1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 00:22:30 +00:00
Commit graph

83 commits

Author SHA1 Message Date
Luke Wilde
41d6307c17 LibHTTP: Fix not consuming the last byte of body in from_raw_request
`index + 1` was not correct. For example, if the body has two bytes, we
would consume the first byte and increment the index. We then add one
to the index and see it's equal to the size, so we take this one byte
and set the body result to it. The while loop would still continue and
we consume the second byte, adding it to the temporary buffer. We see
that the index is above the size, so we don't update the body, dropping
the last byte on the floor.
2022-10-18 23:18:20 +02:00
Sam Atkins
f754f45680 LibHTTP: Include request body in HttpRequest::from_raw_request() 2022-10-11 21:52:13 +02:00
Sam Atkins
9b891a423b LibHTTP: Make HTTP method names more accessible
Previously you could only get the name of an HttpRequest::Method if you
already had an HttpRequest.
2022-10-11 21:52:13 +02:00
Idan Horowitz
7578039188 LibHTTP: Use 'close' as the default value for Connection in HTTP/1.0
Unlike HTTP/1.1 and above, the default behaviour for HTTP/1.0 servers
is to close the connection after sending the response.
2022-10-01 19:37:01 +02:00
Enver Balalic
55c099c953 LibHTTP: Null out on_ready_to_read on socket close
This fixes the segfault reported in #15283.

on_ready_to_read gets re-registered on every job start anyways.
I see no reason why this could be bad.
2022-09-26 23:11:28 +02:00
0xbigshaq
af46734497 LibHTTP+WebServer: Add querystring support
Split the path from querystring when determining the requested resource.
2022-08-02 21:05:32 +00:00
sin-ack
3f3f45580a Everywhere: Add sv suffix to strings relying on StringView(char const*)
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).

No functional changes.
2022-07-12 23:11:35 +02:00
Daniel Bertalan
569388e4af LibHTTP: Include JsonObject.h in Job.cpp
JsonArray.h does not #include the definition of JsonValue::serialize, as
it lives in JsonObject.h. The macOS Clang target handles symbol
visibility slightly differently (I couldn't figure out how exactly), so
no visible instantiation ended up being created for the function,
causing a link failure.
2022-07-04 21:46:02 +02:00
Luke Wilde
cd9864bbf1 LibHTTP+RequestServer: Recognize more HTTP methods
Previously it would default to GET for all of these and cause the
Discord API to return Method Not Allowed errors for certain endpoints.
2022-06-27 22:53:36 +01:00
Michiel Visser
7278ad761e LibHTTP+LibWeb: Accept Brotli encoded responses 2022-05-21 22:41:40 +02:00
Sam Atkins
c4134e9794 LibCore+Everywhere: Make Core::Stream read_until() return Bytes
This affects BufferedSeekable::read_until() and ::read_until_any_of().
For the reasoning, see the previous commit about Core::Stream::read().
2022-04-16 13:27:51 -04:00
Sam Atkins
3b1e063d30 LibCore+Everywhere: Make Core::Stream::read() return Bytes
A mistake I've repeatedly made is along these lines:
```c++
auto nread = TRY(source_file->read(buffer));
TRY(destination_file->write(buffer));
```

It's a little clunky to have to create a Bytes or StringView from the
buffer's data pointer and the nread, and easy to forget and just use
the buffer. So, this patch changes the read() function to return a
Bytes of the data that were just read.

The other read_foo() methods will be modified in the same way in
subsequent commits.

Fixes #13687
2022-04-16 13:27:51 -04:00
Andreas Kling
db2b67dc5e LibHTTP: Don't re-urlencode URL query strings
AK::URL stores the URL query string already encoded. We were sending
double-encoded query strings, which is why the Google cookie consent
page was not working correctly.
2022-04-10 01:37:45 +02:00
GeekFiftyFive
832920c003 AK+LibHTTP: Revert prior change to percent encode plus signs
A change was made prior to percent encode plus signs in order to fix an
issue with the Google cookie consent page.

Unforunately, this was treating a symptom of a problem and not the root
cause and is incorrect behavior.
2022-04-08 20:44:49 +02:00
GeekFiftyFive
737f5b26b7 AK+LibHTTP: Ensure plus signs are percent encoded in query string
Adds a new optional parameter 'reserved_chars' to
AK::URL::percent_encode. This new optional parameter allows the caller
to specify custom characters to be percent encoded. This is then used
to percent encode plus signs by HttpRequest::to_raw_request.
2022-04-02 18:43:15 +02:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
GeekFiftyFive
8fee285d72 LibHTTP: Append port to Host header if it exists 2022-03-30 00:34:29 +03:00
Florent Castelli
e165ae5b60 LibHTTP+LibTLS: Better HTTPS Socket EOF detection
When the server doesn't signal the Content-Length or use a chunked mode,
it may just terminate the connection after sending the data.
The TLS sockets would then get stuck in a state with no data to read and
not reach the disconnected state, making some requests hang.

