CppCMS Blog :: Progress http://blog.cppcms.com/ A blog on CppCMS - C++ Web Development Framework Web Server Upgrade http://blog.cppcms.com/post/128 http://blog.cppcms.com/post/128 <div style="direction:ltr"> <p><a href="http://cppcms.com">http://cppcms.com</a> and <a href="http://blog.cppcms.com">http://blog.cppcms.com</a> were migrated to new ec2 Ubuntu 20.04 server. If you notice any issues update please.</p> <p>Known Issues: there are problems with wikipp table of content. I'll handle it later. <strong>Fixed</strong></p> </div> Next CppCMS Major Feature Poll http://blog.cppcms.com/post/126 http://blog.cppcms.com/post/126 <div style="direction:ltr"> <p>I'm looking into implementing next major feature that I can complete with reasonable effort. I have a list of following topics:</p> <ol> <li>HTTP/1.1 support - it would allow keep alive support and better performance overall for multiple requests. It would allow future implementation of web sockets.</li> <li>Multiple-Event-Loop support - today there is only 1 event loop for the service and it can be a bottleneck for small requests on systems with high core count.</li> <li>SSL support - for embedded systems that need proper web server.</li> <li>C++11 cleanup - replace all booster primitives that exist in C++11 with standard (<code>shared_ptr</code>, <code>thread</code>, <code>mutex</code>, etc) provide move constructors for many objects, replace <code>auto_ptr</code> by <code>unique_ptr</code>.</li> </ol> <p>Feel free to suggest other ideas that you can think of that would be beneficial.</p> <p>Comment below or sent e-mail to cppcms-users mailing list.</p> </div> CppCMS 1.2.1 - security update was released today http://blog.cppcms.com/post/123 http://blog.cppcms.com/post/123 <div style="direction:ltr"> <p>Security Bug Fixes:</p> <ul> <li>Fixed security bug fix in JSON parser module that can lead to DOS</li> </ul> <p>Bugs Fixed:</p> <ul> <li>Fixed issues #36 - building with GZIP disabled</li> <li>Fixed issue #150 - incorrect parsing of multipart form</li> </ul> <p>Changes:</p> <ul> <li>By default CppCMS now uses OpenSSL instead of GNU-TLS if both available (you can change behavior back by adding <code>-DDISABLE_OPENSSL=ON</code> to cmake)</li> </ul> <p><strong>Special Thanks to Khaled Yakdan from code-intelligence.de for reporting this security issue</strong></p> </div> CppCMS 1.1.1 Release Candidate 1 is Available http://blog.cppcms.com/post/120 http://blog.cppcms.com/post/120 <div style="direction:ltr"> <p>New version includes following changes:</p> <ul> <li><p>Nightly build system updated to moderns OSes/compilers:</p> <ol> <li>Windows XP -> Windows 7</li> <li>MSVC 2008 x86 to MSVC 2017 x86/x65</li> <li>MinGW GCC 4.5 x86 -> 7.1 x86/x64</li> <li>OpenSolars 2009 to Solaris 11</li> <li>FreeBSD 10 -> FreeBSD 11.1</li> <li>Added travis.yml for Mac OS X builds</li> </ol> </li> <li><p>Improved http timeouts handling on non Linux/Windows OSes.</p></li> <li>Fixed incorrect asynchronous IO handing in <code>*cgi</code> API.</li> <li>Added support of <code>SOL_SNDBUF/SOL_RCVBUF</code> to service configuration</li> <li>Fixed HTTP timeout handling on Solaris</li> <li>Fixed #24 failure to send large blocks asynchronously over FastCGI</li> <li>Fixied issue #21 Program produces 100% CPU load on one core - due to incorrect EOF handling</li> <li>Fixed icu backend test for ICU >= 60.1</li> <li>Fixed missing <code>getenv(std::string const &amp;)</code> issue #16</li> <li>Fixed issues with codecvt generation FreeBSD/clang</li> <li>Use Windows Vista/7 API by defaults since XP reached EOL.</li> <li>Fixed incorrect async connect error handling</li> <li>Lineup with Boost.Locale 1.65</li> <li>Updated session interface for external languages and unit tests</li> </ul> </div> CppCMS 1.1.0 Beta was released http://blog.cppcms.com/post/119 http://blog.cppcms.com/post/119 <div style="direction:ltr"> <p>After the goals for 1.2 were completed I announce official CppCMS 1.1.0 beta (stable will be 1.2.0)</p> <p>It is available on the usual place:</p> <p><a href="https://sourceforge.net/projects/cppcms/files/cppcms/1.1.0-beta/cppcms-1.1.0.tar.bz2">https://sourceforge.net/projects/cppcms/files/cppcms/1.1.0-beta/cppcms-1.1.0.tar.bz2</a></p> <p>It includes many new and important features:</p> <p><a href="http://cppcms.com/wikipp/en/page/cppcms_1_2_whats_new">http://cppcms.com/wikipp/en/page/cppcms_1_2_whats_new</a></p> <p>Now I ask the community to fully participate in beta testing so 1.2 will be released ASAP.</p> <h3>Goals for beta testing</h3> <h4>Framework Unit Test:</h4> <ol> <li>Download the beta version, build, run tests</li> <li>Report on what platform you tested: OS, Compiler version, standard library (libstdc++/libc++)</li> <li>Have you had any tests failed and if you had please attach Testing/Temporary/LastTest.log and CMakeCache.txt from your build directory</li> </ol> <p>I specially need tests on Mac OS X various versions, various ARM platforms like raspberry pi and Windows different compilers</p> <h4>Compatibility Test:</h4> <ol> <li>Try to build your existing applications with latest version, report any problems</li> <li>If you have been using CppCMS 1.0.5 till now please try to build CppCMS 1.1.0 and run existing programs with new shared objects/dll WITHOUT rebuilding your applications - it must work as is!