kaliumhexacyanoferrat / genhttp Goto Github PK
View Code? Open in Web Editor NEWLightweight web server written in pure C# with few dependencies to 3rd-party libraries.
Home Page: https://genhttp.org
License: MIT License
Lightweight web server written in pure C# with few dependencies to 3rd-party libraries.
Home Page: https://genhttp.org
License: MIT License
The regular expressions currently used by the parser should be marked as compiled for improved performance.
As a developer of a web application, I would like to use Razor as a templating engine, so that I can re-use my knowledge from ASP.NET.
Example
var page = Razor.Page<CartModel>(Data.FromResource("cart.cshtml"), (r) => new CartModel());
Acceptance criteria
Currently, GenHTTP.Core uses a mix of synchronous methods and the old-fashioned BeginSend
/ EndSend
style. All I/O-related methods should be reworked to be async
.
As a developer of a web application, I would like to be able to provide directory listing, so users can easily browse and download data.
Example
var listing = DirectoryListing.From("./files");
Acceptance criteria
As the developer of a web application, I would like to automatically generate a sitemap so that my website is crawled more easily.
Example
var project = Layout.Create().Add();
var sitemap = Sitemap.From(project);
project.Add(sitemap);
Acceptance criteria
As the administrator of a web application, I would like file resources to be compressed once, so that they do not need to get compressed on-the-fly. This allows to use higher compression ratios and to save CPU cycles during runtime.
Example
var tree = ResourceTree.FromDirectory("./");
var resources = Resources.From(tree)
.Compression(/* pass something that indicates high compression ratio */)
.Cached(); // see #25
Host.Create()
.Handler(resources)
.Run();
Acceptance criteria
As a developer of a web application, I would like to provide content via WebDAV so that client applications can consume this content in a file based way.
Example
var provider = WebDAV.From("./dav").ReadOnly();
Acceptance criteria
Add an implementation of the IServer
which uses:
PipeScheduler
ValueTask
where usefulThe change must be compatible with the existing API for routing and content. Probably best to be implemented with #4.
As a developer of a web application, I would like file-based resources to be transferred in an optimized way, e.g. using Socket.SendFile()
with Kernel APC.
Acceptance criteria
As a developer of the GenHTTP web server I would like to have working code coverage metrics.
Acceptance criteria
As the developer of a web application, I would like to develop pages using the MVC pattern, so that I can structure and decouple my architecture.
Example
var project = Layout.Create().Add<MyController>();
public class MyController
{
// GET /details/id
public IContentProvider Details(int id) {
return new ScribanView("view.html", GetModel(id));
}
}
Acceptance criteria
As an upstream server to a reverse proxy, I would like to retrieve additional information about the original request. The information should be accessible in a transparent manner.
Acceptance criteria
As the developer of the server engine, I would like to have the server to allocate as few objects as possible, so that memory pressure is reduced and the overall performance improves.
For reference: https://michaelscodingspot.com/avoid-gc-pressure/
Acceptance criteria
GC.SuppressFinalize(this)
is called in all IDisposable
implementationsstackalloc
where applicable together with Span<T>
string.Intern
for common strings such as headersSpan
, ReadOnlySequence
, ...) are fully understood and consistently used across the sourceAs a hosting application, I would like to easily restart a server, so that configuration changes are applied.
Example
var server = Server.Create();
using var manager = ServerManager.Create().Server(server).Build();
// start the server (non-blocking)
manager.Start();
// change something and restart
manager.Server.Compression(false);
manager.Restart();
// stop the server instance
manager.Stop();
Acceptance criteria
As the operator of a web application, I would like to restrict access to a known set of IP addresses so that unauthorized access is blocked.
Example
var content = Layout.Create(...);
var response = Content.From(Resource.FromString("Don't you dare"));
var access = Access.Create()
.Rule(AccessRule.BlockIP("91.8.20.0", response))
.Rule(AccessRule.BlockIPs(...))
.Rule(AccessRule.AllowIP(...));
content.Add(access);
Acceptance criteria
AccessDenied
status code if the request is blockedAs a client, I would like to receive responses in a compressed form, so that less bandwith is required and pages can load more quickly.