We know double check the EOF status of HTTP jobs after reading the
payload to resolve requests properly and also mark the TLS sockets as
EOF after processing all the data and the underlying TCP socket reaches
EOF.

Fixes #12866.
2022-03-20 01:01:40 +01:00
Lenny Maiorani
79aa49d04f Libraries: Use default constructors/destructors in LibHTTP
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules

"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
2022-03-13 22:34:38 +01:00
DerpyCrabs
e379147f64 LibHTTP: Make reason phrase of HTTP response's status line optional
According to rfc2616 section 6.1 the text of reason phrase is not
defined and can be replaced by server.
Some servers (for example http://linux.org.ru) leave it empty.
This change fixes parsing of HTTP responses with empty reason phrase.
2022-02-12 02:56:17 +03:30
Wesley Moore
849f849905 LibHTTP: Remove redundant can_read_without_blocking call
When entering the InBody state LibHTTP performs a
can_read_without_blocking check, which is duplicated immediately
afterwards. This initial call is removed.
2022-02-12 02:53:57 +03:30
Wesley Moore
12ff5c9bfd LibHTTP: Remove attempt to read extra line after response headers
When LibHTTP encountered the blank line between the headers and the body
in a HTTP response it made a call the m_socket->can_read_line(). This
ultimately tried to find a newline in the stream. If the response body
was small and did not contain a new line then the request would hang.

The call to m_socket->can_read_line() is removed so that the code is
able to progress into the body reading loop.
2022-02-12 02:53:57 +03:30
Andreas Kling
5f5fe103eb LibHTTP: Don't copy payload slices in flush_received_buffers()
Instead of using ByteBuffer::slice() to carve off the remaining part of
the payload every time we flush a part of it, we now keep a sliding
span (ReadonlyBytes) over it.
2022-02-11 20:25:15 +01:00
Ali Mohammad Pur
9ff22ac7e0 LibHTTP: Skip the body when response code is 204
...even if the headers claim that there's some data in the form of
Content-Length.
This finally fixes loading Discord with RequestServer ConnectionCache
on :^)
2022-02-09 21:23:25 +01:00
sin-ack
64f135d90f LibCore+Userland: Remove Core::TCPSocket :^)
This was deprecated in favor of Core::Stream::TCPSocket, and now has no
users.
2022-02-06 17:28:17 +00:00
sin-ack
42a76b6c2d LibHTTP: Propagate and gracefully handle errors in Job
Most of these errors mean that we will fail the job, but it won't crash
the application, at least.
2022-02-06 13:10:10 +01:00
Ali Mohammad Pur
aafc451016 Userland: Convert TLS::TLSv12 to a Core::Stream::Socket
This commit converts TLS::TLSv12 to a Core::Stream object, and in the
process allows TLS to now wrap other Core::Stream::Socket objects.
As a large part of LibHTTP and LibGemini depend on LibTLS's interface,
this also converts those to support Core::Stream, which leads to a
simplification of LibHTTP (as there's no need to care about the
underlying socket type anymore).
Note that RequestServer now controls the TLS socket options, which is a
better place anyway, as RS is the first receiver of the user-requested
options (though this is currently not particularly useful).
2022-02-06 13:10:10 +01:00
Sam Atkins
c388a879d7 AK+Userland: Make AK::decode_base64 return ErrorOr 2022-01-24 22:36:09 +01:00
Sam Atkins
45cf40653a Everywhere: Convert ByteBuffer factory methods from Optional -> ErrorOr
Apologies for the enormous commit, but I don't see a way to split this
up nicely. In the vast majority of cases it's a simple change. A few
extra places can use TRY instead of manual error checking though. :^)
2022-01-24 22:36:09 +01:00
Nico Weber
a17b2248f2 LibHTTP+AK: Rename CHTTPJOB_DEBUG to HTTPJOB_DEBUG 2022-01-23 00:45:22 +00:00
Nico Weber
a9c80ba33c LibHTTP: Move more happy-path logging behind CHTTPJOB_DEBUG 2022-01-22 01:28:01 +00:00
Nico Weber
46ffc98ebc LibHTTP: Move more happy-path logging behind HTTPSJOB_DEBUG 2022-01-22 01:28:01 +00:00
Ben Wiederhake
f59f7674c8 LibHTTP: Avoid implicitly copying ByteBuffer 2021-12-08 09:46:13 -08:00
TheFightingCatfish
57541f433b LibWeb+LibHTTP: Support multiple Set-Cookie response headers 2021-11-19 13:54:35 +03:30
Ben Wiederhake
b3e9a4e603 Libraries: Fix visibility of Object-derivative constructors
Derivatives of Core::Object should be constructed through
ClassName::construct(), to avoid handling ref-counted objects with
refcount zero. Fixing the visibility means that misuses like this are
more difficult.
2021-11-02 22:56:53 +01:00
Daniel Bertalan
e9f0ebd4bd LibHTTP: Fix logic error leading to buffer over-read
When we receive HTTP payloads, we have to ensure that the number of
bytes read is *at most* the value specified in the Content-Length
header.