</li> </ol> <h4>Feature Test:</h4> <p>Go to: <a href="http://cppcms.com/wikipp/en/page/cppcms_1_2_whats_new">http://cppcms.com/wikipp/en/page/cppcms_1_2_whats_new</a></p> <p>And try some of new features, report any issues with them or any problems with API design.</p> <p>If all goes smoothly I'll release 1.2.0 - official stable version.</p> </div> CppCMS code migrated to GitHub http://blog.cppcms.com/post/118 http://blog.cppcms.com/post/118 <div style="direction:ltr"> <p>After multiple requests and my final decision the CppCMS web framework code migrated to GitHub</p> <p><a href="https://github.com/artyom-beilis/cppcms">https://github.com/artyom-beilis/cppcms</a></p> <p>Please note:</p> <ol> <li>Only CppCMS framework migrated, other subprojects like CppDB or Wikipp are still pending conversion</li> <li>The main bug tracker is still on source-forge - however I'll relate to issues opened on GitHub</li> </ol> </div> Session Sharing with Non-CppCMS technologies http://blog.cppcms.com/post/117 http://blog.cppcms.com/post/117 <div style="direction:ltr"> <p>One of the problems in integrating different technologies on same web site is sharing the data between them, in particular sharing session data.</p> <p>For example you have a huge web platform written in PHP or Java and you want to improve performance of certain subsystems poring them to CppCMS. On of the first issues you'd encounter is how to share the session between them - so every side would know who is the user, what permissions he has, etc.</p> <p>So I made <code>cppcms::session_pool</code> and <code>cppcms::session_interface</code> accessible outside the usual request/response scope and wrapped it with <a href="http://sourceforge.net/p/cppcms/code/HEAD/tree/framework/trunk/cppcms/capi/session.h">pure C API</a> - such that no C++ exceptions are thrown and every function is resolvable via <code>dlopen</code>/<code>GetProcAddress</code>- to make it more accessible for integration with different languages.</p> <p>Several modules for different programming languages were implemented allowing smooth integration with their web frameworks and APIs:</p> <ul> <li>PHP - using <a href="http://swig.org">Swig</a></li> <li>Java/Servlet - using <a href="https://jna.java.net/javadoc/overview-summary.html">JNA</a></li> <li>Python/Django - using <a href="https://docs.python.org/2/library/ctypes.html">ctypes</a> (but not limited to Django)</li> <li>Asp.Net - using <a href="https://msdn.microsoft.com/en-us/library/aa288468%28v%3Dvs.71%29.aspx">PInvoke</a></li> </ul> <p>Actually there is no particular limits regarding technology - just a question of implementing loadable module for a specific language/platform.</p> <p>In general it consists of a SessionPool object that is created from a configuration file and exists globally. It generates a special Session objects that is loaded from Http Request cookies, updated and saved to the Http Response object.</p> <p>It looks like this:</p> <p>PHP:</p> <pre><code>// pool initialization $pool=CppCMS_SessionPool::from_config('cppcms-config.js'); // per request session access $session=$pool-&gt;session(); $session-&gt;load(); $x=0; if($session-&gt;is_set('x')) { $x=$session['x']; } $x=intval($x)+1; $session['x']=$x; $session-&gt;save(); ... </code></pre> <p>Java/Servlet:</p> <pre><code>static SessionPool pool; public void init() throws ServletException { pool = SessionPool.openFromConfig("/path/to/cppcms-config.js"); } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Session session = pool.getSession(); session.load(request); String x="0"; if(session.isSet("x")) x=session.get("x"); x=Integer.toString(Integer.parseInt(x)+1); session.set("x",x); session.save(response); session.close(); ... } </code></pre> <p>Python with Django:</p> <pre><code># Create global pool pool=cppcms.SessionPool('/path/to/cppcms-config.js') # Actual view def home(request): s=pool.session() s.load(django_request=request) v='0' if 'x' in s: v= s['x'] s['x']=str(int(v)+1) response = HttpResponse() s.save(django_response=response) ... </code></pre> <p>C#/ASP.Net:</p> <pre><code>static SessionPool pool; static Example() { pool = SessionPool.FromConfig("cppcms-config.js"); } protected void Page_Load(object sender,EventArgs e) { using(Session s = pool.Session()) { s.Load(Request); string v="0"; if(s.IsSet("x")) v=s["x"]; v = (int.Parse(v) + 1).ToString(); s["x"]=v; s.Save(Response); } ... } </code></pre> <p>So basically you have a full access to CppCMS session from 3rd party most popular technologies.