quic: complete the c++ side of the origin frame support

Author: jasnell

doc/api/quic.md

@@ -1453,13 +1453,20 @@ no other host name matches. Each entry may contain:
 * `crl` {ArrayBuffer|ArrayBufferView|ArrayBuffer\[]|ArrayBufferView\[]}
   Optional certificate revocation lists.
 * `verifyPrivateKey` {boolean} Verify the private key. Default: `false`.
+* `port` {number} The port to advertise in ORIGIN frames (RFC 9412) for
+  this host name. **Default:** `443`. Only used for HTTP/3 sessions.
+* `authoritative` {boolean} Whether to include this host name in ORIGIN
+  frames. **Default:** `true`. Set to `false` to exclude a host name
+  from ORIGIN advertisements. Wildcard (`'*'`) entries are always
+  excluded regardless of this setting.
 
 ```mjs
 const endpoint = await listen(callback, {
   sni: {
     '*': { keys: [defaultKey], certs: [defaultCert] },
-    'api.example.com': { keys: [apiKey], certs: [apiCert] },
+    'api.example.com': { keys: [apiKey], certs: [apiCert], port: 8443 },
     'www.example.com': { keys: [wwwKey], certs: [wwwCert], ca: [customCA] },
+    'internal.example.com': { keys: [intKey], certs: [intCert], authoritative: false },
   },
 });
 ```

lib/internal/quic/quic.js

@@ -138,6 +138,7 @@ const {
   kNewToken,
   kOnHeaders,
   kOnTrailers,
+  kOrigin,
   kPathValidation,
   kPrivateConstructor,
   kReset,
@@ -186,6 +187,7 @@ const onSessionPathValidationChannel = dc.channel('quic.session.path.validation'
 const onSessionNewTokenChannel = dc.channel('quic.session.new.token');
 const onSessionTicketChannel = dc.channel('quic.session.ticket');
 const onSessionVersionNegotiationChannel = dc.channel('quic.session.version.negotiation');
+const onSessionOriginChannel = dc.channel('quic.session.receive.origin');
 const onSessionHandshakeChannel = dc.channel('quic.session.handshake');
 
 /**
@@ -504,6 +506,15 @@ setCallbacks({
     this[kOwner][kNewToken](token, address);
   },
 
+  /**
+   * Called when the session receives an ORIGIN frame from the peer (RFC 9412).
+   * @param {string[]} origins The list of origins the peer claims authority for
+   */
+  onSessionOrigin(origins) {
+    debug('session origin callback', this[kOwner]);
+    this[kOwner][kOrigin](origins);
+  },
+
   /**
    * Called when the session receives a session version negotiation request
    * @param {*} version
@@ -1628,6 +1639,20 @@ class QuicSession {
     }
   }
 
+  /**
+   * Called when the session receives an ORIGIN frame (RFC 9412).
+   * @param {string[]} origins
+   */
+  [kOrigin](origins) {
+    if (this.destroyed) return;
+    if (onSessionOriginChannel.hasSubscribers) {
+      onSessionOriginChannel.publish({
+        origins,
+        session: this,
+      });
+    }
+  }
+
   /**
    * @param {string} servername
    * @param {string} protocol
@@ -2422,11 +2447,18 @@ function processTlsOptions(tls, forServer) {
       if (identity.certs === undefined) {
         throw new ERR_MISSING_ARGS(`options.sni['${hostname}'].certs`);
       }
-      // Build a full TLS options object: shared + identity.
+      // Extract ORIGIN frame options from the SNI entry.
+      const {
+        port,
+        authoritative,
+      } = sni[hostname];
+      // Build a full TLS options object: shared + identity + origin options.
       sniEntries[hostname] = {
         __proto__: null,
         ...shared,
         ...identity,
+        ...(port !== undefined ? { port } : {}),
+        ...(authoritative !== undefined ? { authoritative } : {}),
       };
     }
 

