Skip to content

Web Server API

The web server library is a fast, compact web server designed for management web applications and serving device data.

The web server does not attempt to offer ALL HTTP features and functions. Rather, it aims to implement only the required core of HTTP/1.1 and thus deliver a tiny, fast, secure embedded web server that is exceptionally good at serving single page web applications and device data.

The web server supports: HTTP/1.0, HTTP/1.1, TLS/SSL, Action routines, user authentication, sessions, cookie management, request logging, and security sandboxing. The web server uses 80K of code and will run in 150K RAM (without TLS).

The core web services include:

  • HTTP/1.1 protocol engine
  • TLS 1.3 support
  • Non-blocking socket communications
  • Multiple listen endpoints
  • Flexible configuration via a web.json5 file
  • Request routing with access control
  • Binding URLs to C functions for dynamic content rendering
  • Serve static files
  • Configurable redirections
  • Transfer encoding filter
  • Session and cookie management
  • Authentication and User management
  • File upload
  • JSON parser and query engine
  • Sandbox limits and timeouts
  • Paralelism via fiber coroutines

Extensions

Web Embedded web server.
WebUpload File upload structure.

Functions

voidwebAddAction(WebHost *host, cchar *url, WebProc fn)
 Add an action callback for a URL prefix.
WebRole*webAddRole(WebHost *host, cchar *role, RHash *abilities)
 Add a role.
WebUser*webAddUser(WebHost *host, cchar *username, cchar *password, cchar *roles)
 Add a user.
WebHost*webAllocHost(Json *config)
 Allocate a new host object.
boolwebAuthenticate(Web *web)
 Authenticate a user.
ssizewebBufferUntil(Web *web, cchar *until, ssize limit)
 Read data and buffer until a given pattern or limit is reached.
boolwebCan(Web *web, cchar *ability)
 Test if a user possesses the required ability.
voidwebComputeAllUserAbilities(WebHost *host)
 Compute the abilities for all users by resolving roles into abilities.
WebSession*webCreateSession(Web *web)
 Test if a user possesses the required ability.
char*webDate(char *buf, time_t when)
 Convert a time to a date string.
char*webDecode(char *str)
 Decode a string using punycode.
voidwebDestroySession(Web *web)
 Destroy the web session object.
char*webEncode(cchar *uri)
 Encode a string using punycode.
intwebError(Web *web, int status, cchar *body, ...)
 Respond to the request with an error.
voidwebExtendTimeout(Web *web, Ticks timeout)
 Extend the request timeout.
voidwebFreeHost(WebHost *host)
 Free a host object.
cchar*webGetConfig(cchar *key, cchar *defaultValue)
 Get a configuration value.
boolwebGetConfigBool(cchar *key, cchar *defaultValue)
 Get a configuration value as a boolean.
intwebGetConfigInt(cchar *key, int defaultValue)
 Get a configuration value as an integer.
cchar*webGetDocs(WebHost *host)
 Get the web documents directory for a host.
RHash*webGetRoles(WebHost *host)
 Get the roles hash.
WebSession*webGetSession(Web *web, int create)
 Get the session state object for the current request.
char*webGetSessionID(Web *web)
 Get the session ID.
cchar*webGetSessionVar(Web *web, cchar *name, cchar *defaultValue)
 Get a session variable.
cchar*webGetStatusMsg(int status)
 Get a status message corresponding to a HTTP status code.
RHash*webGetUsers(WebHost *host)
 Get the users hash.
cchar*webGetVar(Web *web, cchar *name, cchar *defaultValue)
 Get a request variable value.
intwebInit(void)
 Initialize the web module.
boolwebLogin(Web *web, cchar *username, cchar *password)
 Login a user by verifying the login credentials.
boolwebLogout(Web *web)
 Logout a user and remove the user login session.
WebUser*webLookupUser(WebHost *host, cchar *username)
 Lookup if a user exists.
intwebNetError(Web *web, cchar *msg, ...)
 Close the current request and issue no response.
char*webNormalizePath(cchar *path)
 Normalize a URL path.
intwebOpenAuth(WebHost *host, int minimal)
 Open the authentication module.
char*webParseCookie(Web *web, char *name)
 Parse a cookie header string and return a cookie value.
intwebParseUrl(Web *web)
 Parse a URL into its components.
ssizewebRead(Web *web, char *buf, ssize bufsize)
 Read request body data.
ssizewebReadUntil(Web *web, cchar *until, char *buf, ssize bufsize)
 Read request body data until a given pattern is reached.
voidwebRedirect(Web *web, int status, cchar *uri)
 Redirect the client to a new URL.
intwebRemoveRole(WebHost *host, cchar *role)
 Remove a role from the system.
voidwebRemoveSessionVar(Web *web, cchar *name)
 Remove a session variable.
intwebRemoveUser(WebHost *host, cchar *name)
 Remove a user from the system.
intwebSaveAuth(WebHost *host, char *path)
 Save the in-memory auth configuration to a file.
ssizewebSendFile(Web *web, int fd)
 Write a file response.
voidwebSetContentLength(Web *web, ssize len)
 Set the content length for the response.
voidwebSetPasswordVerify(WebHost *host, WebVerify verify)
 Set the password store verify callback.
intwebSetSessionVar(Web *web, cchar *name, cchar *value)
 Set a session variable name value.
voidwebSetStatus(Web *web, int status)
 Set the response HTTP status code.
intwebSetUserPassword(WebHost *host, cchar *username, cchar *password)
 Set a password for the user.
intwebSetUserRoles(WebHost *host, cchar *username, cchar *roles)
 Define the set of roles for a user.
voidwebSetVar(Web *web, cchar *name, cchar *value)
 Set a request variable value.
intwebStartHost(WebHost *host)
 Start listening for requests on the host.
voidwebStopHost(WebHost *host)
 Stop listening for requests on the host.
voidwebTerm(void)
 Initialize the web module.
voidwebTermAuth(WebHost *host)
 Close the authentication module.
boolwebValidatePath(cchar *uri)
 Validate a URL.
ssizewebWrite(Web *web, cvoid *buf, ssize bufsize)
 Write response data.
ssizewebWriteFmt(Web *web, cchar *fmt, ...)
 Write string response data.
intwebWriteHeaders(Web *web, cchar *headers, ...)
 Write request response headers.
intwebWriteResponse(Web *web, int status, cchar *fmt, ...)
 Write a response.

