HTTP Class Technical Documentation (diff)

Difference between revisions for Users / Eo Ny / dev

Version1		Version2
1	~~# HTTP Class Technical Documentation~~	1	== HTTP Class Technical Documentation ==
2		2
3	~~## Overview~~	3	=== Overview ===
4		4
5	The ~~`Http` class (`src/class/http.php`~~) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.	5	The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
6		6
7	File Location: ~~`src/class/http.php`~~	7	File Location: ##src/class/http.php##
8	Language: PHP	8	Language: PHP
9	Dependencies: Database class, Session classes, Utility classes (~~`Ut`), Diagnostics class (`Diag`~~)	9	Dependencies: Database class, Session classes, Utility classes (##Ut##), Diagnostics class (##Diag##)
10		10
11	---	11	----
12		12
13	~~## Class Properties~~
14		13
15	~~### Public Properties~~
16		14
17	~~\| Property \| Type \| Description \|~~
18	~~\|----------\|------\|-------------\|~~
19	~~\| `$tls_session` \| bool \| Indicates if the current session uses HTTPS/TLS encryption \|~~
20	~~\| `$request_uri` \| string \| Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') \|~~
21	~~\| `$ip` \| string \| Client's real IP address (accounts for proxies) \|~~
22	~~\| `$sess` \| Session \| Reference to the Session object \|~~
23	~~\| `$method` \| string \| Current HTTP method/request type \|~~
24		15
25	~~### Private Properties~~
26		16
27	~~\| Property \| Type \| Description \|~~
28	~~\|----------\|------\|-------------\|~~
29	~~\| `$db` \| object \| Database connection reference \|~~
30	~~\| `$tls_mark` \| string \| Cookie name for TLS session marking \|~~
31	~~\| `$page` \| string \| Current page name being processed \|~~
32	~~\| `$hash` \| string \| SHA1 hash of the page name \|~~
33	~~\| `$query` \| string \| Encoded query string \|~~
34	~~\| `$lang` \| string \| Current language code \|~~
35	~~\| `$file` \| string \| Cache file path \|~~
36	~~\| `$caching` \| int \| Flag indicating if page should be cached (0 or 1) \|~~
37		17
38	~~---~~
39		18
40	~~## Constructor~~	19	=== Security Considerations ===
41		20
42	```php	21	==== 1. IP Address Spoofing ====
43	public function __construct(&$db)	22	- Validates IPs against private ranges
44	```	23	- Filters proxy-provided IPs appropriately
		24	- Configurable reverse proxy trust
45		25
46	Purpose: Initializes the Http object and sets up HTTP session handling.	26	==== 2. Session Security ====
		27	- Binds sessions to IP address
		28	- Binds sessions to TLS status
		29	- Supports both file and database storage
		30	- HttpOnly cookies by default
47		31
48	Parameters:	32	==== 3. TLS Enforcement ====
49	- `$db` - Database object reference	33	- Automatic HTTPS upgrade when configured
		34	- Marks TLS sessions to prevent downgrade attacks
		35	- HSTS header support
50		36
51	Initialization Steps:	37	==== 4. Content Security ====
52	1. Stores database reference	38	- CSP headers to prevent XSS
53	2. Extracts and normalizes REQUEST_URI	39	- X-Frame-Options to prevent clickjacking
54	3. Detects TLS/HTTPS session status	40	- X-Content-Type-Options to prevent MIME sniffing
55	4. Determines client's real IP address	41	- Referrer-Policy control
56	5. Sets up TLS mark cookie name	42	- Permissions-Policy for browser features
57	6. Enforces TLS session upgrade if needed
58		43
59	Example:	44	==== 5. File Serving ====
60	```php	45	- Validates file existence and readability
61	$http = new Http($db);	46	- Prevents directory traversal via ##realpath()##
62	```	47	- Rejects symbolic links
		48	- Special CSP for SVG and PDF files
63		49
64	---	50	==== 6. Cache Security ====
		51	- Cached only for anonymous users
		52	- Disabled for sensitive operations (edit, watch)
		53	- Only GET requests cached
65		54
66	~~## Core Methods~~	55	----
67		56
