xavi/slcl/http.c, branch imagemagick

Define _POSIX_C_SOURCE

2023-03-24T01:49:11+00:00

This allows using the default compiler defined by make(1) (i.e., c99(1)), thus improving POSIX compatibility.

http.c: Add missing #include

2023-03-24T01:46:55+00:00

As required by strncasecmp(3).

Send response on quota exceeded

2023-03-20T09:57:20+00:00

So far, slcl would just close the connection with a client when the Content-Length of an incoming request exceeded the user quota, without any meaningful information given back to the user. Now, slcl responds with a HTML file with meaningful information about the error. Limitations: - While this commits has been successfully tested on ungoogled-chromium, LibreWolf (and I assume Firefox and any other derivates too) does not seem to receive the response from the server. - However, this issue only occurred during local testing, but not on remote instances.

http.c: Minor formatting change

2023-03-08T17:52:36+00:00

Remove(3) f->tmpname from ctx_free

2023-03-08T17:17:32+00:00

Until now, f->tmpname was removed by move_file when the move operation succeeded. However, since a HTTP operation can fail before move_file is called, the temporary file must also be removed.

Implement user quota

2023-03-06T04:51:49+00:00

This feature allows admins to set a specific quota for each user, in MiB. This feature is particularly useful for shared instances, where unlimited user storage might be unfeasible or even dangerous for the server. Also, a nice HTML5 element has been added to the site that shows how much of the quota has been consumed. If no quota is set, slcl falls back to the default behaviour i.e., assume unlimited storage. Limitations: - While HTTP does specify a Content-Length, which determines the length of the whole request, it does not specify how many files are involved or their individual sizes. - Because of this, if multiple files are uploaded simultaneously, the whole request would be dropped if user quota is exceeded, even if not all files exceeded it. - Also, Content-Length adds the length of some HTTP boilerplate (e.g.: boundaries), but slcl must rely on this before accepting the whole request. In other words, this means some requests might be rejected by slcl because of the extra bytes caused by such boilerplate. - When the quota is exceeded, slcl must close the connection so that the rest of the transfer is cancelled. Unfortunately, this means no HTML can be sent back to the customer to inform about the situation.

http.c: Compare headers as case-insensitive

2023-03-04T03:04:09+00:00

Web browsers such as lynx send "Content-length" instead of "Content-Length" (as done by LibreWolf and Chromium).

http.c: Use persistent cookies

2023-03-04T03:02:14+00:00

Cookies without "Expires" are considered non-persistent and thus can be removed by the web browser. Instead, slcl now sets persistent cookies that last for 1 year.

http.c: Improve error detection for strotull(3)

2023-03-04T02:03:22+00:00

set_length relies on user input to determine Content-Length, so it should be considered unreliable.

Fix memory leak on failed realloc(3)

2023-03-04T02:03:15+00:00

According to C99 §7.20.3.4: If memory for the new object cannot be allocated, the old object is not deallocated and its value is unchanged. Therefore, a temporary pointer must be used to ensure the original object can still be deallocated should realloc(3) return a null pointer.