From 3a2f7567f8d8103ab86f6933f7b9d7997c26ce14 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:14:57 -0500
Subject: [PATCH 01/10] Create .gitignore

---
 .gitignore | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..59ea2b3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,28 @@
+*.a
+*.o
+*.lib
+
+auto_home.c
+
+direntry.h
+hasdevtcp.h
+hassgact.h
+hassgprm.h
+hasshsgr.h
+select.h
+uint64.h
+
+auto-str
+chkshsgr
+choose
+compile
+configure
+ftpd
+httpd
+install
+instcheck
+load
+makelib
+rts
+systype
+utime
-- 
2.18.0


From 44864efa9f805a24771c73e61e72a7e5126c1957 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:15:16 -0500
Subject: [PATCH 02/10] Fix errno references

---
 error.h         | 2 +-
 leapsecs_read.c | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/error.h b/error.h
index a09cb2b..9a38862 100644
--- a/error.h
+++ b/error.h
@@ -1,7 +1,7 @@
 #ifndef ERROR_H
 #define ERROR_H
 
-extern int errno;
+#include <errno.h>
 
 extern int error_intr;
 extern int error_nomem;
diff --git a/leapsecs_read.c b/leapsecs_read.c
index 62c8712..c8f975f 100644
--- a/leapsecs_read.c
+++ b/leapsecs_read.c
@@ -2,7 +2,6 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <errno.h>
-extern int errno;
 #include "tai.h"
 #include "leapsecs.h"
 
-- 
2.18.0


From db582a2dac299b7d21139c6298b0022b7028f16d Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:17:38 -0500
Subject: [PATCH 03/10] Fix assignment to errno in if condition

Original copied from
https://svnweb.freebsd.org/ports/head/www/publicfile/files/patch-fetch.c
---
 fetch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fetch.c b/fetch.c
index f4a3a01..148cbfa 100644
--- a/fetch.c
+++ b/fetch.c
@@ -82,7 +82,7 @@ static void list(char *fn,int flaglong)
   substdio_puts(&ss,"\r\n");
 }
 
-static int doit(char *fn,int fddata,int fdfile,int how)
+static void doit(char *fn,int fddata,int fdfile,int how)
 {
   DIR *dir;
   direntry *d;
@@ -122,7 +122,7 @@ static int doit(char *fn,int fddata,int fdfile,int how)
       for (;;) {
 	r = read(fdfile,inbuf,sizeof inbuf);
 	if (r == -1) {
-	  if (errno = error_intr) continue;
+	  if (errno == error_intr) continue;
 	  _exit(23);
 	}
 	if (r == 0)
-- 
2.18.0


From d78848854684937accfa9cb6d0a0cbf1092f519e Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:31:20 -0500
Subject: [PATCH 04/10] Support https schemes and SSLREMOTEIP env

Original patch copied from
https://svnweb.freebsd.org/ports/head/www/publicfile/files/publicfile.sslserver
---
 file.c  |  6 +++++-
 httpd.c | 12 ++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/file.c b/file.c
index 5d80e24..5cafd53 100644
--- a/file.c
+++ b/file.c
@@ -15,7 +15,11 @@ static void log(char *fn,char *result1,char *result2,int flagread)
   char *x;
 
   x = env_get("TCPREMOTEIP");
-  if (!x) x = "0";
+  if (!x) {
+    x = env_get("SSLREMOTEIP");
+    if (!x)
+      x = "0";
+  }
   substdio_puts(subfderr,x);
   substdio_puts(subfderr,flagread ? " read ": " dir ");
 
diff --git a/httpd.c b/httpd.c
index d04d154..6353750 100644
--- a/httpd.c
+++ b/httpd.c
@@ -271,8 +271,16 @@ void doit()
       if (!stralloc_copyb(&path,host.s + i,host.len - i)) _exit(21);
       host.len = i;
     }
-    else
-      if (!stralloc_copy(&path,&url)) _exit(21);
+    else {
+      if (case_startb(url.s,url.len,"https://")) {
+        if (!stralloc_copyb(&host,url.s + 8,url.len - 8)) _exit(21);
+        i = byte_chr(host.s,host.len,'/');
+        if (!stralloc_copyb(&path,host.s + i,host.len - i)) _exit(21);
+        host.len = i;
+      }
+      else
+	if (!stralloc_copy(&path,&url)) _exit(21);
+    }
 
     if (!path.len || (path.s[path.len - 1] == '/'))
       if (!stralloc_cats(&path,"index.html")) _exit(21);
-- 
2.18.0


