fresco 0.0.1

data/lib/fresco/runtime/http.c

@@ -0,0 +1,456 @@
+/*
+ * Spinel HTTP shim. Owns sockets, fork/wait, and a fixed-size request
+ * buffer. Ruby reads via sphttp_request_buf() with no copy. Surface
+ * locked at M1 so later milestones don't have to revisit FFI shape.
+ *
+ * Lifted from tep's lib/tep/sphttp.c in spirit; trimmed to the symbols
+ * the framework's runtime needs.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+
+#define SPHTTP_REQ_BUF_SIZE 65536
+#define SPHTTP_BODY_BUF_SIZE (1024 * 1024)
+
+static char sphttp_req_buf_[SPHTTP_REQ_BUF_SIZE + 1];
+static int  sphttp_req_buf_len_ = 0;
+static char sphttp_body_buf_[SPHTTP_BODY_BUF_SIZE + 1];
+
+/* Find first occurrence of `needle` (length nl) in haystack[0..hl).
+ * Stand-in for memmem(3) — non-portable on a few targets. */
+static const char *find_bytes(const char *h, int hl, const char *needle, int nl) {
+    if (nl == 0 || hl < nl) return NULL;
+    int last = hl - nl;
+    for (int i = 0; i <= last; i++) {
+        if (memcmp(h + i, needle, (size_t)nl) == 0) return h + i;
+    }
+    return NULL;
+}
+
+int sphttp_listen(int port, int reuseport) {
+    int sfd = socket(AF_INET, SOCK_STREAM, 0);
+    if (sfd < 0) return -1;
+
+    int one = 1;
+    setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
+    if (reuseport) {
+#ifdef SO_REUSEPORT
+        setsockopt(sfd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one));
+#endif
+    }
+
+    struct sockaddr_in addr;
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family      = AF_INET;
+    addr.sin_port        = htons((uint16_t)port);
+    addr.sin_addr.s_addr = htonl(INADDR_ANY);
+
+    if (bind(sfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+        close(sfd);
+        return -1;
+    }
+    if (listen(sfd, 128) < 0) {
+        close(sfd);
+        return -1;
+    }
+    return sfd;
+}
+
+int sphttp_accept(int sfd) {
+    return accept(sfd, NULL, NULL);
+}
+
+/* Read until end-of-headers (CRLFCRLF). Stops at buffer-full or EOF.
+ * Returns bytes read (>0), 0 on clean close, -1 on error. */
+int sphttp_read_request(int cfd) {
+    sphttp_req_buf_len_ = 0;
+    sphttp_req_buf_[0]  = '\0';
+
+    while (sphttp_req_buf_len_ < SPHTTP_REQ_BUF_SIZE) {
+        ssize_t n = recv(cfd,
+                         sphttp_req_buf_ + sphttp_req_buf_len_,
+                         (size_t)(SPHTTP_REQ_BUF_SIZE - sphttp_req_buf_len_),
+                         0);
+        if (n == 0) {
+            if (sphttp_req_buf_len_ == 0) return 0;
+            break;
+        }
+        if (n < 0) {
+            if (errno == EINTR) continue;
+            return -1;
+        }
+        sphttp_req_buf_len_ += (int)n;
+        sphttp_req_buf_[sphttp_req_buf_len_] = '\0';
+        if (find_bytes(sphttp_req_buf_, sphttp_req_buf_len_, "\r\n\r\n", 4)) break;
+    }
+    return sphttp_req_buf_len_;
+}
+
+const char *sphttp_request_buf(void) {
+    return sphttp_req_buf_;
+}
+
+int sphttp_request_len(void) {
+    return sphttp_req_buf_len_;
+}
+
+/* Bytes already buffered past end-of-headers, useful for figuring out
+ * how much body the parser needs to drain from the socket. Returns -1
+ * if headers aren't terminated yet. */
+int sphttp_header_end(void) {
+    const char *p = find_bytes(sphttp_req_buf_, sphttp_req_buf_len_, "\r\n\r\n", 4);
+    if (!p) return -1;
+    return (int)(p - sphttp_req_buf_) + 4;
+}
+
+/* Append `n` more bytes from the socket to the body buffer. `off` is
+ * the offset to start writing at (so callers can carry over any body
+ * bytes that came in with the headers). Returns total body length. */
+int sphttp_drain_body(int cfd, int off, int want) {
+    if (off < 0 || off > SPHTTP_BODY_BUF_SIZE) return -1;
+    if (want < 0) return -1;
+    if (off + want > SPHTTP_BODY_BUF_SIZE) return -1;
