Comments (8)
To explain the debug output. The Content-Length is 2661 bytes but SimpleRequest.body.len shows only 157 bytes.
This problem won't show up if the embedded file is text. I have a feeling there is some kind of C -> Zig error.
from zap.
I can verify that facil.io indeed has the full body in the request. The binary data is causing zero-delimited sentinel to fail. I now use body.ptr[0..length]
instead of Simple.Request.body
to properly parse body for multipart form. Of course I'm duplicating the work facil.io already does fio.http_parse_body(self.h)
but I don't know how to retrieve the result of SimpleRequest.parseBody()
for multipart form. Not sure how to get it from parameters because the value of the parameter is shown to be null
when I use SimpleRequest.parseBody()
and then getParametersToOwnedSlices()
.
The current code in Zap is assigning .body = util.fio2str(r.*.body)
, I believe the proper way is to get the length from "content-length" and then calling r.*.body[0..length]
because there could be null
(zero) in the body.
from zap.
You're right. The current implementation using fio2str assuming text-data. Mime-encoded 'binary' data would be handled by that. But real binary data cannot. This is a flaw and requires a bit of thought to get it fixed. We may be lucky and your proposed fix will work without side-effects. Then, at least you should be able to use the SimpleRequest.body
. Using the length from 'content-length' may be problematic as it would open zap up to potential segfault / panic attacks by pretending to send n bytes in content-length but actually sending less bytes -> zap tries to access random memory. So, the body length must be somewhere in facilio - we should use that IMHO
from zap.
OK, I fixed the SimpleRequest.body (in the bindata branch FYI). Alas, when trying to access the binary parameter, facilio seems to treat the value as a hashmap which is not supported by zap. I'm investigating...
[EDIT]: OK, seems non-trivial. When I receive a binary file via curl in a multipart form, facilio creates a hashmap containing filename, mimetype, and data. The data itself seems to "must be" read() from, apparently. I'll try to wrap this so all you get are u8 slices.
from zap.
Dammit. When I try to read from the data, it doesn't work, and pretends to be 0 bytes long. Check out the bindata branch if you like to check what I might have f-ed up.
from zap.
@renerocksai thanks for keeping at it. I'll take a look. I agree with not being able to trust "Content-Length" for attacks but there really is no other way unless facil.io can count the number of bytes coming in the pipe directly.
I see a big portion of the code in facil.io parsing the form-data but I just did my own parsing.
One stop gap solution would be checking the content-type and only do the body parsing and "trusting" content-length if we get the special binary form-data content-type.
The problem is what does the server do by default if it receives the data? One way is to register a callback so that the callback is called for each binary file parsed and the callback can do whatever (like saving the file which is what I do right now.
from zap.
See https://github.com/zigzap/zap/blob/master/examples/bindataformpost/bindataformpost.zig
There, I iterate over the parametersToOwnedList and check the tag of the params. If it's a binary file, I print it. You could add all other types or an else branch there according to your needs. It might be a bigger pain in the a.. having to check them all but in the else branch you know it's not a file so you could getParamStr(paramname) and retrieve the string version as usual
from zap.
in fact, I just updated the example to showcase this usecase
from zap.
Related Issues (20)
- Build error HOT 2
- Deprecated LazyPath breaks with Zig master HOT 1
- Connect database HOT 1
- TLS + Multiple threads will crash the process randomly HOT 2
- zig errors on variables that need to be treated as const instead of var HOT 1
- Failure To Build: panic: unable to find artifact 'facil.io' HOT 2
- Build error using TLS HOT 5
- Re-add the -Dopenssl option to zap build HOT 3
- TLS - Random requests stalling & occasional segfault [raspi aarch64] HOT 19
- Exposé API for fetching MIME type for given extension HOT 4
- Add `std.io.Writer` and `std.io.Reader` support for `zap.SimpleRequest` HOT 4
- Represent request method as enum instead of string HOT 1
- Zap won't compile on Microsoft Windows. HOT 2
- Zig as a starter HOT 13
- Failure to compile facil.io : unable to build C object: clang exited with code 1 HOT 2
- RequestHandler doesn't work with multiple invocations where self is the same type HOT 3
- hot-code reloading or swapping HOT 1
- Segfault after 60 seconds of inactivity HOT 12
- Add examples/tests for getHeaderCommon
- Maximum number of concurrent requests per Zap process HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zap.