Commit Graph

126 Commits

Author SHA1 Message Date
b4930f72bb
Bump version to 0.3.0 2024-02-19 23:33:27 +01:00
d9836a5b42
CMakeLists.txt: Fix dynstr version
It was accidentally bumped to 0.2.0 during libweb's 0.2.0 release.
2024-02-19 23:28:12 +01:00
afe0681c0b
Limit maximum multipart/form-data pairs and files
A malicious user could inject an infinite number of empty files or
key/value pairs into a request in order to exhaust the device's
resources.
2024-02-19 23:00:56 +01:00
9d9e0c2979
html.c: Avoid half-init objects on html_node_add_attr
The previous implementation would leave half-initialised objects if one
of the calls to strdup(3) failed. Now, n->attrs is only modified when
all previous memory allocations were successful.
2024-02-19 22:49:09 +01:00
6ceae16a20
Bump version to 0.2.0 2024-02-12 23:12:43 +01:00
46a9d4efb9
README.md: Update according to status quo 2024-02-12 23:12:43 +01:00
444563ca13
README.md: Fix typo
Whereas the project is usually referred to as libweb, the CMake exported
target name is simply "web".
2024-02-12 23:12:43 +01:00
dd1589a5ea
README.md: Add Alpine Linux build instructions 2024-02-12 23:12:42 +01:00
edc855f93b
libweb_http.7: Update according to status quo 2024-02-12 23:00:03 +01:00
f9a305fe4d
libweb_html.7: Fix typo 2024-02-12 22:52:18 +01:00
fcba916011
Update copyright notices to 2024 2024-02-12 22:45:17 +01:00
91ff743df9
server.c: Fix wrong priority for do_exit
Under some specific circumstances, poll(2) would return a positive
integer, but do_exit might had been previously set. This caused libweb
to ignore SIGTERM, with the potential risk for an endless loop.
2024-01-20 01:19:57 +01:00
43be8d95f6
http.c: Solve performance issues on POST uploads
Profiling showed that reading multipart/form POST uploads byte-by-byte
was too slow and typically led to maximum CPU usage. Therefore, the
older approach (as done up to commit 7efc2b3a) was more efficient, even
if the resulting code was a bit uglier.
2024-01-20 01:19:57 +01:00
b0accd099f
http.c: Unify read operations
So far, libweb would perform different read operations depending on its
state:

- For HTTP headers or request bodies, one byte at a time was read.
- For multipart/form-data, up to BUFSIZ bytes at a time were read.

However, this caused a significant extra number of syscalls for no
reason and would increase code complexity, specially when parsing
multiform/form-data boundaries.

Now, http_read always reads up to BUFSIZ bytes at a time and process
them on a loop. Apart from reducing code complexity, this should
increase performance due to the (much) lower number of syscalls
required.
2023-11-24 01:36:38 +01:00
7efc2b3aad
.gitignore: Add headers executable 2023-11-24 01:36:38 +01:00
dec953e4f4
.gitmodule: Point dynstr to high-availability mirror
https://gitea.privatedns.org is a small Gitea instance running on a home
server, which might be problematic for large deployments.
2023-11-22 09:13:57 +01:00
bc1d77983a
headers/main.c: Update to new handler interface 2023-11-20 17:05:21 +01:00
b94f76033f Merge pull request 'Add support for HTTP PUT' (#3) from midokura-xavi/libweb:put into master
Reviewed-on: #3
2023-11-20 16:47:53 +01:00
dc8b14d990
Add PUT server example 2023-11-20 16:34:24 +01:00
1750bbd7ec
http.c. Limit multipart/form-data to POST 2023-11-20 16:34:24 +01:00
1755ee663c
http: Add support for PUT
Notes:

- Since curl would use the "Expect: 100-continue" header field for PUT
operations, this was a good operation to fix the existing issues in its
implementation.

Breaking changes:

- expect_continue is no longer exclusive to struct http_post. Now, it
has been moved into struct http_payload and it is up to users to check
it.
2023-11-20 16:34:24 +01:00
8f1ad3124e Merge pull request 'Fix double-free on failed server_client_close' (#2) from midokura-xavi/libweb:fix-double-free into master
Reviewed-on: #2
2023-11-20 16:27:28 +01:00
59a67a7541
Fix double-free on failed server_client_close
Even if server_client_close fails, it is needed for client_free to
remove the dangling reference from h->clients.
2023-11-20 16:25:58 +01:00
44676b84fd Merge pull request 'Allow listen_port to return selected port number' (#1) from midokura-xavi/libweb:listen-port into master
Reviewed-on: #1
2023-11-20 16:24:15 +01:00
2561ec32fe
doc: Update handler_{loop,listen} 2023-11-20 16:08:08 +01:00
c9edbbc4b0
examples/hello: Update according to handler_loop 2023-11-20 16:06:20 +01:00
98f5f52461
Split handler_loop from handler_listen
Some applications might set up a struct handler object to listen on any
port i.e., 0, but still need a way to determine which port number was
eventually selected by the implementation.

