evhttpd implementation

- *Replace usage of boost::asio with [libevent2](http://libevent.org/)*.
boost::asio is not part of C++11, so unlike other boost there is no
forwards-compatibility reason to stick with it. Together with #4738 (convert
json_spirit to UniValue), this rids Bitcoin Core of the worst offenders with
regard to compile-time slowness.

- *Replace spit-and-duct-tape http server with evhttp*. Front-end http handling
is handled by libevent, a work queue (with configurable depth and parallelism)
is used to handle application requests.

- *Wrap HTTP request in C++ class*; this makes the application code mostly
HTTP-server-neutral

- *Refactor RPC to move all http-specific code to a separate file*.
Theoreticaly this can allow building without HTTP server but with another RPC
backend, e.g. Qt's debug console (currently not implemented) or future RPC
mechanisms people may want to use.

- *HTTP dispatch mechanism*; services (e.g., RPC, REST) register which URL
paths they want to handle.

By using a proven, high-performance asynchronous networking library (also used
by Tor) and HTTP server, problems such as #5674, #5655, #344 should be avoided.

What works? bitcoind, bitcoin-cli, bitcoin-qt. Unit tests and RPC/REST tests
pass. The aim for now is everything but SSL support.

Configuration options:

- `-rpcthreads`: repurposed as "number of  work handler threads". Still
defaults to 4.

- `-rpcworkqueue`: maximum depth of work queue. When this is reached, new
requests will return a 500 Internal Error.

- `-rpctimeout`: inactivity time, in seconds, after which to disconnect a
client.

