsyncRequest._chunked_body_readercsRt} |jdIdH}|st|||dr(|ddSq)zRead a chunk size line.Tr$NrO)ioBytesIOr*rcrwritegetvalueendswithrer r r!rs z"AsyncRequest._read_chunk_size_linecsTt} |jdIdH}|sdS|||}|dr#dS|dkr)dSq)z(Skip trailer headers after chunked body.Tr$NrNrO)rrr*rcrrr)rFr]r`contentr r r!rs  zAsyncRequest._skip_trailerscs |dIdH}|sdSq)zgDrain any unread body data. Should be called before reusing connection for keepalive. TrN)r)rFr`r r r! drain_bodys zAsyncRequest.drain_bodyN)r$)r)F)r)__name__ __module__ __qualname____doc__rH classmethodrLrIrRrUrTrlrnrmrVr[r\rrrrrrrrrr r r r r!r#?s2 0 & ;] *\6   + r#)*rrrrerrgunicorn.http.errorsrrrrrrrr r r r r rrrgunicorn.http.messagerrrr gunicorn.utilrrr<r>r@RFC9110_5_6_2_TOKEN_SPECIALScompileescaperrrrr"r#r r r r!s&D