From 5e42ba605be98ed73ba0a00b361288c7c8a9f923 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:33:56 -0500
Subject: [PATCH 05/10] Set installation directory modes to 0755

Original patch from
https://svnweb.freebsd.org/ports/head/www/publicfile/files/patch-hier.c
---
 hier.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hier.c b/hier.c
index 9a30128..6056178 100644
--- a/hier.c
+++ b/hier.c
@@ -2,9 +2,9 @@
 
 void hier()
 {
-  h(auto_home,-1,-1,02755);
+  h(auto_home,-1,-1,0755);
 
-  d(auto_home,"bin",-1,-1,02755);
+  d(auto_home,"bin",-1,-1,0755);
 
   c(auto_home,"bin","configure",-1,-1,0755);
   c(auto_home,"bin","httpd",-1,-1,0755);
-- 
2.18.0


From 2a187e9c8b5057dbfa9ff1b635466f500733c8b3 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:39:44 -0500
Subject: [PATCH 06/10] Install to destdir

---
 .gitignore   |  1 +
 Makefile     | 16 ++++++++++++----
 conf-destdir |  0
 3 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 conf-destdir

diff --git a/.gitignore b/.gitignore
index 59ea2b3..dc320f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
 *.lib
 
 auto_home.c
+auto_destdir.c
 
 direntry.h
 hasdevtcp.h
diff --git a/Makefile b/Makefile
index e7b093a..5c5b59f 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,14 @@ auto_home.o: \
 compile auto_home.c
 	./compile auto_home.c
 
+auto_destdir.c: \
+auto-str conf-destdir
+	./auto-str auto_home `head -1 conf-destdir``head -1 conf-home` > auto_destdir.c
+
+auto_destdir.o: \
+compile auto_destdir.c
+	./compile auto_destdir.c
+
 byte_chr.o: \
 compile byte_chr.c byte.h
 	./compile byte_chr.c
@@ -257,9 +265,9 @@ gen_alloc.h tai.h uint64.h
 	./compile httpdate.c
 
 install: \
-load install.o hier.o auto_home.o strerr.a substdio.a open.a error.a \
+load install.o hier.o auto_destdir.o strerr.a substdio.a open.a error.a \
 str.a
-	./load install hier.o auto_home.o strerr.a substdio.a \
+	./load install hier.o auto_destdir.o strerr.a substdio.a \
 	open.a error.a str.a 
 
 install.o: \
@@ -268,8 +276,8 @@ exit.h
 	./compile install.c
 
 instcheck: \
-load instcheck.o hier.o auto_home.o strerr.a substdio.a error.a str.a
-	./load instcheck hier.o auto_home.o strerr.a substdio.a \
+load instcheck.o hier.o auto_destdir.o strerr.a substdio.a error.a str.a
+	./load instcheck hier.o auto_destdir.o strerr.a substdio.a \
 	error.a str.a 
 
 instcheck.o: \
diff --git a/conf-destdir b/conf-destdir
new file mode 100644
index 0000000..e69de29
-- 
2.18.0


From 4e53520478986cf6dc8b4205e3f528066a47e372 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Fri, 3 Aug 2018 22:43:33 -0500
Subject: [PATCH 07/10] Lookup file suffix to MIME type in the environment

