1
0
mirror of https://git.kore.io/kore.git synced 2024-11-12 13:19:12 +01:00
Commit Graph

126 Commits

Author SHA1 Message Date
Joris Vink
960730a062 On MacOS put the OpenSSL flags under FEATURES_INC.
Use this to pick them up automatically for kodev.
2021-10-27 22:28:08 +02:00
Joris Vink
c68eb0c705 make sure we add to LDFLAGS 2021-10-27 17:59:14 +02:00
Joris Vink
995b6b8586 On macos use pkg-config for openssl. 2021-10-27 14:34:06 +02:00
Joris Vink
1fcc9345a6 add cflags/ldflags commands to kodev.
These will spew out the required CFLAGS and LDFLAGS respectively
when compiling source code for use in Kore applications.

This should make it easier to integrate this into existing
build systems where using kodev may be a bit annoying.

Eg: gcc -Wall -std=c99 `kodev cflags` koreapp.c `kodev ldflags` -o koreapp.so
2021-09-22 20:50:09 +02:00
Joris Vink
e98a4ddab5 Change how routes are configured in Kore.
Routes are now configured in a context per route:

route /path {
	handler handler_name
	methods get post head
	validate qs:get id v_id
}

All route related configurations are per-route, allowing multiple
routes for the same path (for different methods).

The param context is removed and merged into the route context now
so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
Joris Vink
1c33ce01d0 Add kore_build_date to version.c 2021-09-07 21:58:53 +02:00
Joris Vink
7f56c7dbf2 Change how worker processes do logging.
Before each worker process would either directly print to stdout if
Kore was running in foreground mode, or syslog otherwise.

With this commit the workers will submit their log messages to the
parent process who will either put it onto stdout or syslog.

This change in completely under the hood and users shouldn't care about it.
2021-09-06 13:28:38 +02:00
Joris Vink
fb335e1e0c Major Python API improvements.
1) Add @kore.route as a decorator for Python.

This decorator can be used on non-class methods to automatically
declare their route and parameters.

Takes the same arguments as the kore.domain.route function that
exists today.

Provides a nice clean way of setting up Kore if you dont want
a whole class based approach.

2) Remove the requirement for the name for kore.server() and the
kore.domain(attach=) keywords.

Instead of no name was given, the name "default" is used in both
places resulting in less boilerplating.

3) Allow multiple routes to be defined for the same URI as long
as the methods are different. So you can have one method for GET /
and another for POST /.

All changes combined condense the initial experience of getting
a Kore Python app up and running:

eg:

import kore

kore.server(ip="127.0.0.1", port="8888", tls=False)
kore.domain("*")

@kore.route("/", methods=["get"])
async def index(req):
    req.response(200, b'get method')

@kore.route("/", methods=["post"])
async def index_post(req)
    req.response(200, b'post method')
2021-05-02 00:32:47 +02:00
Joris Vink
cf9e97f087 Improve TLS settings and dependencies.
- Kore now only supports OpenSSL 1.1.1 and LibreSSL 3.x.
- Revise the default TLS ciphersuites.
- Kore now carries ffdhe4096.pem and installs it under PREFIX/share/kore.
- Kore its tls_dhparam config setting defaults to the path mentioned above
  so you no longer have to set it.
2021-04-21 10:48:00 +02:00
Joris Vink
25d47db9e7 Let VERSION depend on OBJDIR. 2021-03-09 15:13:45 +01:00
Joris Vink
26fdbc4030 Add -fno-common to CFLAGS.
Newer compilers have this enabled by default, instead of -fcommon
so enable it here to catch any problems early.
2021-01-31 14:54:26 +01:00
Joris Vink
8aa9af1f0c force a dependency between seccomp.c and $(PLATFORM). 2020-10-30 10:12:29 +01:00
Frederic Cambus
19573a7bf0 Also add DESTDIR in the uninstall targets in kore and kodev Makefiles. 2020-09-14 14:07:31 +02:00
Joris Vink
a62c504a40 Set KORE_SOURCE for tools-build target. 2020-09-09 22:35:19 +02:00
Joris Vink
e87ba0f2d8 Add flavors for kore-serve for all platforms. 2020-09-09 22:31:46 +02:00
Joris Vink
814a994e99 Don't depend on pushd/popd 2020-09-09 22:18:59 +02:00
Joris Vink
21d1e5156b Add tools directory.
Includes the kore-serve utility that spins up a Kore instance
on the local directory and serves the contents via a filemap
on localhost port 8888.

