kyle
/
VS_CODE
forked from wesvirus/VS_CODE


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							#ifndef HTTP_SERVER

    #define HTTP_SERVER
    #include <stdlib.h>
    #include <string.h>
    #include <stdio.h>
    #include <time.h>
    #include <locale.h>
    #include <stdint.h>
    
    // turn on the header debug message, prints only http header response
    //#define PRINT_RESPONSE_HEADER

    
    #ifdef ENABLE_CORS_SUPER_FUN_TIME
    /*  Cross-Origin Resource Sharing was thought up by some people at Tellme
     *  Networks around 2004.  In 2007 Msft bought Tellme Networks for a little
     *  under a billion dollars and then fired everyone five years later.
     *  The WebApps Working Group at W3C thought, hey, this idea sounds pretty
     *  good and added it as a "W3C Recommendation" in 2009.  Slowly browsers
     *  started incorporating the idea into their browsers and now when a page
     *  requests a resource to a different origin (protocol, domain or port)
     *  the request is blocked.  The idea was supposedly put in place protect
     *  users.  My opinion is that it is a half measure that helps make the
     *  Internet a much more dangerous place.
     *  The idea is that a browser will prevent a javascript virtual machine
     *  from doing something that might allow an adversarial program in another
     *  javascript virtual machine to misuse credentials that were originally
     *  intended for the primary application.
     *  This is fine, well at least the idea of stopping the adversarial
     *  application, but what browsers consider an adversarial program and the
     *  sweeping implementation is ridiculous.  And then there are the
     *  exceptions, any server can turn off the protection, including any
     *  man-in-the-middle server, the extra fun part is the user has no control
     *  and has no way to determine if the protection is active.  Yay!
     *  It seems to me that CORS was really meant as cheap way for crap
     *  companies to limit the number of customer complaint issues that could
     *  crop up when they make bad decisions to load adversarial code into
     *  customers browsers.  The benefit, from the perspective of a one of these
     *  companies: "I want to load some advertisements into your browser, but I
     *  do not know if they are safe, they should be able to run arbitrary code
     *  on your machine because they pay me more for this capability.  I have no
     *  way of controlling the advertiser's code so I made a deal with the major
     *  browser manufacturers to blcok the possibility of incurring any cost to
     *  me by preventing them from accessing resources on my servers." -- This
     *  was all good and fine until they realized they had shot themselves in
     *  the foot.  Sometimes they wanted to run arbitrary code against any
     *  server, but the foot was already shot.  So they added an exception, the
     *  Access-Control-Allow-Origin header.  Any server that sends this header
     *  can control the CORS policy on the remote browser.
     *
     *  Use the Access-Control-Allow-Origin header so that the client browser
     *  will ignore checking restrictions on the specified origin when
     *  checking it's CORS policy. An asterisk represents any origin, otherwise
     *  just specify URL eg: protocol://domain.com:{port}
     */
    #define CORS_ANY "*"
    // replace with whatever URL will be making requests of this server
    #define CORS_URL CORS_ANY
    #define CORS_ACCEPT_HEADER "Access-Control-Allow-Origin: " CORS_URL "\r\n"
    #define OPTIONAL_CORS_HEADER CORS_ACCEPT_HEADER
    #else
    #define OPTIONAL_CORS_HEADER ""
    #endif


    // The HTTP/1.1 Semantics and Content RFC has a fixed length date format
    #define RFC7231_DATE_LENGTH 29

    /*  Typical header from Apache 2 with mod_php on Ubuntu:
     *
     *  HTTP/1.1 200 OK
     *  Date: Tue, 11 Aug 2020 15:29:59 GMT
     *  Server: Apache/2.2.22 (Ubuntu)
     *  X-Powered-By: PHP/5.3.10-1ubuntu3.26
     *  Vary: Accept-Encoding
     *  Content-Encoding: gzip
     *  Content-Length: 2385
     *  Keep-Alive: timeout=5, max=100
     *  Connection: Keep-Alive
     *  Content-Type: text/html 
     */
    #define TYPICAL_HEADER \
        "HTTP/1.1 200 OK\r\n" \
        "Date: %s\r\n" \
        "Server: Ookaak\r\n" \
        "Content-Length: %d\r\n" \
        OPTIONAL_CORS_HEADER \
        "Content-Type: text/html\r\n" \
        "\r\n"

    /*  keep track of the number of substitutions that are made in the
     *  TYPICAL_HEADER so that later on the length of the header can be
     *  determined
     *        1 (Date header %s)
     *      + 1 (Content-Length header %d)
     *  -------
     *        2 (number of substitutions)
     */
    #define TYPICAL_HEADER_FORMAT_SUBSTITUTIONS 2

    char * responseHeader(int docLen, int *outLen);
	
	// example use for response header
	char *httpEcho(char *s, int len, int *limit);

    uint16_t intLen(uint16_t i);

#endif