Implement HTTP/2 and WebSocket support; remove legacy JavaScript and CSS files

- Added HTTP/2 support in src/http2.c and src/http2.h, including session management, frame handling, and response sending. - Introduced WebSocket functionality in src/websocket.c and src/websocket.h, covering handshake, frame parsing, and message sending. - Created a WebSocket test page (www/websocket-test.html) for client-side interaction. - Removed outdated JavaScript (www/script.js) and CSS (www/style.css) files.
2025-10-02 21:14:23 +00:00
parent 7028a0cb11
commit a2c4617493
15 changed files with 2062 additions and 174 deletions
--- a/README.md
+++ b/README.md
@@ -3,13 +3,32 @@
 # 🔥 Carbon HTTP Server

 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![Platform](https://img.shields.io/badge/Platform-Linux-green.svg)](https://www.linux.org/)
+[![Platform](https://img.shields.io/badge/Platform**Configuration Options:**
+- `port`: HTTP port (default: 8080)
+- `use_https`: Enable HTTPS - accepts: true/false, yes/no, on/off, 1/0
+- `log_file`: Path to log file
+- `max_threads`: Number of worker threads
+- `server_name`: Your domain or IP address
+- `verbose`: Enable detailed logging - accepts: true/false, yes/no, on/off, 1/0
+- `enable_http2`: Enable HTTP/2 support (requires HTTPS) - coming soon
+- `enable_websocket`: Enable WebSocket support (default: true)
+
+**Note:** Boolean values are flexible and accept multiple formats:
+- True: `true`, `yes`, `on`, `1`
+- False: `false`, `no`, `off`, `0`
+
+Values can optionally be quoted with single or double quotes.svg)](https://www.linux.org/)
 [![Language](https://img.shields.io/badge/Language-C-orange.svg)](https://en.wikipedia.org/wiki/C_(programming_language))
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](http://makeapullrequest.com)

 **A high-performance HTTP/HTTPS server written in C for Linux systems**

-*Features advanced security, caching, and asynchronous I/O capabilities*
+*Features HTTP/2, WebSocket, advanced security, caching, and asynchronous I/O capabilities*
+
+![HTTP/2](https://img.shields.io/badge/HTTP%2F2-✓-success)
+![WebSocket](https://img.shields.io/badge/WebSocket-RFC%206455-success)
+![SSL/TLS](https://img.shields.io/badge/SSL%2FTLS-OpenSSL-blue)
+![Epoll](https://img.shields.io/badge/I%2FO-epoll-orange)

 > **⚠️ WORK IN PROGRESS**: This project is currently under active development and is not yet a full release. Features may be incomplete, APIs may change, and bugs may be present. Use in production environments at your own risk.

@@ -36,7 +55,14 @@

 ## 🌟 Overview

-Carbon is a production-ready HTTP/HTTPS server implementation in C, designed for high performance and security. Built with modern Linux systems in mind, it leverages epoll-based I/O, thread pooling, and comprehensive security measures to deliver a robust web serving solution.
+Carbon is a modern, production-ready HTTP/HTTPS server implementation in C, designed for high performance and security. Built with modern Linux systems in mind, it features **full HTTP/2 support**, **RFC 6455 compliant WebSocket** implementation, epoll-based asynchronous I/O, thread pooling, and comprehensive security measures to deliver a robust web serving solution.
+
+**Key Highlights:**
+- 🚀 **HTTP/2 with ALPN** - Automatic protocol negotiation, multiplexing, and header compression
+- 🔌 **WebSocket Support** - Real-time bidirectional communication (ws:// and wss://)
+- 🔒 **Modern Security** - SSL/TLS, rate limiting, security headers, memory-safe operations
+- ⚡ **High Performance** - Epoll-based I/O, thread pooling, zero-copy transfers
+- 🛠️ **Easy Configuration** - Linux-style config files, comprehensive documentation

 ## ✨ Features

@@ -55,12 +81,22 @@ Carbon is a production-ready HTTP/HTTPS server implementation in C, designed for
 - **Security Headers**: CSP, HSTS, X-Frame-Options, and more
 - **Input Sanitization**: Protection against path traversal and injection attacks
 - **Buffer Overflow Prevention**: Memory-safe operations throughout
+- **Memory Leak Prevention**: Comprehensive resource management and cleanup
+
+### 🌐 Modern Web Features
+- **HTTP/2 Support**: Full HTTP/2 implementation with ALPN negotiation
+- **WebSocket Support**: Full RFC 6455 compliant WebSocket implementation
+- **Secure WebSockets (wss://)**: Encrypted WebSocket connections over TLS
+- **Protocol Negotiation**: Automatic HTTP/2 or HTTP/1.1 via ALPN
+- **Real-time Communication**: Bidirectional messaging with WebSocket frames
+- **Binary & Text Frames**: Support for all WebSocket frame types (text, binary, ping, pong, close)

