mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
1,276 Commits 5 Branches 45 Tags 4.4 MiB
Commit Graph

1276 Commits

Author SHA1 Message Date
Joris Vink 086e2e3d5e len is a size_t, not ssize_t 2018-07-18 16:09:05 +02:00
Joris Vink 25c8dfbdaa missing rpath pledge for openbsd 2018-07-18 15:14:07 +02:00
Joris Vink 5a5d9fd0c2 alloc space for nb->buf after taking ownership. 2018-07-18 14:36:13 +02:00
Joris Vink 27d1746940 Consume all notifications on a connection. 2018-07-18 11:40:59 +02:00
Joris Vink 2e321f14de Add KORE_PGSQL_STATE_NOTIFY. 
Issue a LISTEN channel on a kore_pgsql, bind a callback to it and you
will get called with pgsql->state being KORE_PGSQL_STATE_NOTIFY.
 2018-07-18 11:38:17 +02:00
Joris Vink 1447f6573f better http header validation. 2018-07-17 20:17:05 +02:00
Joris Vink 3312a2882f Let KORE_PREFIX override builtin prefix for kodev. 2018-07-17 15:59:59 +02:00
Joris Vink 05cccef77c toot toot 2018-07-17 15:16:27 +02:00
Joris Vink ac5a89fbeb pull in openssl/sha.h for body digest 2018-07-17 15:07:26 +02:00
Joris Vink c2289471b1 forcefully limit filemaps to GET | HEAD. 2018-07-17 15:05:20 +02:00
Joris Vink 616af063e3 Calculate an md over the incoming HTTP body. 
This is calculated while the HTTP body is incoming over the wire, once
the body is fully received the digest will be available for the page
handlers to obtain.

You can obtain a hex string for this md via http_body_digest() or
dereferences the http_request and look at http_body_digest manually
for the bytes.
 2018-07-17 14:53:55 +02:00
Joris Vink 9f2759e7b2 missing newline in error 2018-07-17 14:36:21 +02:00
Joris Vink 40a81a17ba remove kore_module_handle for NOHTTP=1 builds. 2018-07-17 14:28:43 +02:00
Joris Vink 0726a26c0c Allow restriction of methods for paths. 
Now Kore will automatically send a 400 bad request in case the
method was not allowed on the path.
 2018-07-17 14:23:57 +02:00
Joris Vink 993c5d2ac2 pledge keymgr process on openbsd 2018-07-14 21:14:02 +02:00
Joris Vink b957d26335 Let kore_worker_make_busy() not unlock solo workers 2018-07-13 21:04:59 +02:00
Joris Vink 02e7359970 Add kore_worker_make_busy(). 
Calling this from your page handler will cause your current worker
to give up the acceptlock (if it holds it).

This is particularly useful if you are about to run code that may block
a bit longer then you are comfortable with. Calling this will cause
the acceptlock to shuffle to another free worker which in turn makes
sure your application can keep accepting requests.
 2018-07-11 18:00:16 +02:00
Joris Vink 52d14a3fbf Unbreak building with LibreSSL. 2018-07-11 12:50:50 +02:00
Joris Vink 2b3119d0e2 add overview of how the keymgr works 2018-07-11 11:53:56 +02:00
Joris Vink 6cf3b3c0dc Only use kore_root_path if its explicitly set. 
Otherwise a relative path works well enough.
 2018-07-11 11:08:44 +02:00
Joris Vink 207faad3c2 we're not in GH anymore. 2018-07-11 10:04:23 +02:00
Joris Vink 77e0439225 better log messages for TLS configuration missing. 2018-07-11 09:52:05 +02:00
Joris Vink cffb7ec379 Allow on-the-fly reloading of certificates/keys. 
This commit introduces the ability for the keymgr process
to reload the certificates/keys for domains when receiving
a SIGUSR1 signal.

The keymgr receives 2 new configuration options:
	- keymgr_root_path
		The root path where the keymgr will live.
		If -n is not specified when the application starts the
		keymgr process will chroot into here.

	- keymgr_runas_user
		The user the keymgr will drop privileges towards if
		-r was not specified.

