WIP: Implement h2 protocol

docs/deployment.md

@@ -44,7 +44,7 @@ Options:
                                   $WEB_CONCURRENCY environment variable if
                                   available, or 1. Not valid with --reload.
   --loop [auto|asyncio|uvloop]    Event loop implementation.  [default: auto]
-  --http [auto|h11|httptools]     HTTP protocol implementation.  [default:
+  --http [auto|h11|httptools|h2]  HTTP protocol implementation.  [default:
                                   auto]
   --ws [auto|none|websockets|wsproto]
                                   WebSocket protocol implementation.

docs/index.md

@@ -117,7 +117,7 @@ Options:
                                   $WEB_CONCURRENCY environment variable if
                                   available, or 1. Not valid with --reload.
   --loop [auto|asyncio|uvloop]    Event loop implementation.  [default: auto]
-  --http [auto|h11|httptools]     HTTP protocol implementation.  [default:
+  --http [auto|h11|httptools|h2]  HTTP protocol implementation.  [default:
                                   auto]
   --ws [auto|none|websockets|wsproto]
                                   WebSocket protocol implementation.

requirements.txt

@@ -20,6 +20,7 @@ types-pyyaml
 trustme
 cryptography
 coverage
+starlette
 httpx==0.16.*
 pytest-asyncio==0.14.*
 async_generator; python_version < '3.7'

setup.py

@@ -47,6 +47,7 @@ def get_packages(package):
     "asgiref>=3.3.4",
     "click>=7.*",
     "h11>=0.8",
+    "h2>=4.0.0",
     "typing-extensions;" + env_marker_below_38,
 ]
 

tests/protocols/test_h2.py

@@ -0,0 +1,41 @@
+import httpx
+import pytest
+from starlette.applications import Starlette
+from starlette.responses import JSONResponse
+from starlette.routing import Route
+
+from tests.utils import run_server
+from uvicorn.config import Config
+
+
+async def homepage(request):
+    return JSONResponse({"hello": "world"})
+
+
+app = Starlette(
+    routes=[
+        Route("/", homepage, methods=["GET", "POST"]),
+    ],
+)
+
+
+@pytest.mark.asyncio
+async def test_run(
+    tls_ca_ssl_context, tls_ca_certificate_pem_path, tls_ca_certificate_private_key_path
+):
+    config = Config(
+        app=app,
+        http="h2",
+        loop="asyncio",
+        limit_max_requests=1,
+        ssl_keyfile=tls_ca_certificate_private_key_path,
+        ssl_certfile=tls_ca_certificate_pem_path,
+        ssl_ca_certs=tls_ca_certificate_pem_path,
+    )
+    async with run_server(config):
+        async with httpx.AsyncClient(verify=tls_ca_ssl_context, http2=True) as client:
+            response = await client.post(
+                "https://127.0.0.1:8000", data={"hello": "world"}
+            )
+    assert response.status_code == 200
+    assert response.http_version == "HTTP/2"

tests/protocols/test_http.py

@@ -73,6 +73,26 @@
     ]
 )
 
+UPGRADE_REQUEST_h2c = b"\r\n".join(
+    [
+        b"GET / HTTP/1.1",
+        b"Host: example.org",
+        b"Upgrade: h2c",
+        b"HTTP2-Settings: SomeHTTP2Setting",
+        b"",
+        b"",
+    ]
+)
+
+UPGRADE_REQUEST_HTTP2_PRIOR = b"\r\n".join(
+    [
+        b"PRI * HTTP/2.0",
+        b"",
+        b"",
+    ]
+)
+
+
 INVALID_REQUEST_TEMPLATE = b"\r\n".join(
     [
         b"%s",
@@ -683,6 +703,24 @@ def test_supported_upgrade_request(protocol_cls, event_loop):
         assert b"HTTP/1.1 426 " in protocol.transport.buffer
 
 
+# @pytest.mark.parametrize("protocol_cls", [H11Protocol])
+# def test_h2c_upgrade_request(protocol_cls, event_loop):
+#     app = Response("Hello, world", media_type="text/plain")
+#
+#     with get_connected_protocol(app, protocol_cls, event_loop) as protocol:
+#         protocol.data_received(UPGRADE_REQUEST_h2c)
+#         # TODO: check h2c_upgrade_request response
+
+
+@pytest.mark.parametrize("protocol_cls", [H11Protocol])
+def test_h2_prior_upgrade_request(protocol_cls, event_loop):
+    app = Response("Hello, world", media_type="text/plain")
+
+    with get_connected_protocol(app, protocol_cls, event_loop) as protocol:
+        protocol.data_received(UPGRADE_REQUEST_HTTP2_PRIOR)
+        # TODO: check h2_prior_upgrade_request response
+
+
 async def asgi3app(scope, receive, send):
     pass
 

tests/test_config.py

@@ -185,6 +185,18 @@ def test_ssl_config_combined(tls_certificate_pem_path: str) -> None:
     assert config.is_ssl is True
 
