实现一个简单的 Web 服务器

HTTP 服务器 sim

方便起见, 将服务器称为 sim, 可以为本地目录的静态文件提供服务.
支持多个同时的连接( 由不同的客户端同时发起).
解析每个收到的 HTTP 请求, 并作出合适的 HTTP 回应.
支持 GET 类请求, 只需查看请求的第一行, 请求行.
如果可以, 回应中应包含请求的文件.

产品级的服务器要考虑多层次的安全问题, 对于文件存取, 资源定位, 要绝对小心.

服务器 sim 的架构

服务器 sim 为每个已连接的客户建立一个独立的结构.
这些独立的结构组成一个链表.
结构中存储的信息包括每个客户端的地址, 套接字, 收到的数据等.
编写了多个辅助函数用于维护这个链表.
如, 添加新客户端, 删除客户端, 等待客户数据, 通过套接字查找客户, 传送客户请求的文件, 发送错误消息.

服务器 sim 在主循环中等待新连接或新数据.
当收到新数据, 检查数据是否构成一个完整的 HTTP 请求.
如果收到了完整的请求, 服务器 sim 尝试发送请求的资源.
如果请求格式不正确或找不到请求的资源, 服务器 sim 向客户发送错误信息.
复杂的地方在于 多连接处理, HTTP 请求的解析过程, 错误处理.

服务器 sim 还要告诉客户其发送的资源的类型(media type).

内容类型

服务器 sim 应该在头部 Content-Type 中表明其所发送内容的正确类型(MIME type).
通过扩展名确定文件类型, 对于未知类型, 使用默认值 application/octet-stream.

代码 sim.http.c

三个文件 index.html, pet-small.png, test.hands-on.html, 存到 public 目录下, 用于测试.

