search

rexyai / RestRserve

R web API framework for building high-performance microservices and app backends
https://restrserve.org
279 stars 32 forks source link

[BUG] "discarding buffer because too big" in ssl example #201

Open richarddmorey opened 1 year ago

richarddmorey commented 1 year ago

Describe the bug

When I run the examples/ssl/app.R, ie

  1. I generate keys with get-ssl-cert.sh
  2. Run Rscript app.R

I can access https://localhost:8443/hello as expected, and get the output "Hello, World!"

I noticed that the example also seems to use port 6313, so I tried "http://localhost:6313/hello". I get in the RestRserve log:

WARNING: discarding buffer because too big (awaiting 3409317639492036655 bytes)

and the browser appears to be loading, but never stops.

This occurs with any url that points to port 6313, eg http://localhost:6313/hello2 although it isn't routed anywhere yields:

WARNING: discarding buffer because too big (awaiting 5788344091110893615 bytes)

and the browser appears to be loading but never stops.

I'm assuming that awaiting several quintillion bytes is a mistake.

To Reproduce

See above. It's just the included example.

Expected behavior

I expected non-HTTPS connections to be rejected, given that in the example they appear to be disabled.

Environment information

sessionInfo()
R version 4.3.0 (2023-04-21)
Platform: aarch64-apple-darwin20 (64-bit)
Running under: macOS Ventura 13.4.1

Matrix products: default
BLAS:   /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 
LAPACK: /Library/Frameworks/R.framework/Versions/4.3-arm64/Resources/lib/libRlapack.dylib;  LAPACK version 3.11.0

locale:
[1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

time zone: Europe/London
tzcode source: internal

attached base packages:
[1] stats     graphics  grDevices datasets  utils     methods   base     

loaded via a namespace (and not attached):
[1] compiler_4.3.0 tools_4.3.0    renv_0.17.3

Additional context

Question: When looking at the example, I wondered why the argument port is defined, while http_port = -1. If you only intend to use HTTPS, do you need to define both port and https.port?

s-u commented 1 year ago

@richarddmorey the port 6313 is for the QAP Rserve protocol which has nothing to do with HTTP/S. Since it's an entirely different binary protocol the sizes you are sending with a http client make no sense. I would recommend setting qap=FALSE in the app to not expose the QAP endpoint.

That said, It's unclear why it is used in the example since it has nothing to do with the webserve function - @dselivanov I would argue that QAP should be disabled by default (unless I'm missing some additional use here...).

richarddmorey commented 1 year ago

I've confirmed that if I set qap=FALSE, connections to that port are then refused.