aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* main.c: Fix null pointer access on empty datav0.4.2Xavier Del Campo Romero2026-02-081-6/+44
| | | | | | If users send no payload data to a POST request, libweb sets a null pointer as part of the payload. Therefore, null pointers must always be checked as a sanity check.
* configure: Add libsodium flags to USERGEN_LDFLAGSXavier Del Campo Romero2026-02-031-0/+1
| | | | | Otherwise, usergen(1) would be built without linking against libsodium, and thus would fail to build.
* Bump libwebv0.4.1Xavier Del Campo Romero2025-10-261-0/+0
| | | | | | | | | | | | | The following commit fixes a memory leak caused by untrusted user input: commit 953210bd1930e1734f1acde86eadd7a1997bb7c3 Author: Xavier Del Campo Romero Date: Sun Oct 26 20:12:46 2025 +0100 form.c: Fix leak on invalid form When one or more entries have been appended to a struct form instance, but then an error occurs, those valid entries must be deallocated, too.
* README.md: Replace OpenSSL with libsodiumXavier Del Campo Romero2025-10-111-2/+2
| | | | | | | | | | This was a leftover from the following commit: commit 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b Author: Xavier Del Campo Romero Date: Wed Oct 8 13:50:52 2025 +0200 Replace OpenSSL with libsodium and argon2id
* page.c: Align results to centerv0.4.0Xavier Del Campo Romero2025-10-101-5/+5
|
* page.c: Ensure trailing '/' on dir download URLsXavier Del Campo Romero2025-10-101-1/+1
| | | | | | | Otherwise, it is not ensured web browsers would translate a relative directory such as "dir/.." to a URL with a trailing '/'. Therefore, a POST request to "/user?download=1" would fail because slcl only considers "/user/" (note the trailing '/') as valid.
* zip.c: Fix endless loop on empty archivesXavier Del Campo Romero2025-10-101-1/+1
| | | | | | | | When an empty directory is to be downloaded, z->lread would always equal zero because read_file is never called. Therefore, it is more sensible not to assume any number of bytes, and just dump as much data as possible into buf.
* zip.c: Remove unused variableXavier Del Campo Romero2025-10-101-2/+0
|
* README.md: Add build instructions for thumbnailXavier Del Campo Romero2025-10-091-0/+14
|
* README.md: Update copyright noticeXavier Del Campo Romero2025-10-091-1/+1
|
* doc/user.png: Update according to status quoXavier Del Campo Romero2025-10-091-0/+0
|
* main.c Remove obsolete references to OpenSSLXavier Del Campo Romero2025-10-091-2/+0
|
* Fix installation for thumbnailXavier Del Campo Romero2025-10-093-1/+5
|
* Bump libweb to v0.5.0Xavier Del Campo Romero2025-10-091-0/+0
|
* page.c: Center directory/file and page countXavier Del Campo Romero2025-10-091-11/+12
|
* Use libweb's form APIXavier Del Campo Romero2025-10-091-326/+106
| | | | | This functionality was moved from slcl to libweb since it can be shared with other web applications.
* jwt.c: Use original base64 variantXavier Del Campo Romero2025-10-091-1/+1
| | | | | | | | | | | | | | | | Otherwise, cookies set by previous, OpenSSL-based versions of slcl would be now invalidated because URL-safe base64 transforms some characters, thus breaking backwards compatiblity. For example, '/' is transformed into '_' on the example cookies below: - Original base64 encoding: a=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJuYW1lIjogImEifQ==.jgp/SsraDR/3zlAnDLyj05VHulUNbDNHaPowvUkLto4= - URL-safe base64 encoding: a=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJuYW1lIjogImEifQ==.jgp_SsraDR_3zlAnDLyj05VHulUNbDNHaPowvUkLto4=
* Allow building thumbnail from the top-level buildXavier Del Campo Romero2025-10-085-5/+34
|
* Replace OpenSSL with libsodium and argon2idXavier Del Campo Romero2025-10-0813-349/+845
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SHA256-based password hashing algorithm used by slcl(1) and usergen(1) is considered insecure against several kinds of attacks, including brute force attacks. [1] Therefore, a stronger password hashing algorithm based on the Argon2id key derivation function is now used by default. While OpenSSL does support Argon2id, it is only supported by very recent versions [2], which are still not packaged by most distributions as of the time of this writing. [3] As an alternative to OpenSSL, libsodium [4] had several benefits: - It provides easy-to-use functions for password hashing, base64 encoding/decoding and other cryptographic primitives used by slcl(1) and usergen(1). - It is packaged by most distributions [5], and most often only the patch version differs, which ensures good compatibility across distributions. Unfortunately, and as opposed to OpenSSL, libsodium does not come with command-line tools. Therefore, usergen(1) had to be rewritten in C. In order to maintain backwards compatiblity with existing databases, slcl(1) and usergen(1) shall support the insecure, SHA256-based password hashing algorithm. However, Argon2id shall now be the default choice for usergen(1). [1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords [2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/ [3]: https://repology.org/project/openssl/versions [4]: https://www.libsodium.org/ [5]: https://repology.org/project/libsodium/versions
* Use free function pointer for chunk/stepXavier Del Campo Romero2025-10-083-15/+10
| | | | | | libweb now supports deallocating user-defined data whenever an error occurs during a chunked transfer or an asynchronous HTTP response, thus avoiding memory leaks.
