Update definitions.lua with latest progress (#852)

* Update definitions.lua with latest progress * Remove duplicate definition
2025-02-12 09:17:53 +00:00 · 2023-07-23 19:14:55 +01:00 · 2023-07-23 19:14:55 +01:00 · ac92f25296
commit ac92f25296
parent 0ffc0dd461
1 changed files with 235 additions and 21 deletions
--- a/tool/net/definitions.lua
+++ b/tool/net/definitions.lua
@ -52,8 +52,6 @@ FLAGS
  -b        log message bodies
  -a        log resource usage
  -g        log handler latency
  -e        eval Lua code in arg
  -F        eval Lua code in file
  -E        show crash reports to public ips
  -j        enable ssl client verify
  -k        disable ssl fetch verify
@ -68,6 +66,8 @@ FLAGS
  -v        increase verbosity                [repeatable]
  -V        increase ssl verbosity            [repeatable]
  -S        increase pledge sandboxing        [repeatable]
  -e CODE   eval Lua code in arg              [repeatable]
  -F PATH   eval Lua code in file             [repeatable]
  -H K:V    sets http header globally         [repeatable]
  -D DIR    overlay assets in local directory [repeatable]
  -r /X=/Y  redirect X to Y                   [repeatable]
@ -644,6 +644,8 @@ function OnWorkerStop() end
 ---@alias uint32 integer Unsigned 32-bit integer
 ---@alias uint16 integer Unsigned 16-bit integer
 ---@alias uint8 integer Unsigned 8-bit integer
 ---@alias int8 integer Signed 8-bit integer
 ---@class EncoderOptions
 ---@field useoutput boolean? defaults to `false`. Encodes the result directly to the output buffer and returns `nil` value. This option is ignored if used outside of request handling code.
@ -733,6 +735,23 @@ function LaunchBrowser(path) end
 ---@nodiscard
 function CategorizeIp(ip) end
 --- Turns ISO-8859-1 string into UTF-8.
 ---@param iso_8859_1 string
 ---@return string UTF8
 ---@nodiscard
 function DecodeLatin1(iso_8859_1) end
 --- Turns binary into ASCII base-16 hexadecimal lowercase string.
 ---@param binary string
 ---@return string ascii
 function EncodeHex(binary) end
 --- Turns ASCII base-16 hexadecimal byte string into binary string,
 --- case-insensitively. Non-hex characters may not appear in string.
 ---@param ascii string
 ---@return string binary
 function DecodeHex(ascii) end
 --- Decodes binary data encoded as base64.
 ---
 --- This turns ASCII into binary, in a permissive way that ignores
@ -744,13 +763,6 @@ function CategorizeIp(ip) end
 ---@nodiscard
 function DecodeBase64(ascii) end
 --- Turns ISO-8859-1 string into UTF-8.
 ---
 ---@param iso_8859_1 string
 ---@return string UTF8
 ---@nodiscard
 function DecodeLatin1(iso_8859_1) end
 --- Turns binary into ASCII. This can be used to create HTML data:
 --- URIs that do things like embed a PNG file in a web page. See
 --- encodebase64.c.
@ -992,13 +1004,13 @@ function EncodeLatin1(utf8, flags) end
 --- and everything else gets `%XX` encoded. Please note that `'&` can still break
 --- HTML and that `'()` can still break CSS URLs. This function is charset agnostic
 --- and will not canonicalize overlong encodings. It is assumed that a UTF-8 string
--- will be supplied. See `kescapefragment.c`.
+--- will be supplied. See `kescapefragment.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
 function EscapeFragment(str) end
--- Escapes URL host. See `kescapeauthority.c`.
+--- Escapes URL host. See `kescapeauthority.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
@ -1022,13 +1034,13 @@ function EscapeLiteral(str) end
 --- Escapes URL parameter name or value. The allowed characters are `-.*_0-9A-Za-z`
 --- and everything else gets `%XX` encoded. This function is charset agnostic and
 --- will not canonicalize overlong encodings. It is assumed that a UTF-8 string
--- will be supplied. See `kescapeparam.c`.
+--- will be supplied. See `kescapeparam.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
 function EscapeParam(str) end
--- Escapes URL password. See `kescapeauthority.c`.
+--- Escapes URL password. See `kescapeauthority.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
@ -1039,7 +1051,7 @@ function EscapePass(str) end
 --- gets `%XX` encoded. Please note that `'&` can still break HTML, so the output
 --- may need EscapeHtml too. Also note that `'()` can still break CSS URLs. This
 --- function is charset agnostic and will not canonicalize overlong encodings.
--- It is assumed that a UTF-8 string will be supplied. See `kescapepath.c`.