Used by myself when hacking on the kore website.
2020-09-09 22:14:29 +02:00
Joris Vink
2dca8fd6cc Add an install-sources target.
This will place the required sources for building
single binary builds under $PREFIX/share/kore.

The kodev utility will now pickup this KORE_SOURCE path automatically
unless another one is given via the conf/build.conf file or the KORE_SOURCE
environment path.
2020-09-09 21:09:40 +02:00
Frederic Cambus
3bf5896cfb Add DESTDIR support in both kore and kodev Makefiles. 2020-09-08 21:28:58 +02:00
Joris Vink
f6af4a27f4 Enable type-limits warning.
Remove unneeded comparison in the JSON code.
via https://marc.info/?l=openbsd-ports&m=159958572325174&w=2
2020-09-08 19:29:15 +02:00
Tobias Kortkamp
85b26533b7 Unbreak build with multiple make jobs
Without it python_curlopt.h might not be available at the right
time when using something like make -j4:

src/python.c:50:10: fatal error: 'python_curlopt.h' file not found
         ^~~~~~~~~~~~~~~~~~
1 error generated.

Signed-off-by: Tobias Kortkamp <t@tobik.me>
2020-09-03 14:07:41 +02:00
Joris Vink
d2617fdf32 Do not let DEBUG imply NOOPT any longer. 2020-08-13 09:10:00 +02:00
Joris Vink
2d380cac3f Expose our async libcurl support to the Python api.
Kore already exposed parts of this via the kore.httpclient() method but
this commit takes it a bit further and exposes the libcurl interface
completely (including the setopt options).

tldr:

handle = kore.curl("ftp://ftp.eu.openbsd.org/pub/OpenBSD/README")
handle.setopt(kore.CURLOPT_TIMEOUT, 5)

data = await handle.run()
print("%s" % data.decode())
2020-01-18 19:43:38 +01:00
Joris Vink
0aa4769777 its about time LDFLAGS are appended instead of set. 2019-11-14 23:48:27 +01:00
Joris Vink
c78535aa5d Add acmev2 (RFC8555) support to Kore.
A new acme process is created that communicates with the acme servers.

This process does not hold any of your private keys (no account keys,
no domain keys etc).

Whenever the acme process requires a signed payload it will ask the keymgr
process to do the signing with the relevant keys.

This process is also sandboxed with pledge+unveil on OpenBSD and seccomp
syscall filtering on Linux.

The implementation only supports the tls-alpn-01 challenge. This means that
you do not need to open additional ports on your machine.

http-01 and dns-01 are currently not supported (no wildcard support).

A new configuration option "acme_provider" is available and can be set
to the acme server its directory. By default this will point to the
live letsencrypt environment:
    https://acme-v02.api.letsencrypt.org/directory

The acme process can be controlled via the following config options:
  - acme_root (where the acme process will chroot/chdir into).
  - acme_runas (the user the acme process will run as).

  If none are set, the values from 'root' and 'runas' are taken.

If you want to turn on acme for domains you do it as follows:

domain kore.io {
	acme yes
}

You do not need to specify certkey/certfile anymore, if they are present
still
they will be overwritten by the acme system.

The keymgr will store all certificates and keys under its root
(keymgr_root), the account key is stored as "/account-key.pem" and all
obtained certificates go under "certificates/<domain>/fullchain.pem" while
keys go under "certificates/<domain>/key.pem".

