summaryrefslogtreecommitdiff
path: root/uhttpd.h
AgeCommit message (Collapse)Author
2021-09-08uhttpd: add SO_BINDTODEVICE supportMikael Magnusson
Add command line option "-b <interface>" which binds the ports (and addresses) in the following "-p" and "-s" options to the specified network interface with SO_BINDTODEVICE. Using SO_BINDTODEVICE means uhttpd will only accept incoming traffic from the specified network interface. Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
2020-09-15ubus: add new RESTful APIRafał Miłecki
Initial uhttpd ubus API was fully based on JSON-RPC. That restricted it from supporting ubus notifications that don't fit its model. Notifications require protocol that allows server to send data without being polled. There are two candidates for that: 1. Server-sent events 2. WebSocket The later one is overcomplex for this simple task so ideally uhttps ubus should support text-based server-sent events. It's not possible with JSON-RPC without violating it. Specification requires server to reply with Response object. Replying with text/event-stream is not allowed. All above led to designing new API that: 1. Uses GET and POST requests 2. Makes use of RESTful URLs 3. Uses JSON-RPC in cleaner form and only for calling ubus methods This new API allows: 1. Listing all ubus objects and their methods using GET <prefix>/list 2. Listing object methods using GET <prefix>/list/<path> 3. Listening to object notifications with GET <prefix>/subscribe/<path> 4. Calling ubus methods using POST <prefix>/call/<path> JSON-RPC custom protocol was also simplified to: 1. Use "method" member for ubus object method name It was possible thanks to using RESTful URLs. Previously "method" had to be "list" or "call". 2. Reply with Error object on ubus method call error This simplified "result" member format as it doesn't need to contain ubus result code anymore. This patch doesn't break or change the old API. The biggest downside of the new API is no support for batch requests. It's cost of using RESTful URLs. It should not matter much as uhttpd supports keep alive. Example usages: 1. Getting all objects and their methods: $ curl http://192.168.1.1/ubus/list { "dhcp": { "ipv4leases": { }, "ipv6leases": { } }, "log": { "read": { "lines": "number", "stream": "boolean", "oneshot": "boolean" }, "write": { "event": "string" } } } 2. Getting object methods: $ curl http://192.168.1.1/ubus/list/log { "read": { "lines": "number", "stream": "boolean", "oneshot": "boolean" }, "write": { "event": "string" } } 3. Subscribing to notifications: $ curl http://192.168.1.1/ubus/subscribe/foo event: status data: {"count":5} 4. Calling ubus object method: $ curl -d '{ "jsonrpc": "2.0", "id": 1, "method": "login", "params": {"username": "root", "password": "password" } }' http://192.168.1.1/ubus/call/session { "jsonrpc": "2.0", "id": 1, "result": { "ubus_rpc_session": "01234567890123456789012345678901", (...) } } $ curl -H 'Authorization: Bearer 01234567890123456789012345678901' -d '{ "jsonrpc": "2.0", "id": 1, "method": "write", "params": {"event": "Hello world" } }' http://192.168.1.1/ubus/call/log { "jsonrpc": "2.0", "id": 1, "result": null } Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-08-23lua: support multiple Lua prefixesJo-Philipp Wich
Allow -l / -L arguments to be repeated to register multiple Lua prefix handlers in the same process. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-21uhttpd: recognize PATCH, PUT and DELETE HTTP methodsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-02file: remove unused "auth" member from struct path_infoJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-02auth: store parsed username and passwordJo-Philipp Wich
Store the parsed username and password information as HTTP headers in the clients header blob buffer for later use by proc.c Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-16file: add support for disabling cache related precondition checks via handlersFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16uhttpd: add support for adding arbitrary headers via handler scriptsFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2015-11-08add support for handling redirects via a scriptFelix Fietkau
In a json_script file you can specify rules for rewriting the URL or redirecting the browser either unconditionally, or as a fallback where it would otherwise print a 404 error Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2015-10-17add a -y parameter for cgi-bin redirectsJohn Crispin
this allows an alias entry inside the root folder point at a cgi-bin script -y foo=bar will redirect /foo to /cgi-bin/bar Signed-off-by: John Crispin <blogic@openwrt.org>
2015-10-08fix chunked transfer encoding in keepalive modeJo-Philipp Wich