+--- It is assumed that a UTF-8 string will be supplied. See `kescapepath.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
@ -1050,13 +1062,13 @@ function EscapePath(str) end
 --- else gets `%XX` encoded. Please note that `'&` can still break HTML, so the
 --- output may need EscapeHtml too. Also note that `'()` can still break CSS URLs.
 --- This function is charset agnostic and will not canonicalize overlong encodings.
--- It is assumed that a UTF-8 string will be supplied. See `kescapesegment.c`.
+--- It is assumed that a UTF-8 string will be supplied. See `kescapesegment.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
 function EscapeSegment(str) end
--- Escapes URL username. See `kescapeauthority.c`.
+--- Escapes URL username. See `kescapeauthority.S`.
 ---@param str string
 ---@return string
 ---@nodiscard
@ -1082,6 +1094,16 @@ function EvadeDragnetSurveillance(bool) end
 --- - `maxredirects` (default: `5`): sets the number of allowed redirects to
 ---   minimize looping due to misconfigured servers. When the number is exceeded,
 ---   the result of the last redirect is returned.
 --- - `keepalive` (default = `false`): configures each request to keep the
 ---   connection open (unless closed by the server) and reuse for the
 ---   next request to the same host. This option is disabled when SSL
 ---   connection is used.
 ---   The mapping of hosts and their sockets is stored in a table
 ---   assigned to the `keepalive` field itself, so it can be passed to
 ---   the next call.
 ---   If the table includes the `close` field set to a true value,
 ---   then the connection is closed after the request is made and the
 ---   host is removed from the mapping table.
 ---
 --- When the redirect is being followed, the same method and body values are being
 --- sent in all cases except when 303 status is returned. In that case the method
@ -1089,10 +1111,10 @@ function EvadeDragnetSurveillance(bool) end
 --- that if these (method/body) values are provided as table fields, they will be
 --- modified in place.
 ---@param url string
---@param body? string|{ headers: table<string,string>, value: string, method: string, body: string, maxredirects: integer? }
+---@param body? string|{ headers: table<string,string>, value: string, method: string, body: string, maxredirects: integer?, keepalive: boolean? }
 ---@return integer status, table<string,string> headers, string body/
 ---@nodiscard
---@overload fun(url:string, body?: string|{ headers: table<string,string>, value: string, method: string, body: string, maxredirects?: integer }): nil, error: string
+---@overload fun(url:string, body?: string|{ headers: table<string,string>, value: string, method: string, body: string, maxredirects?: integer, keepalive: boolean? }): nil, error: string
 function Fetch(url, body) end
 --- Converts UNIX timestamp to an RFC1123 string that looks like this:
@ -1196,7 +1218,14 @@ function GetHost() end
 ---@nodiscard
 function GetHostOs() end
---@return "X86_64"|"AARCH64"|"POWERPC64"|"S390X" isaname string that describes the host instruction set architecture
+--- Returns string describing host instruction set architecture.
 ---
 --- This can return:
 ---
 --- - `"X86_64"` for Intel and AMD systems
 --- - `"AARCH64"` for ARM64, M1, and Raspberry Pi systems
 --- - `"POWERPC64"` for OpenPOWER Raptor Computing Systems
 ---@return "X86_64"|"AARCH64"|"POWERPC64"
 ---@nodiscard
 function GetHostIsa() end
@ -1585,9 +1614,13 @@ function ProgramBrand(str) end
 --- Configures Cache-Control and Expires header generation for static asset serving.
 --- A negative value will disable the headers. Zero means don't cache. Greater than
 --- zero asks public proxies and browsers to cache for a given number of seconds.
 --- The directive value is added to the Cache-Control header when specified (with
 --- "must-revalidate" provided by default) and can be set to an empty  string to
 --- remove the default value.
 --- This should only be called from `/.init.lua`.
 ---@param seconds integer
-function ProgramCache(seconds) end
+---@param directive string?
 function ProgramCache(seconds, directive) end
 --- This function is the same as the -C flag if called from `.init.lua`, e.g.
 --- `ProgramCertificate(LoadAsset("/.sign.crt"))` for zip loading or
@ -2117,6 +2150,186 @@ function bin(int) end
 ---@overload fun(hostname: string): nil, error: string
 function ResolveIp(hostname) end
 --- Returns `true` if IP address is trustworthy.
 --- If the `ProgramTrustedIp()` function has NOT been called then redbean
 --- will consider the networks 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12,
 --- and 192.168.0.0/16 to be trustworthy too. If `ProgramTrustedIp()` HAS
 --- been called at some point earlier in your redbean's lifecycle, then
 --- it'll trust the IPs and network subnets you specify instead.