Therefore, handler_listen has been reduced to the server initialization
bit, whereas the main loop has been split into its own function, namely
handler_loop.

Because of these changes, it no longer made sense for libweb to write
the selected port to standard output, as this is something now
applications can do on their own.
2023-11-20 16:06:19 +01:00
8280cc40b9
README.md: Use generic term for copyright holders
Similarly to other projects within the free software community, a
generic term is used so as to avoid listing every single contributor to
the project.
2023-11-20 16:06:15 +01:00
65031ca350
Send HTTP headers to payload callback
Even if libweb already parses some common headers, such as
Content-Length, some users might find it interesting to inspect which
headers were received from a request.

Since HTTP/1.1 does not define a limit on the number of maximum headers
a client can send, for security reasons a maximum value must be provided
by the user. Any extra headers shall be then discarded by libweb.

An example application showing this new feature is also provided.
2023-11-18 01:03:12 +01:00
b71a6174e1
http.c: Fix more issues with partial boundaries
- http_memmem must not check strlen(a) > n because, in case of a partial
boundary, it would wrongfully return NULL.
- If one or more characters from a partial boundary are found at the end
of a buffer, but the next buffer does not start with the rest of the
boundary, the accumulated boundary must be reset, and then look for a
new boundary.
2023-11-12 23:31:57 +01:00
7d02b225fe
http.c: Fix several issues with partial boundaries
- Writing to m->boundary[len] did not make any sense, as len is not
meant to change between calls to read_mf_boundary_byte.
- For the same reason, memset(3)ing "len + 1" did not make any sense.
- When a partial boundary is found, http_memmem must still return st.
- Calling reset_boundary with prev == 0 did not make sense, since that
case typically means a partial boundary was found on a previous
iteration, so m->blen must not be reset.
2023-11-12 06:52:48 +01:00
9e1779eacd
doc: Add man3 page for http_decode_url
Suprisingly, this man page was missing on the 0.1.0 release.

The recent signature changes on http_decode_url have already been
reflected.
2023-11-12 01:29:55 +01:00
9ac68fd76c
http: Make http_decode_url return int
So far, it was not possible callers to distinguish between decoding
errors, as caused by ill-formed input, from fatal errors.
2023-11-12 01:29:54 +01:00
957ac188e5
http.c: Avoid use of dynstr_append_or_ret_nonzero
This macro would return a positive integer on failure. However,
functions called by http_update should only return a positive integer
for user input-related errors, not fatal errors such as those related to
failed memory allocations.
2023-11-12 01:29:54 +01:00
28ba2de389
http.c: Avoid writing body for HEAD requests
As opposed to GET or POST requests, HEAD must not write any body bytes.
2023-11-12 01:29:54 +01:00
747911416e
Bump dynstr
The commit below is relevant to fix CMake builds:

Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date:   Fri Nov 10 14:43:39 2023 +0100

    CMakeLists.txt: Fix missing parameter names

    VERSION must be indicated when passing a version string to project().
    Also, LANGUAGES must be also be passed when the language name is not the
    only argument to project() (apart from the project name itself).
2023-11-10 14:47:05 +01:00
69d615df3d
CMakeLists.txt: Fix missing LANGUAGES
When the language name is not the only argument for project() (other
than the project name itself), LANGUAGES must be indicated.
2023-11-10 14:45:46 +01:00
dbdaac757f
Makefile: Replace -Og with -O1
Only the latter is defined by POSIX.1-2008. Even if there are still some
non-portable flags defined by CFLAGS, it is a good idea to reduce them.
2023-10-25 22:07:11 +02:00
662d6e1c14
Bump dynstr to v0.1.0-rc4 2023-10-25 22:07:07 +02:00
3e004fa6a1
Adhere to GNU Make directory variables 2023-10-25 21:57:22 +02:00
aaa0ba2755
Makefile: Build libweb also as a shared library 2023-10-25 21:57:10 +02:00
f0464acecb
Bump dynstr to v0.1.0-rc3 2023-10-25 14:10:52 +02:00
c74888906d
CMakeLists.txt: set project VERSION 2023-10-25 14:10:52 +02:00
c6083ca223
examples: Fix wrong library name 2023-10-25 14:10:52 +02:00
280d400877
CMake: Use in-tree dynstr if not available 2023-10-16 01:22:12 +02:00
584de479cb
Bump dynstr to v0.1.0-rc2 2023-10-16 01:17:55 +02:00
d9e9164922
libweb.pc: Fix wrong -l flag 2023-10-16 00:29:52 +02:00
0222b75e85
Rename project from slweb to libweb
It was found out there was another project of the same name around
(https://git.sr.ht/~strahinja/slweb/), also related to website
generation.

In order to avoid confusion, a new name has been chosen for this
project. Surprisingly, libweb was not in use by any distributions
(according to https://repology.org and AUR index), and it should
reflect well the intention behind this project i.e., being a library
to build web-related stuff.
2023-10-11 00:07:13 +02:00
832e198f8c
server.c: Replace sequential calls with loop 2023-10-10 23:16:11 +02:00
07e0063870
http: Support HEAD 2023-10-10 23:15:26 +02:00