Has support for full async pgsql queries. Most of the logic
is hidden behind a KORE_PGSQL() macro allowing you to insert
these pgsql calls in your page handlers without blocking the
kore worker while the query is going off.
There is place for improvement here, and perhaps KORE_PGSQL won't
stay as I feel this might overcomplicate things instead of making
them simpler as I thought it would.
Double check we actually get a certificate if we are asking for one.
Even though we set SSL_VERIFY_FAIL_IF_NO_PEER_CERT it's a sane thing to do.
Start logging the CN for the received client certificate in the access logs.
As a bonus re-arrange some accesslog stuff for sanity.
request can be used for when you want to validate something for
authentication bmanually. Youur validator will receive the http_reques
passed down.
A practical use of this is doing IP based ACL's.
Using authentication blocks one can define "authentication" mechanisms
in Kore for page handlers.
This can be used to require a session cookie (validated by your own validator)
for certain page handlers, and hopefully in the future provide a framework
for adding more authentication things (like HTTP Auth).
Right now only cookie checking is available.
- Parameter validation is now done only when http_process_*()
is called and upon http_argument_add().
- You MUST have defined your params in a param block or they will
be filtered out.
- http_argument_lookup() is dead, welcome http_argument_get() and
its brothers and sisters:
http_argument_get_string()
http_argument_get_uint16()
http_argument_get_int16()
http_argument_get_uint32()
http_argument_get_int32()
They will automatically do bounds checking on integers for you
and return proper integers or a NUL-terminated string.
- The http_argument_get* functions no longer create an additional
copy of the string which you need to free. Easier going.
- http_multiple_args() is dead, byebye
- Make some stuff we don't want to share with the modules static.
If a worker reached worker_max_connections and it was its turn to
grab the accept lock it would've gotten stuck and no new connections
would be handled even if other workers would be less busy.
Instead, we now skip the lock if we're too busy and pass it along
in the hopes other workers are less busy.
Example:
validator v_id function v_id_function
validator v_url regex ^/url/path/[a-z]*$
You can then call these using kore_validator_run(char *, char *), example:
if (!kore_validator_run("v_url", req->path))
[req->path is bad];
- Attempt to chain as much as we can in the send netbufs
(keeps down the SSL_write calls, silly seeing it go out with 8 bytes)
- Change NETBUF_SEND_PAYLOAD_MAX to 4K
- Call SSL_write() with max NETBUF_SEND_PAYLOAD_MAX in size
- Go back to flushing the send buffers after each request
- No more need for a fixed pool for nb->buf, go back to the heap for now
- Disable Nagle, we're doing the chaining now anyway
No longer takes callbacks, flags, or *out arguments.
Update rest of the code that called these callbacks whenever sending
was completed, instead call them right away now.
This allows us to move the accept lock manually to another Kore worker
in case we own it and are about to do some heavy lifting on the current
Kore worker.
If enabled Kore adds the HSTS header to every response.
- Additionally, fix some typos in the example configuration.
- Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
- http_header_max:
Maximum size of HTTP headers (in non SPDY connections).
- http_postbody_max:
Maximum size of an HTTP POST body (both in SPDY and HTTP mode).
Right now Kore will simply DC the client, ideally we want to send
a 413 (entity too large) to the client however.
See modules/examples/module.conf for more.
New API functions (docs need to be updated):
- http_file_lookup()
- http_file_add()
- http_argument_add()
- kore_strip_chars()
- kore_mem_find()
- Add an example under the example module on how files can be read.
- Keep HTTP requests in connection, so we can delete them if the connection
ends before the requests do (this way we don't leak them).
- When spdy_stream_close() is called, delete the attached http request.
(This shouldn't hurt to do, so hopefully won't cause major fallout).
- When parsing HTTP, find the first occurence of end-of-headers so uploads
with multipart/form-data can succeed properly.
- Add a test upload page to the example module.
kore_buf_replace_string allows you to replace occurances of a certain
string with something else.
Example:
char *username = "Joris";
page = kore_buf_create(static_len_html_profile);
kore_buf_append(page, static_html_profile, static_len_html_profile);
kore_buf_replace_string(page, "%name%", username, strlen(username));
Prototypes:
int http_argument_multiple_lookup(struct http_req *req,
struct http_arg *args);
void http_argument_multiple_free(struct http_arg *args);
These functions can be used to lookup arguments in a single call.
args points to an array of struct http_arg elements. Each of them
have the argument name set and its value set to NULL.
The array must have its last element name field set to NULL.
Upon return http_argument_multiple_lookup() gives the caller the
number of arguments that were successfully found. It makes their values
available under the value field in the struct http_arg array passed.
Example:
int v;
struct http_args args[4];
memset(args, 0, sizeof(args));
args[0].name = "email";
args[1].name = "password1";
args[2].name = "password2";
args[3].name = NULL;
v = http_argument_multiple_lookup(req, args);
if (v != 3) {
kore_debug("argument %s was not present", args[v].name);
} else {
for (v = 0; args[v].name != NULL; v++)
kore_debug("%s -> %s", args[v].name, args[v].value);
}
http_argument_multiple_free(args);
