Takes a new parameter now `qs`, if set to 1 it'll urldecode
according to how its always done it before.
If not set to 0 (for posts for example), the decoder will allow
\n and \r in addition to the other ones.
Add redirect() method to add a redirect on a domain much like
in the Kore configuration file.
eg:
domain.redirect("^/account/(.*)$", 301, "https://site/account/$1")
If kore_realloc() decides that a new block must be allocated it will
explicitly call the new kore_free_zero() function to erase the
contents of the old block once the move is done.
It was hardcoded that if KORE_USE_PYTHON was defined we would
look at the passed argument on the command-line as the python
script or module to be run.
This won't work when adding more runtimes.
So instead call a kore_runtime_resolve() function that in
turn calls each available runtime its resolve function.
That resolve function will check if its a script / module
that it can load, and if so will load it.
This way we can remove all those KORE_USE_PYTHON blocks in the
Kore startup path and we pave the way for lua.
When KORE_MEM_GUARD is set in the environment when Kore is started
it will enable a few memory protection techniques for all kore pools:
1) The metadata is placed away from the actual user pointer returned.
2) Each entry in a pool is placed in such a way that it is followed
immediately by a guard page which has PROT_NONE. Accessing a guard
page will cause an immediate crash.
3) Each entry is marked with PROT_NONE until it is allocated. Once it
is returned to a pool it becomes PROT_NONE again, protecting against
use after frees.
This commit also removes the magic goo from the mem facitilies such
as kore_malloc and friends and moves these as canaries into the kore
pool facilities instead.
Note that using this will increase memory pressure and decrease performance.
It is recommended to enable this during development to catch bugs.
Allow passing of an env keyword, allowing you to set environment variables
that may be required by the subprocess.
The env keyword must be a list with correctly formed environment variables.
eg:
proc = kore.proc("/bin/myproc",
env=[
"LD_LIBRARY_PATH=/my/path"
]
)
This commit introduces the ability to add authenticators to filemaps.
Just like in normal routes, the authenticators will be resolved first
before allowing access to the filemap entries.
Configuration wise, the authenticator is an optional value after the
filemap config directive:
filemap / webroot myauth
In the Python API you can now pass the authenticator for a filemap entry
but turning the value of the filemap into a tuple with the first entry
being the path and the second being the auth dict:
AUTH AUTH={
"type": "cookie",
"value": "cookiename",
"redirect": "/auth/",
"verify": verify_cookie
}
domain.filemaps({
"/css/": "webroot/css",
"/secret/": ("webroot/secret", AUTH)
})
The parent process never differentiated between a worker process
asking for a shutdown or a worker process calling fatalx() when
it came to its exit code.
I made some changes here so the parent process will exit with
an exit code 1 if anything worker related went wrong (fatalx/death policy).
use it in places explicit_bzero() used to be called.
The kore_mem_zero() is a best effort to try and let the compiler
not optimize the code away. Highly platform dependent.
This work moves all TLS / crypto related code into a tls_openssl.c
file and adds a tls_none.c which contains just stubs.
Allows compilation of Kore with TLS_BACKEND=none to remove building
against OpenSSL.
Also adds code for SHA1/SHA2 taken from openssh-portable so we don't
depend on those being present anymore in libcrypto.
It wasn't possible for the parent process to send messages
directly via kore_msg_send() to other worker processes.
This is now rectified to from the parent process one can call
kore_msg_send() with a worker destination and it'll work.
This commit adds improved hooks for Python and a new signal delivery hook.
For the Python API kore_worker_configure() and kore_worker_teardown() had
to be implemented before this commit. Now one can create a workerstart
and workerend method in their koreapp as those will be called when
they exist.
The new signal hook is either kore_worker_signal() or koreapp.signal.
This new hook is called after the worker event code handles the received
signal itself first.
With this commit there is also a new kore_signal_trap() API call allowing
you to more easily trap new signals. This API also also exported to the
Python part of the code under kore.sigtrap()
Adding the hooks keyword with a dictionary attached to specify
the relevant hooks will hook them for the given route.
Eg:
domain.route("/", self.index, methods=["get"],
hooks={
"on_free": self.request_free
}
)
These are the same hooks available via a normal Kore route configuration.
This dictionary for now only contains the subject and issuer names
from the client certificate (if one was provided) with their
X509_NAME components.
Eg:
{
"issuer": {
"C": "SE",
"O": "kore autogen: x509name-test",
"CN": "localhost"
},
"subject": {
"C": "SE",
"O": "kore autogen: x509name-test",
"CN": "localhost"
}
}
- Make sure we drain the worker log channel if it dies
so we can flush out any lingering log messages.