Typedefs

WebActionAction function bound to a URL prefix.
WebHostWeb host structure.
WebProcWebAction callback procedure.
WebRoleRole definition structure.
WebRouteRouting object to match a request against a path prefix.
WebUserUser definition structure.
WebVerifyCallback to verify the username and password.

Defines

#defineWEB_CHUNK_DATA   2
 Start of chunk data.
#defineWEB_CHUNK_START   1
 Start of a new chunk.

Web

Web

Embedded web server.

Description:
The web server requires the use of fibers from the portable runtime.
API Stability:
Evolving.
Fields:
uintchunked Receive transfer chunk encoding state.
uintclose Should the connection be closed after the request completes.
uintcomplete Is the request complete.
cchar *contentDisposition Receive content disposition header value.
cchar *contentType Receive content type header value.
cchar *cookie Request cookie string.
uintcreatingHeaders Are headers being created.
Ticksdeadline Timeout deadline for when the next I/O must complete.
char *error Error string for any request errors.
uintexists Does the requested resource exist.
cchar *ext Request URL extension.
uintformBody Is the current request a POSTed form.
WebHost *host Owning host object.
uinthttp10 Is the current request a HTTP/1.0 request.
Json *json Parsed json body.
uintjsonBody Is the current request a POSTed json request.
WebListen *listen Listening endpoint.
cchar *method Request method in upper case.
cchar *mime Request mime type based on the extension.
char *password Encrypted user password.
char *path Path portion of the request url.
cchar *protocol Request HTTP protocol. Set to HTTP/1.0 or HTTP/1.1.
char *query Request URL query portion.
char *redirect Response redirect location. Used to set the Location header.
char *ref Request URL reference portion.
WebRoute *route Matching route for this request.
RBuf *rx Receive data buffer.
char *rxHeaderBuf Buffer containing the full request.
char *rxHeaders Request received headers.
ssizerxLen Receive content length.
OffsetrxRemaining Receive data remaining in the next chunk.
struct WebSession *session Session record.
char *sessionHeader Set-Cookie session header value.
time_tsince Value of the if-modified-since value in seconds since epoch.
Ticksstarted Time when the request started.
uintstatus Request response HTTP status code.
RBuf *tx Write data buffer.
ssizetxLen Transmit content length.
OffsettxRemaining Transmit data remaining to send.
char *url Request url.
struct WebUser *user Authenticated user object.
char *username Username.
RHash *vars Request variables used for upload files.
uintwroteHeaders Have the response headers been written.

void webAddAction (WebHost *host, cchar *url, WebProc fn)

Add an action callback for a URL prefix.