 
+def test_ssl_config_h2(tls_certificate_pem_path):
+    config = Config(
+        app=asgi_app,
+        http="h2",
+        ssl_certfile=tls_certificate_pem_path,
+    )
+    config.load()
+
+    assert config.is_ssl is True
+    # TODO: Should we also check HTTP/2-Specific 'ciphers' and 'options' here?
+
+
 def asgi2_app(scope: Scope) -> typing.Callable:
     async def asgi(
         receive: ASGIReceiveCallable, send: ASGISendCallable

uvicorn/_handlers/http.py

@@ -35,6 +35,12 @@ async def handle_http(
     loop = asyncio.get_event_loop()
     connection_lost = loop.create_future()
 
+    ssl_object = writer.get_extra_info("ssl_object")
+    if ssl_object is not None:
+        alpn_protocol = ssl_object.selected_alpn_protocol()
+        if alpn_protocol == "h2":
+            config.http_protocol_class = config.h2_protocol_class
+
     # Switch the protocol from the stream reader to our own HTTP protocol class.
     protocol = config.http_protocol_class(  # type: ignore[call-arg, operator]
         config=config,

uvicorn/config.py

@@ -52,6 +52,7 @@
     "auto": "uvicorn.protocols.http.auto:AutoHTTPProtocol",
     "h11": "uvicorn.protocols.http.h11_impl:H11Protocol",
     "httptools": "uvicorn.protocols.http.httptools_impl:HttpToolsProtocol",
+    "h2": "uvicorn.protocols.http.h2_impl:H2Protocol",
 }
 WS_PROTOCOLS: Dict[WSProtocolType, Optional[str]] = {
     "auto": "uvicorn.protocols.websockets.auto:AutoWebSocketsProtocol",
@@ -121,6 +122,7 @@ def create_ssl_context(
     cert_reqs: int,
     ca_certs: Optional[Union[str, os.PathLike]],
     ciphers: Optional[str],
+    enable_h2: Optional[bool],
 ) -> ssl.SSLContext:
     ctx = ssl.SSLContext(ssl_version)
     get_password = (lambda: password) if password else None
@@ -130,6 +132,20 @@ def create_ssl_context(
         ctx.load_verify_locations(ca_certs)
     if ciphers:
         ctx.set_ciphers(ciphers)
+    if enable_h2:
+        ctx.options |= (
+            ssl.OP_NO_SSLv2
+            | ssl.OP_NO_SSLv3
+            | ssl.OP_NO_TLSv1
+            | ssl.OP_NO_TLSv1_1
+            | ssl.OP_NO_COMPRESSION
+            | ssl.OP_CIPHER_SERVER_PREFERENCE
+        )
+        ctx.set_alpn_protocols(["h2", "http/1.1"])
+        try:
+            ctx.set_npn_protocols(["h2", "http/1.1"])
+        except NotImplementedError:
+            pass
     return ctx
 
 
@@ -221,6 +237,11 @@ def __init__(
         self.headers: List[List[str]] = headers or []
         self.encoded_headers: Optional[List[Tuple[bytes, bytes]]] = None
         self.factory = factory
+        self.h2_protocol_class = None
+        self.h2_max_concurrent_streams = 100
+        self.h2_max_header_list_size = 2 ** 16
+        self.h2_max_inbound_frame_size = 2 ** 14
+        self.h2_ssl_ciphers = "ECDHE+AESGCM"
 
         self.loaded = False
         self.configure_logging()
@@ -305,6 +326,12 @@ def configure_logging(self) -> None:
     def load(self) -> None:
         assert not self.loaded
 
+        enable_h2 = self.http in ("h2",)
+        ciphers = (
+            self.h2_ssl_ciphers
+            if (self.ssl_ciphers == "TLSv1" and enable_h2)
+            else self.ssl_ciphers
+        )
         if self.is_ssl:
             assert self.ssl_certfile
             self.ssl: Optional[ssl.SSLContext] = create_ssl_context(
@@ -314,7 +341,8 @@ def load(self) -> None:
                 ssl_version=self.ssl_version,
                 cert_reqs=self.ssl_cert_reqs,
                 ca_certs=self.ssl_ca_certs,
-                ciphers=self.ssl_ciphers,
+                ciphers=ciphers,
+                enable_h2=enable_h2,
             )
         else:
             self.ssl = None
@@ -343,6 +371,8 @@ def load(self) -> None:
 
         self.lifespan_class = import_from_string(LIFESPAN[self.lifespan])
 
