Commit Graph

67 Commits

Author SHA1 Message Date
Andrew Bettison
419364b5a9 Improve REST HTTP response status codes
List all the HTTP status codes in the REST API tech doc.

Only use 403 Forbidden for requests originating from a disallowed
origin (ie, not localhost).

- Return 400 for missing, unknown, duplicate and out-of-order form
  parts in POST requests.
- Return 415 Unsupported Media Type for unsupported form part
  Content-Disposition and Content-Type (including unsupported
  charset).
- Return 414 Request-URI Too Long for any buffer exhaustion while
  parsing request.
- Return 419 Authentication Timeout for missing crypto secret.
2015-11-02 12:26:40 +10:30
Andrew Bettison
4564e955e3 Improve HTTP Origin response headers
Re-introduce "Origin: null" handling, because actually it is in the
spec.
2015-11-02 11:58:24 +10:30
Andrew Bettison
cee5241951 Make HTTP server return 405 if not POST or GET 2015-11-02 11:58:24 +10:30
Andrew Bettison
d9af2ffda4 Improve HTTP server diagnostics
Always log errors before responding with 500 Server Error.  Support more
status code "reason phrases".
2015-11-02 11:58:24 +10:30
Jeremy Lakeman
0c275e67ef Clean up compilation warnings 2015-10-19 13:45:57 +10:30
Andrew Bettison
e770998372 Fix empty-string tests on char[]
Caused compiler errors, thanks to Jonas Höchst for reporting.
2015-10-01 07:05:17 +09:30
Andrew Bettison
404cc1476d Improve HTTP Origin header parsing
Parses the separate parts of the URI: scheme, hostname, port.
No longer supports "Origin: null", because that is not in the
spec.
2015-10-01 07:05:17 +09:30
Andrew Bettison
f73cd77185 Change arg of ctype functions from char to int
Consistent with functions defined in <ctype>; now all can be used
as a predicate function with the type int (*)(int).
2015-10-01 07:05:17 +09:30
Andrew Bettison
6123503c15 Improve Rhizome HTTP status codes
Also improve some reason phrases and test them
2015-09-21 18:43:24 +09:30
Andrew Bettison
0e783c6b73 Fix malformed HTTP output of JSON fields 2015-08-31 19:16:30 +09:30
Andrew Bettison
71c7a4f870 strbuf_json_atom() supports JSON objects and arrays 2015-08-31 19:16:30 +09:30
Andrew Bettison
ce7a6ba988 HTTP server: parse query parameters 2015-08-24 22:41:53 +09:30
Andrew Bettison
52106b5026 Move DEBUGF() from "log.h" to "debug.h"
Include "debug.h" in lots of places (not all)
New macro IDEBUGF() for indirect debug flag, used in HTTP server
2015-07-13 18:24:04 +09:30
Andrew Bettison
7d9a5faa4e Move if(config.debug.xxx) tests into DEBUGF()
Original DEBUG() and DEBUGF() macros renamed to _DEBUG() and _DEBUGF()
New DEBUG() and DEBUGF() macros, first argument is flagname
New DEBUGF2(foo, bar, ...) macro does if(config.debug.foo||config.debug.bar) test
Replace almost all config.debug.xxx references to IF_DEBUG(xxx)
2015-07-13 16:00:05 +09:30
Andrew Bettison
9f15c4770c Add [httpd/N] context to HTTP server logging 2015-06-29 15:39:19 +09:30
Andrew Bettison
51f21f3183 Fix http server pause: could stop polling too early
A paused http server should only stop polling on output once all
existing buffered output has been sent
2015-06-02 02:23:06 +09:30
Andrew Bettison
0ec2e54827 HTTP server debug: log content of HTTP responses 2015-02-23 15:56:30 +10:30
Andrew Bettison
6bf4cf0735 Add performance timing to http server functions 2014-11-17 14:10:00 +10:30
Andrew Bettison
e05d70b1a5 Fix wild assertion in HTTP server
In the _reserve() function, an assertion compared pointers which it assumed
both pointed within the heap, or in fact within the same buffer.  However, if
one pointer pointed into the stack, then the assertion would incorrectly fail
if the stack were located below the heap in address space.  That never happens
in a normal Linux process, but _can_ happen in a thread, since thread stacks
may be allocated on the heap.

Solution was to re-order the steps in which _reserve() overwrites the buffer,
making the assertion irrelevant.
2014-09-11 16:11:23 +09:30
Jeremy Lakeman
31cf3a67b5 Allow lcal http servers to perform cross site scripting of restful APIs 2014-07-28 12:54:57 +09:30
Andrew Bettison
606f087dd5 Merge latest Rhizome Java API into development 2014-07-11 12:29:24 +09:30
Andrew Bettison
04b2a20e54 Rhizome Java API: improved form-data headers
Change manifest Content-Type from rhizome-manifest/text to
rhizome/manifest; format="text+binarysig"

Add "Content-Transfer-Encoding" form-part headers to Java API
sent form parts, although not currently checked by Rhizome
RESTful interface
2014-07-10 21:12:40 +09:30
Andrew Bettison
3715c5bf0b Rhizome Java API: negative fetch tests 2014-07-10 06:30:50 +09:30
Andrew Bettison
cf43635789 Improve Rhizome HTTP RESTful interface
Add RHIZOME_BUNDLE_STATUS_READONLY enum value

Tighten up switch statements on bundle and payload status enums (no
default labels)

Rename some recently added enum entries

Return bundle status and payload status in HTTP responses

Add test for failing to decrypt a foreign encrypted bundle payload,
fix bug that caused an assertion failure

Add tests for fetching a non-existent manifest and fetching bundles
whose payload blob is not in the store
2014-07-10 06:29:51 +09:30
Andrew Bettison
1ac67de0e9 Fix bug in HTTP server's form-data parsing
Did not handle a non-empty preamble properly
2014-07-10 06:29:09 +09:30
Jeremy Lakeman
51540a3017 Implement read and write pointer using memcpy, might fix #78 2014-07-07 16:28:20 +09:30
Andrew Bettison
7736a4ceb1 New HTTP RESTful requests: MeshMS read message(s) 2014-06-24 12:11:58 +09:30
Andrew Bettison
d879189299 Fix HTTP Authorization header parsing
Was returning status 500 if Authorization: Basic token was long, because
_reserve() did not have enough free space at start of buffer.  The
solution was to _commit(r) before attempting the _reserve_str() calls
for the decoded username and password.