Kore will automatically renew certificates if they will expire in 7 days
or less.
2019-11-06 19:43:48 +01:00
Joris Vink
aa01e5e504 If OPENSSL_PATH is set, append lib to it. 2019-11-04 21:16:00 +01:00
Joris Vink
18c76abab3 use curl-config instead of pkg-config. 2019-10-28 12:18:15 +01:00
Joris Vink
06fa452c96 Add a full native JSON parser to Kore.
Mostly compliant, ignores \uXXXX in strings for now.

New API functions:

void kore_json_init(struct kore_json *json, const u_int8_t *data, size_t len);
  - Prepares JSON data for parsing.

int kore_json_parse(struct kore_json *json)
  - Parses the JSON data prepared via kore_json_init. Returns KORE_RESULT_ERROR
    if parsing failed or KORE_RESULT_OK if it succeeded.

struct kore_json_item *kore_json_get(struct kore_json *json, const char *path,
                                     int type);
  - Try to find the object matching a given search patch and type.

  eg, given a JSON structure of:
    {
      "reasons": {
        "strings": [
          "first reason",
          "second"
        ]
      }
    }

  one can obtain the second element in the reasons.strings array via:

    item = kore_json_get(json, "reasons/strings[0]", KORE_JSON_TYPE_STRING);

  Returns NULL if the item was not found or a type mismatch was hit,
  otherwise will return the item of that type.

  The kore_json_item data structure has a data member that contains the
  relevant bits depending on the type:

    KORE_JSON_TYPE_ARRAY, KORE_JSON_TYPE_OBJECT:
      the data.items member is valid.

    KORE_JSON_TYPE_STRING:
      the data.string member is valid.

    KORE_JSON_TYPE_NUMBER:
      the data.number member is valid.

    KORE_JSON_TYPE_LITERAL:
      the data.literal member is valid.

void kore_json_cleanup(struct kore_json *json);
  - Cleanup any resources

const char *kore_json_strerror(struct kore_json *json);
  - Return pointer to human readable error string.
2019-10-20 23:22:11 +02:00
Joris Vink
ec249390b1 Allow building with python3.8 2019-10-15 10:16:53 +02:00
Joris Vink
55f5b34dd9 Generate platform.h into OBJDIR if need be. 2019-10-07 16:23:21 +02:00
Joris Vink
7350131232 Allow listening of tls/notls ports at the same time.
Before kore needed to be built with NOTLS=1 to be able to do non TLS
connections. This has been like this for years.

It is time to allow non TLS listeners without having to rebuild Kore.

This commit changes your configuration format and will break existing
applications their config.

Configurations now get listener {} contexts:

listen default {
	bind 127.0.0.1 8888
}

The above will create a listener on 127.0.0.1, port 8888 that will serve
TLS (still the default).

If you want to turn off TLS on that listener, specify "tls no" in that
context.

Domains now need to be attached to a listener:

Eg:
	domain * {
		attach	default
	}

For the Python API this kills kore.bind(), and kore.bind_unix(). They are
replaced with:

	kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:27:04 +02:00
Joris Vink
e7352a3634 fix - that snuck in 2019-09-25 14:32:17 +02:00
Joris Vink
cd9971247c Add seccomp syscall filtering to kore.
With this commit all Kore processes (minus the parent) are running
under seccomp.

The worker processes get the bare minimum allowed syscalls while each module
like curl, pgsql, etc will add their own filters to allow what they require.

New API functions:
    int kore_seccomp_filter(const char *name, void *filter, size_t len);

    Adds a filter into the seccomp system (must be called before
    seccomp is enabled).

New helpful macro:
    define KORE_SYSCALL_ALLOW(name)

    Allow the syscall with a given name, should be used in
    a sock_filter data structure.