+
+    int have = off;
+    int target = off + want;
+    while (have < target) {
+        ssize_t n = recv(cfd, sphttp_body_buf_ + have, (size_t)(target - have), 0);
+        if (n == 0) break;
+        if (n < 0) {
+            if (errno == EINTR) continue;
+            return -1;
+        }
+        have += (int)n;
+    }
+    sphttp_body_buf_[have] = '\0';
+    return have;
+}
+
+/* Copy `n` bytes from the request buffer at `src_off` into the body
+ * buffer at `dst_off`. Used when the headers buffer already contains
+ * the start (or all) of the body. */
+int sphttp_copy_body(int src_off, int dst_off, int n) {
+    if (src_off < 0 || n < 0) return -1;
+    if (src_off + n > sphttp_req_buf_len_) return -1;
+    if (dst_off + n > SPHTTP_BODY_BUF_SIZE) return -1;
+    memcpy(sphttp_body_buf_ + dst_off, sphttp_req_buf_ + src_off, (size_t)n);
+    sphttp_body_buf_[dst_off + n] = '\0';
+    return dst_off + n;
+}
+
+const char *sphttp_body_buf(void) {
+    return sphttp_body_buf_;
+}
+
+int sphttp_write_str(int cfd, const char *s) {
+    if (!s) return -1;
+    size_t len = strlen(s);
+    size_t off = 0;
+    while (off < len) {
+        ssize_t n = send(cfd, s + off, len - off, 0);
+        if (n <= 0) {
+            if (n < 0 && errno == EINTR) continue;
+            return -1;
+        }
+        off += (size_t)n;
+    }
+    return (int)off;
+}
+
+/* Open `path`, send the whole file body. Returns bytes sent, or -1 on
+ * error (open, fstat, send). Caller is responsible for emitting the
+ * status line and headers (incl. Content-Length / Content-Type) first. */
+int sphttp_sendfile(int cfd, const char *path) {
+    int fd = open(path, O_RDONLY);
+    if (fd < 0) return -1;
+
+    char buf[16384];
+    int total = 0;
+    for (;;) {
+        ssize_t r = read(fd, buf, sizeof(buf));
+        if (r == 0) break;
+        if (r < 0) {
+            if (errno == EINTR) continue;
+            close(fd);
+            return -1;
+        }
+        ssize_t off = 0;
+        while (off < r) {
+            ssize_t w = send(cfd, buf + off, (size_t)(r - off), 0);
+            if (w <= 0) {
+                if (w < 0 && errno == EINTR) continue;
+                close(fd);
+                return -1;
+            }
+            off += w;
+        }
+        total += (int)r;
+    }
+    close(fd);
+    return total;
+}
+
+/* Returns file size in bytes, or -1 if missing / not a regular file. */
+int sphttp_file_size(const char *path) {
+    struct stat st;
+    if (stat(path, &st) < 0) return -1;
+    if ((st.st_mode & S_IFMT) != S_IFREG) return -1;
+    if (st.st_size > 0x7fffffff) return -1;
+    return (int)st.st_size;
+}
+
+int sphttp_close(int cfd) {
+    return close(cfd);
+}
+
+int sphttp_fork(void) {
+    return (int)fork();
+}
+
+int sphttp_wait_any(void) {
+    int status;
+    return (int)waitpid(-1, &status, 0);
+}
+
+int sphttp_getpid(void) {
+    return (int)getpid();
+}
+
+/* Monotonic-clock pair for request timing. Single static is fine because
+ * a worker handles one request at a time; pipelining is out of scope. */
+static struct timespec sphttp_mark_ts_;
+
+int sphttp_mark_now(void) {
+    clock_gettime(CLOCK_MONOTONIC, &sphttp_mark_ts_);
+    return 0;
+}
+
+int sphttp_elapsed_micros(void) {
+    struct timespec now;
+    clock_gettime(CLOCK_MONOTONIC, &now);
+    long secs  = (long)(now.tv_sec  - sphttp_mark_ts_.tv_sec);
+    long nsecs = (long)(now.tv_nsec - sphttp_mark_ts_.tv_nsec);
+    long total_us = secs * 1000000L + nsecs / 1000L;
+    if (total_us < 0) return 0;
+    if (total_us > 0x7fffffff) return 0x7fffffff;
+    return (int)total_us;
+}
+
+/* ---------- SHA-256 + HMAC for the cookie session store ----------
+ * Compact public-domain SHA-256 implementation, then HMAC on top.