lib/internal/quic/symbols.js

@@ -36,6 +36,7 @@ const kNewStream = Symbol('kNewStream');
 const kNewToken = Symbol('kNewToken');
 const kOnHeaders = Symbol('kOnHeaders');
 const kOnTrailers = Symbol('kOwnTrailers');
+const kOrigin = Symbol('kOrigin');
 const kOwner = Symbol('kOwner');
 const kPathValidation = Symbol('kPathValidation');
 const kPrivateConstructor = Symbol('kPrivateConstructor');
@@ -65,6 +66,7 @@ module.exports = {
   kNewToken,
   kOnHeaders,
   kOnTrailers,
+  kOrigin,
   kOwner,
   kPathValidation,
   kPrivateConstructor,

src/quic/bindingdata.h

@@ -41,6 +41,7 @@ class Packet;
   V(session_handshake, SessionHandshake)                                       \
   V(session_new, SessionNew)                                                   \
   V(session_new_token, SessionNewToken)                                        \
+  V(session_origin, SessionOrigin)                                             \
   V(session_path_validation, SessionPathValidation)                            \
   V(session_ticket, SessionTicket)                                             \
   V(session_version_negotiation, SessionVersionNegotiation)                    \
@@ -59,6 +60,7 @@ class Packet;
   V(active_connection_id_limit, "activeConnectionIDLimit")                     \
   V(address_lru_size, "addressLRUSize")                                        \
   V(application, "application")                                                \
+  V(authoritative, "authoritative")                                            \
   V(bbr, "bbr")                                                                \
   V(ca, "ca")                                                                  \
   V(cc_algorithm, "cc")                                                        \
@@ -103,6 +105,7 @@ class Packet;
   V(max_stream_window, "maxStreamWindow")                                      \
   V(max_window, "maxWindow")                                                   \
   V(min_version, "minVersion")                                                 \
+  V(port, "port")                                                              \
   V(preferred_address_strategy, "preferredAddressPolicy")                      \
   V(alpn, "alpn")                                                              \
   V(qlog, "qlog")                                                              \

src/quic/defs.h

@@ -83,6 +83,39 @@ bool SetOption(Environment* env,
   return true;
 }
 
+template <typename Opt, uint16_t Opt::*member>
+bool SetOption(Environment* env,
+               Opt* options,
+               const v8::Local<v8::Object>& object,
+               const v8::Local<v8::String>& name) {
+  v8::Local<v8::Value> value;
+  if (!object->Get(env->context(), name).ToLocal(&value)) return false;
+  if (!value->IsUndefined()) {
+    if (!value->IsUint32()) {
+      Utf8Value nameStr(env->isolate(), name);
+      THROW_ERR_INVALID_ARG_VALUE(
+          env, "The %s option must be an uint16", nameStr);
+      return false;
+    }
+    v8::Local<v8::Uint32> num;
+    if (!value->ToUint32(env->context()).ToLocal(&num)) {
+      Utf8Value nameStr(env->isolate(), name);
+      THROW_ERR_INVALID_ARG_VALUE(
+          env, "The %s option must be an uint16", nameStr);
+      return false;
+    }
+    uint32_t val = num->Value();
+    if (val > 0xFFFF) {
+      Utf8Value nameStr(env->isolate(), name);
+      THROW_ERR_INVALID_ARG_VALUE(
+          env, "The %s option must fit in a uint16", nameStr);
+      return false;
+    }
+    options->*member = static_cast<uint16_t>(val);
+  }
+  return true;
+}
+
 template <typename Opt, uint64_t Opt::*member>
 bool SetOption(Environment* env,
                Opt* options,

src/quic/http3.cc

@@ -144,7 +144,14 @@ class Http3ApplicationImpl final : public Session::Application {
       : Application(session, options),
         allocator_(BindingData::Get(env())),
         options_(options),
-        conn_(InitializeConnection()) {
+        conn_(nullptr) {
+    // Build the ORIGIN frame payload from the SNI configuration before
+    // creating the nghttp3 connection, since InitializeConnection needs
+    // the origin_vec_ to be ready for settings.origin_list.
+    if (session->is_server()) {
+      BuildOriginPayload();
+    }
+    conn_ = InitializeConnection();
     session->set_priority_supported();
   }
 