68	~~### Session Management~~	57	=== Performance Optimization ===
69		58
70	#### `session($route): void`	59	==== 1. Page Caching ====
71	Initializes the session handler (file-based or database-based).	60	- Stores full HTML output
		61	- TTL-based expiration
		62	- Language and method-aware caching
		63	- Conditional request support (304 Not Modified)
72		64
73	~~Parameters:~~	65	==== 2. MIME Type Caching ====
74	~~- `$route` (int) - Routing flag:~~	66	- Loads MIME types once and caches
75	- ~~Bit 2 (`$route & 2`): Enable static mode for files/freecap (disables replay prevention and ID regeneration)~~	67	- Regenerates only when config changes
76		68
77	Features:	69	==== 3. Session Options ====
78	- Selects storage backend (file or database)	70	- File-based sessions for simple deployments
79	- Configures cookie settings (security, path, httponly)	71	- Database sessions for distributed systems
80	- Binds IP and TLS validation
81	- Recovers diagnostic logs from previous session
82		72
83	Example:	73	==== 4. Compression ====
84	```php	74	- Manual gzip implementation
85	$http->session(0); // Normal session	75	- Proper Content-Length generation
86	$http->session(2); // Static file serving mode	76	- Only compresses appropriate sizes
87	```
88		77
89	---	78	----
90		79
91	### Caching System	80	=== Debugging ===
92
93	#### `check_cache($page, $method): void`
94	Determines if a page can be cached and prepares the cache check.
95
96	Parameters:
97	- `$page` (string) - Page name to cache
98	- `$method` (string) - Request method/action (e.g., 'show', 'edit')
99
100	Caching Rules:
101	- ✅ Enabled for GET requests only
102	- ✅ Disabled for POST requests
103	- ❌ Never cached for 'edit' or 'watch' methods
104	- ✅ Only cached for anonymous users (no logged-in users)
105
106	Example:
107	```php
108	$http->check_cache('HomePage', 'show');
109	```
110
111	---
112
113	#### `store_cache(): void`
114	Saves the generated page content to cache file.
115
116	Features:
117	- Retrieves output buffer content
118	- Saves to cache file with proper permissions
119	- Records cache metadata in database
120	- Only executes if caching flag is set and user is anonymous
121
122	Example:
123	```php
124	// Called at end of page rendering
125	$http->store_cache();
126	```
127
128	---
129
130	#### `invalidate_page($page): int`
131	Invalidates all cached versions of a page.
132
133	Parameters:
134	- `$page` (string) - Page name to invalidate
135
136	Returns:
137	- Number of cache entries invalidated
138
139	Process:
140	1. Finds all cached versions (different methods/languages)
141	2. Touches files to past timestamp (faster than deletion)
142	3. Removes entries from cache metadata table
143	4. Returns count of invalidated caches
144
145	Example:
146	```php
147	$count = $http->invalidate_page('HomePage');
148	echo "Invalidated $count cache entries";
149	```
150
151	---
152
153	### TLS/HTTPS Security
154
155	#### `secure_base_url(): void`
156	Switches base URL from HTTP to HTTPS.
157
158	Purpose:
159	- Ensures all subsequent URLs use HTTPS
160	- Stores original HTTP URL for fallback
161	- Called when TLS session is detected
162
163	Example:
164	```php
165	$http->secure_base_url();
166	// $db->base_url now uses https://
167	```
168
169	---
170
171	#### `ensure_tls($url): void`
172	Enforces HTTPS for a specific URL and redirects if necessary.
173
174	Parameters:
175	- `$url` (string) - URL to secure
176
177	Behavior:
178	- If not already HTTPS and TLS is enabled, forces HTTPS redirect
179	- Handles both relative and absolute URLs
180	- Converts relative URLs using current server name
181
182	Example:
183	```php
184	$http->ensure_tls('/secure/payment');
185	```
186
187	---
188
189	### IP Address Detection
190
191	#### `real_ip(): string` (Private)