As a separate issue, the status 500 also triggered an assertion failure
because http_request_parse_header() was returning 400 but
response.result_code had already been set to 500.
2014-06-19 09:55:12 +09:30
Andrew Bettison
55b9de721e Add assertions to http_server_poll()
This might help discover the cause of the "runaway http_server_poll"
bug sometimes observed in Batphone
2014-06-12 15:57:45 +09:30
Andrew Bettison
21f51965c1 Overhaul Makefile and header files
Make .o files in separate subdirectories for servald and library
Factor struct __sourceloc and __WHENCE__ from "log.h" into "whence.h"
Factor sid_t etc from "serval.h" into "serval_types.h"
Factor rhizome_bid_t etc from "rhizome.h" into "rhizome_types.h"
Do not include "serval.h" in library sources
Add log_stderr.c and logMessage.c for stand-alone executables
2014-05-26 15:36:26 +09:30
Andrew Bettison
0769fa54e8 Improve MeshMS RESTful HTTP failure reporting
Add "meshms_status_code" element to simple JSON responses
2014-02-07 16:28:40 +10:30
Andrew Bettison
015ed0b181 Refactor to rename "Rhizome HTTP server" to "HTTPD server"
Move HTTPD start/stop/dispatch logic from rhizome_httpd.c into new
httpd.c

Rename config.debug.httpd -> config.debug.http_server
Rename config.debug.rhizome_httpd -> config.debug.httpd
Rename config.debug.rhizome_nohttptx -> config.debug.nohttptx
2014-02-03 15:56:07 +10:30
Andrew Bettison
8897563d09 Implement HTTP GET /restful/meshms/<SID>/conversationlist.json 2014-01-23 10:52:43 +10:30
Andrew Bettison
6a1c8bcf5a All HTTP RESTful responses are JSON, not HTTP
Even error responses (typically code 403)
2014-01-20 15:44:21 +10:30
Andrew Bettison
ee9c96bb8c Implement HTTP POST /restful/rhizome/insert
Change HTTP request buffer pointers from (const char*) to (char*)
because some Rhizome operations can modify received data in-place, eg,
when decrypting it.
2013-12-30 18:09:56 +10:30
Andrew Bettison
0c88f8bf89 Replace str_to_uint() with str_to_uint32()
Also str_to_int() with str_to_int32()
2013-12-30 16:30:43 +10:30
Andrew Bettison
b37e27f5da Improve HTTP server multipart body parsing
Every handler function can return an HTTP response status code
to terminate request parsing and start the response.
2013-12-27 19:07:00 +10:30
Andrew Bettison
d7b926c39c HTTP server response codes 408, 409 2013-12-20 11:29:26 +10:30
Andrew Bettison
f5b757c022 Remove some unconditional debug from HTTP server 2013-12-18 17:44:16 +10:30
Andrew Bettison
f3c88def41 Refactor HTTP server result code handling
Rhizome dispatch functions now simply return the HTTP result code, or 1
if they have initiated the response themselves.
2013-12-16 15:09:46 +10:30
Andrew Bettison
98a6fc55d9 HTTP server support for extra response headers 2013-12-13 14:49:40 +10:30
Andrew Bettison
dd1e9f2ffb Improve HTTP server string reservation
So that reserved strings can be released, reclaiming buffer space for
responses and for response header strings
2013-12-12 17:49:19 +10:30
Andrew Bettison
1e96a8745d Merge branch 'development' into 'naf4' 2013-12-11 15:15:31 +10:30
Andrew Bettison
4428a76379 Use ssize_t for read(2) and write(2) return value
Test for errors using == -1 not < 0, and cast to (size_t) subsequently

Fixes some -Wsign-compare warnings
2013-12-10 17:21:35 +10:30
Andrew Bettison
40698b14e0 Fix bug in HTTP server: GET Content-Type
Was incorrectly detecting that a Content-Type header was supplied
with a GET request, when in fact none had been supplied
2013-12-05 17:24:54 +10:30
Andrew Bettison
9b64bb87e0 Uniform copyright notices
Added some missing copyright/license block comments
2013-12-04 17:15:36 +10:30
Andrew Bettison
1acfff6ab5 Add HTTP server pause response function 2013-11-19 15:38:45 +10:30
Andrew Bettison
f2b652c094 Refactor Base64 decoding from HTTP server to str.c
Also add a Base64 encoding function, not tested yet
2013-11-15 17:09:55 +10:30
Andrew Bettison
9418f9d65d Refactor HTTP string utils into str.[hc]
Improve "str.h" layout and commenting.  Re-implement hexvalue().
2013-11-14 23:13:37 +10:30
Andrew Bettison
6b961c56ce Fix HTTP /restful/rhizome/bundlelist.json
Write test case assertions using jq(1) utility, increase from four
bundles to 100.

Fix bugs in HTTP server content generation logic.

Make payload content generator read payload 4KiB at a time, to
always read on filesystem block boundaries for performance.  Increase
size of payload in relevant test case.
2013-11-11 16:21:26 +10:30