The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30add support for enforcing HTTPSJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30allow request handlers to disable chunked reponsesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-03-11fixes for json 0.12John Crispin
Signed-off-by: John Crispin <blogic@openwrt.org>
2014-10-27client: store http code of last emitted responseJo-Philipp Wich
Certain response types (notably 204 and 304) require a slightly different handling like emitting the response body entirely, therfore record the last code to act on it in the appropriate places. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-06-10ubus: add CORS header supportJo-Philipp Wich
In order to support cross-domain AJAX requests to the /ubus endpoint we need to implement the Cross-Origin Resource Sharing (CORS) spec in the ubus plugin. - Implement a new option "-X" to enable CORS support in ubus - Implement rudimentary support for "OPTIONS" HTTP requests - Implement essential CORS headers the ubus plugin The current CORS response headers merely reflect the request headers sent by the client, this way any requesting origin is automatically allowed. Cross-domain cookies (Access-Control-Allow-Credentials) are unconditionally enabled. Restricting permitted origins and toggle the credential accepting can be made configurable in a future commit to allow more fine grained control over permitted AJAX clients. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-03-22cgi: compare the physical path instead of the url to detect quirky urlsFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-21relay: do forward data if the http request type was HEADFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-11-21uhttpd: fix crashes in the ubus pluginFelix Fietkau
The ubus plugin calls blocking ubus functions that loop back into uloop_run. Protect the client data structure with refcounting to ensure that the outer uloop_run call does not clean up the data that the inner uloop_run call is still processing. Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-08-07ubus: move sid into the params array of the json-rpc request to avoid ↵Jo-Philipp Wich
information leakage via the post url
2013-05-23relay: do not process headers after the first errorFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-05-23relay: fix close handlingFelix Fietkau
When the relay process has exited, close the connection as soon as no data can immediately be read from the socket anymore, and the read buffer has been emptied. This fixes timeouts with scripts that leave processes lingering around without closing their fds. Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-25ubus: add option to not authenticate ubus requestsJo-Philipp Wich
2013-01-19implement support for script timeout for cgi/luaFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-19add support for deferring script requests, limit maximum number of script ↵Felix Fietkau
calls to 3, maximum number of connections to 100 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-19poll read data after connect as wellFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-19add user agent detection for working around keepalive issues and add support ↵Felix Fietkau
for the connection: close|keep-alive header Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-13relicense to ISCFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-13fix cgi/lua header parsingFelix Fietkau
2013-01-13rework the ubus plugin to support JSON-RPC 2.0Felix Fietkau
2013-01-07add ubus supportFelix Fietkau
2013-01-06de-constify the url parameter for the handler, it becomes invalid after the ↵Felix Fietkau
request anyway
2013-01-04add lua plugin supportFelix Fietkau
2013-01-04add basic tls support, todo: error handlingFelix Fietkau
2013-01-04fix resuming accept() calls after exceeding client limitFelix Fietkau
2013-01-03use pipes instead of a socketpair, EOF handling is broken with socketsFelix Fietkau
2013-01-03implement proper flow control for relaying postdataFelix Fietkau
2013-01-03fix use-after-realloc issue with the request urlFelix Fietkau
2013-01-03fix chunked postdata parsingFelix Fietkau
2013-01-03add post data relayingFelix Fietkau
2013-01-03declare dispatch struct typeFelix Fietkau
2013-01-02add support for sending HTTP/1.1 100 ContinueFelix Fietkau
2013-01-02add uh_addr_rfc1918()Felix Fietkau
2013-01-02add auth supportFelix Fietkau
2013-01-02remove unused constantFelix Fietkau
2013-01-02constify, fix typesFelix Fietkau
2013-01-02add local/remote address env vars for cgiFelix Fietkau
2013-01-01add preliminary cgi support, needs fixing for close handlingFelix Fietkau
2013-01-01code cleanupFelix Fietkau
2012-12-31remove unnecessary client struct field membersFelix Fietkau