However, we did not use the correct value when calculating the truncated
size of the last payload. `m_buffered_size` does not store the total
number of bytes received, but rather the number of bytes that haven't
been read from us.

This means that if some data has already been read from us,
`m_buffered_size` is smaller than `m_received_size`. Because of this, we
ended up resizing the `payload` ByteBuffer to a larger size than its
contents. This garbage data was then read by consumers, producing this
warning when executing scripts:

> Extension byte 0xdc in 1 position after first byte 0xdc doesn't make
> sense.
2021-10-30 00:54:34 +03:30
Karol Kosek
78bebb363b LibHTTP: Reset m_content_length if there's a Transfer-Encoding header 2021-10-24 23:54:26 +02:00
Karol Kosek
89c87ff7b9 LibHTTP: Trim the last packet if it exceeded the Content-Length value
Used these commands to test it:

  printf 'HTTP/1.0 200 OK\r\n%s\r\n\r\n%s' 'Content-Length: 4' \
      'well hello friends!' | nc -lN 0.0.0.0 8000
  pro http://0.0.0.0:8000
2021-10-24 23:54:26 +02:00
Karol Kosek
a7e7cb0e70 LibHTTP: Store Content-Length value in the HTTP Job class
This way we can save some calculations, but more importantly this will
also be needed in next commits. :P
2021-10-24 23:54:26 +02:00
Karol Kosek
71f663b205 LibHTTP: Fix buffer overflow when body is larger than the Content-Length
(Actually, this also needs a Content-Encoding header, as response
streaming is disabled then. It didn't fit in the title.)

We were creating too small buffer -- instead of assigning the total
received buffer size, we were using the Content-Length value.

As you can see, the m_buffered_size might now exceed the Content-Length
value, but that will be handled in next commits, regardless if
the response can be streamed or not. :^)

Here's a minimal code that caused crash before:

  printf 'HTTP/1.0 200 OK\r\n%s\r\n%s\r\n\r\n%s' \
      'Content-Encoding: anything' 'Content-Length: 3' \
      ':^)AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' | nc -lN 0.0.0.0 8000
  pro http://0.0.0.0:8000
2021-10-24 23:54:26 +02:00
Ben Wiederhake
cb868cfa41 AK+Everywhere: Make Base64 decoding fallible 2021-10-23 19:16:40 +01:00
Ali Mohammad Pur
82da36f129 LibHTTP: Quit the read loop when an incomplete chunk size line is seen
If we don't quit, the underlying socket won't get a chance to do much
other than nothing while we spin in read_while_data_available().
Fixes some possible RS spin (especially seen in Google's cookie consent
page).
2021-10-10 00:27:44 +02:00
Ali Mohammad Pur
5b185d9cb5 LibHTTP: Bump max HTTP header size up to 32KiB
Apparently discord likes to feed us headers as big as 6KiB, so clearly
there are large headers out there in the wild.
For reference, Apache's limit is 8KiB, and IIS's limit is 16KiB (this
limit is not defined by the spec, so nothing can stop a server from
sending massive headers - sadly)
2021-10-04 18:26:16 +02:00
Ali Mohammad Pur
64e231bd38 LibHTTP+LibGemini: Set underlying sockets as idle when detaching
This ultimately makes the sockets not spin while unused (particularly in
the 10s shutdown period that RequestServer's cache has).
2021-10-04 15:31:26 +02:00
Ali Mohammad Pur
830b0e8f2d LibHTTP: Treat EOF on a non-Finished state as an error 2021-10-04 15:31:26 +02:00
Ali Mohammad Pur
fdd2d49c5b LibHTTP: Ignore empty reads on chunk boundaries 2021-10-04 13:06:03 +02:00
Ali Mohammad Pur
3564e4eff1 LibHTTP: Consider a job failed if its body fails decompression
Our previous behaviour of treating the original invalid compressed body
as the decompressed response is quite silly, if the headers and response
doesn't match up, the job has failed.
2021-10-04 13:06:03 +02:00
Ali Mohammad Pur
b0a9c5673e LibHTTP: Respect the 'Connection: close' header on keep-alive jobs
If the server responds with this header, we _must_ close the connection,
as the server is allowed to ignore the socket and not respond to
anything past that response.
Fixes some RequestServer spins.
2021-09-30 11:46:37 +02:00
Ali Mohammad Pur
436693c0c9 LibTLS: Use a setter for on_tls_ready_to_write with some more smarts
The callback should be called as soon as the connection is established,
and if we actually set the callback when it already is, we expect it to
be called immediately.
2021-09-19 21:10:23 +04:30
Ali Mohammad Pur
65f7e45a75 RequestServer+LibHTTP+LibGemini: Cache connections to the same host
This makes connections (particularly TLS-based ones) do the handshaking
stuff only once.
Currently the cache is configured to keep at most two connections evenly
balanced in queue size, and with a grace period of 10s after the last
queued job has finished (after which the connection will be dropped).
2021-09-19 21:10:23 +04:30