 ### 🛠️ Developer Features
- **JSON Configuration**: Easy-to-edit configuration files
+- **Linux-Style Configuration**: Easy-to-edit .conf files with comments
 - **Comprehensive Logging**: Detailed logs with rotation support
 - **MIME Type Detection**: Automatic content-type detection via libmagic
 - **Debug Mode**: Built-in debugging support for development
+- **Echo Server**: Built-in WebSocket echo server for testing

 ## 📦 Prerequisites

@@ -74,8 +110,8 @@ sudo apt-get update
 sudo apt-get install -y \
    build-essential \
    libssl-dev \
-    libcjson-dev \
    libmagic-dev \
+    libnghttp2-dev \
    pkg-config
 ```

@@ -88,11 +124,30 @@ sudo apt-get install -y \
 git clone https://github.com/Azreyo/Carbon.git
 cd Carbon

+# Install dependencies
+sudo apt-get update
+sudo apt-get install -y build-essential libssl-dev libmagic-dev libnghttp2-dev
+
 # Build the server
 make

+# Generate SSL certificates (for testing)
+mkdir -p certs
+openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
+  -keyout certs/key.pem -out certs/cert.pem \
+  -subj "/C=US/ST=State/L=City/O=Carbon/CN=localhost"
+
+# Configure server (edit server.conf)
+# Set: use_https = true, enable_http2 = true, enable_websocket = true
+
 # Run the server
-./server
+sudo ./server
+
+# Test HTTP/2
+curl --http2 -k https://localhost:443/
+
+# Test WebSocket
+# Visit https://localhost:443/websocket-test.html in your browser
 ```

 ### Build Options
@@ -111,10 +166,10 @@ make clean        # Clean build artifacts
 If you prefer manual compilation:

 ```bash
-gcc server.c config_parser.c server_config.c -o server \
+gcc src/server.c src/config_parser.c src/server_config.c src/websocket.c src/http2.c -o server \
    -D_GNU_SOURCE \
    -Wall -Wextra -O2 \
-    -lssl -lcrypto -lpthread -lmagic -lcjson
+    -lssl -lcrypto -lpthread -lmagic -lnghttp2
 ```

 ## ⚙️ Configuration
@@ -168,6 +223,9 @@ verbose = true
 **Configuration Options:**
 - `port`: HTTP port (default: 8080)
 - `use_https`: Enable HTTPS - accepts: true/false, yes/no, on/off, 1/0 (requires SSL certificates)
+- `https_port`: HTTPS port (default: 443)
+- `enable_http2`: Enable HTTP/2 support (requires HTTPS and ALPN)
+- `enable_websocket`: Enable WebSocket support (default: true)
 - `log_file`: Path to log file
 - `max_threads`: Number of worker threads
 - `server_name`: Your domain or IP address
@@ -229,8 +287,142 @@ curl http://localhost:8080

 # Test HTTPS endpoint (if enabled)
 curl -k https://localhost:443
+
+# Test HTTP/2 (requires HTTPS)
+curl --http2 -k https://localhost:443
+
+# Verify HTTP/2 negotiation
+openssl s_client -connect localhost:443 -alpn h2 < /dev/null 2>&1 | grep "ALPN protocol"
 ```

+### WebSocket Usage
+
+Carbon includes full WebSocket support for real-time bidirectional communication.
+
+**JavaScript Client Example:**
+```javascript
+// Connect to WebSocket server
+const ws = new WebSocket('ws://localhost:8080');
+
+// Connection opened
+ws.addEventListener('open', (event) => {
+    console.log('Connected to server');
+    ws.send('Hello Server!');
+});
+
+// Listen for messages
+ws.addEventListener('message', (event) => {
+    console.log('Message from server:', event.data);
+});
+
+// Handle errors
+ws.addEventListener('error', (error) => {
+    console.error('WebSocket error:', error);
+});
+
+// Connection closed
+ws.addEventListener('close', (event) => {
+    console.log('Disconnected from server');
+});
+```
+
+**Secure WebSocket (wss://):**
+```javascript
+const wss = new WebSocket('wss://your-domain.com');
+// Same API as above
+```
+
+**Testing with wscat:**
+```bash
+# Install wscat
+npm install -g wscat
+
+# Connect to WebSocket server
+wscat -c ws://localhost:8080
+
+# Connect to secure WebSocket
+wscat -c wss://localhost:443 --no-check
+
+# Type messages and press Enter to send
+# The server will echo them back
+```
+
+**Python Client Example:**
+```python
+import websocket
+
+def on_message(ws, message):
+    print(f"Received: {message}")
+
+def on_open(ws):
+    print("Connected")
+    ws.send("Hello from Python!")
+
+ws = websocket.WebSocketApp("ws://localhost:8080",
+                           on_message=on_message,
+                           on_open=on_open)
+ws.run_forever()
+```
+
+### HTTP/2 Support
+
+Carbon includes full HTTP/2 support with automatic protocol negotiation via ALPN.
+
+**Features:**
+- ✅ HTTP/2 server push (stream multiplexing)
+- ✅ HPACK header compression
+- ✅ Binary framing protocol
+- ✅ Automatic fallback to HTTP/1.1
+- ✅ ALPN protocol negotiation
+- ✅ Server-side stream management
+
+**Configuration:**
+
+Enable HTTP/2 in `server.conf`:
+```ini
+use_https = true
+enable_http2 = true
+https_port = 443
+```
+
+**Testing HTTP/2:**
+
+```bash
+# Test with curl (verbose)
+curl -v --http2 -k https://localhost:443/
+
+# Check ALPN negotiation
+openssl s_client -connect localhost:443 -alpn h2 < /dev/null 2>&1 | grep "ALPN protocol"
+
+# Test with h2load (load testing)
+h2load -n 1000 -c 10 https://localhost:443/
+
+# Use the diagnostic script
+./check-http2.sh
+```
+
+**Browser Support:**
+
+All modern browsers support HTTP/2:
+- ✅ Chrome/Chromium 40+
+- ✅ Firefox 36+
+- ✅ Safari 9+
+- ✅ Edge (all versions)
+- ✅ Opera 27+
+
+Browsers automatically negotiate HTTP/2 when connecting to HTTPS sites that support it.
+
+**Performance Benefits:**
+
+HTTP/2 provides significant performance improvements:
+- **Multiplexing**: Multiple requests over a single connection
+- **Header Compression**: Reduced overhead with HPACK
+- **Server Push**: Proactive resource delivery
+- **Binary Protocol**: More efficient parsing
+- **Stream Prioritization**: Better resource loading
+
+See [HTTP2_TESTING.md](HTTP2_TESTING.md) for detailed testing instructions.
+
 ## 📁 Project Structure

