XUtils

Mongoose

Extremely lightweight webserver. [GPL2]

C/C++
https://github.com/cesanta/mongoose

#include “mongoose.h”

static const char *s_mqtt_url = “mqtt://broker.hivemq.com:1883”; static struct mg_connection *s_mqtt_conn = NULL;

// MQTT connection event handler function static void ev_handler(struct mg_connection *c, int ev, void *ev_data) { if (ev == MG_EV_OPEN) {

MG_INFO(("%lu created, connecting to %s ...", c->id, s_mqtt_url));

} else if (ev == MG_EV_MQTT_OPEN) {

struct mg_mqtt_opts opts = {.qos = 1, .topic = mg_str("device1/rx")};
mg_mqtt_sub(c, &opts);
MG_INFO(("%lu connected, subscribing to %s", c->id, opts.topic.buf));

} else if (ev == MG_EV_MQTT_MSG) {

char response[100];
struct mg_mqtt_message *mm = (struct mg_mqtt_message *) ev_data;
struct mg_mqtt_opts opts = {.qos = 1, .topic = mg_str("device1/tx")};
mg_snprintf(response, sizeof(response), "Received [%.*s] / [%.*s]",
            mm->topic.len, mm->topic.buf, mm->data.len, mm->data.buf);
opts.message = mg_str(response);
mg_mqtt_pub(c, &opts);

} else if (ev == MG_EV_CLOSE) {

MG_INFO(("%u closing", c->id));
s_mqtt_conn = NULL;

} }

// Reconnection timer function. If we get disconnected, reconnect again static void timer_fn(void *arg) { struct mg_mgr *mgr = (struct mg_mgr *) arg; if (s_mqtt_conn == NULL) {

struct mg_mqtt_opts opts = {.clean = true};
s_mqtt_conn = mg_mqtt_connect(mgr, s_mqtt_url, &opts, ev_handler, NULL);

} }

int main() { struct mg_mgr mgr; // Mongoose event manager. Holds all connections mg_mgr_init(&mgr); // Initialise event manager mg_timer_add(&mgr, 3000, MG_TIMER_REPEAT | MG_TIMER_RUN_NOW, timer_fn, &mgr); for (;;) {

mg_mgr_poll(&mgr, 1000);  // Infinite event loop

} return 0; } “`

Security

We take security seriously:

  1. Mongoose repository runs a continuous integration test powered by GitHub, which runs through hundreds of unit tests on every commit to the repository. Our unit tests are built with modern address sanitizer technologies, which help to find security vulnerabilities early
  2. Mongoose repository is integrated into Google’s oss-fuzz continuous fuzzer which scans for potential vulnerabilities continuously
  3. We receive periodic vulnerability reports from the independent security groups like Cisco Talos, Microsoft Security Response Center, MITRE Corporation, Compass Security and others. In case of the vulnerability found, we act according to the industry best practice: hold on to the publication, fix the software and notify all our customers that have an appropriate subscription
  4. Some of our customers (for example NASA) have specific security requirements and run independent security audits, of which we get notified and in case of any issue, act similar to (3).

Contributions

Contributions are welcome! Please follow the guidelines below:

  • Sign Cesanta CLA and send GitHub pull request
  • Make sure that PRs have only one commit, and deal with one issue only

Articles

  • coming soon...