- Get rid of the raise() in the parent to signal ourselves
we should terminate. Instead depend on the new kore_quit.
- Always attempt to reap children one way or the other.
If set, will call a given handler with the prototype of
`void body_chunk(struct http_request *req, const void *data, size_t len);`
for each chunk of the received HTTP body, allowing a developer to handle
it in their own way.
The incoming body is still being handled and retained in the same way
as before (in a kore_buf or temporary file).
While here, allow HTTP_STATUS_CONTINUE to work via http_response() and
make the handling of incoming HTTP header data a bit better.
Introduce an on_headers callback for routes, allowing one to inspect
the headers before the request is processed further.
Additionall,
Add a new way of obtaining HTTP headers. Much like http_argument_get_*()
functions, these new APIs allow you to fetch the data of an HTTP header
as a specified C type.
The new APIs are:
* http_request_header_int16()
* http_request_header_uint16()
* http_request_header_int32()
* http_request_header_uint32()
* http_request_header_int64()
* http_request_header_uint64()
* http_request_header_float()
* http_request_header_double()
Should make it easier to operate in HTTP header data in a safe way.
No need to always roll your own string to int conversion functions.
Routes are now configured in a context per route:
route /path {
handler handler_name
methods get post head
validate qs:get id v_id
}
All route related configurations are per-route, allowing multiple
routes for the same path (for different methods).
The param context is removed and merged into the route context now
so that you use the validate keyword to specify what needs validating.
This is the same as http_response() except it will automatically
close the connection after the response is sent.
This is a bit easier than setting CONN_CLOSE_EMPTY yourself manually.
Starting with the privsep config, this commit changes the following:
- Removes the root, runas, keymgr_root, keymgr_runas, acme_root and
acme_runas configuration options.
Instead these are now configured via a privsep configuration context:
privsep worker {
root /tmp
runas nobody
}
This is also configurable via Python using the new kore.privsep() method:
kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"])
Tied into this we also better handle worker startup:
- Per worker process, wait until it signalled it is ready.
- If a worker fails at startup, display its last log lines more clearly.
- Don't start acme process if no domain requires acme.
- Remove each process its individual startup log message in favour
of a generalized one that displays its PID, root and user.
- At startup, log the kore version and built-ins in a nicer way.
- The worker processes now check things they need to start running
before signaling they are ready (such as access to CA certs for
TLS client authentication).
Before each worker process would either directly print to stdout if
Kore was running in foreground mode, or syslog otherwise.
With this commit the workers will submit their log messages to the
parent process who will either put it onto stdout or syslog.
This change in completely under the hood and users shouldn't care about it.
1) Add @kore.route as a decorator for Python.
This decorator can be used on non-class methods to automatically
declare their route and parameters.
Takes the same arguments as the kore.domain.route function that
exists today.
Provides a nice clean way of setting up Kore if you dont want
a whole class based approach.
2) Remove the requirement for the name for kore.server() and the
kore.domain(attach=) keywords.
Instead of no name was given, the name "default" is used in both
places resulting in less boilerplating.
3) Allow multiple routes to be defined for the same URI as long
as the methods are different. So you can have one method for GET /
and another for POST /.
All changes combined condense the initial experience of getting
a Kore Python app up and running:
eg:
import kore
kore.server(ip="127.0.0.1", port="8888", tls=False)
kore.domain("*")
@kore.route("/", methods=["get"])
async def index(req):
req.response(200, b'get method')
@kore.route("/", methods=["post"])
async def index_post(req)
req.response(200, b'post method')
- Kore now only supports OpenSSL 1.1.1 and LibreSSL 3.x.
- Revise the default TLS ciphersuites.
- Kore now carries ffdhe4096.pem and installs it under PREFIX/share/kore.
- Kore its tls_dhparam config setting defaults to the path mentioned above
so you no longer have to set it.
- Try harder to mark integers as KORE_JSON_TYPE_INTEGER, especially if
they fit in the internal representation of one (int64_t).
- Move error codes into the JSON code itself, rather then requiring
a kore_json data structure. This allows the JSON API to relay errors
such as "item not found" or "type mismatch" properly when looking at items.
- When asking for a KORE_JSON_TYPE_INTEGER_U64 and a KORE_JSON_TYPE_INTEGER
was found with the same name, check if it could be returned properly and do
so if possible.
Joris Vink
Daniel Fahlgren