 ```
@@ -239,7 +431,11 @@ Carbon/
 │   ├── server.c          # Main server implementation
 │   ├── server_config.c   # Configuration management
 │   ├── server_config.h   # Configuration headers
-│   └── config_parser.c   # Configuration file parser
+│   ├── config_parser.c   # Configuration file parser
+│   ├── websocket.c       # WebSocket implementation
+│   ├── websocket.h       # WebSocket headers
+│   ├── http2.c           # HTTP/2 implementation
+│   └── http2.h           # HTTP/2 headers
 ├── Makefile              # Build configuration
 ├── server.conf           # Server configuration file (Linux-style)
 ├── README.md             # This file
@@ -249,6 +445,7 @@ Carbon/
 │   └── key.pem
 ├── www/                  # Web root directory
 │   ├── index.html
+│   ├── websocket-test.html  # WebSocket test client
 │   ├── css/
 │   ├── js/
 │   └── images/
@@ -260,14 +457,17 @@ Carbon/

 | Feature | Priority | Status |
 |---------|----------|--------|
-| HTTP/2 Support | High | 📋 Planned |
-| WebSocket Support | Medium | 📋 Planned |
-| User Authentication | High | 📋 Planned |
+| HTTP/2 Support | High | ✅ Implemented |
+| WebSocket Support | High | ✅ Implemented |
+| Secure WebSocket (wss://) | High | ✅ Implemented |
 | API Rate Limiting | High | ✅ Implemented |
+| Security Headers | High | ✅ Implemented |
+| Memory Leak Prevention | High | ✅ Implemented |
+| User Authentication | High | 📋 Planned |
 | Reverse Proxy Mode | Medium | 📋 Planned |
 | Load Balancing | Low | 📋 Planned |
 | Docker Support | Medium | 📋 Planned |
-| Comprehensive API Docs | Medium | 📋 Planned |
+| Comprehensive API Docs | Medium | <EFBFBD> In Progress |

 ## 🤝 Contributing

@@ -303,12 +503,20 @@ Carbon implements multiple security layers, but for production deployments:

 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

-## 🙏 Acknowledgments
+## <EFBFBD> Documentation
+
+- **[LETSENCRYPT_SETUP.md](LETSENCRYPT_SETUP.md)** - Complete guide for setting up Let's Encrypt SSL certificates
+- **[SSL_FOR_IP_ADDRESS.md](SSL_FOR_IP_ADDRESS.md)** - SSL certificate options when using IP addresses
+- **[SELF_SIGNED_CERTIFICATES.md](SELF_SIGNED_CERTIFICATES.md)** - Guide for generating and managing self-signed certificates
+- **[HTTP2_TESTING.md](HTTP2_TESTING.md)** - HTTP/2 testing and verification guide
+- **[check-http2.sh](check-http2.sh)** - Automated HTTP/2 diagnostic script
+
+## <20>🙏 Acknowledgments

 Carbon is built with these excellent open-source libraries:

- [OpenSSL](https://www.openssl.org/) - SSL/TLS cryptography
- [cJSON](https://github.com/DaveGamble/cJSON) - Lightweight JSON parser
+- [OpenSSL](https://www.openssl.org/) - SSL/TLS cryptography and ALPN support
+- [nghttp2](https://nghttp2.org/) - HTTP/2 protocol implementation
 - [libmagic](https://www.darwinsys.com/file/) - MIME type detection

 ---