Parameters:
hostHost object.
urlURL prefix to associate with this action.
fnFunction to invoke for requests matching this URL.
API Stability:
Evolving.
See Also:

WebRole * webAddRole (WebHost *host, cchar *role, RHash *abilities)

Add a role.

Description:
The role is added to the list of roles.
Parameters:
hostHost object.
roleRole name.
abilitiesHash of abilities for the role.
Returns:
The allocated role.
API Stability:
Evolving.
See Also:

WebUser * webAddUser (WebHost *host, cchar *username, cchar *password, cchar *roles)

Add a user.

Description:
The user is added to the list of users.
Parameters:
hostHost object.
usernameUser name.
passwordUser password (encrypted).
rolesSpace separated list of roles. This may also contain abilities.
Returns:
User object.
API Stability:
Evolving.
See Also:

WebHost * webAllocHost (Json *config)

Allocate a new host object.

Parameters:
configJSON configuration for the host.
Returns:
A host object.
API Stability:
Evolving.
See Also:

bool webAuthenticate (Web *web)

Authenticate a user.

Description:
The user is authenticated if required by the selected request route.
Parameters:
webWeb request object.
Returns:
True if the route does not require authentication or the user is authenticated successfully.
API Stability:
Evolving.
See Also:

ssize webBufferUntil (Web *web, cchar *until, ssize limit)

Read data and buffer until a given pattern or limit is reached.

Description:
This reads the data into the buffer, but does not return the data or consume it.
Parameters:
webWeb object.
untilPattern to read until. Set to NULL for no pattern.
limitNumber of bytes of data to read. Set to.
Returns:
The number of bytes read into the buffer.
API Stability:
Evolving.
See Also:

bool webCan (Web *web, cchar *ability)

Test if a user possesses the required ability.

Parameters:
webWeb request object.
abilityRequired ability.
Returns:
True if the user has the required ability.
API Stability:
Evolving.
See Also:

void webComputeAllUserAbilities (WebHost *host)

Compute the abilities for all users by resolving roles into abilities.

API Stability:
Evolving.
See Also:

char * webDate (char *buf, time_t when)

Convert a time to a date string.

Parameters:
bufBuffer to hold the generated date string.
whenTimestamp to convert.
Returns:
A reference to the buffer.
API Stability:
Evolving.
See Also:

char * webDecode (char *str)

Decode a string using punycode.

Description:
The string is converted in-situ.
Parameters:
strString to decode.
Returns:
The string reference.
API Stability:
Evolving.
See Also:

char * webEncode (cchar *uri)

Encode a string using punycode.

Description:
The string is converted in-situ.
Parameters:
uriUri to encode.
Returns:
An allocated, escaped URI. Caller must free.
API Stability:
Evolving.
See Also:

int webError (Web *web, int status, cchar *body, ...)

Respond to the request with an error.

Description:
This responds to the request with the given HTTP status and body data.
Parameters:
webWeb object.
statusHTTP response status code.
bodyBody data to send as the response. This is a printf style string.
...Body response arguments.
Returns:
Zero if successful.
API Stability:
Evolving.
See Also:

void webExtendTimeout (Web *web, Ticks timeout)

Extend the request timeout.

Description:
Request duration is bounded by the timeouts.request and timeouts.inactivity limits. You can extend the timeout for a long running request via this call.
Parameters:
webWeb object.
timeoutTimeout in milliseconds use for both the request and inactivity timeouts for this request.
API Stability:
Evolving.
See Also:

void webFreeHost (WebHost *host)

Free a host object.

Parameters:
hostHost object.
API Stability:
Evolving.
See Also:

cchar * webGetConfig (cchar *key, cchar *defaultValue)

Get a configuration value.

Parameters:
keyProperty key value. May use dot separated properties.
defaultValueDefault value to return if the key is not found.
Returns:
The configuration value or the defaultValue if not found. Caller must not free.
API Stability:
Evolving.
See Also:

bool webGetConfigBool (cchar *key, cchar *defaultValue)

Get a configuration value as a boolean.