1. /*
2. sim.http.c
4. **$ ls
5. network.h public sim.http.c
6. **$ ls public
7. index.html pet-small.png test.hands-on.html
8. **$ gcc sim.http.c -o sim
9. **$ ./sim
10. ...
12. 浏览器地址栏输入
13. http://127.0.0.1:8080
14. http://127.0.0.1:8080/test.hands-on.html
15. */
17. #include <stdio.h>
18. #include <stdlib.h>
19. #include <string.h>
20. #include <stdbool.h>
21. #include "network.h"
23. #define MAX_LISTEN 16
24. #define MAX_REQUEST_SIZE 2047
25. #define DATA_BUFF_SIZE 1024
26. #define ADDR_BUFF_SIZE 100
28. int create_socket(const char * host, const char * port);
29. const char * get_content_type(const char * path);
31. struct client_info {
32. socklen_t addr_length;
33. struct sockaddr_storage addr;
34. int socket;
35. char request[MAX_REQUEST_SIZE + 1];
36. int bytes_recv;
37. struct client_info * next;
38. };
40. struct client_info * get_client(struct client_info ** list_clients, int socket);
41. void drop_client(struct client_info ** list_clients, struct client_info * ptr_client);
42. void get_client_addr(struct client_info * ptr_client, char * addr, int addr_size);
43. fd_set wait_on_clients(struct client_info * list_clients, int server);
45. void send_400(struct client_info ** list_clients, struct client_info * ptr_client);
46. void send_404(struct client_info ** list_clients, struct client_info * ptr_client);
48. void serve_resource(
49. struct client_info ** list_clients,
50. struct client_info * ptr_client, const char * path
51. );
53. int main(int argc, char ** argv) {
54. struct client_info * list_clients = NULL;
55. int server = create_socket(NULL, "8080");
57. while (true) {
58. fd_set reads = wait_on_clients(list_clients, server);
60. if (FD_ISSET(server, &reads)) {
61. struct client_info * client = get_client(&list_clients, -1);
62. client->socket = accept(
63. server,
64. (struct sockaddr *) &(client->addr),
65. &(client->addr_length)
66. );
68. if (client->socket < 0) {
69. fprintf(stderr, "accept() failed, errno: %d, %s\n", errno, strerror(errno));
70. return EXIT_FAILURE;
71. }
73. char buff_addr[ADDR_BUFF_SIZE];
74. get_client_addr(client, buff_addr, ADDR_BUFF_SIZE);
75. printf("New connection: %s ...\n", buff_addr);
76. }
78. struct client_info * client = list_clients;
79. while (client) {
80. struct client_info * next = client->next;
82. if (FD_ISSET(client->socket, &reads)) {
84. if (MAX_REQUEST_SIZE == client->bytes_recv) {
85. send_400(&list_clients, client);
86. continue;
87. }
89. int cnt_recv = recv(
90. client->socket,
91. client->request + client->bytes_recv,
92. MAX_REQUEST_SIZE - client->bytes_recv,
93. 0
94. );
96. if (cnt_recv < 1) {
97. char buff_addr[ADDR_BUFF_SIZE];
98. get_client_addr(client, buff_addr, ADDR_BUFF_SIZE);
99. fprintf(stderr, "Unexpected disconnect: %s ...\n", buff_addr);
100. drop_client(&list_clients, client);
101. }
102. else {
103. client->bytes_recv += cnt_recv;
104. client->request[client->bytes_recv] = '\0';
106. char * end_request = strstr(client->request, "\r\n\r\n");
107. if (end_request) {
108. if (strncmp("GET /", client->request, 5)) {
109. send_400(&list_clients, client);
110. }
111. else {
112. char * path = client->request + 4;
113. char * end_path = strstr(path, " ");
114. if (end_path == NULL) {
115. send_400(&list_clients, client);
116. }
117. else {
118. *end_path = '\0';
119. serve_resource(&list_clients, client, path);
120. }
121. }
122. }
123. }
124. }
125. client = next;
126. }
127. }
129. printf("\nClosing socket ...\n");
130. close(server);
132. printf("Finished ...\n");
134. return EXIT_SUCCESS;
135. }
137. int create_socket(const char * host, const char * port) {
138. printf("Configuring local address ...\n");
139. struct addrinfo hints;
140. memset(&hints, 0, sizeof(hints));
141. hints.ai_family = AF_INET;
142. hints.ai_socktype = SOCK_STREAM;
143. hints.ai_flags = AI_PASSIVE;
145. struct addrinfo * local_addr;
146. if (getaddrinfo(host, port, &hints, &local_addr)) {
147. fprintf(stderr, "getaddrinfo() failed, errno: %d, %s\n", errno, strerror(errno));
148. exit(EXIT_FAILURE);
149. }
151. printf("Creating socket ...\n");
152. int sock_listen = socket(
153. local_addr->ai_family, local_addr->ai_socktype, local_addr->ai_protocol
154. );
155. if (sock_listen < 0) {
156. fprintf(stderr, "socket() failed, errno: %d, %s\n", errno, strerror(errno));
157. exit(EXIT_FAILURE);
158. }
160. printf("Binding socket to local address ...\n");
161. if (bind(sock_listen, local_addr->ai_addr, local_addr->ai_addrlen)) {
162. fprintf(stderr, "bind() failed, errno: %d, %s\n", errno, strerror(errno));
163. exit(EXIT_FAILURE);
164. }
166. freeaddrinfo(local_addr);
168. printf("Listening ...\n");
169. if (listen(sock_listen, MAX_LISTEN)) {
170. fprintf(stderr, "listen failed, errno: %d, %s\n", errno, strerror(errno));
171. exit(EXIT_FAILURE);
172. }
174. return sock_listen;
175. }
177. const char * get_content_type(const char * path) {
178. const char * last_dot = strrchr(path, '.');
179. if (last_dot) {
180. if (strcmp(last_dot, ".css") == 0) return "text/css";
181. if (strcmp(last_dot, ".csv") == 0) return "text/csv";
182. if (strcmp(last_dot, ".gif") == 0) return "image/gif";
