feat(webserver): Middleware with default middleware for cors, authc, curl-like logging

[mathieucarbou]

This PR improves WebServer with the following additions:

• Add Middleware support (aka Expressif) with some built-in middlewares like cors, authc and logging
• Add ability to collect all incoming request headers
• Added response code and info on server

As discussed in #10185, I tested the example thanks to a pio config.

Ideally it would be nice if @me-no-dev and @ayushsharma82 could review this PR, both were involved in these parts.

[github-actions]

	Warnings
⚠️	The **target branch** for this Pull Request **must be the default branch** of the project (`master`). If you would like to add this feature to a different branch, please state this in the PR description and we will consider it.

👋 Hello mathieucarbou, we appreciate your contribution to this project!

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- Resolve all warnings (⚠️ ) before requesting a review from human reviewers - they will appreciate it.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests.

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
4. If the change is approved and passes the tests it is merged into the default branch.

Generated by 🚫 dangerJS against 6b1e5d0

[github-actions]

Test Results

 62 files   62 suites   16m 34s ⏱️
 24 tests  18 ✅ 0 💤 6 ❌
140 runs  134 ✅ 0 💤 6 ❌

For more details on these failures, see this check.

Results for commit 6b1e5d0.

♻️ This comment has been updated with latest results.

[github-actions]

Memory usage test (comparing PR against master branch)

The table below shows the summary of memory usage change (decrease - increase) in bytes and percentage for each target.

Memory	FLASH [bytes]		FLASH [%]		RAM [bytes]		RAM [%]
Target	DEC	INC	DEC	INC	DEC	INC	DEC	INC
ESP32S3	0	‼️ +23K	0.00	‼️ +2.61	0	‼️ +3K	0.00	‼️ +6.93
ESP32S2	0	‼️ +19K	0.00	‼️ +2.25	0	‼️ +3K	0.00	‼️ +6.99
ESP32C3	0	‼️ +23K	0.00	‼️ +2.42	0	‼️ +2K	0.00	‼️ +6.67
ESP32C6	0	‼️ +42K	0.00	‼️ +4.62	0	‼️ +25K	0.00	‼️ +62.11
ESP32	0	‼️ +23K	0.00	‼️ +2.43	0	⚠️ +1960	0.00	‼️ +3.99

Click to expand the detailed deltas report [usage change in BYTES]

Target	ESP32S3		ESP32S2		ESP32C3		ESP32C6		ESP32
Example	FLASH	RAM	FLASH	RAM	FLASH	RAM	FLASH	RAM	FLASH	RAM
WebServer/examples/AdvancedWebServer	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +23K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1800
WebServer/examples/FSBrowser	‼️ +21K	‼️ +3K	‼️ +18K	‼️ +3K	‼️ +21K	‼️ +2K	‼️ +39K	‼️ +24K	‼️ +21K	⚠️ +1816
WebServer/examples/Filters	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +23K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1800
WebServer/examples/HelloServer	‼️ +22K	‼️ +3K	‼️ +17K	‼️ +2K	‼️ +23K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1800
WebServer/examples/HttpAdvancedAuth	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792
WebServer/examples/HttpAuthCallback	‼️ +22K	‼️ +3K	‼️ +17K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792
WebServer/examples/HttpAuthCallbackInline	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792
WebServer/examples/HttpBasicAuth	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792
WebServer/examples/HttpBasicAuthSHA1	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +22K	⚠️ +1792
WebServer/examples/HttpBasicAuthSHA1orBearerToken	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +41K	‼️ +25K	‼️ +22K	⚠️ +1792
WebServer/examples/Middleware	-	-	-	-	-	-	-	-	-	-
WebServer/examples/MultiHomedServers	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +23K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792
WebServer/examples/PathArgServer	‼️ +19K	‼️ +3K	‼️ +15K	‼️ +3K	‼️ +14K	‼️ +2048	‼️ +35K	‼️ +24K	‼️ +18K	⚠️ +1960
WebServer/examples/SDWebServer	‼️ +20K	‼️ +3K	‼️ +15K	‼️ +2K	‼️ +22K	‼️ +2K	‼️ +41K	‼️ +24K	‼️ +19K	⚠️ +1776
WebServer/examples/SimpleAuthentification	‼️ +23K	‼️ +3K	‼️ +19K	‼️ +3K	‼️ +22K	⚠️ +2040	‼️ +42K	‼️ +24K	‼️ +23K	⚠️ +1808
WebServer/examples/UploadHugeFile	‼️ +18K	‼️ +3K	‼️ +13K	‼️ +2K	‼️ +14K	‼️ +2K	‼️ +35K	‼️ +25K	‼️ +18K	⚠️ +1960
WebServer/examples/WebServer	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +3K	‼️ +22K	‼️ +2048	‼️ +41K	‼️ +24K	‼️ +21K	⚠️ +1784
WebServer/examples/WebUpdate	‼️ +22K	‼️ +3K	‼️ +18K	‼️ +2K	‼️ +23K	‼️ +2K	‼️ +42K	‼️ +25K	‼️ +21K	⚠️ +1792