+        self.h2_protocol_class = import_from_string(HTTP_PROTOCOLS["h2"])
+
         try:
             self.loaded_app = import_from_string(self.app)
         except ImportFromStringError as exc:

uvicorn/protocols/http/h11_impl.py

@@ -153,6 +153,10 @@ def handle_events(self):
                 break
 
             elif event_type is h11.Request:
+
+                if self.check_connection_preface(event):
+                    return
+
                 self.headers = [(key.lower(), value) for key, value in event.headers]
                 raw_path, _, query_string = event.target.partition(b"?")
                 self.scope = {
@@ -179,6 +183,9 @@ def handle_events(self):
                         if b"upgrade" in tokens:
                             self.handle_upgrade(event)
                             return
+                    elif name == b"upgrade" and value.lower() == b"h2c":
+                        self.handle_upgrade(event)
+                        return
 
                 # Handle 503 responses when 'limit_concurrency' is exceeded.
                 if self.limit_concurrency is not None and (
@@ -223,13 +230,76 @@ def handle_events(self):
                 self.cycle.more_body = False
                 self.cycle.message_event.set()
 
+    def check_connection_preface(self, event):
+        if (
+            event.method == b"PRI"
+            and event.target == b"*"
+            and event.http_version == b"2.0"
+        ):
+            # https://tools.ietf.org/html/rfc7540#section-3.5
+            self.connections.discard(self)
+
+            protocol = self.config.h2_protocol_class(
+                config=self.config,
+                server_state=self.server_state,
+                on_connection_lost=self.on_connection_lost,
+            )
+            protocol.connection_made(self.transport)
+            self.transport.set_protocol(protocol)
+            protocol.data_received(
+                b"PRI * HTTP/2.0\r\n\r\n" + self.conn.trailing_data[0]
+            )
+            return True
+        return False
+
     def handle_upgrade(self, event):
         upgrade_value = None
+        has_body = False
         for name, value in self.headers:
             if name == b"upgrade":
                 upgrade_value = value.lower()
+            elif name in {"content-length", "transfer-encoding"}:
+                has_body = True
+
+        if upgrade_value == b"h2c" and not has_body:
+            self.connections.discard(self)
+
+            headers = ((b"upgrade", b"h2c"), *self.headers)
+            self.transport.write(
+                self.conn.send(
+                    h11.InformationalResponse(status_code=101, headers=headers)
+                )
+            )
+            protocol = self.config.h2_protocol_class(
+                config=self.config,
+                server_state=self.server_state,
+                on_connection_lost=self.on_connection_lost,
+            )
+            protocol.connection_made(self.transport, upgrade_request=event)
+            self.transport.set_protocol(protocol)
+            request_data = self.conn.trailing_data[0]
+            if request_data != b"":
+                protocol.data_received(request_data)
+
+        elif upgrade_value == b"websocket" and self.ws_protocol_class is not None:
+            if self.logger.level <= TRACE_LOG_LEVEL:
+                prefix = "%s:%d - " % tuple(self.client) if self.client else ""
+                self.logger.log(TRACE_LOG_LEVEL, "%sUpgrading to WebSocket", prefix)
+            self.connections.discard(self)
+            output = [event.method, b" ", event.target, b" HTTP/1.1\r\n"]
+            for name, value in self.headers:
+                output += [name, b": ", value, b"\r\n"]
+            output.append(b"\r\n")
+            protocol = self.ws_protocol_class(
+                config=self.config,
+                server_state=self.server_state,
+                on_connection_lost=self.on_connection_lost,
+            )
+            protocol.connection_made(self.transport)
+            protocol.data_received(b"".join(output))
+            self.transport.set_protocol(protocol)
 
-        if upgrade_value != b"websocket" or self.ws_protocol_class is None:
+        else:
             msg = "Unsupported upgrade request."
             self.logger.warning(msg)
 
@@ -254,25 +324,6 @@ def handle_upgrade(self, event):
             output = self.conn.send(event)
             self.transport.write(output)
             self.transport.close()
-            return
-
-        if self.logger.level <= TRACE_LOG_LEVEL:
-            prefix = "%s:%d - " % tuple(self.client) if self.client else ""
-            self.logger.log(TRACE_LOG_LEVEL, "%sUpgrading to WebSocket", prefix)
-
-        self.connections.discard(self)
-        output = [event.method, b" ", event.target, b" HTTP/1.1\r\n"]
-        for name, value in self.headers:
-            output += [name, b": ", value, b"\r\n"]
-        output.append(b"\r\n")
-        protocol = self.ws_protocol_class(
-            config=self.config,
-            server_state=self.server_state,
-            on_connection_lost=self.on_connection_lost,
-        )
-        protocol.connection_made(self.transport)
-        protocol.data_received(b"".join(output))
-        self.transport.set_protocol(protocol)
 
     def on_response_complete(self):
         self.server_state.total_requests += 1