@@ -613,9 +620,38 @@ class Http3ApplicationImpl final : public Session::Application {
            id == qpack_enc_stream_id_;
   }
 
+  void BuildOriginPayload() {
+    // Build the serialized ORIGIN frame payload from the SNI configuration.
+    // Each origin entry is: 2-byte BE length + origin string.
+    // Wildcard ('*') entries and entries with authoritative=false are skipped.
+    auto& sni = session().config().options.sni;
+    for (auto& [hostname, opts] : sni) {
+      if (hostname == "*" || !opts.authoritative) continue;
+      std::string origin = "https://";
+      origin += hostname;
+      if (opts.port != 443) {
+        origin += ":";
+        origin += std::to_string(opts.port);
+      }
+      // 2-byte BE length prefix
+      uint16_t len = static_cast<uint16_t>(origin.size());
+      origin_payload_.push_back(static_cast<uint8_t>((len >> 8) & 0xff));
+      origin_payload_.push_back(static_cast<uint8_t>(len & 0xff));
+      // Origin string bytes
+      origin_payload_.insert(
+          origin_payload_.end(), origin.begin(), origin.end());
+    }
+    if (!origin_payload_.empty()) {
+      origin_vec_ = {origin_payload_.data(), origin_payload_.size()};
+    }
+  }
+
   Http3ConnectionPointer InitializeConnection() {
     nghttp3_conn* conn = nullptr;
     nghttp3_settings settings = options_;
+    if (!origin_payload_.empty()) {
+      settings.origin_list = &origin_vec_;
+    }
     if (session().is_server()) {
       CHECK_EQ(nghttp3_conn_server_new(
                    &conn, &kCallbacks, &settings, &allocator_, this),
@@ -803,6 +839,14 @@ class Http3ApplicationImpl final : public Session::Application {
   int64_t qpack_dec_stream_id_ = -1;
   int64_t qpack_enc_stream_id_ = -1;
 
+  // ORIGIN frame support (RFC 9412).
+  // origin_payload_ holds the serialized ORIGIN frame payload for sending.
+  // origin_vec_ points into origin_payload_ for nghttp3_settings.origin_list.
+  // received_origins_ accumulates origins from received ORIGIN frames.
+  std::vector<uint8_t> origin_payload_;
+  nghttp3_vec origin_vec_{nullptr, 0};
+  std::vector<std::string> received_origins_;
+
   // ==========================================================================
   // Static callbacks
 
@@ -1083,14 +1127,18 @@ class Http3ApplicationImpl final : public Session::Application {
                                const uint8_t* origin,
                                size_t originlen,
                                void* conn_user_data) {
-    // ORIGIN frames (RFC 8336) are used for connection coalescing
-    // across multiple origins. Not yet implemented u2014 requires
-    // connection pooling and multi-origin reuse support.
+    NGHTTP3_CALLBACK_SCOPE(app);
+    app.received_origins_.emplace_back(reinterpret_cast<const char*>(origin),
+                                       originlen);
     return NGTCP2_SUCCESS;
   }
 
   static int on_end_origin(nghttp3_conn* conn, void* conn_user_data) {
-    // See on_receive_origin above.
+    NGHTTP3_CALLBACK_SCOPE(app);
+    if (!app.received_origins_.empty()) {
+      app.session().EmitOrigins(std::move(app.received_origins_));
+      app.received_origins_.clear();
+    }
     return NGTCP2_SUCCESS;
   }
 

src/quic/session.cc

@@ -1240,7 +1240,11 @@ struct Session::Impl final : public MemoryRetainer {
       on_receive_rx_key,
       nullptr,
       on_early_data_rejected,
-      on_begin_path_validation};
+      on_begin_path_validation,
+      nullptr,
+      nullptr,
+      nullptr,
+      nullptr};
 
   static constexpr ngtcp2_callbacks SERVER = {
       nullptr,
@@ -1283,7 +1287,11 @@ struct Session::Impl final : public MemoryRetainer {
       nullptr,
       on_receive_tx_key,
       on_early_data_rejected,
-      on_begin_path_validation};
+      on_begin_path_validation,
+      nullptr,
+      nullptr,
+      nullptr,
+      nullptr};
 };
 