- `-debug=http`: low-level http activity logging

1 files changed, 201 insertions, 0 deletions

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
new file mode 100644
index 0000000000..570beadc5f
--- /dev/null
+++ b/src/httprpc.cpp
@@ -0,0 +1,201 @@
+#include "httprpc.h"
+
+#include "base58.h"
+#include "chainparams.h"
+#include "httpserver.h"
+#include "rpcprotocol.h"
+#include "rpcserver.h"
+#include "random.h"
+#include "sync.h"
+#include "util.h"
+#include "utilstrencodings.h"
+#include "ui_interface.h"
+
+#include <boost/algorithm/string.hpp> // boost::trim
+
+/** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
+ * re-lock the wellet.
+ */
+class HTTPRPCTimer : public RPCTimerBase
+{
+public:
+    HTTPRPCTimer(struct event_base* eventBase, boost::function<void(void)>& func, int64_t seconds) : ev(eventBase, false, new Handler(func))
+    {
+        struct timeval tv = {seconds, 0};
+        ev.trigger(&tv);
+    }
+private:
+    HTTPEvent ev;
+
+    class Handler : public HTTPClosure
+    {
+    public:
+        Handler(const boost::function<void(void)>& func) : func(func)
+        {
+        }
+    private:
+        boost::function<void(void)> func;
+        void operator()() { func(); }
+    };
+};
+
+class HTTPRPCTimerInterface : public RPCTimerInterface
+{
+public:
+    HTTPRPCTimerInterface(struct event_base* base) : base(base)
+    {
+    }
+    const char* Name()
+    {
+        return "HTTP";
+    }
+    RPCTimerBase* NewTimer(boost::function<void(void)>& func, int64_t seconds)
+    {
+        return new HTTPRPCTimer(base, func, seconds);
+    }
+private:
+    struct event_base* base;
+};
+
+
+/* Pre-base64-encoded authentication token */
+static std::string strRPCUserColonPass;
+/* Stored RPC timer interface (for unregistration) */
+static HTTPRPCTimerInterface* httpRPCTimerInterface = 0;
+
+static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const UniValue& id)
+{
+    // Send error reply from json-rpc error object
+    int nStatus = HTTP_INTERNAL_SERVER_ERROR;
+    int code = find_value(objError, "code").get_int();
+
+    if (code == RPC_INVALID_REQUEST)
+        nStatus = HTTP_BAD_REQUEST;
+    else if (code == RPC_METHOD_NOT_FOUND)
+        nStatus = HTTP_NOT_FOUND;
+
+    std::string strReply = JSONRPCReply(NullUniValue, objError, id);
+
+    req->WriteHeader("Content-Type", "application/json");
+    req->WriteReply(nStatus, strReply);
+}
+
+static bool RPCAuthorized(const std::string& strAuth)
+{
+    if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
+        return false;
+    if (strAuth.substr(0, 6) != "Basic ")
+        return false;
+    std::string strUserPass64 = strAuth.substr(6);
+    boost::trim(strUserPass64);
+    std::string strUserPass = DecodeBase64(strUserPass64);
+    return TimingResistantEqual(strUserPass, strRPCUserColonPass);
+}
+
+static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
+{
+    // JSONRPC handles only POST
+    if (req->GetRequestMethod() != HTTPRequest::POST) {
+        req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests");
+        return false;
+    }
+    // Check authorization
+    std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
+    if (!authHeader.first) {
+        req->WriteReply(HTTP_UNAUTHORIZED);
+        return false;
+    }
+
+    if (!RPCAuthorized(authHeader.second)) {
+        LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
+
+        /* Deter brute-forcing
+           If this results in a DoS the user really
+           shouldn't have their RPC port exposed. */
+        MilliSleep(250);
+
+        req->WriteReply(HTTP_UNAUTHORIZED);
+        return false;
+    }
+
+    JSONRequest jreq;
+    try {
+        // Parse request
+        UniValue valRequest;
+        if (!valRequest.read(req->ReadBody()))
+            throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");
+
+        std::string strReply;
+        // singleton request
+        if (valRequest.isObject()) {
+            jreq.parse(valRequest);
+
+            UniValue result = tableRPC.execute(jreq.strMethod, jreq.params);
+
+            // Send reply
+            strReply = JSONRPCReply(result, NullUniValue, jreq.id);
+
+        // array of requests
+        } else if (valRequest.isArray())
+            strReply = JSONRPCExecBatch(valRequest.get_array());
+        else
+            throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error");
+
+        req->WriteHeader("Content-Type", "application/json");
+        req->WriteReply(HTTP_OK, strReply);
+    } catch (const UniValue& objError) {
+        JSONErrorReply(req, objError, jreq.id);
+        return false;
+    } catch (const std::exception& e) {
+        JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id);
+        return false;
+    }
+    return true;
+}
+
+static bool InitRPCAuthentication()
+{
+    if (mapArgs["-rpcpassword"] == "")
+    {
+        LogPrintf("No rpcpassword set - using random cookie authentication\n");
+        if (!GenerateAuthCookie(&strRPCUserColonPass)) {
+            uiInterface.ThreadSafeMessageBox(
+                _("Error: A fatal internal error occurred, see debug.log for details"), // Same message as AbortNode
+                "", CClientUIInterface::MSG_ERROR);
+            return false;
+        }
+    } else {
+        strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
+    }
+    return true;
+}
+
+bool StartHTTPRPC()
+{
+    LogPrint("rpc", "Starting HTTP RPC server\n");
+    if (!InitRPCAuthentication())
+        return false;
+
+    RegisterHTTPHandler("/", true, HTTPReq_JSONRPC);
+
+    assert(EventBase());
+    httpRPCTimerInterface = new HTTPRPCTimerInterface(EventBase());
+    RPCRegisterTimerInterface(httpRPCTimerInterface);
+    return true;
+}
+
+void InterruptHTTPRPC()
+{
+    LogPrint("rpc", "Interrupting HTTP RPC server\n");
+}
+
+void StopHTTPRPC()
+{
+    LogPrint("rpc", "Stopping HTTP RPC server\n");
+    UnregisterHTTPHandler("/", true);
+    if (httpRPCTimerInterface) {
+        RPCUnregisterTimerInterface(httpRPCTimerInterface);
+        delete httpRPCTimerInterface;
+        httpRPCTimerInterface = 0;
+    }
+}