Parameters:
keyProperty key value. May use dot separated properties.
defaultValueDefault value to return if the key is not found.
Returns:
The configuration value or the defaultValue if not found. Caller must not free.
API Stability:
Evolving.
See Also:

int webGetConfigInt (cchar *key, int defaultValue)

Get a configuration value as an integer.

Parameters:
keyProperty key value. May use dot separated properties.
defaultValueDefault value to return if the key is not found.
Returns:
The configuration value or the defaultValue if not found. Caller must not free.
API Stability:
Evolving.
See Also:

cchar * webGetDocs (WebHost *host)

Get the web documents directory for a host.

Description:
This is configured via the web.documents configuration property.
Parameters:
hostHost object.
Returns:
The web documents directory.
API Stability:
Evolving.
See Also:

RHash * webGetRoles (WebHost *host)

Get the roles hash.

Returns:
The roles hash object.
API Stability:
Evolving.
See Also:

cchar * webGetStatusMsg (int status)

Get a status message corresponding to a HTTP status code.

Parameters:
statusHTTP status code.
Returns:
A status message. Caller must not free.
API Stability:
Evolving.
See Also:

RHash * webGetUsers (WebHost *host)

Get the users hash.

Returns:
The users hash object.
API Stability:
Evolving.
See Also:

cchar * webGetVar (Web *web, cchar *name, cchar *defaultValue)

Get a request variable value.

Parameters:
webWeb object.
nameVariable name.
defaultValueDefault value to return if the variable is not defined.
Returns:
The value of the variable or the default value if not defined.
API Stability:
Evolving.
See Also:

int webInit (void )

Initialize the web module.

Description:
Must call before using Web.
API Stability:
Evolving.
See Also:

bool webLogin (Web *web, cchar *username, cchar *password)

Login a user by verifying the login credentials.

Description:
This may be called by handlers to manually authenticate a user.
Parameters:
webWeb request object.
usernameUser name.
passwordUser password (encrypted).
Returns:
True if the user can be authenticated.
API Stability:
Evolving.
See Also:

bool webLogout (Web *web)

Logout a user and remove the user login session.

Parameters:
webWeb request object.
Returns:
True if successful.
API Stability:
Evolving.
See Also:

WebUser * webLookupUser (WebHost *host, cchar *username)

Lookup if a user exists.

Parameters:
hostHost object.
usernameUser name to search for.
Returns:
User object or null if the user cannot be found.
API Stability:
Evolving.
See Also:

int webNetError (Web *web, cchar *msg, ...)

Close the current request and issue no response.

Description:
This closes the request connection and issues no response. It should be used when a request is received that indicates the connection is compromised.
Parameters:
webWeb object.
msgMessage to the error log. This is a printf style string.
...Message response arguments.
Returns:
Zero if successful.
API Stability:
Evolving.
See Also:

char * webNormalizePath (cchar *path)

Normalize a URL path.

Description:
Normalize a path to remove "./", "../" and redundant separators. This does not make an absolute path and does not map separators or change case. This validates the path and expects it to begin with "/".
Parameters:
pathPath string to normalize.
Returns:
An allocated path. Caller must free.
API Stability:
Evolving.
See Also:

int webOpenAuth (WebHost *host, int minimal)

Open the authentication module.

Parameters:
hostHost object.
minimalReserved. Set to zero.
Returns:
True if the user has the required ability.
API Stability:
Evolving.
See Also:

char * webParseCookie (Web *web, char *name)

Parse a cookie header string and return a cookie value.

Parameters:
webWeb object.
nameCookie name to extract.
Returns:
The cookie value or NULL if not defined.
API Stability:
Evolving.
See Also:

int webParseUrl (Web *web)

Parse a URL into its components.

Description:
The parsed components are defined in the Web object including the path, extension (ext),.
Parameters:
webWeb object.
Returns:
Zero if successful.
API Stability:
Evolving.
See Also:

ssize webRead (Web *web, char *buf, ssize bufsize)

Read request body data.

Description:
This routine will read the body data and return the number of bytes read. This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
bufData buffer to read into.
bufsizeSize of the buffer.
Returns:
The number of bytes read. Return < 0 for errors and 0 when all the body data has been read.
API Stability:
Evolving.
See Also:

ssize webReadUntil (Web *web, cchar *until, char *buf, ssize bufsize)

Read request body data until a given pattern is reached.