 --- The network interface addresses used by the host machine are always
 --- considered trustworthy, e.g. 127.0.0.1. This may change soon, if we
 --- decide to export a `GetHostIps()` API which queries your NIC devices.
 ---@param ip integer
 ---@return boolean
 function IsTrustedIp(ip) end
 --- Trusts an IP address or network
 --- This function may be used to configure the `IsTrustedIp()` function
 --- which is how redbean determines if a client is allowed to send us
 --- headers like X-Forwarded-For (cf `GetRemoteAddr` vs. `GetClientAddr`)
 --- without them being ignored. Trusted IPs is also how redbean turns
 --- off token bucket rate limiting selectively, so be careful. Here's
 --- an example of how you could trust all of Cloudflare's IPs:
 ---
 ---     ProgramTrustedIp(ParseIp("103.21.244.0"), 22);
 ---     ProgramTrustedIp(ParseIp("103.22.200.0"), 22);
 ---     ProgramTrustedIp(ParseIp("103.31.4.0"), 22);
 ---     ProgramTrustedIp(ParseIp("104.16.0.0"), 13);
 ---     ProgramTrustedIp(ParseIp("104.24.0.0"), 14);
 ---     ProgramTrustedIp(ParseIp("108.162.192.0"), 18);
 ---     ProgramTrustedIp(ParseIp("131.0.72.0"), 22);
 ---     ProgramTrustedIp(ParseIp("141.101.64.0"), 18);
 ---     ProgramTrustedIp(ParseIp("162.158.0.0"), 15);
 ---     ProgramTrustedIp(ParseIp("172.64.0.0"), 13);
 ---     ProgramTrustedIp(ParseIp("173.245.48.0"), 20);
 ---     ProgramTrustedIp(ParseIp("188.114.96.0"), 20);
 ---     ProgramTrustedIp(ParseIp("190.93.240.0"), 20);
 ---     ProgramTrustedIp(ParseIp("197.234.240.0"), 22);
 ---     ProgramTrustedIp(ParseIp("198.41.128.0"), 17);
 ---
 --- Although you might want consider trusting redbean's open source
 --- freedom embracing solution to DDOS protection instead!
 ---@param ip integer
 ---@param cidr integer?
 function ProgramTrustedIp(ip, cidr) end
 --- Enables DDOS protection.
 ---
 --- Imagine you have 2**32 buckets, one for each IP address. Each bucket
 --- can hold about 127 tokens. Every second a background worker puts one
 --- token in each bucket. When a TCP client socket is opened, it takes a
 --- token from its bucket, and then proceeds. If the bucket holds only a
 --- third of its original tokens, then redbean sends them a 429 warning.
 --- If the client ignores this warning and keeps sending requests, until
 --- there's no tokens left, then the banhammer finally comes down.
 ---
 ---    function OnServerStart()
 ---        ProgramTokenBucket()
 ---        ProgramTrustedIp(ParseIp('x.x.x.x'), 32)
 ---        assert(unix.setrlimit(unix.RLIMIT_NPROC, 1000, 1000))
 ---    end
 ---
 --- This model of network rate limiting generously lets people "burst" a
 --- tiny bit. For example someone might get a strong craving for content
 --- and smash the reload button in Chrome 64 times in a fow seconds. But
 --- since the client only get 1 new token per second, they'd better cool
 --- their heels for a few minutes after doing that. This amount of burst
 --- can be altered by choosing the `reject` / `ignore` / `ban` threshold
 --- arguments. For example, if the `reject` parameter is set to 126 then
 --- no bursting is allowed, which probably isn't a good idea.
 ---
 --- redbean is programmed to acquire a token immediately after accept()
 --- is called from the main server process, which is well before fork()
 --- or read() or any Lua code happens. redbean then takes action, based
 --- on the token count, which can be accept / reject / ignore / ban. If
 --- redbean determines a ban is warrented, then 4-byte datagram is sent
 --- to the unix domain socket `/var/run/blackhole.sock` which should be
 --- operated using the blackholed program we distribute separately.
 ---
 --- The trick redbean uses on Linux for example is insert rules in your
 --- raw prerouting table. redbean is very fast at the application layer
 --- so the biggest issue we've encountered in production is are kernels
 --- themselves, and programming the raw prerouting table dynamically is
 --- how we solved that.
 ---
 --- `replenish` is the number of times per second a token should be
 --- added to each bucket. The default value is 1 which means one token
 --- is granted per second to all buckets. The minimum value is 1/3600
 --- which means once per hour. The maximum value for this setting is
 --- 1e6, which means once every microsecond.
