# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1570706175 -7200
# Node ID 9cc09f4c0fa9536c5e199a82b750ac69e182201a
# Parent  8be5451f68204ecc194a8e5fc4fc682e7bbcd027
New configuration option: "HttpRequestTimeout"

diff -r 8be5451f6820 -r 9cc09f4c0fa9 Core/HttpServer/HttpServer.cpp
--- a/Core/HttpServer/HttpServer.cpp	Sun Oct 06 09:54:30 2019 +0200
+++ b/Core/HttpServer/HttpServer.cpp	Thu Oct 10 13:16:15 2019 +0200
@@ -1073,6 +1073,7 @@
     realm_ = ORTHANC_REALM;
     threadsCount_ = 50;  // Default value in mongoose
     tcpNoDelay_ = true;
+    requestTimeout_ = 30;  // Default value in mongoose/civetweb (30 seconds)
 
 #if ORTHANC_ENABLE_MONGOOSE == 1
     LOG(INFO) << "This Orthanc server uses Mongoose as its embedded HTTP server";
@@ -1120,6 +1121,7 @@
     {
       std::string port = boost::lexical_cast<std::string>(port_);
       std::string numThreads = boost::lexical_cast<std::string>(threadsCount_);
+      std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000);
 
       if (ssl_)
       {
@@ -1150,6 +1152,9 @@
         // Set the number of threads
         "num_threads", numThreads.c_str(),
         
+        // Set the timeout for the HTTP server
+        "request_timeout_ms", requestTimeoutMilliseconds.c_str(),
+
         // Set the SSL certificate, if any. This must be the last option.
         ssl_ ? "ssl_certificate" : NULL,
         certificate_.c_str(),
@@ -1322,7 +1327,7 @@
     LOG(INFO) << "The embedded HTTP server will use " << threads << " threads";
   }
 
-
+  
   void HttpServer::SetTcpNoDelay(bool tcpNoDelay)
   {
     Stop();
@@ -1330,4 +1335,18 @@
     LOG(INFO) << "TCP_NODELAY for the HTTP sockets is set to "
               << (tcpNoDelay ? "true" : "false");
   }
+
+
+  void HttpServer::SetRequestTimeout(unsigned int seconds)
+  {
+    if (seconds <= 0)
+    {
+      throw OrthancException(ErrorCode_ParameterOutOfRange,
+                             "Request timeout must be a stricly positive integer");
+    }
+
+    Stop();
+    requestTimeout_ = seconds;
+    LOG(INFO) << "Request timeout in the HTTP server is set to " << seconds << " seconds";
+  }
 }
diff -r 8be5451f6820 -r 9cc09f4c0fa9 Core/HttpServer/HttpServer.h
--- a/Core/HttpServer/HttpServer.h	Sun Oct 06 09:54:30 2019 +0200
+++ b/Core/HttpServer/HttpServer.h	Thu Oct 10 13:16:15 2019 +0200
@@ -98,6 +98,7 @@
     std::string realm_;
     unsigned int threadsCount_;
     bool tcpNoDelay_;
+    unsigned int requestTimeout_;  // In seconds
   
     bool IsRunning() const;
 
@@ -215,5 +216,12 @@
     {
       return tcpNoDelay_;
     }
+
+    void SetRequestTimeout(unsigned int seconds);
+
+    unsigned int GetRequestTimeout() const
+    {
+      return requestTimeout_;
+    }
   };
 }
diff -r 8be5451f6820 -r 9cc09f4c0fa9 NEWS
--- a/NEWS	Sun Oct 06 09:54:30 2019 +0200
+++ b/NEWS	Thu Oct 10 13:16:15 2019 +0200
@@ -8,6 +8,7 @@
   enabled by default. This modification was done to mitigate security
   risks reported by independant security researcher Amitay Dan.
 * Security: New configuration option "ExecuteLuaEnabled" to allow "/tools/execute-script"
+* New configuration option: "HttpRequestTimeout"
 * Log an explicit error if uploading an empty DICOM file using REST API
 * Name of temporary files now include the process ID to ease design of scripts cleaning /tmp
 * Fix compatibility of LSB binaries with Ubuntu >= 18.04
diff -r 8be5451f6820 -r 9cc09f4c0fa9 OrthancServer/main.cpp
--- a/OrthancServer/main.cpp	Sun Oct 06 09:54:30 2019 +0200
+++ b/OrthancServer/main.cpp	Thu Oct 10 13:16:15 2019 +0200
@@ -823,6 +823,7 @@
       httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive));
       httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true));
       httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true));
+      httpServer.SetRequestTimeout(lock.GetConfiguration().GetUnsignedIntegerParameter("HttpRequestTimeout", 30));
 
       // Let's assume that the HTTP server is secure
       context.SetHttpServerSecure(true);
diff -r 8be5451f6820 -r 9cc09f4c0fa9 Resources/Configuration.json
--- a/Resources/Configuration.json	Sun Oct 06 09:54:30 2019 +0200
+++ b/Resources/Configuration.json	Thu Oct 10 13:16:15 2019 +0200
@@ -511,5 +511,11 @@
 
   // Whether calls to URI "/tools/execute-script" is enabled. Starting
   // with Orthanc 1.5.8, this URI is disabled by default for security.
-  "ExecuteLuaEnabled" : false
+  "ExecuteLuaEnabled" : false,
+
+  // Set the timeout for HTTP requests, in seconds. This corresponds
+  // to option "request_timeout_ms" of Mongoose/Civetweb. It will set
+  // the socket options "SO_RCVTIMEO" and "SO_SNDTIMEO" to the
+  // specified value.
+  "HttpRequestTimeout" : 30
 }