+ * Lifted from tep's lib/tep/sphttp.c — same shim file rather than a
+ * new lib/crypto.c, same playbook as the rest of this file. No link
+ * against libssl/libcrypto. */
+
+static const uint32_t sphttp_sha256_k_[64] = {
+    0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+    0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+    0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+    0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+    0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+    0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+    0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+    0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+};
+
+#define SPHTTP_ROTR(x,n)    (((x) >> (n)) | ((x) << (32 - (n))))
+#define SPHTTP_BSIG0(x)     (SPHTTP_ROTR(x, 2) ^ SPHTTP_ROTR(x,13) ^ SPHTTP_ROTR(x,22))
+#define SPHTTP_BSIG1(x)     (SPHTTP_ROTR(x, 6) ^ SPHTTP_ROTR(x,11) ^ SPHTTP_ROTR(x,25))
+#define SPHTTP_SSIG0(x)     (SPHTTP_ROTR(x, 7) ^ SPHTTP_ROTR(x,18) ^ ((x) >> 3))
+#define SPHTTP_SSIG1(x)     (SPHTTP_ROTR(x,17) ^ SPHTTP_ROTR(x,19) ^ ((x) >> 10))
+#define SPHTTP_CH(x,y,z)    (((x) & (y)) ^ (~(x) & (z)))
+#define SPHTTP_MAJ(x,y,z)   (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+static void sphttp_sha256_block_(uint32_t H[8], const uint8_t b[64]) {
+    uint32_t w[64], sa, sb, sc, sd, se, sf, sg, sh, t1, t2;
+    int i;
+    for (i = 0; i < 16; i++) {
+        w[i] = ((uint32_t)b[i*4] << 24) | ((uint32_t)b[i*4+1] << 16) |
+               ((uint32_t)b[i*4+2] << 8) |  (uint32_t)b[i*4+3];
+    }
+    for (i = 16; i < 64; i++) {
+        w[i] = SPHTTP_SSIG1(w[i-2]) + w[i-7] + SPHTTP_SSIG0(w[i-15]) + w[i-16];
+    }
+    sa=H[0]; sb=H[1]; sc=H[2]; sd=H[3]; se=H[4]; sf=H[5]; sg=H[6]; sh=H[7];
+    for (i = 0; i < 64; i++) {
+        t1 = sh + SPHTTP_BSIG1(se) + SPHTTP_CH(se,sf,sg) + sphttp_sha256_k_[i] + w[i];
+        t2 = SPHTTP_BSIG0(sa) + SPHTTP_MAJ(sa,sb,sc);
+        sh = sg; sg = sf; sf = se; se = sd + t1;
+        sd = sc; sc = sb; sb = sa; sa = t1 + t2;
+    }
+    H[0]+=sa; H[1]+=sb; H[2]+=sc; H[3]+=sd;
+    H[4]+=se; H[5]+=sf; H[6]+=sg; H[7]+=sh;
+}
+
+static void sphttp_sha256_(const uint8_t *msg, size_t len, uint8_t out[32]) {
+    uint32_t H[8] = {
+        0x6a09e667,0xbb67ae85,0x3c6ef372,0xa54ff53a,
+        0x510e527f,0x9b05688c,0x1f83d9ab,0x5be0cd19
+    };
+    uint8_t buf[64];
+    size_t i, full = len & ~((size_t)63);
+    for (i = 0; i < full; i += 64) sphttp_sha256_block_(H, msg + i);
+    size_t rem = len - full;
+    for (i = 0; i < rem; i++) buf[i] = msg[full + i];
+    buf[rem] = 0x80;
+    if (rem >= 56) {
+        for (i = rem + 1; i < 64; i++) buf[i] = 0;
+        sphttp_sha256_block_(H, buf);
+        for (i = 0; i < 56; i++) buf[i] = 0;
+    } else {
+        for (i = rem + 1; i < 56; i++) buf[i] = 0;