* page.c: Switch preview and downloadXavier Del Campo Romero2025-10-081-17/+35
| | | | | | | | | | | | | | | So far, clicking on a directory name previewed it, whereas clicking on a file name would download it, and file previews were on a separate column. This behaviour was found to be confusing, so it has been simplified. Now, clicking on a file or directory name would preview it. On the other hand, the "Preview" column has been replaced with a "Download" column, so that both files and directories can be downloaded. Thanks to Avron for the suggestion. [1] [1]: https://codeberg.org/xavidcr/slcl/issues/2
* page.c: Move remove checkbox to the rightXavier Del Campo Romero2025-10-081-1/+1
| | | | | | It feels more intuitive to keep the thumbnail and file name as first columns. It is assumed removing files and/or directories is not the main interaction from users.
* configure: Call distclean for submodulesXavier Del Campo Romero2025-10-081-0/+16
|
* page.c: Remove unused variableXavier Del Campo Romero2025-10-081-1/+1
|
* Implement directory download as ZIPXavier Del Campo Romero2025-10-0812-11/+487
| | | | | | | | | | | | | | | | | | | | | | | | Thanks to the fdzipstream library [1] and zlib [2], it is possible to generate ZIP files on-the-fly, therefore requiring no extra disk space usage and only a small amount of memory. Unfortunately, as of the time of this writing fdzipstream is not packaged by any distributions yet [3], so it had to be imported as a git submodule as a workaround. While libarchive [4] could be an interesting alternative, writing ZIP files is only supported by very recent versions (>= 3.8.0), which are still not packaged by many distributions [5], either. Moreover, libarchive is a package with several dependencies other than zlib and is significantly larger compared to fdzipstreams, so fdzipstreams was ultimately considered a better fit for this purpose. [1]: https://github.com/CTrabant/fdzipstream.git [2]: http://zlib.net/ [3]: https://repology.org/projects/?search=fdzipstream [4]: https://www.libarchive.org/ [5]: https://repology.org/project/libarchive/versions
* Import fdzipstreamXavier Del Campo Romero2025-10-062-0/+3
|
* page.c: Report logged user name on directory previewXavier Del Campo Romero2025-10-061-14/+39
| | | | | | Thanks to Avron for the suggestion. [1] [1]: https://codeberg.org/xavidcr/slcl/issues/2
* page.c: Add table head for directory previewXavier Del Campo Romero2025-10-061-2/+55
| | | | | | Thanks to Avron for the suggestion. [1] [1]: https://codeberg.org/xavidcr/slcl/issues/2
* Setup higher backlog countXavier Del Campo Romero2025-10-062-0/+2
| | | | | libweb now allows to set up a custom value for the backlog argument in the internal call to listen(2).
* cftw.c: Call user function at the end for directoriesXavier Del Campo Romero2025-10-061-12/+24
| | | | | | | | The older, synchronous implementation for cftw recursed as long as there were children directories and, finally, it called the user function. This commit therefore fixes the newer, asynchronous implementation to honor that behaviour. Otherwise, rmdir_r would fail because rmdir(2) would be called for non-empty directories.
* jwt.c: Do not consider decoding errors as fatalsXavier Del Campo Romero2025-10-061-1/+1
| | | | | | The base64 string is considered untrusted input and, therefore, it might cause a decoding error. Therefore, this should not cause the server to close.
* Fix missing refactors related to cftwXavier Del Campo Romero2025-10-062-71/+200
| | | | | | | | | | | | | | | | | Commit 4fa1b3e8 missed to update other calls to cftw that were still relying on the older interface, causing unexpected errors. As a side effect, user quotas are now calculated asynchronously i.e., without blocking other clients. While the same improvement was planned for the /rm endpoint, it proved too challenging to implement for a first refactor: on one hand, /rm takes one or more key-value pairs involving the top-level directories and/or files to remove. On the other hand, every directory must be traversed recursively as rmdir(2) must be used on empty directories. While certainly possible, it was considered to keep a synchronous behaviour for do_rm for the sake of simplicity.
* configure: Remove slcl executable on distcleanXavier Del Campo Romero2025-10-021-0/+1
|
* Fix wrong function names on failureXavier Del Campo Romero2025-10-022-2/+2
|
* auth.c: Remove unused argumentsXavier Del Campo Romero2025-10-021-3/+3
|
* auth.c: Fix missing username checkXavier Del Campo Romero2025-10-021-2/+5
| | | | | | | | | So far, auth_login was looking for a key that matched the expected HMAC, among all registered users, and therefore without looking up the username from the cookie key. This allowed attackers to forge a cookie with a valid key but another username, and therefore see the contents from other users.
