Merge branch 'main' into lm/restrict-content-type

author: Liam Mitchell <[email protected]> 2026-03-09 19:06:36 -0700
committer: Liam Mitchell <[email protected]> 2026-03-09 19:06:36 -0700
commit: d1abc50ee9d4fb72efc646e17decafea741caa34 (patch)
tree: e4288e00f2f7ca0391b83d986efcb69d3ba66a83 /src/zenhttp/servers/httpparser.cpp
parent: Allow requests with invalid content-types unless specified in command line or... (diff)
parent: updated chunk–block analyser (#818) (diff)
download: zen-d1abc50ee9d4fb72efc646e17decafea741caa34.tar.xz
zen-d1abc50ee9d4fb72efc646e17decafea741caa34.zip
1 files changed, 99 insertions, 56 deletions
diff --git a/src/zenhttp/servers/httpparser.cpp b/src/zenhttp/servers/httpparser.cpp
index 93094e21b..918b55dc6 100644
--- a/src/zenhttp/servers/httpparser.cpp
+++ b/src/zenhttp/servers/httpparser.cpp
@@ -12,13 +12,17 @@ namespace zen {
 
 using namespace std::literals;
 
-static constinit uint32_t HashContentLength = HashStringAsLowerDjb2("Content-Length"sv);
-static constinit uint32_t HashContentType	= HashStringAsLowerDjb2("Content-Type"sv);
-static constinit uint32_t HashAccept		= HashStringAsLowerDjb2("Accept"sv);
-static constinit uint32_t HashExpect		= HashStringAsLowerDjb2("Expect"sv);
-static constinit uint32_t HashSession		= HashStringAsLowerDjb2("UE-Session"sv);
-static constinit uint32_t HashRequest		= HashStringAsLowerDjb2("UE-Request"sv);
-static constinit uint32_t HashRange			= HashStringAsLowerDjb2("Range"sv);
+static constexpr uint32_t HashContentLength		  = HashStringAsLowerDjb2("Content-Length"sv);
+static constexpr uint32_t HashContentType		  = HashStringAsLowerDjb2("Content-Type"sv);
+static constexpr uint32_t HashAccept			  = HashStringAsLowerDjb2("Accept"sv);
+static constexpr uint32_t HashExpect			  = HashStringAsLowerDjb2("Expect"sv);
+static constexpr uint32_t HashSession			  = HashStringAsLowerDjb2("UE-Session"sv);
+static constexpr uint32_t HashRequest			  = HashStringAsLowerDjb2("UE-Request"sv);
+static constexpr uint32_t HashRange				  = HashStringAsLowerDjb2("Range"sv);
+static constexpr uint32_t HashAuthorization		  = HashStringAsLowerDjb2("Authorization"sv);
+static constexpr uint32_t HashUpgrade			  = HashStringAsLowerDjb2("Upgrade"sv);
+static constexpr uint32_t HashSecWebSocketKey	  = HashStringAsLowerDjb2("Sec-WebSocket-Key"sv);
+static constexpr uint32_t HashSecWebSocketVersion = HashStringAsLowerDjb2("Sec-WebSocket-Version"sv);
 
 //////////////////////////////////////////////////////////////////////////
 //
@@ -142,41 +146,62 @@ HttpRequestParser::ParseCurrentHeader()
 	const uint32_t HeaderHash		  = HashStringAsLowerDjb2(HeaderName);
 	const int8_t   CurrentHeaderIndex = int8_t(CurrentHeaderCount - 1);
 
-	if (HeaderHash == HashContentLength)
+	switch (HeaderHash)
 	{
-		m_ContentLengthHeaderIndex = CurrentHeaderIndex;
-	}
-	else if (HeaderHash == HashAccept)
-	{
-		m_AcceptHeaderIndex = CurrentHeaderIndex;
-	}
-	else if (HeaderHash == HashContentType)
-	{
-		m_ContentTypeHeaderIndex = CurrentHeaderIndex;
-	}
-	else if (HeaderHash == HashSession)
-	{
-		m_SessionId = Oid::TryFromHexString(HeaderValue);
-	}
-	else if (HeaderHash == HashRequest)
-	{
-		std::from_chars(HeaderValue.data(), HeaderValue.data() + HeaderValue.size(), m_RequestId);
-	}
-	else if (HeaderHash == HashExpect)
-	{
-		if (HeaderValue == "100-continue"sv)
-		{
-			// We don't currently do anything with this
-			m_Expect100Continue = true;
-		}
-		else
-		{
-			ZEN_INFO("Unexpected expect - Expect: {}", HeaderValue);
-		}
-	}
-	else if (HeaderHash == HashRange)
-	{
-		m_RangeHeaderIndex = CurrentHeaderIndex;
+		case HashContentLength:
+			m_ContentLengthHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashAccept:
+			m_AcceptHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashContentType:
+			m_ContentTypeHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashAuthorization:
+			m_AuthorizationHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashSession:
+			m_SessionId = Oid::TryFromHexString(HeaderValue);
+			break;
+
+		case HashRequest:
+			std::from_chars(HeaderValue.data(), HeaderValue.data() + HeaderValue.size(), m_RequestId);
+			break;
+
+		case HashExpect:
+			if (HeaderValue == "100-continue"sv)
+			{
+				// We don't currently do anything with this
+				m_Expect100Continue = true;
+			}
+			else
+			{
+				ZEN_INFO("Unexpected expect - Expect: {}", HeaderValue);
+			}
+			break;
+
+		case HashRange:
+			m_RangeHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashUpgrade:
+			m_UpgradeHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashSecWebSocketKey:
+			m_SecWebSocketKeyHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		case HashSecWebSocketVersion:
+			m_SecWebSocketVersionHeaderIndex = CurrentHeaderIndex;
+			break;
+
+		default:
+			break;
 	}
 }
 
