From e759b8e38104f70779289621b80a364b30bee3aa Mon Sep 17 00:00:00 2001 From: wingdeans <66850754+wingdeans@users.noreply.github.com> Date: Thu, 28 Dec 2023 18:39:19 -0500 Subject: [PATCH] Add Sec-WebSocket-Key HTTP header --- net/http/gethttpheader.gperf | 1 + net/http/gethttpheader.inc | 7 +++++-- net/http/gethttpheadername.c | 2 ++ net/http/http.h | 3 ++- tool/net/redbean.c | 23 +++++++---------------- 5 files changed, 17 insertions(+), 19 deletions(-) diff --git a/net/http/gethttpheader.gperf b/net/http/gethttpheader.gperf index 26c3c2dd0..fad88e6bb 100644 --- a/net/http/gethttpheader.gperf +++ b/net/http/gethttpheader.gperf @@ -104,3 +104,4 @@ CF-Visitor, kHttpCfVisitor CF-Connecting-IP, kHttpCfConnectingIp CF-IPCountry, kHttpCfIpcountry CDN-Loop, kHttpCdnLoop +Sec-WebSocket-Key, kHttpWebsocketKey diff --git a/net/http/gethttpheader.inc b/net/http/gethttpheader.inc index 72f3b7afe..ae5a682a0 100644 --- a/net/http/gethttpheader.inc +++ b/net/http/gethttpheader.inc @@ -39,7 +39,7 @@ #line 12 "gethttpheader.gperf" struct thatispacked HttpHeaderSlot { char *name; char code; }; -#define TOTAL_KEYWORDS 93 +#define TOTAL_KEYWORDS 94 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 32 #define MIN_HASH_VALUE 3 @@ -387,7 +387,10 @@ LookupHttpHeader (register const char *str, register size_t len) #line 87 "gethttpheader.gperf" {"Strict-Transport-Security", kHttpStrictTransportSecurity}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, + {""}, {""}, +#line 107 "gethttpheader.gperf" + {"Sec-WebSocket-Key", kHttpWebsocketKey}, + {""}, {""}, #line 22 "gethttpheader.gperf" {"X-Forwarded-For", kHttpXForwardedFor}, {""}, diff --git a/net/http/gethttpheadername.c b/net/http/gethttpheadername.c index 898cf327a..b01f68e1f 100644 --- a/net/http/gethttpheadername.c +++ b/net/http/gethttpheadername.c @@ -206,6 +206,8 @@ const char *GetHttpHeaderName(int h) { return "CDN-Loop"; case kHttpSecChUaPlatform: return "Sec-CH-UA-Platform"; + case kHttpWebsocketKey: + return "Sec-WebSocket-Key"; default: return NULL; } diff --git a/net/http/http.h b/net/http/http.h index 5e70c0370..ee1963999 100644 --- a/net/http/http.h +++ b/net/http/http.h @@ -146,7 +146,8 @@ #define kHttpCfIpcountry 90 #define kHttpSecChUaPlatform 91 #define kHttpCdnLoop 92 -#define kHttpHeadersMax 93 +#define kHttpWebsocketKey 93 +#define kHttpHeadersMax 94 #if !(__ASSEMBLER__ + __LINKER__ + 0) COSMOPOLITAN_C_START_ diff --git a/tool/net/redbean.c b/tool/net/redbean.c index dea0a1ee6..8cf8d2213 100644 --- a/tool/net/redbean.c +++ b/tool/net/redbean.c @@ -5066,23 +5066,14 @@ static int LuaUpgradeWS(lua_State *L) { unsigned char hash[20]; OnlyCallDuringRequest(L, "UpgradeWS"); - haskey = true; - for (i = 0; i < cpm.msg.xheaders.n; ++i) { - if (SlicesEqualCase( - "Sec-WebSocket-Key", strlen("Sec-WebSocket-Key"), - inbuf.p + cpm.msg.xheaders.p[i].k.a, - cpm.msg.xheaders.p[i].k.b - cpm.msg.xheaders.p[i].k.a)) { - mbedtls_sha1_init(&ctx); - mbedtls_sha1_starts_ret(&ctx); - mbedtls_sha1_update_ret( - &ctx, (unsigned char *)inbuf.p + cpm.msg.xheaders.p[i].v.a, - cpm.msg.xheaders.p[i].v.b - cpm.msg.xheaders.p[i].v.a); - haskey = true; - break; - } - } + if (!HasHeader(kHttpWebsocketKey)) + luaL_error(L, "No Sec-WebSocket-Key header"); - if (!haskey) luaL_error(L, "No Sec-WebSocket-Key header"); + mbedtls_sha1_init(&ctx); + mbedtls_sha1_starts_ret(&ctx); + mbedtls_sha1_update_ret(&ctx, (unsigned char*) + HeaderData(kHttpWebsocketKey), + HeaderLength(kHttpWebsocketKey)); p = SetStatus(101, "Switching Protocols"); while (p - hdrbuf.p + (20 + 21 + (20 + 28 + 4)) + 512 > hdrbuf.n) {