| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Thanks to a new feature in libweb, it is now possible to generate HTTP
responses asynchronously i.e., without blocking other clients if the
response takes a long time to generate.
This now allow users to search for files or directories without blocking
other users, regardless how much time the search operation takes.
This required cftw to deviate from the POSIX-like, blocking interface it
had so far, and has been replaced now with a non-blocking interface, so
that directories are inspected one entry at a time.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This new application runs separately from slcl and communicates with it
via a named pipe. When files are added/removed to/from the user
directory, slcl shall write to the named pipe.
Then, this new tool shall process incoming entries and generate
or remove thumbnails accordingly. Such thumbnails are stored into a new
directory inside the database directory, namely thumbnails/, which
replicates the same structure as user/.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This write-only named pipe is meant to inform other processes about
files that have been added/removed to/from the user/ directory.
The syntax is line-oriented and is described below.
For added files:
+<space ...><path><LF>
For removed files:
-<space ...><path><LF>
Paths shall always be absolute.
Examples:
+ /home/test/db/user/alice/a picture.jpg
- /home/test/db/user/bob/essay.txt
As reported above, this feature has been made completely optional so as
not to introduce breaking changes. A new command line option, namely -m,
is required to enable this feature.
|
| |
|
|
|
| |
crealpath already provides a mechanism to determine the current working
directory from getcwd(3).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crealpath (for "custom realpath") is a custom implementation of
realpath(3) that aims to work similarly to GNU's realpath(1). This
implementation is provided due to the following reasons:
- Future commits will require extracting an absolute path from a
relative path, and/or process relative components from a path, such as
".." or ".".
- realpath(3) is defined by POSIX.1-2008 as a XSI extension, and
extensions are generally avoided in this repository whenever possible.
- Additionally, realpath(3) requires the file or directory pointed to by
the path to exist, which might not always be the case for slcl.
- auth.c uses its own implementation to extract a dynamically allocated
string by repeatedly calling getcwd(3). Future commits will also
require this future, so it makes sense to keep it on a separate
component.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
commit f7864cb7d49a8ca5bddf8d1f68b71ecd5ed85adc
Author: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Tue Sep 23 16:28:44 2025 +0200
http.c: Always set SameSite=Strict to cookies
This cookie attribute allows to mitigate CSRF attacks, while not
requiring the server to store additional data. [1]
[1]: https://owasp.org/www-community/SameSite
|
| |
|
|
|
|
|
| |
Even if OpenSSL 1.0 is no longer supported [1], slcl still builds and
works fine with it, so there is no reason to require a higher version.
[1]: https://openssl-library.org/policies/releasestrat/index.html
|
| | |
|
| |
|
|
|
| |
When sharing, paths must be expressed as an absolute path e.g.:
/path/to/file .
|
| |
|
|
|
|
|
|
|
|
|
| |
So far, slcl would allow to share literally any directory or file, even
if they did not exist, as long as valid credentials were given.
Now, directories cannot be shared, since this is already restricted by
the web interface. This is now considered an invalid request.
On the other hand, attempting to share non-existing files shall now
return a 404 Not Found response to the user.
|
| |
|
|
|
|
|
|
|
| |
libweb started to support HTTP/1.1 Range Requests [1] so that large
files can be partially retrieved. In the context of slcl, this is
interesting in order to preview large media files, such as videos, PDFs
or audio files.
[1]: https://httpwg.org/specs/rfc7233.html
|
| |
|
|
|
| |
This allows directories with many files and directories inside them to
be split into pages, in order to limit resource usage.
|
| | |
|
| |
|
|
|
|
|
| |
Now, libweb (rightfully) forces applications to handle signals and
introduces handler_notify_close(3) to achieve the desired behaviour.
Additionally, libweb 0.4.0 introduces several bugfixes.
|
| |
|
|
|
| |
Otherwise, uploaded files meant to overwrite an existing file would not
be updated accordingly if their newer size was smaller.
|
| |
|
|
|
|
| |
Even if this specific use of sprintf(3) was safe because sizeof
sha256_str > (sizeof sha256 * 2), some implementations would consider
sprintf(3) unsafe anyway.
|
| |
|
|
|
|
| |
It makes no sense to attempt to fopen(3) an empty file and malloc(3)
zero bytes so as to dump it, as dump_db is still meant to fail on empty
files.
|
| |
|
|
|
|
|
| |
When no quota is entered, printf(1) could fail because '%d' would expect
at least one argument. Whereas some printf(1) implementations, such as
the one by GNU coreutils, are somewhat tolerant, stricter
implementations such as Busybox would (correctly) refuse this.
|
| |
|
|
|
|
| |
The previous instructions were simply wrong because `cmake ..` would
attempt to configure the project from the parent directory, instead of
the build directory.
|
| |
|
|
|
|
| |
This change should provide the same behaviour, but would avoid
unnecessary calls to dynstr_append and basename(3) when a preview is to
be served.
|
| |
|
|
|
|
| |
- jq is required by usergen.
- Despite being part of a POSIX.1-2008 environment, m4 is not provided
by Debian or Ubuntu by default.
|
| |
|
|
|
| |
Otherwise, it would not be possible to replace user credentials if the
directory already exists.
|
| |
|
|
|
|
|
|
|
| |
Otherwise, the following resources would be considered valid:
- /user/../test
- /user/./test
- /user/a/.
- /user/a/./test
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Otherwise:
- slcl would accept /public/ (i.e., without a file name) as a valid
resource. This would incorrectly map the public/ directory on the
database, making slcl to return -1 because public/ is not a regular
file.