192	Detects client's real IP address accounting for proxies.
193
194	Proxy Headers Checked (in order):
195	1. `HTTP_X_CLUSTER_CLIENT_IP`
196	2. `HTTP_X_FORWARDED_FOR` (or custom header)
197	3. `HTTP_CLIENT_IP`
198	4. `HTTP_X_REMOTE_ADDR`
199	5. `REMOTE_ADDR` (fallback)
200
201	Features:
202	- Filters out private/reserved IP ranges
203	- Respects configured reverse proxy addresses
204	- Returns `'0.0.0.0'` as fallback
205
206	Configuration in Database:
207	- `reverse_proxy_addresses` - Comma/space-separated proxy IPs
208	- `reverse_proxy_header` - Custom header name (default: `X-Forwarded-For`)
209
210	Example:
211	```php
212	$client_ip = $http->ip; // e.g., "203.0.113.42"
213	```
214
215	---
216
217	### HTTPS Detection
218
219	#### `tls_session(): bool` (Private)
220	Detects if current connection uses HTTPS/TLS.
221
222	Checks (any being true = HTTPS):
223	- `$_SERVER['HTTPS']` is 'on'
224	- `$_SERVER['SERVER_PORT']` is 443
225	- `$_SERVER['HTTP_X_FORWARDED_PROTO']` is 'https'
226	- `$_SERVER['HTTP_X_FORWARDED_SSL']` is 'on'
227	- `$_SERVER['HTTP_X_FORWARDED_PORT']` is 443
228
229	---
230
231	### Security Headers
232
233	#### `http_security_headers(): void`
234	Sets security-related HTTP headers.
235
236	Headers Set:
237
238	\| Header \| Purpose \| Config Key \|
239	\|--------\|---------\|------------\|
240	\| Content-Security-Policy \| XSS/injection protection \| `csp` \|
241	\| Permissions-Policy \| Control browser features \| `permissions_policy` \|
242	\| Referrer-Policy \| Control referrer information \| `referrer_policy` \|
243	\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|
244	\| X-Frame-Options \| Clickjacking protection \| Hardcoded: `SAMEORIGIN` \|
245	\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: `nosniff` \|
246
247	CSP Configuration Options:
248	- `0` - Disabled
249	- `1` - Default policy (from `csp.conf`)
250	- `2` - Custom policy (from `csp_custom.conf`)
251
252	Example:
253	```php
254	$http->http_security_headers();
255	```
256
257	---
258
259	### HTTP Methods
260
261	#### `redirect($url, $permanent = false): void`
262	Performs an HTTP redirect.
263
264	Parameters:
265	- `$url` (string) - Target URL
266	- `$permanent` (bool) - Use 301 (permanent) vs 302 (temporary)
267
268	Features:
269	- Decodes `&` entities to prevent broken redirects
270	- Only works if headers not yet sent
271	- Uses output buffering to work anywhere in page processing
272
273	Example:
274	```php
275	$http->redirect('http://example.com/new-page', true); // 301
276	$http->redirect('/wiki/HomePage'); // 302
277	```
278
279	---
280
281	#### `terminate(): void`
282	Safe exit/die with cleanup.
283
284	Cleanup Operations:
285	- Saves diagnostic logs to session flash data
286	- Ends script execution
287
288	Example:
289	```php
290	$http->terminate();
291	```
292
293	---
294
295	#### `status($code): void`
296	Sets HTTP response status code.
297
298	Supported Status Codes:
299	```php
300	200 => 'OK'
301	206 => 'Partial Content'
302	301 => 'Moved Permanently'
303	302 => 'Moved Temporarily'
304	304 => 'Not Modified'
305	400 => 'Bad Request'
306	401 => 'Unauthorized'
307	403 => 'Forbidden'
308	404 => 'Not Found'
309	405 => 'Method Not Allowed'
310	409 => 'Conflict'
311	410 => 'Gone'
312	416 => 'Requested Range Not Satisfiable'
313	500 => 'Internal Server Error'
314	501 => 'Not Implemented'
315	503 => 'Service Unavailable'
