Commit graph

16 commits

Author SHA1 Message Date
Laslo Hunhold
e299e186ed
Don't replace '+' with ' ' when decoding URLs
After the initial report by Platon Ryzhikov, I couldn't validate this
behaviour with the given RFC 3986[0], which only speaks of percent encoding
for reserved characters.

[0]:https://tools.ietf.org/html/rfc3986

Signed-off-by: Laslo Hunhold <dev@frign.de>
2019-01-10 22:02:23 +01:00
Laslo Hunhold
bbd47e1427
Specify UTF-8 for non-binary content-types
If charset is unspecified, the encoding falls back to ISO 8859-1 or
something else that is defined in HTTP/1.1.

Given there is no reason not to use UTF-8 nowadays[0] and one can convert
legacy encodings to UTF-8 easily, if the case comes up, it is a sane
default to specify it in the config.def.h.

[0]: https://utf8everywhere.org/

Signed-off-by: Laslo Hunhold <dev@frign.de>
2019-01-02 17:04:23 +01:00
Aaron Burrow
d2013a6337 Fix one byte NULL stack overflow
Don't append a forward slash if the length of a folder is PATH_MAX-1. This can
happen if HEADER_MAX is larger than PATH_MAX or if the `-m` option is used to
increase the path length.
2018-07-16 22:48:20 +02:00
Laslo Hunhold
9ff3f780e1 Send a relative redirection header wherever possible
This makes quark much more flexible when it is run behind a network
filter or other kind of tunnel. Only send an absolute redirection when
we are handling vhosts.
2018-07-02 18:43:06 +02:00
Laslo Hunhold
3ff82c514b Clean up request host properly
We all agree that the IPv6 address format is a big clusterfuck and only
an insane person would've come up with it given the double colons
interfere with the way one actually appends a port to a normal IPv4 address.

To counteract in this issue, the RFC specifies that one should enclose
IPv6-addresses in square brackets to make the disctinction possible,
i.e.

	host: ::1
	port: 80

	--> [::1]:80

The host field can contain both a port suffix and, of course by the RFC,
have the address enclosed in square brackets. Given I personally see
this as a "transport enclosure" I'd rather like to see it gone as soon
as possible and thus implement this cleanup in the http-header-parser so
the output is nice and clean and we don't have to deal with this garbage
later on.

Thanks to Josuah Demangeon <mail@josuah.net> for his wonderful input and
his dedication to read the RFCs 3986 and 2732 in such great detail.
2018-04-03 01:03:03 +02:00
Laslo Hunhold
a20136fa18 Update the documentation to reflect the new flag-centric usage 2018-03-05 09:51:29 +01:00
Hiltjo Posthuma
444b8f5b32 http_send_response: fix undefined behaviour for copying the target string
... the format string and buffer were the same (undefined behaviour).
2018-03-05 01:21:14 +01:00
Laslo Hunhold
c8401c591f Add esnprintf() and refactor some code
The (size_t) discards the case where the return value of snprintf is < 0. This
is rather unlikely, but we'll keep it in mind anyway.
2018-03-05 00:59:37 +01:00
Laslo Hunhold
1879e14e79 Be extra pedantic again and remove all warnings
Since now config.def.h has been reduced we don't have any more unused
variables and thus the manual fiddling with error-levels is no longer
necessary.
To get a completely clean result though we have to still cast some
variables here and there.
2018-03-05 00:30:53 +01:00
Quentin Rameau
3ff3e5ea6e Add some missing headers and interface visibility macro
strings.h for strncasecmp
time.h for strptime
2018-03-05 00:21:54 +01:00
Laslo Hunhold
6b55e36036 Introduce flag-centric usage
The config.h-interface has proven to be very effective for a lot of
suckless tools, but it just does not make too much sense for a web
server like quark.

 $ quark

If you run multiple instances of it, you want to see in the command line
(or top) what it does, and given the amount of options it's logical to
just express them as options given in the command line.
It also is a problem if you can modify quark via the config.h,
contradicting the manual. Just saying "Well, then don't touch config.h"
is also not good, as the vhost and map options were only exposed via
this interface.

What is left in config.h are mime-types and two constants relating to
the incoming HTTP-header-limits.

In order to introduce these changes, some structs and safe utility
functions were added and imported from OpenBSD respectively.
2018-03-05 00:14:25 +01:00
Laslo Hunhold
7b7f166dd5 Add target prefix mapping
This allows e.g. to redirect when a directory has been moved.
2018-02-27 12:43:05 +01:00
Laslo Hunhold
02d6ae5a57 Add support for adding a prefix to a target when matching vhosts
This makes quark's vhost-handling very powerful while still being
simple.

Imagine you have a website with a subdomain you really want
to move back to your main domain.
Say the subdomain is called "old.example.org" and you want to serve it
under "example.org" but in the subdirectory "old/", i.e. you want to
redirect a request "old.example.org/subdir/" to "example.org/old/subdir".

For a vhost-handler that only takes 4 arguments for each vhost this is
actually pretty powerful.
2018-02-27 11:36:24 +01:00
Laslo Hunhold
4948053bee Use scheme-relative (aka protocol-relative) URLs for redirects
This ensures that quark really does not care if the incoming connection
is plain HTTP or relayed TLS-traffic from a proxy or tunnel. Depending
on the previous negotiation, the client will make the right decision on
which scheme to use in a given context.
2018-02-27 03:38:55 +01:00
Josuah Demangeon
55d7f000cd add headers to make it compile under OpenBSD
- 'struct in6_addr' is defined in <netinet/in.h>
- 'AF_INET6' is defined in <sys/socket.h>
2018-02-12 20:35:37 +01:00
Laslo Hunhold
ccdb51b96d Refactor the single source file into multiple modules
And many other things, too many to list here. For example, it now
properly logs uds instead of erroring out.
Separating concerns in many places definitely improves the readability.
2018-02-04 21:27:33 +01:00