86 lines
3.2 KiB
Markdown
86 lines
3.2 KiB
Markdown
# qswiki
|
|
|
|
About
|
|
====
|
|
qswiki is a wiki software, intended for small wikis. Originally
|
|
implemented in C, it's now written in C++.
|
|
|
|
History
|
|
====
|
|
A couple of years ago, I wanted to setup a personal wiki on my raspberry
|
|
pi. However, the distribution I used back then did not have a PHP package
|
|
for ARM. So instead of switching distributions or searching for other
|
|
wikis that I could use, I decided I would write one in C. Yes,
|
|
that's an odd way to approach the problem and indeed, I may have had too
|
|
much time back then. Also, I wanted to see how it's like to write a
|
|
"web app" in C and wanted to sharpen my C skills a little bit.
|
|
|
|
Of course, it's pretty straightforward at first. No really: Just use CGI.
|
|
And indeed, that would have been more than enough for my use cases.
|
|
Then I decided to play around and started using FastCGI (with the official
|
|
library from now defunct fastcgi.com) and created a multi-threaded version.
|
|
It initially used a "pile of files database", but that became too painful,
|
|
so then I started using sqlite.
|
|
|
|
C++
|
|
---
|
|
Eventually, since it was mostly a playground for me, the code became
|
|
unmaintainable. Furthermore, I wanted something quick and given that
|
|
it was CGI, I didn't bother taking care of memory leaks.
|
|
After initiating a FastCGI interface, they became an issue and then the
|
|
task of avoiding memory leaks became too annoying. And of course, C does n
|
|
ot include any "batteries" and while I could manage, this too was another
|
|
good reason.
|
|
|
|
Overall, I am just continuing the experiment with C++17 now. It's not
|
|
nearly as bad as you would expect perhaps. Some things are surprisingly
|
|
convenient even. Still, the standard library is lacking and
|
|
I would hope for a some better built-in Unicode support in future C++
|
|
standards.
|
|
|
|
Features
|
|
========
|
|
To be fair, at this point it doesn't even have a "diff" between revisions
|
|
yet and does not have features that would make you prefer it over other
|
|
wikis.
|
|
|
|
- CGI
|
|
- HTTP server using the header only library cpp-httplib. It's more
|
|
portable and more "future-proof" than FastCGI (since the official website
|
|
disappeared, the library's future appears to be uncertain).
|
|
- Support for user accounts. Passwords are stored using PBKDF2.
|
|
sqlite database, but not too much of an effort to add other types of
|
|
storage backends. sqlite is using the great header only library
|
|
sqlite_modern_cpp
|
|
- Relatively fine-grained permission system.
|
|
- Categories
|
|
- Templates
|
|
- FTS search
|
|
- Caching
|
|
|
|
Security
|
|
========
|
|
On Linux namespaces are used to restrict the process to only access
|
|
files it needs. It doesn't have access to other paths in the system.
|
|
In addition, Seccomp is used to restrict the syscalls the qswiki process
|
|
can call. As for "web security", all POST requests are centrally
|
|
protected against CSRF attacks and all input is escaped against XSS
|
|
attacks.
|
|
|
|
Building
|
|
========
|
|
Dependencies:
|
|
- cpp-httplib: https://github.com/yhirose/cpp-httplib
|
|
- SqliteModernCpp: https://github.com/SqliteModernCpp
|
|
- libseccomp: https://github.com/seccomp/libseccomp
|
|
- sqlite3: https://sqlite.org/index.html
|
|
|
|
The first two are header-only libraries that are already included here.
|
|
|
|
If all dependencies are available, run:
|
|
```make release```
|
|
|
|
Setup
|
|
=====
|
|
To be written
|