+    }
+    uint64_t bits = (uint64_t)len * 8;
+    for (i = 0; i < 8; i++) buf[56 + i] = (uint8_t)(bits >> (56 - 8*i));
+    sphttp_sha256_block_(H, buf);
+    for (i = 0; i < 8; i++) {
+        out[i*4]   = (uint8_t)(H[i] >> 24);
+        out[i*4+1] = (uint8_t)(H[i] >> 16);
+        out[i*4+2] = (uint8_t)(H[i] >> 8);
+        out[i*4+3] = (uint8_t)(H[i]);
+    }
+}
+
+/* HMAC-SHA256(key, msg) -> 32 raw bytes. Streams the (ipad || msg)
+ * inner hash without an extra heap alloc. */
+static void sphttp_hmac_sha256_(const uint8_t *key, size_t klen,
+                                const uint8_t *msg, size_t mlen,
+                                uint8_t out[32]) {
+    uint8_t kpad[64], ipad[64], opad[64], inner[32];
+    size_t i;
+    if (klen > 64) {
+        sphttp_sha256_(key, klen, kpad);
+        for (i = 32; i < 64; i++) kpad[i] = 0;
+    } else {
+        for (i = 0; i < klen; i++) kpad[i] = key[i];
+        for (i = klen; i < 64; i++) kpad[i] = 0;
+    }
+    for (i = 0; i < 64; i++) {
+        ipad[i] = kpad[i] ^ 0x36;
+        opad[i] = kpad[i] ^ 0x5c;
+    }
+    /* inner = SHA256(ipad || msg) — stream the two segments. */
+    {
+        uint32_t H[8] = {
+            0x6a09e667,0xbb67ae85,0x3c6ef372,0xa54ff53a,
+            0x510e527f,0x9b05688c,0x1f83d9ab,0x5be0cd19
+        };
+        sphttp_sha256_block_(H, ipad);
+        uint8_t buf[64];
+        size_t full = mlen & ~((size_t)63);
+        for (i = 0; i < full; i += 64) sphttp_sha256_block_(H, msg + i);
+        size_t rem = mlen - full;
+        for (i = 0; i < rem; i++) buf[i] = msg[full + i];
+        buf[rem] = 0x80;
+        if (rem >= 56) {
+            for (i = rem + 1; i < 64; i++) buf[i] = 0;
+            sphttp_sha256_block_(H, buf);
+            for (i = 0; i < 56; i++) buf[i] = 0;
+        } else {
+            for (i = rem + 1; i < 56; i++) buf[i] = 0;
+        }
+        uint64_t bits = (uint64_t)(64 + mlen) * 8;
+        for (i = 0; i < 8; i++) buf[56 + i] = (uint8_t)(bits >> (56 - 8*i));
+        sphttp_sha256_block_(H, buf);
+        for (i = 0; i < 8; i++) {
+            inner[i*4]   = (uint8_t)(H[i] >> 24);
+            inner[i*4+1] = (uint8_t)(H[i] >> 16);
+            inner[i*4+2] = (uint8_t)(H[i] >> 8);
+            inner[i*4+3] = (uint8_t)(H[i]);
+        }
+    }
+    /* outer = SHA256(opad || inner) */
+    {
+        uint32_t H[8] = {
+            0x6a09e667,0xbb67ae85,0x3c6ef372,0xa54ff53a,
+            0x510e527f,0x9b05688c,0x1f83d9ab,0x5be0cd19
+        };
+        sphttp_sha256_block_(H, opad);
+        uint8_t buf[64];
+        for (i = 0; i < 32; i++) buf[i] = inner[i];
+        buf[32] = 0x80;
+        for (i = 33; i < 56; i++) buf[i] = 0;
+        uint64_t bits = (uint64_t)(64 + 32) * 8;
+        for (i = 0; i < 8; i++) buf[56 + i] = (uint8_t)(bits >> (56 - 8*i));
