Talk:Wii Web Server

From WiiBrew
Jump to: navigation, search

My quality assurence

Rest assured that I will be merciless when doing quality assurements on this one. Don't expect to get any cheats by me, you better be designing a proper structure. While I am fine with c, I do recommend c++. Btw, I checked the CVS (Personally I suggest that you upgrade to SVN instead of CVS, SF got both and they are equally easy to work with, SVN just is better) repo and while I sure didn't have any high expectations, I wasn't stunned. Better get something neat done. Oh yeah, just for a challenge, see if you can write a PHP SAPI for the service while you are at it, it's easier than you expect.--henke37 10:46, 4 June 2008 (PDT)

Seriously, I checked out the progress and I am not enjoying it. Get a grip! No sleeping during the program! No infinite recursion! No random while loops! Write a real request parser! And stop with the hardcoded reply headers. It is one thing to make a POC, but that stage is past now, time to start working for real. Also, go learn threading, a http service just can't be single threaded.--henke37 01:56, 5 June 2008 (PDT)
Cut me some slack, this is my first proper C project, i know so little C that everytime i do somthing i have to google it. Everything that has been done is meant to be functional, not pretty. There are no wrong ways to code, just finding a way that works. I have been coding it for a week, for about and hour daily, so thats about 7 hours to get this far. Be patient, the request parser is in the works. The sleeping has to be there for the HTTP sending to work without the socket closing before its has finished being sent, if its not there then the browser complains about loss of connection. This was never means to be a massive serious project, just a way to learn C that turned out better than expected. :-P Cboomf 02:02, 5 June 2008 (PDT)
I am deeply sorry that I've been so harsh. I now see that you are honestly trying your best. I think that you are making progress. Please don't think that all I do is to make harsh comments, I am happy to assist if you chat me up on IRC. I promise to cut you some slack.--henke37 12:50, 6 June 2008 (CEST)
Much appreciated henke37 Cboomf 18:44, 6 June 2008 (CEST)

Time for some constructive criticism

I think I see a negative pattern in your code. Do not make a new function for each page. Make a generic function that you call with different parameters. Like a struct or object with a bunch of fields that represent the request. And do not do any infinite recursion. Do infinite loops, not recursion.--henke37 09:56, 8 June 2008 (CEST)

09-June-2008

Please abstract things a bit more. No stupid globals, and seriously, get rid of the infinite recursion. Also, I hope that you understand how extremely likely it is for a file to not be found. Send proper 404 responses instead of being open for a single hit DOS attack. Also, start using threading now, a single thread just does not do for a multi user service.--henke37 00:11, 9 June 2008 (CEST) Once i have the file size sorted (i.e allow files larger than 4KB), then 404 and threading are on the cards cos only then will this start being any use Cboomf 20:22, 10 June 2008 (CEST)

28-June-2008

I see that you are making progress nicely. Here is a few issues that I noticed:

  • Indention issues, try just writing it like "else if" and don't add any extra indention, it keeps the indention level sane when having a lot of conditions.
  • 500 pages uses 404 lenghts
  • Fixing of folders to index.html is hardcoded and not heuristic and will fail for sub-directories.
  • Directory traversal vulnerabilities allows people to sneak out of the web root. Ops, now people can "borrow" all those "borrowed" games you also happen to have on the sd-card.

And here is a few ideas (hurry slow and all that):

  • Add a way to add directory aliases
  • Add the capability to use the Range header
  • Add support for the cache control headers (please read the RFC before doing these)
  • Add access control features.
  • Eventually, it could be neat to have vhost support
  • It could be neat to have SSL support
  • There is no cool control interface on the tv.

--henke37 21:51, 28 June 2008 (CEST)

02-July-2008

Misc bugs today, no show stoppers this time.

  • Directories without an ending / is not redirected to the same url, but with a slash
  • There is no directory listing if there is no index.html
  • Request specific info is stored in globals (not safe for multi threading in the future)
  • Exact server version is not in the http reply headers
  • Connections is not timed out if the client doesn't make any requests
  • Date header is hardcoded to the past.

Misc suggestions (easy too):

  • Custom error pages
  • The ability to turn off the builtin pages so that they can be replaced

--henke37 15:24, 2 July 2008 (CEST)

03-July-2008

Today I just have a few updates to the mime type table.

--henke37 10:58, 3 July 2008 (CEST)

Ok, I did find some minor bugs:

  • HEAD requests may not have any reply body, no matter the reply code.
  • Url encoding decoding is more or less incomplete. Space is not the only thing that can be encoded with the percent sign. Btw, the Plus sign also stands for a space.

--henke37 11:09, 3 July 2008 (CEST)

"Lump of fun"

I think I found it! Goto 192.168.X.Y/tux to find!

