160 Commits

Author SHA1 Message Date
chme
b18b76413d [httpd] Fix parsing of uri into path parts with encoded '/' (%2F)
In path with an encoded '/' character, the parsing of the path into
parts was wrong.

E. g. an uri like
'/api/library/composers/Adam%20Gardner%2FDavid%20Schneider' would result
in the following parts:

- path_part[0] = "/api"
- path_part[1] = "library"
- path_part[2] = "composer"
- path_part[3] = "Adam Gardner"
- path_part[4] = "David Schneider"

Doing the decode after splitting the uri into parts fixes this and
results in:

- path_part[0] = "api"
- path_part[1] = "library"
- path_part[2] = "composer"
- path_part[3] = "Adam Gardner/David Schneider"
2022-03-31 20:51:00 +02:00
ejurgensen
334beb1cfa [httpd] Coverity fixups 2022-01-20 20:17:38 +01:00
Christian Meffert
3a9589c25b
Merge pull request #1282 from chme/httpd_webroot
[httpd] Dereference web root directory to allow symlinks
2021-07-09 09:56:06 +02:00
ejurgensen
d2f4efa1bf [misc] Centralize thread naming plus name websocket thread 2021-07-05 21:40:31 +02:00
chme
93b9740233 [httpd] Dereference web root directory to allow symlinks 2021-07-04 11:41:39 +02:00
ejurgensen
5f1686695a [-] Name update forked-daapd -> owntone throughout the code 2021-04-24 23:54:20 +02:00
ejurgensen
d4711decdc [httpd] Bind via misc.c's net_xxx methods 2021-03-31 23:55:25 +02:00
ejurgensen
7871d71a9c [misc] Add utility network functions, incl configurable addr binding
Also make misc.c/h a bit less messy.
2021-03-31 23:55:25 +02:00
ejurgensen
19635e61ec [httpd] Fix scan-build make warning from commit 3a03c74
Potential buffer overflow
2021-03-15 21:59:40 +01:00
chme
3a03c74f91 Deny access to files outside the web root directory 2021-03-14 09:08:16 +01:00
chme
13e8103962 [httpd/spotify] Remove redirect to legacy admin.html page 2020-11-22 10:27:10 +01:00
chme
d29f56f3eb [httpd] Add "max-age=0" to Cache-Control header to force browsers to
always revalidate cached content
2020-09-27 19:13:07 +02:00
chme
dd811e6c70 [jsonapi] Prevent browsers to cache playlist tracks
The tracks of a smart playlist might change between library rescans.
Allowing them to be cached based on the last rescan timestamp
("Last-Modified" header in the response) leads to potentially showing
incorrect track listing if a cached version is used. Thus the response
for playlist tracks should never be cached by the browser (this is
achieved with setting "Cache-Control" header to "no-store").
2020-09-27 19:13:07 +02:00
ejurgensen
5e6b5fbe8a [httpd/logger] Use gmtime_r/localtime_r instead of gmtime/localtime
gmtime and localtime are not thread safe

credit lgtm.com
2020-08-10 22:23:21 +02:00
ejurgensen
1c08b75ce5 [httpd] Improve log and error message 2020-04-15 16:00:18 +02:00
ejurgensen
5736217315 [db] Change prototype of db_admin_getxxx() functions
Makes it possible for caller to distinguish between "not set" and "set to 0".
2020-02-23 20:30:35 +01:00
chme
662bfa529b [httpd] Force browsers to always revalidate their cached versions
Setting Cache-Control to "no-cache" tells a client to always make a
request to check if the version in the client cache is still valid
(response code 403 not modified).
2019-10-26 12:01:15 +02:00
whatdoineed2do/Ray
554799ebc3 [streaming/xcode] configurable MP3 streaming bitrate 2019-09-22 22:58:32 +02:00
ejurgensen
1752901529 [misc] Change b64_* to wrap ffmpeg's base64 encoder/decoder
Using ffmpeg's is probably better than having our own, plus it provides us with
decoded length, which we will need to support artwork via pipe.
2019-09-20 21:47:17 +02:00
ejurgensen
4ab734343c [-] Free events on exit (turns out event_base_free does not free them)
Credit @whatdoineed2do, ref. pr #797
2019-09-09 22:23:00 +02:00
ejurgensen
53780a7ef3 [xcode] Make sample rate + channels variable
This change is preparation to use ffmpeg's resampling capabilities to keep local
audio in sync (by up/downsampling slightly). This requires that sample rates are
not fixed for a transcode profile.

Added benefit of this is that we don't need quite as many xcode profiles.
2019-04-02 22:47:11 +02:00
ejurgensen
41126d7be4 [artworkapi/jsonapi] Retrieve artwork for track/album/artist 2018-10-07 21:54:38 +02:00
whatdoineed2do
8b7c19a299 [httpd] allow webdir (htdocs) to be symlink to dir 2018-08-18 11:34:03 +01:00
chme
ae3e0b6bf5 [httpd] Lower log level if file is not found 2018-04-26 22:20:27 +02:00
chme
d15018cb99 [httpd/jsonapi] Add cache control headers to some json api endpoints
Adds utility functions to httpd.c for checking the request headers for
either an "If-None-Match" or an "If-Not-Modified-Since" headers. If the
header value is found and it matches the current value for the requested
resource, we return early with a http response code 403 (Not Modified).
If the request header value is not present or does not match we add the
current ETag/Last-Modified values to the response headers and process
the request normally.
2018-04-15 22:11:40 +02:00
chme
d59e62312a [httpd] Allow cross origin POST, PUT, DELETE, OPTIONS requests
If the web interface is hosted on a different server, this is required
to allow sending e. g. post/put requests to control outputs.
2018-03-14 19:12:20 +01:00
chme
a764fb3c52 [httpd] Serve index.html if requested source is a directory
Defaults to an index.html file instead of redirecting to admin.html. It
will not redirect to index.html, but instead serve the file (if exists)
directly. This allows nicer uris in the webinterface.