@@ -220,11 +245,6 @@ NormalizeUrlPath(std::string_view InUrl, std::string& NormalizedUrl)
 				NormalizedUrl.reserve(UrlLength);
 				NormalizedUrl.append(Url, UrlIndex);
 			}
-
-			if (!LastCharWasSeparator)
-			{
-				NormalizedUrl.push_back('/');
-			}
 		}
 		else if (!NormalizedUrl.empty())
 		{
@@ -305,6 +325,7 @@ HttpRequestParser::OnHeadersComplete()
 
 			if (ContentLength)
 			{
+				// TODO: should sanity-check content length here
 				m_BodyBuffer = IoBuffer(ContentLength);
 			}
 
@@ -324,9 +345,9 @@ HttpRequestParser::OnHeadersComplete()
 int
 HttpRequestParser::OnBody(const char* Data, size_t Bytes)
 {
-	if (m_BodyPosition + Bytes > m_BodyBuffer.Size())
+	if ((m_BodyPosition + Bytes) > m_BodyBuffer.Size())
 	{
-		ZEN_WARN("HTTP parser incoming body is larger than content size, need {} more bytes",
+		ZEN_WARN("HTTP parser incoming body is larger than content size, need {} more buffer bytes",
 				 (m_BodyPosition + Bytes) - m_BodyBuffer.Size());
 		return 1;
 	}
@@ -337,7 +358,7 @@ HttpRequestParser::OnBody(const char* Data, size_t Bytes)
 	{
 		if (m_BodyPosition != m_BodyBuffer.Size())
 		{
-			ZEN_WARN("Body mismatch! {} != {}", m_BodyPosition, m_BodyBuffer.Size());
+			ZEN_WARN("Body size mismatch! {} != {}", m_BodyPosition, m_BodyBuffer.Size());
 			return 1;
 		}
 	}
@@ -353,13 +374,18 @@ HttpRequestParser::ResetState()
 
 	m_HeaderEntries.clear();
 
-	m_ContentLengthHeaderIndex = -1;
-	m_AcceptHeaderIndex		   = -1;
-	m_ContentTypeHeaderIndex   = -1;
-	m_RangeHeaderIndex		   = -1;
-	m_Expect100Continue		   = false;
-	m_BodyBuffer			   = {};
-	m_BodyPosition			   = 0;
+	m_ContentLengthHeaderIndex		 = -1;
+	m_AcceptHeaderIndex				 = -1;
+	m_ContentTypeHeaderIndex		 = -1;
+	m_RangeHeaderIndex				 = -1;
+	m_AuthorizationHeaderIndex		 = -1;
+	m_UpgradeHeaderIndex			 = -1;
+	m_SecWebSocketKeyHeaderIndex	 = -1;
+	m_SecWebSocketVersionHeaderIndex = -1;
+	m_RequestVerb					 = HttpVerb::kGet;
+	m_Expect100Continue				 = false;
+	m_BodyBuffer					 = {};
+	m_BodyPosition					 = 0;
 
 	m_HeaderData.clear();
 	m_NormalizedUrl.clear();
@@ -416,4 +442,21 @@ HttpRequestParser::OnMessageComplete()
 	}
 }
 
+bool
+HttpRequestParser::IsWebSocketUpgrade() const
+{
+	std::string_view Upgrade = GetHeaderValue(m_UpgradeHeaderIndex);
+	if (Upgrade.empty())
+	{
+		return false;
+	}
+
+	// Case-insensitive check for "websocket"
+	if (Upgrade.size() != 9)
+	{
+		return false;
+	}
+	return StrCaseCompare(Upgrade.data(), "websocket", 9) == 0;
+}
+
 }  // namespace zen
author	Liam Mitchell <[email protected]>	2026-03-09 19:06:36 -0700
committer	Liam Mitchell <[email protected]>	2026-03-09 19:06:36 -0700
commit	d1abc50ee9d4fb72efc646e17decafea741caa34 (patch)
tree	e4288e00f2f7ca0391b83d986efcb69d3ba66a83 /src/zenhttp/servers/httpparser.cpp
parent	Allow requests with invalid content-types unless specified in command line or... (diff)
parent	updated chunk–block analyser (#818) (diff)
download	zen-d1abc50ee9d4fb72efc646e17decafea741caa34.tar.xz zen-d1abc50ee9d4fb72efc646e17decafea741caa34.zip