[1]

Well done wasn't too hard was it XD... Cboomf 11:19, 8 June 2008 (CEST)

Usage

Where do the HTML files go? Just trying to do some of my own home theater testing ideas with this. Also, what does this use? Apache etc. type of thing. Pinball wizard 21:16, 7 June 2008 (CEST)

Until alpha v0.4, you can't use your own html files, (well, you can, sort of, but its not recommended and might not work) and it uses my own code, not apache or anything Cboomf 22:23, 7 June 2008 (CEST)
Thanks, I'm going to use tis later on today. Time to start home theatering remotely.
Alpha v0.4 only lets html be loaded, but in alpha v0.5 any file type is planned Cboomf 17:23, 8 June 2008 (CEST)
Any file type (listed on main page) and of any size can now be sent Cboomf 10:07, 26 June 2008 (CEST)

PHP

Hey,

I like the progress of your web server, I think its coming along nicely. I do not know if it is a hard thing to do but would it be possible to implement PHP?

PHP is designed to be easy to add to servers. You just need to call less than 10 functions. One to init the engine, one to init the request, one to set the callback for the output headers, one to close the request and one to close the engine.--henke37 23:24, 22 June 2008 (CEST)
Yeah, the header part is going to be the killer here. This project just does not do the headers at all. It just has them hardcoded. Btw, for those who want to give this a shot, look at the SAPI folder in the PHP sources, you need to create one folder like those.--henke37 23:33, 22 June 2008 (CEST)
Can you provide a link, i have no idea where they are Cboomf
Here in the php cvs repo.--henke37 19:06, 24 June 2008 (CEST)
PHP itself is useless. To use PHP someone has to port the PHP application including most of the common modules and its dependencies. Bugs in those libraries (and/or your php application or the webserver itself) may allow crackers and scriptkiddies to execute code on your Wii and to actually brick it. Tempory files would have to be stored on a NAND memory (a SD card or the internal NAND) which would drastically reduce the lifetime of this memory. A implementation of php causes a lot of significant problems but has nearly no benefit.
You can use GNU Make + PHP (or XML and XSLT etc.) to easily create a whole bunch of static web pages which use shared data (header, footer, menus etc.) and/or content from a database. -- Tz 20:07, 27 June 2008 (CEST)

Torrent Files?

I was looking at the supported files and I saw .torrent? What? When you put it on your Wii, will it DOWNLOAD .torrent files or what? If not, then what is the point of implementing it? TheDuck 07:54, 23 June 2008 (CEST)

It enables people to download torrents via torrent links... Pertmywert 08:32, 23 June 2008 (CEST)
It just allows .torrent files to be downloaded, is is not a torrent client or tracker Cboomf

quit function

i am just sharring my thoughts.

quote: To quit, type "//quit" at the end of the web-address, so - "192.168.0.X//quit", will now return to HBC

i think now your webserver is getting somewhat mature you should think about security for a moment. anyone being able to shut down a webserver from anywhere is a little bit of a security risk i think. there should at least be a username ans password, prefrebly a list of allowed ip (ranges) and maby sometime in the future an ssl implementation. usernames and passwords should not be hardcoded ofcourse, the xmllib is a good point to start a config file. "192.168.0.X//admin" could be a page to manage the webserver's functions (including the quit function). good luck on your project! Bitflusher 09:39, 23 June 2008 (CEST)

I am sure they know of the impact of the link. If you are so worried, take it out. Personally I think that there currently is bigger issues with the software. It still uses infinite recursion. This is no good. Even after a few thousand requests, it's going to run out of stack space.--henke37 12:29, 23 June 2008 (CEST)
I am working on a way to stop the infinite recursion, maybe using threading, maybe not sunce i have never used it. The //admin page is not a bad idea but would require a fair amount of work, maybe about in beta v0.1 (ish), so not soon anyway Cboomf
I like that you are working on it. But next time, don't forget to remove the loops too. Sure, they are not a problem. They just look stupid.--henke37 19:04, 24 June 2008 (CEST)
The loops are now removed and so is the infinite recursion Cboomf 22:36, 24 June 2008 (CEST)


Just a suggestion - I'd really like the ability to shut off the webserver (and/or the wii, both are very simple) from a remote computer, but of course I wouldn't want other people to be able to do it. Therefore: allow users to create a file somewhere on the SD card, probably the root directory, which contains a password which could be appended to the //quit - so to shut off the wii, for example, I might type 192.168.7.54//quit_thisisapassword. There can't be a default password, of course, but this functionality would be really useful and easy to implement.

Mp3

I cant get mp3s working it gives me a cant find image, am I doing something wrong?Pebls123 22:29, 24 June 2008 (CEST)

Could you please provide more details :-) Cboomf 22:35, 24 June 2008 (CEST)
never mind,I got it working. Pebls123 05:54, 25 June 2008 (CEST)


I may be stupid. but how does this work?

when i load the application in HBC it starts and it says ready and then thats all. :S can someone explain me this?

You then open your web browser then dial in the wii's ip in the address bar and hey presto, there is no user interaction needed, to shut down you use http://192.168.0.X//quit as explained above, OK. It sets itself up on your network, then loads files from the front sd on request, all you have to do is browse it :D Cboomf 18:58, 25 June 2008 (CEST)

Can someone tell how to look for music or video files?

I think not all of us know how this work, if there is someone with the time to do a simple list of instructions on how to write down or whatever it has to be done to look for a file, this program could become easier, so please anyone? Thanks.--Bushe777 03:37, 29 June 2008 (CEST)

I'm willing to assist you, if you make what you want clear. You want to know how to search for files... Files on your SD card? Pertmywert 13:17, 3 July 2008 (CEST)