[Jason2866]

@mathieucarbou Do you see the possibility to make this enhancement optional?
The size increase is not just a few bytes.

[mathieucarbou]

@mathieucarbou Do you see the possibility to make this enhancement optional? The size increase is not just a few bytes.

I saw that and I was surprised by it... I don't feel to have written 2k of code...

[mathieucarbou]

Adding a ref to: #10221 (comment)

[mathieucarbou]

@safocl : I would be glad to revisit this PR but only if there is a real motivation coming from the Espressif team to merge it.

Otherwise I won't spend my time updating a PR for nothing.

I have already implemented middleware support in the fork of https://github.com/mathieucarbou/ESPAsyncWebServer we maintain (https://github.com/mathieucarbou/ESPAsyncWebServer) and also in v2 branch of PsychicHttp (https://github.com/hoeken/PsychicHttp) which is the future version, with a lot of supported middlewares for CORS, Authc, authz, curl like logging, etc.

[me-no-dev]

I would be glad to revisit this PR but only if there is a real motivation coming from the Espressif team to merge it.

There is interest. we are trying to finish up some big tasks and have a good look at this PR

[mathieucarbou]

@safocl : thank your for your review

@me-no-dev : thank you for your confirmation

I have reworked the PR to clean it - as it was it was more a PoC waiting for some interest. So I correctly did it and cleaned up the things saw by @safocl and much more.

I saw several things that I really don't like in WebServer:

1. Returning String instead of const String&: I saw a bunch of placed where a String copy would be done in the return instead of returning a ref. Sadly, fixing that would break backward compatibility

2. Use of chained pointers: this just makes the code error prone and harder to read with all these boilerplate loops. I would rather use std::list instead, but since I didn't see any usage of that (and only a few about vector), I don't know if there's a reason why the Arduino core code would not use it ? Especially that in the case of WebServer, the number of elements in such list would not be high enough to trigger any downsides of using them.

3. Last point is more about organisation: the file structure inside src folder is quite fuzzy I find... Also WebServer.h would need a bit of re-ordering / api doc : there are so many public methods, and a mix of them for request and response.

[lucasssvaz]

LGTM. Tested and it works as expected. Just a couple nitpicks.

[mathieucarbou]

@lucasssvaz : thanks! I will update the PR soon.

[lucasssvaz]

@mathieucarbou Also, as there are some changes to the WebServer. Maybe it would be better to target branch release/v3.1.x to make sure we don't introduce any unwanted breaking change by mistake. Probably you just need to rebase this PR and the commits on top of it.

[mathieucarbou]

@mathieucarbou Also, as there are some changes to the WebServer. Maybe it would be better to target branch release/v3.1.x to make sure we don't introduce any unwanted breaking change by mistake. Probably you just need to rebase this PR and the commits on top of it.

Yes that would be better.

What do you think about the 3 bullet points above ? Could I also switch to std::list ?

[lucasssvaz]

@mathieucarbou Also, as there are some changes to the WebServer. Maybe it would be better to target branch release/v3.1.x to make sure we don't introduce any unwanted breaking change by mistake. Probably you just need to rebase this PR and the commits on top of it.

Yes that would be better.

What do you think about the 3 bullet points above ? Could I also switch to std::list ?

I think it should be fine now that we are targeting v3.1.x as long as the flash usage increase is not very significant. There are too many changes from IDF recently that increased flash usage a lot and we are trying to optimize things for space.

What do you think @me-no-dev ?