Example
Compression should be enabled by default, so developers do not need to care about this feature. Probably add something like an IInterceptor
or an ICoreExtension
that can be added to the IServerBuilder.
// default with compression handling enabled
var server = Server.Create();
// disable compression
var server = Server.Create().Compression(false);
// custom compression
var server = Server.Create().Compression(SomeFancyCompression.Create());
// custom algorithm
var server = Server.Create().Compression(Zstandard.Create());
// general extension functionality
var server = Server.Create().Extension(SomeFancyCompression.Create());
Acceptance criteria
As a developer, I would like to have the public API of GenHTTP to be documented, so that it is easier to use and understand.
Acceptance criteria
As the developer of an IContentProvider
, I would like to be able to stream my content without the need of additional allocations (e.g. by creating a temporary memory stream).
The bundle provider demonstrates the issues with the current implementation very clearly. Instead of a stream the server should expect some kind of promise that will directly write content into the target stream.
Example
public interface IResponseContent {
long? Length { get; }
Task Write(Stream target);
}
new StreamContent(stream);
new StringContent("Hello World");
Acceptance criteria
IDisposable
, the server will call Dispose
on this object after useCheck, whether SSL support can easily be added on socket level using .NET Standard functionality. If not (or if it cannot be implemented in a secure manner), concentrate on a reverse proxy setup with Docker / Let's Encrypt and add appropriate documentation and guides.
As a developer of a web project, I would like to easily add basic authentication, so that not everyone can access restricted areas.
Example
var auth = BasicAuthentication.Create()
.Add("username", "password");
var secured = Layout.Create().Authentication(auth);
var secured = Layout.Create().Authentication((user, password) => true);
Acceptance criteria
As a developer, I would like to add web pages with additional logic in their model classes, so that I can handle situations like submitted data.
Example
var page = Page.Create<SomeModel>(ScribanView.From("someview.html"));
public class SomeModel : PageModel
{
public string MyProperty { get; }
public void OnPost()
{
// ...
}
}
Acceptance criteria
As the developer of a web application, I would like to have my file-based pages be cached by the server, so that they are rendered with less allocations by the rendering engine. Usually, file resources are static anyway.
Example
public static FileDataProviderBuilder FromFile(string file, bool allowCache)
Acceptance criteria
Improve content handling (streaming), rework parser.
As a developer of a web project, I would like to see exceptions rendered in the browser, so that I can trace an error more quickly. As a devops member, I do not want an web application to leak internal implementation detail with exception messages.
Example
var server = Server.Create();
#if DEBUG
server.Development();
#endif
Acceptance criteria
As a developer of the GenHTTP Webserver, I would like to separate the themes from the server repo to keep the repo clean and small and allow themes to be developed independently and with higher quality.
Acceptance criteria
As a developer of a web application, I would like to have some default templates that can be used out of the box, so I can concentrate on my actual project/use case.
Example
var project = Layout.Create();
var website = Website.Create();
// add a predefined theme (or a custom one)
// probably add a CoreUI theme?
website.Theme(Themes.Activello().Background(...).OtherSetting(...));
// add a navigation menu that will be rendered by the theme
// probably auto-discover this via the given layout?
website.Menu(Menu.Create().Add("Home", "home"));
// add additional resources (which will be minified and bundled)
// in development mode, they will be referenced without being bundled
// all resources should be efficiently cached (when not in development mode)
website.Script(..., async: true);
website.Stylesheet(..., bundle: false);
website.Content(project);
Acceptance criteria
As the developer of content providers, I would like to have a caching API, so that I can leverage caching to improve performance where applicable.
Example
var cachePolicy = CachePolicy.Create(); // ...
var memoryCache = Cache.Memory().Policy(cachePolicy);
var fileCache = Cache.FileBased("./cache").Policy(cachePolicy);
Acceptance criteria
CachePolicy
(e.g. maximum size or age)As a developer of the server source, I would like to have a Continous Integration mechanism, so that buildability and correctnes are automatically ensured.
Acceptance criteria
As the developer of a web application, I would like to have an object-oriented way to provide the robots.txt configuration.