We will still redirect to admin.html if no index.html is found for
requests to http://ip:port/
2018-03-14 19:12:20 +01:00
chme
1379ef235c [httpd] Support assigning request methods to uri handlers 2018-02-15 19:19:13 +01:00
chme
d4b05e98ae [httpd] Add PUT and DELETE to the allowed http request methods 2018-02-10 10:39:32 +01:00
ejurgensen
4da45bdfab [httpd] Parser should allow queries that are not key/value
E.g. http://prem3.di.fm:80/progressive_hi?my_premium_key
2018-01-08 20:13:05 +01:00
chme
7083c65314 [main/httpd] Configurable web root directory over cli parameter 2017-12-03 10:46:50 +01:00
ejurgensen
a6fab4ac0d [httpd/mpd] Adjustments to commit #69ff42f 2017-11-15 23:13:20 +01:00
Wolfgang Scherer
69ff42fc6a [mpd] apply trusted_networks to MPD 2017-11-15 22:29:22 +01:00
ejurgensen
3d5aeda7aa [httpd] Implement "trusted_networks" option
Some clients aren't really capable of authenticating + some users probably
don't want to enter a password for the web interface. This option allows
clients on for instance the local network to connect without authentication.
2017-11-12 21:29:57 +01:00
ejurgensen
6d937469f5 [httpd] Decrease log level of stream complete messages 2017-11-11 22:20:09 +01:00
ejurgensen
473a29ef8a [httpd] More refactoring, reduce code duplication in the httpd_xxx modules 2017-11-11 22:20:09 +01:00
ejurgensen
9ed810d9df [httpd] Refactor httpd.c
- move stuff around and clean up
- put oauth out in own module like the other modules
2017-11-11 22:20:09 +01:00
ejurgensen
709d99d4c4 [httpd] Major refactor of the httpd request handling
Make it easier to add new parameters later, get rid of redundant code, clean
up, align between httpd_xxx modules and introduce new bugs. Yes, the refactor
got a bit out of hand.
2017-11-11 22:20:09 +01:00
ejurgensen
eff9e6ebeb [httpd] Add promiscuous mode option, i.e. no auth requirements
For people who want to avoid the web login, or want to get around pairing
problems. This is also added because commit #e59a1a1 means that all
Remotes are now subject to auth, not just those with a user-agent name that
starts with "Remote".
2017-11-11 22:20:09 +01:00
ejurgensen
7cc9a8b02b [httpd] Fix unused label when compiling without libwebsockets 2017-09-16 17:01:51 +02:00
chme
6c45b808c0 [httpd/jsonapi] Fix unused variables when compiling without (#421)
--enable-spotify
2017-09-16 12:37:32 +02:00
ejurgensen
f8c442ba38 [configure] Change so we enable/disable websockets based on libwebsockets >= 2.0.2 presence 2017-09-16 00:05:50 +02:00
ejurgensen
546362980b Merge pull request #408 from chme/web
Add a web api and a webinterface
2017-09-15 23:15:49 +02:00
chme
ecfea82234 [httpd/spotify] Redirect to admin.html, remove old oauth interface 2017-09-15 18:49:04 +02:00
chme
75eb5420fd [httpd/websocket/conf] Initial websocket implementation
If enabled (default) requires libwebsockets >= 2.0.2, can be disabled
with configure option --disable-websocket.
2017-09-15 07:14:08 +02:00
chme
0abf195347 [httpd/json] Add json api to httpd 2017-09-15 07:07:17 +02:00
chme
f1e706ee8f [httpd] Allow browsers to cache static files
Setting the response headers "Cache-Control" and "Last-Modified" results
in clients being able to cache the response. For a subsequent request
for the same file, the browser sets the request header
"If-Modified-Since" with the value from "Last-Modified" from the last
response. The server (httpd.c) checks if the file has been modified and
if not returns HTTP 304 Not Modified.
2017-09-15 07:01:53 +02:00
chme
9275f7a938 [httpd] Expose function for authenticating admin requests 2017-09-15 06:56:24 +02:00
chme
1d49413070 [httpd/conf] Fix serving files from WEB_ROOT folder and enforce setting
the admin password

Changes the default for the admin password to be unset, by default only
allowing access to the WEB_ROOT files if accessed from localhost.
2017-09-15 06:56:24 +02:00
ejurgensen
c27448418c [httpd/mpd] Make sure daemons listen on both ipv4 and ipv6 if enabled
Before setting ipv6 = enabled on FreeBSD would make the daemon not listen on ipv4
2017-09-07 23:14:18 +02:00