316	```
317
318	Example:
319	```php
320	$http->status(404); // Send 404 Not Found
321	```
322
323	---
324
325	### Caching Control
326
327	#### `no_cache($client_only = true): void`
328	Disables caching of the current page.
329
330	Parameters:
331	- `$client_only` (bool, default: TRUE)
332	- `TRUE`: Disable browser cache only
333	- `FALSE`: Disable both browser and server cache
334
335	Headers Set:
336	- `Last-Modified: <current-time>` (always fresh)
337	- `Cache-Control: no-store`
338
339	Example:
340	```php
341	$http->no_cache(); // Client-side only
342	$http->no_cache(false); // Both client & server
343	```
344
345	---
346
347	#### `cache_promisc(): void`
348	Marks page as publicly cacheable.
349
350	Headers Set:
351	- `Cache-Control: public`
352
353	Example:
354	```php
355	$http->cache_promisc();
356	```
357
358	---
359
360	### Language Negotiation
361
362	#### `user_agent_language(): string`
363	Determines best language based on browser preferences.
364
365	Features:
366	- Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
367	- Parses `Accept-Language` header with quality factors
368	- Attempts exact match first, then language fallback
369	- Falls back to default system language
370
371	Example Header:
372	```
373	Accept-Language: en-US,en;q=0.9,de;q=0.8
374	```
375
376	Returns:
377	- Language code (e.g., 'en', 'en-US', 'de')
378
379	---
380
381	#### `available_languages($subset = true): array`
382	Returns list of available language translations.
383
384	Parameters:
385	- `$subset` (bool, default: TRUE)
386	- `TRUE`: Only allowed languages
387	- `FALSE`: All available languages
388
389	Features:
390	- Scans `LANG_DIR` for language files
391	- Filters by `allowed_languages` config if set
392	- Caches result in session
393	- System language always included
394
395	Returns:
396	- Associative array: `['en' => 'en', 'de' => 'de', ...]`
397
398	Example:
399	```php
400	$all_langs = $http->available_languages(false);
401	$allowed = $http->available_languages(true);
402	```
403
404	---
405
406	### File Serving
407
408	#### `sendfile($path, $filename = null, $age = null): void`
409	Serves files with proper HTTP headers and caching.
410
411	Parameters:
412	- `$path` (string) - File path (or HTTP_XXX constant for error pages)
413	- `$filename` (string, optional) - Custom download filename
414	- `$age` (int, optional) - Cache age in days
415
416	Features:
417	- HTTP range request support (partial file downloads)
418	- ETag and Last-Modified conditional requests
419	- Proper MIME type detection
420	- Content-Security-Policy for special file types
421	- Streaming for large files
422	- GZip compression for text files
423
424	Special Paths:
425	```php
426	$http->sendfile(404); // Serves file defined by HTTP_404 constant
427	$http->sendfile(403); // Serves file defined by HTTP_403 constant
428	```
429
430	Example:
431	```php
432	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
433	```
434
435	---
436
437	#### `mime_type($path): string`
438	Returns MIME type for a file.
439
440	Returns:
441	- MIME type string (e.g., 'application/pdf')
442	- Default: `'application/octet-stream'`
443
444	Example:
445	```php
446	$mime = $http->mime_type('file.pdf'); // 'application/pdf'
447	```
448
449	---
450
451	#### `mime_types(): array` (Private)
452	Loads and caches MIME types from configuration.
453
454	Features:
455	- Reads from `config/mime.types`
456	- Caches to `cache/config/mime.types`
457	- Reloads if config is updated
458
459	---
460
461	### Compression
462
463	#### `gzip(): void`
464	Compresses HTTP response with gzip/x-gzip.
465
466	Features:
467	- Manually implements gzip (not relying on zlib.output_compression)
468	- Produces correct `Content-Length` header
469	- Only compresses if:
470	- 860 bytes < content < 1 MB
471	- Client accepts compression
472	- Headers not already sent
473
474	Example:
475	```php
476	$http->gzip();
477	```
478
479	---
480
481	### Utility Methods
482
483	#### `parse_str($str): array` (Private)
484	Parses URL-encoded strings with special character handling.
485
486	Purpose:
487	- Safely handles special characters in query/form data
488	- Converts encoding properly
489
490	Example:
491	```php
492	$data = $http->parse_str('name=John&age=30');
493	```
494
495	---
496
497	#### `request_uri(): string` (Private)
498	Extracts and normalizes REQUEST_URI from server.
499
500	Normalization:
501	- Removes base URL prefix
502	- Removes spaces
503	- Collapses multiple slashes
504	- Removes `..` path traversal attempts
505	- Removes leading/trailing slashes
506
507	---
508
509	#### `cut_prefix($prefix, $path): string` (Private)