Description:
This routine will read the body data and return the number of bytes read. This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
untilPattern to read until. Set to NULL for no pattern.
bufData buffer to read into.
bufsizeSize of the buffer.
Returns:
The number of bytes read. Return < 0 for errors and 0 when all the body data has been read.
API Stability:
Internal.
See Also:

void webRedirect (Web *web, int status, cchar *uri)

Redirect the client to a new URL.

Must only be called from a fiber.
Parameters:
webWeb object.
statusHTTP status code. Must set to 301 or 302.
uriURL to redirect the client toward.
API Stability:
Evolving.
See Also:

int webRemoveRole (WebHost *host, cchar *role)

Remove a role from the system.

Parameters:
hostHost object.
roleRole name.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.
See Also:

int webRemoveUser (WebHost *host, cchar *name)

Remove a user from the system.

Parameters:
hostHost object.
nameUser name.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.
See Also:

int webSaveAuth (WebHost *host, char *path)

Save the in-memory auth configuration to a file.

Parameters:
hostHost object.
pathFilename.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.
See Also:

ssize webSendFile (Web *web, int fd)

Write a file response.

Description:
This routine will read the contents of the open file descriptor and send as a response. This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
fdFile descriptor for an open file or pipe.
Returns:
The number of bytes written.
API Stability:
Evolving.
See Also:

void webSetContentLength (Web *web, ssize len)

Set the content length for the response.

Parameters:
webWeb object.
lenContent length.
API Stability:
Evolving.
See Also:

void webSetPasswordVerify (WebHost *host, WebVerify verify)

Set the password store verify callback.

Parameters:
hostHost object.
verifyWebVerify callback function.
API Stability:
Evolving.
See Also:

void webSetStatus (Web *web, int status)

Set the response HTTP status code.

Parameters:
webWeb object.
statusHTTP status code.
API Stability:
Evolving.
See Also:

int webSetUserPassword (WebHost *host, cchar *username, cchar *password)

Set a password for the user.

Parameters:
hostHost object.
usernameUser name.
passwordNull terminated password string.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.
See Also:

int webSetUserRoles (WebHost *host, cchar *username, cchar *roles)

Define the set of roles for a user.

Parameters:
hostHost object.
usernameUser name.
rolesSpace separated list of roles or abilities.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.
See Also:

void webSetVar (Web *web, cchar *name, cchar *value)

Set a request variable value.

Parameters:
webWeb object.
nameVariable name.
valueValue to set.
API Stability:
Evolving.
See Also:

int webStartHost (WebHost *host)

Start listening for requests on the host.

Must only be called from a fiber.
Parameters:
hostHost object.
Returns:
Zero if successful.
API Stability:
Evolving.
See Also:

void webStopHost (WebHost *host)

Stop listening for requests on the host.

Must only be called from a fiber.
Parameters:
hostHost object.
API Stability:
Evolving.
See Also:

void webTerm (void )

Initialize the web module.

API Stability:
Evolving.
See Also:

void webTermAuth (WebHost *host)

Close the authentication module.

API Stability:
Evolving.
See Also:

bool webValidatePath (cchar *uri)

Validate a URL.

Description:
Check a url for invalid characters.
Parameters:
uriUrl path.
Returns:
True if the url contains only valid characters.
API Stability:
Evolving.
See Also:

ssize webWrite (Web *web, cvoid *buf, ssize bufsize)

Write response data.

Description:
This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
bufBuffer of data to write.
bufsizeSize of the buffer to write.
Returns:
The number of bytes written.
API Stability:
Evolving.
See Also:

ssize webWriteFmt (Web *web, cchar *fmt, ...)

Write string response data.

Description:
This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
fmtPrintf style message string.
...Format arguments.
Returns:
The number of bytes written.
API Stability:
Evolving.
See Also:

int webWriteHeaders (Web *web, cchar *headers, ...)

Write request response headers.

Description:
This will write the HTTP response headers. This writes the supplied headers and any required headers if not supplied. This routine will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
headersOptional request headers. This parameter is a printf style formatted pattern with following arguments. Individual header lines must be terminated with "\r\n".
...Optional header arguments.
Returns:
The number of bytes written.
API Stability:
Evolving.
See Also:

int webWriteResponse (Web *web, int status, cchar *fmt, ...)

Write a response.