Example
var layout = Layout.Create().Add(Robots.Create().Sitemap(..));
Acceptance criteria
As the hoster of a web application, I want my application to set the content type options to nosniff
, so that browser will not try to analyze my content.
Example
Add an extension that will set the header, if applicable.
var server = Server.Create()
.Security(ContentTypeOptions.NoSniff);
public enum ContentTypeOptions
{
None, // the header will not be set
NoSniff // default
}
Acceptance criteria
ContentTypeOptions != .None
When an upstream server returns a response without a entity (such as a redirect), the server will throw an exception:
REQ - 10.255.0.2 - PROPFIND /remote.php/webdav/some.mp3 - 308 - 0
ERR - ClientConnection - System.IO.IOException: Unable to read data from the transport connection: Broken pipe.
---> System.Net.Sockets.SocketException (32): Broken pipe
--- End of inner exception stack trace ---
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Security.SslStream.<WriteSingleChunk>g__CompleteAsync|210_1[TWriteAdapter](ValueTask writeTask, Byte[] bufferToReturn)
at System.Net.Security.SslStream.WriteAsyncChunked[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.Net.Security.SslStream.WriteAsyncInternal[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.Net.Http.HttpConnection.CopyFromBufferAsync(Stream destination, Int32 count, CancellationToken cancellationToken)
at System.Net.Http.HttpConnection.CopyToContentLengthAsync(Stream destination, UInt64 length, Int32 bufferSize, CancellationToken cancellationToken)
at System.Net.Http.HttpConnection.ContentLengthReadStream.CompleteCopyToAsync(Task copyTask, CancellationToken cancellationToken)
at GenHTTP.Core.Protocol.ResponseHandler.WriteBody(IResponse response)
at GenHTTP.Core.Protocol.ResponseHandler.Handle(IRequest request, IResponse response, Boolean keepAlive, Exception error)
As the hoster of a web application, I want my application to enforce strict transport security, so that man-in-the-middle attacks can be avoided to some extend.
Example
Could be achieved with an extension that is automatically added as soon a secure endpoint is configured.
// that's the default one that will automatically be applied
// disable via StrictTransportPolicy.None()
var policy = StrictTransportPolicy.Create()
.MaximumAge(TimeSpan.FromDays(365))
.IncludeSubdomains(true)
.Preload(true);
var server = Server.Create()
.Bind(IPAddress.Any, 443, myCertificate)
.Security(policy);
Acceptance criteria
Strict-Transport-Security
header with the given configuration to every response served via HTTPS (unless StrictTransportSecurity.None()
has been set)Implement protocol upgrade and proper HTTP/2 & HTTP/3 support.
See
As a developer, I would like the server to pass through WebDAV, so that I can provide such content.
Implementation Notes
Probably change some of the fixed enums in core (RequestType
, ResponseType
, ContentType
) to more flexible types that can include a raw string value, e.g. Flexible<ResponseType>
.
Acceptance criteria
As a developer, I would like to relay requests to a FastCGI socket, so that I can provide additional features (such as serving PHP applications).
Example
var php = FastCGI.Create()
.Upstream("127.0.0.1:9000")
.DocumentRoot("./some/folder");
Acceptance criteria
As a developer, I would like to add content of other web servers to my applicaion, so that I can provide more functionality.
Example
var proxy = ReverseProxy.Create()
.Upstream("http://localhost:8080/app/")
.ConnectTimeout(TimeSpan.FromSeconds(5))
.RequestTimeout(TimeSpan.FromSeconds(60));
Acceptance criteria
As the hoster of a web application, I want requests automatically be upgraded to SSL, so that they are served in a secure manner.
Example
Probably add an extension that will analyze the incoming request and upgrade them, if necessary:
var server = Server.Create()
.Bind(IPAddress.Any, 80)
.Bind(IPAddress.Any, 443, myCertificate)
.Security(SecureUpgrade.Allow);
public enum SecureUpgrade
{
None, // The server will not attempt to upgrade requests
Allow, // The server will upgrade when Upgrade-Insecure-Requests is sent
Enforce // The server will always redirect to HTTPs (default)
}
Acceptance criteria
SecureUpgrade.None
, the extension will not be installedSecureUpgrade.Allow
the extension will check for the Upgrade-Insecure-Requests
header and return a response including the Vary: Upgrade-Insecure-Requests
header (and HTTP 307)SecureUpgrade.Force
, return with HTTP 301 and the HTTPs locationAs a developer of a web application, I would like to serve images in an optimized manner, so that resources are saved and clients are able to render content faster.