510	Removes prefix from path (case-insensitive).
511
512	---
513
514	#### `get_header_conf($file_name): string` (Private)
515	Loads security header configuration from files.
516
517	Files Supported:
518	- `csp.conf` / `csp_custom.conf`
519	- `permissions_policy.conf` / `permissions_policy_custom.conf`
520
521	---
522
523	## Configuration Dependencies
524
525	The class relies on these database configuration settings:
526
527	\| Setting \| Type \| Purpose \|
528	\|---------\|------\|---------\|
529	\| `base_url` \| string \| Wiki's base URL \|
530	\| `tls` \| bool \| Enable HTTPS enforcement \|
531	\| `cache` \| bool \| Enable page caching \|
532	\| `cache_ttl` \| int \| Cache lifetime in seconds \|
533	\| `session_store` \| int \| 1=File, 0=Database \|
534	\| `system_seed_hash` \| string \| Session encryption seed \|
535	\| `cookie_prefix` \| string \| Session cookie prefix \|
536	\| `cookie_path` \| string \| Cookie path \|
537	\| `allow_persistent_cookie` \| bool \| Allow persistent login \|
538	\| `session_length` \| int \| Session lifetime in seconds \|
539	\| `reverse_proxy_addresses` \| string \| Comma/space-separated proxy IPs \|
540	\| `reverse_proxy_header` \| string \| Custom X-Forwarded header \|
541	\| `language` \| string \| Default language code \|
542	\| `multilanguage` \| bool \| Enable language negotiation \|
543	\| `allowed_languages` \| string \| Comma/space-separated allowed langs \|
544	\| `enable_security_headers` \| bool \| Send security headers \|
545	\| `csp` \| int \| CSP setting (0/1/2) \|
546	\| `permissions_policy` \| int \| Permissions-Policy setting (0/1/2) \|
547	\| `referrer_policy` \| int \| Referrer-Policy setting (0-8) \|
548
549	---
550
551	## Constants Used
552
553	\| Constant \| Type \| Purpose \|
554	\|----------\|------\|---------\|
555	\| `IN_WACKO` \| bool \| Security check (exit if not defined) \|
556	\| `CHMOD_SAFE` \| int \| File permissions for cache files \|
557	\| `CHMOD_FILE` \| int \| File permissions for config cache \|
558	\| `CACHE_PAGE_DIR` \| string \| Page cache directory \|
559	\| `CACHE_SESSION_DIR` \| string \| Session cache directory \|
560	\| `CACHE_CONFIG_DIR` \| string \| Config cache directory \|
561	\| `CONFIG_DIR` \| string \| Configuration directory \|
562	\| `LANG_DIR` \| string \| Language files directory \|
563	\| `DAYSECS` \| int \| Seconds in a day (86400) \|
564	\| `HTTP_404` \| string \| Path to 404 error page \|
565	\| `HTTP_403` \| string \| Path to 403 error page \|
566
567	---
568
569	## Workflow Examples
570
571	### Example 1: Handling a GET Request
572
573	```php
574	// In main wiki entry point
575	$http = new Http($db);
576	$http->session(0); // Start session
577
578	// Check if page can be served from cache
579	$http->check_cache('HomePage', 'show');
580
581	// ... render page content ...