+        sphttp_sha256_block_(H, buf);
+        for (i = 0; i < 8; i++) {
+            out[i*4]   = (uint8_t)(H[i] >> 24);
+            out[i*4+1] = (uint8_t)(H[i] >> 16);
+            out[i*4+2] = (uint8_t)(H[i] >> 8);
+            out[i*4+3] = (uint8_t)(H[i]);
+        }
+    }
+}
+
+/* Public FFI: HMAC-SHA256 with the result as a 64-char hex string in
+ * a static buffer. key and msg are NUL-terminated (Spinel's :str passes
+ * no length) — adequate for cookie use, where the secret has no
+ * embedded NULs and the message is URL-encoded (also NUL-free). The
+ * next call clobbers the buffer. */
+static char sphttp_hmac_hex_buf_[65];
+
+const char *sphttp_hmac_sha256_hex(const char *key, const char *msg) {
+    uint8_t out[32];
+    sphttp_hmac_sha256_((const uint8_t *)key, strlen(key),
+                        (const uint8_t *)msg, strlen(msg),
+                        out);
+    static const char H[] = "0123456789abcdef";
+    int i;
+    for (i = 0; i < 32; i++) {
+        sphttp_hmac_hex_buf_[i*2]   = H[(out[i] >> 4) & 0xf];
+        sphttp_hmac_hex_buf_[i*2+1] = H[out[i] & 0xf];
+    }
+    sphttp_hmac_hex_buf_[64] = '\0';
+    return sphttp_hmac_hex_buf_;
+}
+
+/* base64url alphabet (RFC 4648 §5) — `+`/`/` replaced by `-`/`_`. No
+ * padding. For future JWT signing; JWT's JOSE encoding wants the raw
+ * 32-byte HMAC base64url'd directly, never hex. */
+static const char SPHTTP_B64U[65] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
+static char sphttp_hmac_b64url_buf_[44];
+
+const char *sphttp_hmac_sha256_b64url(const char *key, const char *msg) {
+    uint8_t out[32];
+    sphttp_hmac_sha256_((const uint8_t *)key, strlen(key),
+                        (const uint8_t *)msg, strlen(msg),
+                        out);
+    /* 32 bytes -> 43 chars (no padding): 10 full 3-byte groups
+     * (30 bytes -> 40 chars) + 1 group of 2 bytes (-> 3 chars). */
+    int i, j = 0;
+    for (i = 0; i + 3 <= 32; i += 3) {
+        uint32_t v = ((uint32_t)out[i] << 16)
+                   | ((uint32_t)out[i+1] << 8)
+                   | (uint32_t)out[i+2];
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 18) & 0x3f];
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 12) & 0x3f];
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 6)  & 0x3f];
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[v & 0x3f];
+    }
+    if (i < 32) {
+        uint32_t v = ((uint32_t)out[i] << 16)
+                   | (i + 1 < 32 ? ((uint32_t)out[i+1] << 8) : 0);
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 18) & 0x3f];
+        sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 12) & 0x3f];
+        if (i + 1 < 32) {
+            sphttp_hmac_b64url_buf_[j++] = SPHTTP_B64U[(v >> 6) & 0x3f];
+        }
+    }
+    sphttp_hmac_b64url_buf_[j] = '\0';
+    return sphttp_hmac_b64url_buf_;
+}