183. if (strcmp(last_dot, ".htm") == 0) return "text/html";
184. if (strcmp(last_dot, ".html") == 0) return "text/html";
185. if (strcmp(last_dot, ".ico") == 0) return "text/image/x-icon";
186. if (strcmp(last_dot, ".jpeg") == 0) return "text/jpeg";
187. if (strcmp(last_dot, ".jpg") == 0) return "text/jpeg";
188. if (strcmp(last_dot, ".js") == 0) return "application/javascript";
189. if (strcmp(last_dot, ".json") == 0) return "application/json";
190. if (strcmp(last_dot, ".png") == 0) return "image/png";
191. if (strcmp(last_dot, ".pdf") == 0) return "application/pdf";
192. if (strcmp(last_dot, ".svg") == 0) return "image/svg+xml";
193. if (strcmp(last_dot, ".txt") == 0) return "text/plain";
194. }
195. return "application/octet-stream";
196. }
198. struct client_info * get_client(
199. struct client_info ** list_clients, int socket
200. ) {
201. struct client_info * p = *list_clients;
202. while (p) {
203. if (p->socket == socket)
204. break;
206. p = p->next;
207. }
209. if (p) return p;
211. p = calloc(1, sizeof(struct client_info));
212. if (p == NULL) {
213. fprintf(stderr, "out of memory ...\n");
214. exit(EXIT_FAILURE);
215. }
217. p->addr_length = sizeof(p->addr);
218. p->next = *list_clients;
219. *list_clients = p;
220. return p;
221. }
223. void drop_client(
224. struct client_info ** list_clients, struct client_info * ptr_client
225. ) {
226. close(ptr_client->socket);
228. struct client_info ** p = list_clients;
229. while (*p) {
230. if (*p == ptr_client) {
231. *p = ptr_client->next;
232. free(ptr_client);
233. return;
234. }
235. p = &((*p)->next);
236. }
238. fprintf(stderr, "client not found ...\n");
239. exit(EXIT_FAILURE);
240. }
242. void get_client_addr(struct client_info * ptr_client, char * addr, int addr_size) {
243. char buff_addr[ADDR_BUFF_SIZE];
244. getnameinfo(
245. (struct sockaddr *) &(ptr_client->addr), ptr_client->addr_length,
246. buff_addr, sizeof(buff_addr),
247. NULL, 0,
248. NI_NUMERICHOST
249. );
251. if (strlen(buff_addr) >= addr_size) {
252. fprintf(stderr, "addr_size too small ...\n");
253. exit(EXIT_FAILURE);
254. }
256. sprintf(addr, "%s", buff_addr);
257. }
259. fd_set wait_on_clients(struct client_info * list_clients, int server) {
260. fd_set reads;
261. FD_ZERO(&reads);
262. FD_SET(server, &reads);
263. int max_socket = server;
265. struct client_info * p = list_clients;
266. while (p) {
267. FD_SET(p->socket, &reads);
268. if (p->socket > max_socket)
269. max_socket = p->socket;
271. p = p->next;
272. }
274. if (select(max_socket+1, &reads, NULL, NULL, NULL) < 0) {
275. fprintf(stderr, "select() failed, errno: %d, %s\n", errno, strerror(errno));
276. exit(EXIT_FAILURE);
277. }
279. return reads;
280. }
282. void send_400(
283. struct client_info ** list_clients, struct client_info * ptr_client
284. ) {
285. const char * res400 = "HTTP/1.1 400 Bad Request\r\n"
286. "Connection: close\r\n"
287. "Content-Length: 11\r\n\r\nBad Request";
289. send(ptr_client->socket, res400, strlen(res400), 0);
290. drop_client(list_clients, ptr_client);
291. }
293. void send_404(
294. struct client_info ** list_clients, struct client_info * ptr_client
295. ) {
296. const char * res404 = "HTTP/1.1 404 Not Found\r\n"
297. "Connection: close\r\n"
298. "Content-Length: 9\r\n\r\nNot Found";
300. send(ptr_client->socket, res404, strlen(res404), 0);
301. drop_client(list_clients, ptr_client);
302. }
304. void serve_resource(
305. struct client_info ** list_clients,
306. struct client_info * ptr_client, const char * path
307. ) {
308. char buff_addr[ADDR_BUFF_SIZE];
309. get_client_addr(ptr_client, buff_addr, ADDR_BUFF_SIZE);
310. printf("Serve_resource %s %s ...\n", buff_addr, path);
312. if (strcmp(path, "/") == 0)
313. path = "/index.html";
315. if (strlen(path) > ADDR_BUFF_SIZE) {
316. send_400(list_clients, ptr_client);
317. return;
318. }
320. if (strstr(path, "..")) {
321. send_404(list_clients, ptr_client);
322. return;
323. }
325. char full_path[128];
326. sprintf(full_path, "public%s", path);
327. FILE * fp = fopen(full_path, "rb");
329. if (fp == NULL) {
330. send_404(list_clients, ptr_client);
331. return;
332. }
334. fseek(fp, 0L, SEEK_END);
335. size_t res_content_len = ftell(fp);
336. fseek(fp, 0L, SEEK_SET);
338. const char * res_content_type = get_content_type(full_path);
340. char buffer[DATA_BUFF_SIZE];
342. sprintf(buffer, "HTTP/1.1 200 OK\r\n");
343. send(ptr_client->socket, buffer, strlen(buffer), 0);
345. sprintf(buffer, "Connection: close\r\n");
346. send(ptr_client->socket, buffer, strlen(buffer), 0);
348. sprintf(buffer, "Content-Length: %u\r\n", res_content_len);
349. send(ptr_client->socket, buffer, strlen(buffer), 0);
351. sprintf(buffer, "Content-Type: %s\r\n", res_content_type);
352. send(ptr_client->socket, buffer, strlen(buffer), 0);
354. sprintf(buffer, "\r\n");
355. send(ptr_client->socket, buffer, strlen(buffer), 0);
357. int cnt_read = fread(buffer, 1, DATA_BUFF_SIZE, fp);
358. while (cnt_read) {
359. send(ptr_client->socket, buffer, cnt_read, 0);
360. cnt_read = fread(buffer, 1, DATA_BUFF_SIZE, fp);
361. }
363. fclose(fp);
364. drop_client(list_clients, ptr_client);
365. }