582
583	// Store rendered page in cache if applicable
584	$http->store_cache();
585
586	// Send security headers
587	$http->http_security_headers();
588
589	// Possibly compress output
590	$http->gzip();
591	```
592
593	### Example 2: Handling TLS/HTTPS Upgrade
594
595	```php
596	$http = new Http($db); // Constructor detects TLS requirement
597	// If TLS is enabled and user wasn't in TLS before:
598	// - Sets TLS session flag
599	// - Marks session with TLS cookie
600	// - Redirects to HTTPS version
601	```
602
603	### Example 3: Invalidating Cache After Page Edit
604
605	```php
606	// User edits a page
607	$http = new Http($db);
608	$count = $http->invalidate_page('HomePage');
609	// All cached versions (different languages, methods) are invalidated
610	```
611
612	### Example 4: Serving a File
613
614	```php
615	$http = new Http($db);
616	$http->session(2); // Static file mode - no session replay prevention
617
618	// Serve with 30-day cache
619	$http->sendfile('uploads/manual.pdf', 'user-manual.pdf', 30);
620	```
621
622	---
623
624	## Security Considerations
625
626	### 1. IP Address Spoofing
627	- Validates IPs against private ranges
628	- Filters proxy-provided IPs appropriately
629	- Configurable reverse proxy trust
630
631	### 2. Session Security
632	- Binds sessions to IP address
633	- Binds sessions to TLS status
634	- Supports both file and database storage
635	- HttpOnly cookies by default
636
637	### 3. TLS Enforcement
638	- Automatic HTTPS upgrade when configured
639	- Marks TLS sessions to prevent downgrade attacks
640	- HSTS header support
641
642	### 4. Content Security
643	- CSP headers to prevent XSS
644	- X-Frame-Options to prevent clickjacking
645	- X-Content-Type-Options to prevent MIME sniffing
646	- Referrer-Policy control
647	- Permissions-Policy for browser features
648
649	### 5. File Serving
650	- Validates file existence and readability
651	- Prevents directory traversal via `realpath()`
652	- Rejects symbolic links
653	- Special CSP for SVG and PDF files
654
655	### 6. Cache Security
656	- Cached only for anonymous users
657	- Disabled for sensitive operations (edit, watch)
658	- Only GET requests cached
659
660	---
661
662	## Performance Optimization
663
664	### 1. Page Caching
665	- Stores full HTML output
666	- TTL-based expiration
667	- Language and method-aware caching
668	- Conditional request support (304 Not Modified)
669
670	### 2. MIME Type Caching
671	- Loads MIME types once and caches
672	- Regenerates only when config changes
673
674	### 3. Session Options
675	- File-based sessions for simple deployments
676	- Database sessions for distributed systems
677
678	### 4. Compression
679	- Manual gzip implementation
680	- Proper Content-Length generation
681	- Only compresses appropriate sizes
682
683	---
684
685	## Debugging
686		81
687	The class integrates with WackoWiki's diagnostic system:	82	The class integrates with WackoWiki's diagnostic system:
688		83
689	~~```~~php	84	%%php
690	// Diagnostic messages are preserved across redirects	85	// Diagnostic messages are preserved across redirects
691	// via session flash data	86	// via session flash data
692		87
693	// Check cached pages (debug comments in output):	88	// Check cached pages (debug comments in output):
694	// <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->	89	// <!-- WackoWiki Caching Engine: page cached at 2024-01-15 12:30:45 GMT -->
695	~~```~~	90	%%
696		91
697	---	92	----
698		93
699	## Related Classes	94	=== Related Classes ===
		95	- Session Classes (##SessionFileStore##, ##SessionDbalStore##) - Session management backends
		96	- Database Class - Configuration and cache metadata storage
		97	- Ut Utility Class - String/path utilities
		98	- Diag Class - Diagnostic logging
700		99
701	- Session Classes (`SessionFileStore`, `SessionDbalStore`) - Session management backends	100	----
702	- Database Class - Configuration and cache metadata storage
703	- Ut Utility Class - String/path utilities
704	- Diag Class - Diagnostic logging
705		101
706	---	102	=== Version History ===
		103	- Supports PHP 8.0+ (uses match expressions, union types)
		104	- Follows RFC 9110 for HTTP header handling
		105	- Modern cookie security practices
707		106
708	~~## Version History~~	107	----
709		108
710	- Supports PHP 8.0+ (uses match expressions, union types)	109	=== Conclusion ===
711	- Follows RFC 9110 for HTTP header handling
712	- Modern cookie security practices
713		110
714	---	111	The ##Http## class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:
715		112	- Extending WackoWiki with custom request handlers
716	## Conclusion	113	- Implementing custom session logic
717		114	- Adding new security policies
718	The `Http` class is the central request/response handler in WackoWiki, managing everything from session initialization to security headers to file serving. Understanding this class is essential for:	115	- Optimizing cache strategies
719		116	- Debugging HTTP-related issues
720	- Extending WackoWiki with custom request handlers
721	- Implementing custom session logic
722	- Adding new security policies
723	- Optimizing cache strategies
724	- Debugging HTTP-related issues