Example
// access via http://host/.../300x300/myimage.png
var tree = ResourceTree.FromDirectory("./images");
var thumbnails = Resources.From(tree)
.Thumbnails()
.Minified() // see #59
.Cached(); // see #25
Host.Create()
.Handler(thumbnails)
.Run();
Acceptance criteria
Imaging
) as a concernCurrently there seems to be no good solution to provide Brotli compression in .NET Standard:
RequestBuffer
with data will fail because the MemoryStream
is not writeableRequestBuffer
is initialized with a rented buffer which will contain additional dataAs the hoster of a web application, I want to be able to define a Content Security Policy (CSP), so that several protection mechanisms can be applied. Note: This is implemented instead of X-XSS-Protection
.
Example
The CSP can be send using an additional extension for this purpose, with a sane default to be applied.
var policy = ContentSecurityPolicy.Create()
.BaseUri(...)
.Source(ContentSource.Script, ...)
.BlockMixed(true);
var server = Server.Create.Security(policy);
Acceptance criteria
ContentSecurityPolicy.None()
, the extension will not be registered and no header will be sentAs a developer of the server engine, I would like to benefit from the new APIs in .NET Satandard 2.1 (such as TLS extensions), so that I can replace workarounds and optimize code. Switching to .NET Standard 2.1 will break support for some platforms.
Acceptance criteria
ReadAheadStream
(see SslServerAuthenticationOptions.ServerCertificateSelectionCallback)As a client, I may want to use pipelining to improve latency on an already existing connection. As a developer, I would like the already existing feature to be unit tested.
Acceptance criteria
As an operator of a web application I would like to leverage caching for specific content served by my application to improve latency and performance.
Example
var content = Resources.From(ResourceTree.FromDirectory("./"))
.Cached();
Host.Create()
.Handler(content)
.Run();
Acceptance criteria
Caching
moduleTransfer-Encoding: chunked
As the hoster of an application, I would like to report my server metrics to Prometheus, so that I can easily monitor my instance.
Example
Depends, whether we need a library for that and how the webservice should be exposed. Probably implement with #9?
Acceptance criteria
The listing provider will generate links with a trailing slash, rendering browsers unable to download files.
As someone hosting multiple domains, I would like be able to run virtual hosts, so that I can re-use a single IP address for multiple domains.
Example
As this is a classic routing feature, this should be fairly easy to be implemented.
var firstWebsite = Layout.Create(...);
var secondWebsite = Layout.Create(...);
var hosts = VirtualHosts.Create()
.Add("firstwebsite.com", firstWebsite)
.Add("secondwebsite.com", secondWebsite)
.Default(firstWebsite)
using var server = Server.Create().Router(hosts).Build();
Such a router could be used anywhere in the tree, but it's probably most useful on root level.
Acceptance criteria
Add proper support for binding of IPv6 interfaces and extend the server builder to support any number of network interfaces / port combinations (e.g. .Bind(IPAddress.Any, 80).Bind(...)
).
As a developer, I would like to easily add webservices to my application, so that clients can consume them.
Example
var webservice = Webservice.Attributed().Add<ArticleResource>().Add(resourceInstance);
[Path("/articles")]
public class ArticleResource {
[Get]
public List<Article> GetArticles(int page = 0, int pageSize = 20) {
// ...
}
[Get]
[Path("/:id")]
public Article GetArticle(int id)
// ...
}
}
Acceptance criteria
As the operator of a web application serving downloads, I would like to be able to redirect download requests to other servers, so that my server stays responsive and the load is distributed.
Example
LoadBalancer.Redirection() /* .ReverseProxy() */
.Node("https://some.mirror/mirror/")
.Node("https://another.mirror/", (r) => Priority.Low)
.Node(Static.Files("./downloads"))
Acceptance criteria
Priority
classA declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.