- slcl would accept directory names (e.g.: /public/dir/), which is never
expected since slcl stores all public files into a single directory.
|
| |
|
|
|
| |
Otherwise, a malicious user could send multipart/form-data requests
without a valid cookie.
|
| |
|
|
|
| |
Now, the same file descriptor can be reused for all of the operations
above, instead of calling stat(2) and fopen(3) separately.
|
| |
|
|
|
| |
Otherwise, files with special characters, such as '%', could not be
downloaded or previewed.
|
| |
|
|
|
| |
There was no reason why these should not be const-qualified. It was
probably missed during the implementation.
|
| |
|
|
|
| |
Otherwise, directories with special characters, such as "%", would not
be accessible when performing the redirection.
|
| |
|
|
|
| |
This allows to reuse the same file descriptor to both open(2) and
fstat(2) the file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commits fix a couple of security issues on libweb.
Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be
updated to set up its struct http_cfg_post.
commit afe0681c0b26bb64bad55d7e86770f346cfa043e
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Mon Feb 19 23:00:56 2024 +0100
Limit maximum multipart/form-data pairs and files
A malicious user could inject an infinite number of empty files or
key/value pairs into a request in order to exhaust the device's
resources.
commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Mon Feb 19 22:49:09 2024 +0100
html.c: Avoid half-init objects on html_node_add_attr
The previous implementation would leave half-initialised objects if one
of the calls to strdup(3) failed. Now, n->attrs is only modified when
all previous memory allocations were successful.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
For longer passwords, od(1) might introduce a newline character, causing
printf(1) to interpret its input string incorrectly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commits introduced performance improvements and bugfixes:
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sat Jan 20 01:09:18 2024 +0100
server.c: Fix wrong priority for do_exit
Under some specific circumstances, poll(2) would return a positive
integer, but do_exit might had been previously set. This caused libweb
to ignore SIGTERM, with the potential risk for an endless loop.
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sat Jan 20 01:05:05 2024 +0100
http.c: Solve performance issues on POST uploads
Profiling showed that reading multipart/form POST uploads byte-by-byte
was too slow and typically led to maximum CPU usage. Therefore, the
older approach (as done up to commit 7efc2b3a) was more efficient, even
if the resulting code was a bit uglier.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
slweb was renamed to libweb some time ago:
commit 28ae865e5ecad9b398ac21fa148fc4b93c987226
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Tue Oct 10 23:43:47 2023 +0200
Apply slweb renaming to libweb
|
| |
|
|
|
| |
Future commits might introduce Makefiles on other directories that
should not be ignored.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commit should increase performance for slcl:
commit b0accd099fa8c5110d4c3c68830ad6fd810ca3ec
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Fri Nov 24 00:52:50 2023 +0100
http.c: Unify read operations
So far, libweb would perform different read operations depending on its
state:
- For HTTP headers or request bodies, one byte at a time was read.
- For multipart/form-data, up to BUFSIZ bytes at a time were read.
However, this caused a significant extra number of syscalls for no
reason and would increase code complexity, specially when parsing
multiform/form-data boundaries.
Now, http_read always reads up to BUFSIZ bytes at a time and process
them on a loop. Apart from reducing code complexity, this should
increase performance due to the (much) lower number of syscalls
required.
|
| |
|
|
| |
When VERSION is given, LANGUAGES becomes mandatory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent commits from libweb brought a few breaking changes. The one below
affected slcl, so it had to be updated according to the new interface:
commit 98f5f52461b0c1ab1ee3331722bd32e2db9e1d41
Author: Xavier Del Campo <xavier.delcampo@midokura.com>
Date: Thu Nov 16 12:23:08 2023 +0100
Split handler_loop from handler_listen
Some applications might set up a struct handler object to listen on any
port i.e., 0, but still need a way to determine which port number was
eventually selected by the implementation.
Therefore, handler_listen has been reduced to the server initialization
bit, whereas the main loop has been split into its own function, namely
handler_loop.
Because of these changes, it no longer made sense for libweb to write
the selected port to standard output, as this is something now
applications can do on their own.
|
| |
|
|
|
|
|
|
|
|
| |
When a user attempts to upload a file into a non-existing directory,
slcl would not check whether the directory exists. Then, rename(3) would
fail and slcl would treat this as a fatal error, effectively closing
itself.
Since this is an example of ill-formed user input, it must be treated as
a non-fatal error, and instead slcl should return a bad request page.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More bugfixes related to partial boundary parsing were provided by this
commit:
commit b71a6174e12b4709acaf8bc151938ba12d2a54f6
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sun Nov 12 23:31:57 2023 +0100
http.c: Fix more issues with partial boundaries
- http_memmem must not check strlen(a) > n because, in case of a partial
boundary, it would wrongfully return NULL.
- If one or more characters from a partial boundary are found at the end
of a buffer, but the next buffer does not start with the rest of the
boundary, the accumulated boundary must be reset, and then look for a
new boundary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several bugfixes related to partial boundary parsing were provided by
this commit:
commit 7d02b225fe11fb0c7233cd2ea576485ee920f203
Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sun Nov 12 06:16:26 2023 +0100
http.c: Fix several issues with partial boundaries
- Writing to m->boundary[len] did not make any sense, as len is not
meant to change between calls to read_mf_boundary_byte.
- For the same reason, memset(3)ing "len + 1" did not make any sense.
- When a partial boundary is found, http_memmem must still return st.
- Calling reset_boundary with prev == 0 did not make sense, since that
case typically means a partial boundary was found on a previous
iteration, so m->blen must not be reset.
|
| |
|
|
|
|
| |
The new signature allows callers to distinguish decoding errors from
fatal errors. This is important for slcl to avoid crashing when
ill-formed data is received from a client.
|
| |
|
|
|
| |
/tmp is at least defined by POSIX.1-2017 at section 10 (Directory
Structure and Devices).
|
| | |
|