Original patch by
https://www.ohse.de/uwe/patches/publicfile-0.52-filetype-diff
---
 filetype.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/filetype.c b/filetype.c
index 4f58986..a9b179f 100644
--- a/filetype.c
+++ b/filetype.c
@@ -1,5 +1,6 @@
 #include "filetype.h"
 #include "str.h"
+#include "env.h"
 
 void filetype(char *fn,stralloc *contenttype)
 {
@@ -22,7 +23,7 @@ void filetype(char *fn,stralloc *contenttype)
       if (!stralloc_append(contenttype,&ch)) _exit(21);
     }
   else {
-    result = "text/plain";
+    result = 0;
     if (str_equal(x,".html")) result = "text/html";
     else if (str_equal(x,".gz")) result = "application/x-gzip";
     else if (str_equal(x,".dvi")) result = "application/x-dvi";
@@ -32,6 +33,15 @@ void filetype(char *fn,stralloc *contenttype)
     else if (str_equal(x,".jpeg")) result = "image/jpeg";
     else if (str_equal(x,".png")) result = "image/png";
     else if (str_equal(x,".mpeg")) result = "video/mpeg";
+	if (!result) {
+		stralloc envname = {0};
+		if (!stralloc_copys(&envname,"CT_")) _exit(21);
+		if (!stralloc_cats(&envname,x+1)) _exit(21);
+		if (!stralloc_0(&envname)) _exit(21);
+		result=env_get(envname.s);
+		alloc_free(envname.s); /* is this the right function */
+	}
+	if (!result) result="text/plain";
 
     if (!stralloc_cats(contenttype,result)) _exit(21);
   }
-- 
2.18.0


From 5db18beaccbc146cb0fba7836b3bb39e1e86db9c Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Sat, 4 Aug 2018 00:59:27 -0500
Subject: [PATCH 08/10] Add security and charset headers

---
 filetype.c |  4 ++--
 httpd.c    | 32 ++++++++++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/filetype.c b/filetype.c
index a9b179f..961476b 100644
--- a/filetype.c
+++ b/filetype.c
@@ -24,7 +24,7 @@ void filetype(char *fn,stralloc *contenttype)
     }
   else {
     result = 0;
-    if (str_equal(x,".html")) result = "text/html";
+    if (str_equal(x,".html")) result = "text/html; charset=utf-8";
     else if (str_equal(x,".gz")) result = "application/x-gzip";
     else if (str_equal(x,".dvi")) result = "application/x-dvi";
     else if (str_equal(x,".ps")) result = "application/postscript";
@@ -41,7 +41,7 @@ void filetype(char *fn,stralloc *contenttype)
 		result=env_get(envname.s);
 		alloc_free(envname.s); /* is this the right function */
 	}
-	if (!result) result="text/plain";
+	if (!result) result="text/plain; charset=utf-8";
 
     if (!stralloc_cats(contenttype,result)) _exit(21);
   }
diff --git a/httpd.c b/httpd.c
index 6353750..858a258 100644
--- a/httpd.c
+++ b/httpd.c
@@ -69,7 +69,35 @@ void header(char *code,char *message)
     out_puts("HTTP/1.1 ");
   out_puts(code);
   out_puts(message);
-  out_puts("\r\nServer: publicfile\r\nDate:");
+  out_puts(
+  "\r\nStrict-Transport-Security: max-age=300; includeSubDomains"
+  "\r\nContent-Security-Policy:"
+    " default-src 'self';"
+    " style-src 'self' 'unsafe-inline';"
+  "\r\nX-Frame-Options: DENY"
+  "\r\nX-XSS-Protection: 1; mode=block"
+  "\r\nX-Content-Type-Options: nosniff"
+  "\r\nReferrer-Policy: strict-origin-when-cross-origin"
+  "\r\nFeature-Policy:"
+    " vibrate 'none';"
+    " camera 'none';"
+    " encrypted-media 'none';"
+    " fullscreen 'none';"
+    " geolocation 'none';"
+    " gyroscope 'none';"
+    " magnetometer 'none';"
+    " microphone 'none';"
+    " midi 'none';"
+    " payment 'none';"
+    " speaker 'none';"
+    " sync-xhr 'none';"
+    " usb 'none';"
+    " vr 'none';"
+    " picture-in-picture 'none';"
+    " document-write 'none';"
+    " animations 'none';"
+    " autoplay 'none'"
+  "\r\nDate:");
   if (!httpdate(&nowstr,&now)) _exit(21);
   out_put(nowstr.s,nowstr.len);
   out_puts("\r\n");
@@ -85,7 +113,7 @@ void barf(char *code,char *message)
     out_puts("\r\n");
     if (protocolnum == 2)
       out_puts("Connection: close\r\n");
-    out_puts("Content-Type: text/html\r\n\r\n");
+    out_puts("Content-Type: text/html; charset=utf-8\r\n\r\n");
   }
   if (flagbody) {
     out_puts("<html><body>");
-- 
2.18.0