* thumbnail/main.c: Fix memory leak on failureXavier Del Campo Romero2025-09-241-1/+1
|
* main.c: Fix invalid argumentXavier Del Campo Romero2025-09-241-1/+1
|
* cftw.c: Fix memory leakXavier Del Campo Romero2025-09-241-0/+1
|
* thumbnail/main.c: Use new cftw interfaceXavier Del Campo Romero2025-09-241-4/+21
| | | | | | | | | | | | | | | | | | | | | This was a leftover from the following commit: commit 173528aef50a4b452acdd8ec9aff13f25c3e092c Author: Xavier Del Campo Romero Date: Wed Sep 24 11:01:31 2025 +0200 Make search non-blocking Thanks to a new feature in libweb, it is now possible to generate HTTP responses asynchronously i.e., without blocking other clients if the response takes a long time to generate. This now allow users to search for files or directories without blocking other users, regardless how much time the search operation takes. This required cftw to deviate from the POSIX-like, blocking interface it had so far, and has been replaced now with a non-blocking interface, so that directories are inspected one entry at a time.
* Make search non-blockingXavier Del Campo Romero2025-09-244-95/+286
| | | | | | | | | | | | | Thanks to a new feature in libweb, it is now possible to generate HTTP responses asynchronously i.e., without blocking other clients if the response takes a long time to generate. This now allow users to search for files or directories without blocking other users, regardless how much time the search operation takes. This required cftw to deviate from the POSIX-like, blocking interface it had so far, and has been replaced now with a non-blocking interface, so that directories are inspected one entry at a time.
* README.md: Update according to thumbnail generationXavier Del Campo Romero2025-09-242-2/+97
|
* Display thumbnails, if availableXavier Del Campo Romero2025-09-243-15/+197
|
* Add thumbnail generation toolXavier Del Campo Romero2025-09-248-0/+803
| | | | | | | | | | | This new application runs separately from slcl and communicates with it via a named pipe. When files are added/removed to/from the user directory, slcl shall write to the named pipe. Then, this new tool shall process incoming entries and generate or remove thumbnails accordingly. Such thumbnails are stored into a new directory inside the database directory, namely thumbnails/, which replicates the same structure as user/.
* main.c: Add -m command line option to open a named pipeXavier Del Campo Romero2025-09-241-47/+288
| | | | | | | | | | | | | | | | | | | | | | | This write-only named pipe is meant to inform other processes about files that have been added/removed to/from the user/ directory. The syntax is line-oriented and is described below. For added files: +<space ...><path><LF> For removed files: -<space ...><path><LF> Paths shall always be absolute. Examples: + /home/test/db/user/alice/a picture.jpg - /home/test/db/user/bob/essay.txt As reported above, this feature has been made completely optional so as not to introduce breaking changes. A new command line option, namely -m, is required to enable this feature.
* auth.c: Make use of crealpathXavier Del Campo Romero2025-09-241-44/+4
| | | | | crealpath already provides a mechanism to determine the current working directory from getcwd(3).
* Introduce crealpathXavier Del Campo Romero2025-09-244-0/+184
| | | | | | | | | | | | | | | | | | crealpath (for "custom realpath") is a custom implementation of realpath(3) that aims to work similarly to GNU's realpath(1). This implementation is provided due to the following reasons: - Future commits will require extracting an absolute path from a relative path, and/or process relative components from a path, such as ".." or ".". - realpath(3) is defined by POSIX.1-2008 as a XSI extension, and extensions are generally avoided in this repository whenever possible. - Additionally, realpath(3) requires the file or directory pointed to by the path to exist, which might not always be the case for slcl. - auth.c uses its own implementation to extract a dynamically allocated string by repeatedly calling getcwd(3). Future commits will also require this future, so it makes sense to keep it on a separate component.
* Bump libwebXavier Del Campo Romero2025-09-231-0/+0
| | | | | | | | | | | | | commit f7864cb7d49a8ca5bddf8d1f68b71ecd5ed85adc Author: Xavier Del Campo Romero <xavi92@disroot.org> Date: Tue Sep 23 16:28:44 2025 +0200 http.c: Always set SameSite=Strict to cookies This cookie attribute allows to mitigate CSRF attacks, while not requiring the server to store additional data. [1] [1]: https://owasp.org/www-community/SameSite
* CMakeLists.txt: Lower required OpenSSL versionXavier Del Campo Romero2025-02-241-1/+1
| | | | | | | Even if OpenSSL 1.0 is no longer supported [1], slcl still builds and works fine with it, so there is no reason to require a higher version. [1]: https://openssl-library.org/policies/releasestrat/index.html
* .gitignore: Fix path for Makefilev0.3.1Xavier Del Campo Romero2025-01-231-1/+1
|