 --- 
 --- `cidr` is the specificity of judgement.  Since creating 2^32 buckets
 --- would need 4GB of RAM, redbean defaults this value to 24 which means
 --- filtering applies to class c network blocks (i.e. x.x.x.*), and your
 --- token buckets only take up 2^24 bytes of RAM (16MB). This can be set
 --- to any number on the inclusive interval [8,32], where having a lower
 --- number means you use less ram/cpu, but splash damage applies more to
 --- your clients; whereas higher numbers means more ram/cpu usage, while
 --- ensuring rate limiting only applies to specific compromised actors.
 --- 
 --- `reject` is the token count or treshold at which redbean should send
 --- 429 Too Many Request warnings to the client. Permitted values can be
 --- anywhere between -1 and 126 inclusively. The default value is 30 and
 --- -1 means disable to disable (assuming AcquireToken() will be used).
 --- 
 --- `ignore` is the token count or treshold, at which redbean should try
 --- simply ignoring clients and close the connection without logging any
 --- kind of warning, and without sending any response. The default value
 --- for this setting is `MIN(reject / 2, 15)`. This must be less than or
 --- equal to the `reject` setting. Allowed values are [-1,126] where you
 --- can use -1 as a means of disabling `ignore`.
 --- 
 --- `ban` is the token count at which redbean should report IP addresses
 --- to the blackhole daemon via a unix-domain socket datagram so they'll
 --- get banned in the kernel routing tables. redbean's default value for
 --- this setting is `MIN(ignore / 10, 1)`. Permitted values are [-1,126]
 --- where -1 may be used as a means of disabling the `ban` feature.
 --- 
 --- This function throws an exception if the constraints described above
 --- are not the case. Warnings are logged should redbean fail to connect
 --- to the blackhole daemon, assuming it hasn't been disabled. It's safe
 --- to use load balancing tools when banning is enabled, since you can't
 --- accidentally ban your own network interface addresses, loopback ips,
 --- or ProgramTrustedIp() addresses where these rate limits don't apply.
 --- 
 --- It's assumed will be called from the .init.lua global scope although
 --- it could be used in interpreter mode, or from a forked child process
 --- in which case the only processes that'll have ability to use it will
 --- be that same process, and any descendent processes. This function is
 --- only able to be called once.
 --- 
 --- This feature is not available in unsecure mode.
 ---@param replenish number?
 ---@param cidr integer?
 ---@param reject integer?
 ---@param ignore integer?
 ---@param ban integer?
 function ProgramTokenBucket(replenish, cidr, reject, ignore, ban) end
 --- Atomically acquires token.
 ---
 --- This routine atomically acquires a single token for an `ip` address.
 --- The return value is the token count before the subtraction happened.
 --- No action is taken based on the count, since the caller will decide.
 ---
 --- `ip` should be an IPv4 address and this defaults to `GetClientAddr()`,
 --- although other interpretations of its meaning are possible.
 ---
 --- Your token buckets are stored in shared memory so this can be called
 --- from multiple forked processes. which operate on the same values.
 ---@param ip uint32?
 ---@return int8
 function AcquireToken(ip) end
 --- Counts number of tokens in bucket.
 --- 
 --- This function is the same as AcquireToken() except no subtraction is
 --- performed, i.e. no token is taken.
 --- 
 --- `ip` should be an IPv4 address and this defaults to GetClientAddr(),
 --- although other interpretations of its meaning are possible.
 ---@param ip uint32?
 ---@return int8
 function CountTokens(ip) end
 --- Sends IP address to blackholed service.
 ---
 --- `ProgramTokenBucket()` needs to be called beforehand. The default
 --- settings will blackhole automatically, during the `accept()` loop
 --- based on the banned threshold. However if your Lua code calls
 --- `AcquireToken()` manually, then you'll need this function to take
 --- action on the returned values.
 --- 
 --- This function returns true if a datagram could be sent sucessfully.
 --- Otherwise false is returned, which can happen if blackholed isn't
 --- running, or if a lot of processes are sending messages to it and the
 --- operation would have blocked.
 --- 
 --- It's assumed that the blackholed service is running locally in the
 --- background.
 ---@param ip uint32
 function Blackhole(ip) end
 -- MODULES
 ---Please refer to the LuaSQLite3 Documentation.
@ -3921,7 +4134,8 @@ unix = {
    CLOCK_REALTIME_FAST = nil,
    --- @type integer
    CLOCK_TAI = nil,
-
+    ---@type integer
    CLOCK_THREAD_CPUTIME_ID = nil,
    --- @type integer
    DT_BLK = nil,
    --- @type integer