 #undef NGTCP2_CALLBACK_SCOPE
@@ -2914,6 +2922,28 @@ void Session::EmitVersionNegotiation(const ngtcp2_pkt_hd& hd,
                argv);
 }
 
+void Session::EmitOrigins(std::vector<std::string>&& origins) {
+  DCHECK(!is_destroyed());
+  if (!env()->can_call_into_js()) return;
+
+  CallbackScope<Session> cb_scope(this);
+
+  auto isolate = env()->isolate();
+
+  LocalVector<Value> elements(env()->isolate(), origins.size());
+  for (size_t i = 0; i < origins.size(); i++) {
+    Local<Value> str;
+    if (!ToV8Value(env()->context(), origins[i]).ToLocal(&str)) [[unlikely]] {
+      return;
+    }
+    elements[i] = str;
+  }
+
+  Local<Value> argv[] = {Array::New(isolate, elements.data(), elements.size())};
+  MakeCallback(
+      BindingData::Get(env()).session_origin_callback(), arraysize(argv), argv);
+}
+
 void Session::EmitKeylog(const char* line) {
   if (!env()->can_call_into_js()) return;
   if (keylog_stream_) {

src/quic/session.h

@@ -480,6 +480,7 @@ class Session final : public AsyncWrap, private SessionTicket::AppData::Source {
   void EmitDatagramStatus(datagram_id id, DatagramStatus status);
   void EmitHandshakeComplete();
   void EmitKeylog(const char* line);
+  void EmitOrigins(std::vector<std::string>&& origins);
 
   struct ValidatedPath {
     std::shared_ptr<SocketAddress> local;

src/quic/tlscontext.cc

@@ -697,9 +697,10 @@ Maybe<TLSContext::Options> TLSContext::Options::From(Environment* env,
   if (!SET(verify_client) || !SET(reject_unauthorized) ||
       !SET(enable_early_data) || !SET(enable_tls_trace) || !SET(alpn) ||
       !SET(servername) || !SET(ciphers) || !SET(groups) ||
-      !SET(verify_private_key) || !SET(keylog) ||
-      !SET_VECTOR(crypto::KeyObjectData, keys) || !SET_VECTOR(Store, certs) ||
-      !SET_VECTOR(Store, ca) || !SET_VECTOR(Store, crl)) {
+      !SET(verify_private_key) || !SET(keylog) || !SET(port) ||
+      !SET(authoritative) || !SET_VECTOR(crypto::KeyObjectData, keys) ||
+      !SET_VECTOR(Store, certs) || !SET_VECTOR(Store, ca) ||
+      !SET_VECTOR(Store, crl)) {
     return Nothing<Options>();
   }
 

src/quic/tlscontext.h

@@ -241,6 +241,15 @@ class TLSContext final : public MemoryRetainer,
     // JavaScript option name "crl"
     std::vector<Store> crl;
 
+    // The port to advertise in ORIGIN frames for this hostname.
+    // Defaults to 443 (the standard HTTPS port). Only relevant for
+    // server-side SNI entries used with HTTP/3.
+    uint16_t port = 443;
+
+    // Whether this hostname should be included in ORIGIN frames.
+    // Only relevant for server-side SNI entries.
+    bool authoritative = true;
+
     void MemoryInfo(MemoryTracker* tracker) const override;
     SET_MEMORY_INFO_NAME(TLSContext::Options)
     SET_SELF_SIZE(Options)