</p> <p>Still thinking of implementing a module for Ruby on Rails but I have never written a line of code in Ruby so it is quite challenging for me. I'll probably wait till somebody contributes one.</p> </div> Serving All Israeli News Web Sites from a Single EC2 instance... http://blog.cppcms.com/post/114 http://blog.cppcms.com/post/114 <div style="direction:ltr"> <p>For the last year the development of the CppCMS project was less active. The vast majority of the work hours were spent on a customer's project that used CppCMS to create an outstanding advertisement system.</p> <p>The project is called <a href="http://linicom.co.il">Linicom</a>.</p> <p>Today, when Linicom is up, running and maintained by a larger team, so I can resume the activity on the core CppCMS project itself.</p> <p>Few words about Linicom:</p> <p>Linicom is an engine that provides content and visitor sensitive advertisements for almost all large Israeli news web sites: including Ynet, Haaretz, Jerusalem Post, Mako, Walla and other significant web sites in Israel and abroad.</p> <p>Here some interesting facts:</p> <ul> <li>Linicom is based on CppCMS technology.</li> <li>The system serves around 10,000,000 <em>custom</em> requests a day, i.e ~115 req./s.</li> <li>During peak hours, it servers around 160 requests per second.</li> <li>Its typical network output is around 11 megabit per second.</li> <li>Its total memory consumption (web server, database, applications, OS) is only around 350Mb.</li> <li>The server's average CPU load is around 5%</li> <li>The server runs on a <code>c1.medium</code> Amazon EC2 instance.</li> </ul> <p>The system runs behind Lighttpd and uses PostgreSQL for persistent data storage. Also PostgreSQL is used extensively, all real time data is stored in memory.</p> <p>Almost every request needs data processing in order to provide highly customized advertisements. In technical terms it means that almost no request can be "outsourced" to a static files - every request for every customer should be processed explicitly.</p> <p>This system is probably one of the classic applications of CppCMS technology - web based system that required to be fast and efficient, being able to handle outstanding and sometimes unexpectedly changing loads without problems and provide high QoS.</p> <p>Use of in-memory data storage, caching and efficient handing of the data that can't be cached is were CppCMS shines. Having a big growth potential with a minimal required maintenance and high reliability allows the to handle the business-end safely without worrying about performance issues.</p> </div> CppCMS 1.0.5 Released http://blog.cppcms.com/post/116 http://blog.cppcms.com/post/116 <div style="direction:ltr"> <p>Bug Fixes:</p> <ul> <li>Fixed 121, 98 - bug caused invalid year formatting/parsing by icu backend - fixed incorrect use of year of the week instead year</li> <li>Fixed 122 - memory leak in Win32 threading library</li> <li>Fixed 105 - string_key.h has a bad operator '!='</li> <li>Fixed 119 - bad html formatting.</li> <li>Fixed 106 - IPv6 support on Winows</li> <li>Fixed 129 - cppcms_make_key - invalid option name</li> <li>Fixed 97 - impossible to use upper case in namespace in <code>&lt;% include %&gt;</code></li> <li>Fixed 84 - 64K fd limit</li> <li>Fixed 108 - test_locale_boundary &amp; booster_locale_formatting failure</li> <li>Fixed various issues libc++/clang support</li> <li>Significantly improved multipart parsing closing f.r. 27</li> <li>Removed reuse_address socket option use at Windows</li> </ul> <p>Minor Security Improvements:</p> <ul> <li>Issue 117: possibility of Timing Attack Vulnerability</li> </ul> <p>Platform Support:</p> <ul> <li>NetBSD is supported platform</li> <li>FreeBSD added support of POSIX locale &amp; clang/libc++</li> </ul> <p>The code is downloadable from sourceforge. Binary RPM releases already available at The Open Build Service repository. Debian packages would be published soon.</p> <p><strong>Update:</strong> Debian and Ubuntu packages are ready at the repository.</p> </div> CppCMS 1.0.4 Released http://blog.cppcms.com/post/115 http://blog.cppcms.com/post/115 <div style="direction:ltr"> <p>This is a critical bug fix release that relates to session handing in Internet Explorer.</p> <p>Added "Expires" to cookie expiration time handling that is supported by IE.</p> <p>Prior to this release, cppcms session cookies used max-age option, that IE does not recognize. Starting from this release the session cookies would have both Expires and Max-Age options. All browsers that use Max-Age would ignore Expires if both given.</p> <p>New options that control the session cookie properties are added, see <a href="http://cppcms.com/wikipp/en/page/cppcms_1x_config#session.cookies.expiration_method">expiration_method</a> that would allow to alter the behavior and handle possible clock skew issues</p> <p>Special thanks to Saikumar Gandapodi who reported me this issue.</p> </div>