All certfile and certkey configuration options are now relative to the
keymgr_root_path configuration setting.

The keymgr process will now also load the certificate for the domain
(rather then the workers) and submit these to the worker processes so
they can be reloaded when required.

Worker processes will refuse connections until the TLS configuration
for a given domain is completed (aka: the workers receive the certificate
for that domain).

Other changes:
	- client_certificates renamed to client_verify.
	- the chroot configuration option is now called root.
	- kore is a little more verbose if privsep options are missing.
	- filemaps are now relative to the root configuration option.
 2018-07-11 09:44:29 +02:00
Joris Vink bf6c0e150f Let kore_worker_privdrop() take user and chroot. 
This will make it easier when the keymgr gets its own user/chroot settings.
 2018-07-11 06:53:51 +02:00
Joris Vink 2bf8cce43c even better 2018-07-09 14:17:39 +02:00
Joris Vink 3269fcef80 spacing 2018-07-09 14:17:10 +02:00
Joris Vink ac6fcf8981 deal with sendfile() in newer linux kernels. 2018-07-09 10:00:38 +00:00
Joris Vink 570f9ac986 move optimzations back to -O2, not -O3. 2018-07-09 09:45:10 +02:00
Joris Vink bc1206c4fc better README now that we're moving from GH 2018-07-09 09:10:57 +02:00
Joris Vink 93c94eb9c1 add minisign public key 2018-07-09 07:42:18 +02:00
Joris Vink e665cc900d redirect to /uri/ if need be. 2018-07-09 06:28:28 +02:00
Joris Vink 04f4306cf2 simplify logic 2018-07-08 15:58:56 +00:00
Joris Vink 04deeeafb9 make sure we can still resolve new paths 2018-07-08 15:57:00 +00:00
Joris Vink 5eb2160269 resolve filemap paths after workers chrooted. 
otherwise the paths inside chrooted workers are incorrect.
 2018-07-08 17:51:35 +02:00
Joris Vink 10cf14f756 use realpath() to resolve ondisk paths. 2018-07-08 17:40:16 +02:00
Joris Vink 3ddcaf4661 typo 2018-07-07 13:34:58 +02:00
Joris Vink 71659ab197 correct includes 2018-07-07 13:23:43 +02:00
Joris Vink f02f88295c revert b5e122 for now. 2018-07-06 11:21:46 +02:00
Joris Vink 4f16a5d272 make net_read() and net_write() more sane. 2018-07-05 12:36:47 +00:00
Joris Vink 47c1a1d195 set referer to NULL in http_request_new(). 2018-07-05 05:02:49 +00:00
Joris Vink 3e4b9f4fe8 let filemaps be matched to the domains. 2018-07-04 14:26:38 +02:00
Joris Vink 04077c66b6 Add filemap_ext configuration option. 
Allows you to specify the default extensions used for a file served
via a filemap, eg:
	filemap_ext	.html

Gives us ability to provide clean urls.
 2018-07-03 19:58:43 +02:00
Joris Vink b5e122419b Let http_populate_post() listen to content-type 2018-07-03 08:25:06 +02:00
Joris Vink 4a8d8ab7f8 log referer in accesslog if present. 2018-06-29 22:37:48 +02:00
Joris Vink 6dca7d51e6 update prototype for kore_date_to_time() 2018-06-29 09:56:38 +02:00
Joris Vink 72073701b0 Add last-modified and if-modified-since for filemaps. 2018-06-29 09:56:04 +02:00
Joris Vink cca269ff5d make sure we use fd_off in linux sendfile properly 2018-06-29 03:10:28 +00:00
Joris Vink 3e5939a8e3 make sure fileref is dropped if softremoved 2018-06-29 05:03:50 +02:00
Joris Vink 09b362ced4 remove norwegian debugging 2018-06-28 23:02:46 +02:00
Joris Vink 202234cf97 filemap and fileref improvements. 
- make sure we can serve updated files even if we have an old
  fileref around.

- add filemap_index as a configuration option: allows one to specify
  what file to serve if a directory was requested (eg: index.html)
 2018-06-28 23:00:42 +02:00