安全和健壮性

程序不信任连接到的点, 是开发网络代码最重要的原则之一.
程序也不应假设连接的点发送的数据都是特定格式.
如果对于错误和异常的检测不够细心, 导致的漏洞很容易被利用.

写程序时, 无论使用的是哪种语言, 稍不注意就会产生 bug.
在使用 C 语言时, 要特别注意避免内存错误.

服务器软件的另一个议题是关于系统内文件的存取, 哪些文件可以被存取, 哪些不能.
恶意客户可能会尝试下载服务器系统中的任意文件.

一个关于安全的基本建议是, 使用非特权(non-privileged) 账户运行网络程序.
该账户只能存取实现服务器功能所需的最小的资源集.
这个建议无法替代编写安全的代码, 但却是保障系统安全的最后一道藩篱.

自己编写的代码覆盖了所有漏洞常常是不可能的.
操作系统也并不是总能提供充分的文档.
而操作系统的 APIs, 其行为方式经常是 非显然的(non-obvious) 和 非直觉的(non-intuitive).
总之, 要小心.

开源服务器

在互联网上部署 web 服务器, 建议采用开源实现.
如 Nginx, Apache, 都是性能良好, 跨平台, 安全, C 语言编写, 并完全免费的.
同时还拥有完备的文档, 寻求支持也很容易.

《C 语言网络编程实践》 (《Hands-On Network Programming With C》)