From 1df537de4e1598177fdf6a60b0006850d9626535 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Sat, 4 Aug 2018 01:53:33 -0500
Subject: [PATCH 09/10] Use XHTML 1.1 in error reports

---
 filetype.c |  2 +-
 httpd.c    | 19 +++++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/filetype.c b/filetype.c
index 961476b..f04c7b2 100644
--- a/filetype.c
+++ b/filetype.c
@@ -24,7 +24,7 @@ void filetype(char *fn,stralloc *contenttype)
     }
   else {
     result = 0;
-    if (str_equal(x,".html")) result = "text/html; charset=utf-8";
+    if (str_equal(x,".html")) result = "application/xhtml+xml; charset=utf-8";
     else if (str_equal(x,".gz")) result = "application/x-gzip";
     else if (str_equal(x,".dvi")) result = "application/x-dvi";
     else if (str_equal(x,".ps")) result = "application/postscript";
diff --git a/httpd.c b/httpd.c
index 858a258..5247fb5 100644
--- a/httpd.c
+++ b/httpd.c
@@ -105,20 +105,31 @@ void header(char *code,char *message)
 
 void barf(char *code,char *message)
 {
+  static char HEADER[] =
+  "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n"
+  "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\r\n"
+  "<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n"
+  "<head><title>Error</title></head>\r\n"
+  "<body>\r\n"
+  "<p>";
+  static char FOOTER[] =
+  "</p>\r\n"
+  "</body>\r\n"
+  "</html>\r\n";
   if (protocolnum > 0) {
     tai_now(&now);
     header(code,message);
     out_puts("Content-Length: ");
-    out_put(strnum,fmt_ulong(strnum,str_len(message) + 28));
+    out_put(strnum,fmt_ulong(strnum,str_len(message) + sizeof(HEADER) + sizeof(FOOTER) - 2));
     out_puts("\r\n");
     if (protocolnum == 2)
       out_puts("Connection: close\r\n");
-    out_puts("Content-Type: text/html; charset=utf-8\r\n\r\n");
+    out_puts("Content-Type: application/xhtml+xml; charset=utf-8\r\n\r\n");
   }
   if (flagbody) {
-    out_puts("<html><body>");
+    out_puts(HEADER);
     out_puts(message);
-    out_puts("</body></html>\r\n");
+    out_puts(FOOTER);
   }
   out_flush();
   if (protocolnum >= 2) {
-- 
2.18.0


From f579885311b0b44814ef1e5fc69a511704901392 Mon Sep 17 00:00:00 2001
From: Jesse Young <jlyo@jlyo.org>
Date: Sat, 4 Aug 2018 13:08:24 -0500
Subject: [PATCH 10/10] Add some modern MIME types

---
 filetype.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/filetype.c b/filetype.c
index f04c7b2..60bfba3 100644
--- a/filetype.c
+++ b/filetype.c
@@ -25,6 +25,12 @@ void filetype(char *fn,stralloc *contenttype)
   else {
     result = 0;
     if (str_equal(x,".html")) result = "application/xhtml+xml; charset=utf-8";
+    else if (str_equal(x,".css")) result = "text/css";
+    else if (str_equal(x,".js")) result = "application/javascript";
+    else if (str_equal(x,".json")) result = "application/json";
+    else if (str_equal(x,".xml")) result = "application/xml; charset=utf-8";
+    else if (str_equal(x,".rss")) result = "application/rss+xml; charset=utf-8";
+    else if (str_equal(x,".atom")) result = "application/atom+xml; charset=utf-8";
     else if (str_equal(x,".gz")) result = "application/x-gzip";
     else if (str_equal(x,".dvi")) result = "application/x-dvi";
     else if (str_equal(x,".ps")) result = "application/postscript";
-- 
2.18.0