Description:
This routine writes a single response in one API. It will block the current fiber if necessary. Other fibers continue to run.
Must only be called from a fiber.
Parameters:
webWeb object.
statusHTTP status code.
fmtPrintf style message string.
...Format arguments.
Returns:
The number of bytes written.
API Stability:
Evolving.
See Also:

WebUpload

WebUpload

File upload structure.

See Also:
Fields:
char *clientFilename Client side name of the file.
char *contentType Content type.
intfd File descriptor used while writing the upload content.
char *filename Local (temp) name of the file.
char *name Symbolic name for the upload supplied by the client.
ssizesize Uploaded file size.

Functions

WebSession * webCreateSession (Web *web)

Test if a user possesses the required ability.

Parameters:
webWeb request object.
Returns:
Allocated session object.
API Stability:
Evolving.

void webDestroySession (Web *web)

Destroy the web session object.

Description:
Useful to be called as part of the user logout process.
Parameters:
webWeb request object.
API Stability:
Prototype.

WebSession * webGetSession (Web *web, int create)

Get the session state object for the current request.

Parameters:
webWeb request object.
createSet to true to create a new session if one does not already exist.
Returns:
Session object.
API Stability:
Evolving.

char * webGetSessionID (Web *web)

Get the session ID.

Parameters:
webWeb request object.
Returns:
The session ID if session state storage is defined for this request. Caller must free.
API Stability:
Evolving.

cchar * webGetSessionVar (Web *web, cchar *name, cchar *defaultValue)

Get a session variable.

Parameters:
webWeb request object.
nameSession variable name.
defaultValueDefault value to return if the variable does not exist.
Returns:
Session variable value or default value if it does not exist.
API Stability:
Evolving.

void webRemoveSessionVar (Web *web, cchar *name)

Remove a session variable.

Parameters:
webWeb request object.
nameSession variable name.
API Stability:
Evolving.

int webSetSessionVar (Web *web, cchar *name, cchar *value)

Set a session variable name value.

Parameters:
webWeb request object.
nameSession variable name.
valueValue to set the variable to.
Returns:
Zero if successful, otherwise -1.
API Stability:
Evolving.

Typedefs

typedef int(* WebProc) (struct Web *web).

WebAction callback procedure.

Parameters:
webWeb object.
Returns:
Zero if successful. Otherwise the connection will be closed.
API Stability:
Evolving.
See Also:

typedef bool(* WebVerify) (struct Web *web, cchar *username, cchar *password).

Callback to verify the username and password.

Parameters:
webWeb request object.
Returns:
True if the password is verified.
API Stability:
Evolving.
See Also:

WebAction

Action function bound to a URL prefix.

API Stability:
Evolving.
Fields:
WebProcfn Function to invoke.
char *match Path prefix.

WebHost

Web host structure.

Description:
The web host defines a web server and its configuration. Multiple web hosts can be created.
Fields:
RList *actions Ordered list of configured actions.
Json *config Web server configuration for this host.
ssizeconnections Number of active connections.
boolfreeConfig Config is allocated and must be freed.
intinactivityTimeout Timeout for inactivity on a connection.
cchar *index Index file to use for directory requests.
RList *listeners Listening endpoints for this host.
int64maxBody Max size of POST request.
int64maxConnections Max number of connections.
int64maxHeader Max header size.
int64maxSessions Max number of sessions.
int64maxUpload Max size of file upload.
RHash *mimeTypes Mime types indexed by extension.
cchar *name Host name to use in canonical redirects.
intparseTimeout Timeout while parsing a request.
intrequestTimeout Total request timeout.
RHash *roles Hash table of roles and abilities.
RList *routes Ordered list of configured routes.
cchar *sameSite Cookie same site property.
RHash *sessions Client session state.
intsessionTimeout Inactivity timeout for session state.
RHash *users Hash table of users.
WebVerifyverify User authentication verification callback.

WebRole

Role definition structure.

API Stability:
Evolving.
Fields:
RHash *abilities Resolved role abilities.

WebRoute

Routing object to match a request against a path prefix.

API Stability:
Evolving.
Fields:
cchar *ability Required user ability.
boolexact Exact match vs prefix match. If trailing "/" in route.
char *match Path prefix.
cchar *redirect Redirection if not authorized.

WebUser

User definition structure.

API Stability:
Evolving.
Fields:
RHash *abilities Resolved user abilities.
char *name User name.
char *password User password (encrypted).
char *roles User roles.