pyGrowler / Growler

A micro web-framework using asyncio coroutines and chained middleware.
http://www.growler.rocks
Apache License 2.0
687 stars 29 forks source link

Add SSL Support #17

Closed kyeatman74 closed 7 years ago

kyeatman74 commented 7 years ago

Growler would benefit from supporting SSL and HTTPS connections.

akubera commented 7 years ago

The asyncio sockets provide support for SSL connections (given certificate information), so Growler should already support it automatically. Pass an ssl_context to app.create_server, similar to this guide and it should work.

ssl_ctx = ssl.create_default_context(...)
... # setup ssl
app.create_server(host='0.0.0.0', port=443, ssl=ssl_ctx)

The same app can be the target for both secure and insecure servers, and you can check if the incoming request is using http or https is req.protocol property will return 'http' or 'https' (mimicking expressjs)

kyeatman74 commented 7 years ago

Andrew,

I was able to get most if it to work fine since the ssl is a pass-through as you suggested. I did have to override the write_eof method of HTTPResponse as the SSL socket is just a little different. I also had to override get_body in HTTPRequest to make it all work. I would also suggest exposing the getpeercert method of the ssl socket to make it a little easier for the users. They are really small changes but it would remove having to override the classes for something small.

Thanks, Ken

On Feb 27, 2017, at 2:59 PM, Andrew notifications@github.com wrote:

The asyncio sockets provide support for SSL connections (given certificate information), so Growler should already support it automatically. Pass an ssl_context to app.create_server, similar to this guide https://pymotw.com/3/asyncio/ssl.html and it should work.

ssl_ctx = ssl.create_default_context(...) ... # setup ssl app.create_server(host='0.0.0.0', port=443, ssl=ssl_ctx) The same app can be the target for both secure and insecure servers, and you can check if the incoming request is using http or https is req.protocol https://github.com/pyGrowler/Growler/blob/dev/growler/http/request.py#L123 property will return 'http' or 'https' (mimicking expressjs http://expressjs.com/en/4x/api.html#req.protocol)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pyGrowler/Growler/issues/17#issuecomment-282834654, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSrgVv3-w9Qs2ZNKZv5oZN87MuGz-b7ks5rgysRgaJpZM4MNYWf.

akubera commented 7 years ago

Ok, I added some tests for SSL server support, exposed peercert via a property on HTTPRequest, and fixed the write_eof() method on response (that whole thing needs re-worked anyways, as connection: keep-alive isn't really supported).

In regards to the get_body method, I think I removed that in favor of a 'body' coroutine - that method couldn't work as I wanted it to, please check if data = await req.body() works.

Hope that helps.

kyeatman74 commented 7 years ago

Andrew,

Thanks for the quick update!  I will check out the changes today and let you know if I have any problems.   Thanks again for all the work on the module and I look forward to using it for a number of projects.

Ken

On Mar 11, 2017, at 9:49 PM, Andrew notifications@github.com wrote:

Ok, I added some tests for SSL server support, exposed peercert via a property on HTTPRequest, and fixed the write_eof() method on response (that whole thing needs re-worked anyways, as connection: keep-alive isn't really supported).

In regards to the get_body method, I think I removed that in favor of a 'body' coroutine - that method couldn't work as I wanted it to, please check if data = await req.body() works.

Hope that helps.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pyGrowler/Growler/issues/17#issuecomment-285917703, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSrgdvtbycTFna5ITRVglaGP7YiiMhVks5rk10jgaJpZM4MNYWf.