New hooks:
    void kore_seccomp_hook(void);

    Called before seccomp is enabled, allows developers to add their
    own BPF filters into seccomp.
2019-09-25 14:31:20 +02:00
Joris Vink
868b0a71a2 make coro tracing available at runtime, always.
call kore.corotrace(True) to enable it and kore.corotrace(False) to disable.
2019-09-18 10:55:13 +02:00
Joris Vink
b107485ea4 if built with python+debug enable coro tracing 2019-09-16 20:36:23 +02:00
Frederic Cambus
a8c6ecbb89 Set default MAN_DIR value only if it's not already set. 2019-09-05 09:42:54 +02:00
Joris Vink
41366ba583 avoid using pkg-config on FreeBSD for CURL=1. 2019-05-14 20:53:27 +02:00
Joris Vink
2c983e338c undefine _FORTIFY_SOURCE before defining it.
Fixes building with compilers/distributions that set it by default.

From Bryan Baldwin via patches@
2019-04-25 20:09:11 +02:00
Joris Vink
2c88bc6120 Add asynchronous libcurl support.
This commit adds the CURL=1 build option. When enabled allows
you to schedule CURL easy handles onto the Kore event loop.

It also adds an easy to use HTTP client API that abstracts away the
settings required from libcurl to make HTTP requests.

Tied together with HTTP request state machines this means you can
write fully asynchronous HTTP client requests in an easy way.

Additionally this exposes that API to the Python code as well
allowing you do to things like:

	client = kore.httpclient("https://kore.io")
	status, body = await client.get()

Introduces 2 configuration options:
	- curl_recv_max
		Max incoming bytes for a response.

	- curl_timeout
		Timeout in seconds before a transfer is cancelled.

This API also allows you to take the CURL easy handle and send emails
with it, run FTP, etc. All asynchronously.
2019-04-24 00:15:17 +02:00
Joris Vink
e97396366c don't go examples clean 2018-11-29 21:18:15 +01:00
Joris Vink
af45936447 add releng-build-examples target for myself 2018-11-29 21:13:34 +01:00
Joris Vink
34829d8592 Add OPENSSL_PATH environment variable. 2018-11-28 13:54:38 +01:00
Joris Vink
c2c4e55149 Makefile improvements.
Add KORE_PYTHON_LIB and KORE_PYTHON_INC which can be set
by a caller in case the libraries exist somewhere else.

Add KORE_CRYPTO to be able to override the name of the default
crypto library Kore would link with.
2018-10-17 11:31:36 +02:00
Joris Vink
545d48e65d revert chunk that wasn't suppose to be changed. 2018-10-15 20:33:34 +02:00
Joris Vink
20a0103f1e Add async/await support for socket i/o in python.
This means you can now do things like:

	resp = await koresock.recv(1024)
	await koresock.send(resp)

directly from page handlers if they are defined as async.

Adds lots more to the python goo such as fatalx(), bind_unix(),
task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
Joris Vink
570f9ac986 move optimzations back to -O2, not -O3. 2018-07-09 09:45:10 +02:00
Joris Vink
80f5425698 Add filemaps.
A filemap is a way of telling Kore to serve files from a directory
much like a traditional webserver can do.

Kore filemaps only handles files. Kore does not generate directory
indexes or deal with non-regular files.

The way files are sent to a client differs a bit per platform and
build options:

default:
  - mmap() backed file transfer due to TLS.

NOTLS=1
  - sendfile() under FreeBSD, macOS and Linux.
  - mmap() backed file for OpenBSD.

The opened file descriptors/mmap'd regions are cached and reused when
appropriate. If a file is no longer in use it will be closed and evicted
from the cache after 30 seconds.

New API's are available allowing developers to use these facilities via:
  void net_send_fileref(struct connection *, struct kore_fileref *);
  void http_response_fileref(struct http_request *, struct kore_fileref *);

Kore will attempt to match media types based on file extensions. A few
default types are built-in. Others can be added via the new "http_media_type"
configuration directive.
2018-06-28 13:27:44 +02:00
Joris Vink
fc58007cc1 remove lingering character 2018-06-22 23:02:57 +02:00
Joris Vink
8aaf7aaf79 Alter where the version number comes from.
Now if we are a git repo we fetch the branch name and
commitid to build the version string. If there is no
git repo we'll look at the RELEASE file.
2018-06-22 14:24:42 +02:00
Joris Vink
7b20192e02 install kodev manual page. 2018-06-19 22:40:55 +02:00