Comparison

mod_http_upload/mod_http_upload.lua @ 4443:0a56dc6c61af

mod_http_upload: Add access config option
author Nicolas Cedilnik <nicoco@nicoco.fr>
date Tue, 16 Feb 2021 21:29:27 +0100
parent 4076:f1f796e551f1
child 4610:342664061c9b
comparison
equal deleted inserted replaced
4442:74da3643c62d 4443:0a56dc6c61af
18 local t_insert = table.insert; 18 local t_insert = table.insert;
19 local s_upper = string.upper; 19 local s_upper = string.upper;
20 local httpserver = require "net.http.server"; 20 local httpserver = require "net.http.server";
21 local have_id, id = pcall(require, "util.id"); -- Only available in 0.10+ 21 local have_id, id = pcall(require, "util.id"); -- Only available in 0.10+
22 local uuid = require"util.uuid".generate; 22 local uuid = require"util.uuid".generate;
23 local jid = require "util.jid";
23 if have_id then 24 if have_id then
24 uuid = id.medium; 25 uuid = id.medium;
25 end 26 end
26 27
27 local function join_path(...) -- COMPAT util.path was added in 0.10 28 local function join_path(...) -- COMPAT util.path was added in 0.10
30 31
31 -- config 32 -- config
32 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB 33 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB
33 local quota = module:get_option_number(module.name .. "_quota"); 34 local quota = module:get_option_number(module.name .. "_quota");
34 local max_age = module:get_option_number(module.name .. "_expire_after"); 35 local max_age = module:get_option_number(module.name .. "_expire_after");
36 local access = module:get_option_set(module.name .. "_access", {});
35 37
36 --- sanity 38 --- sanity
37 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024); 39 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024);
38 if file_size_limit > parser_body_limit then 40 if file_size_limit > parser_body_limit then
39 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B", 41 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B",
167 measure_slot = module:measure("slot", "sizes"); 169 measure_slot = module:measure("slot", "sizes");
168 end 170 end
169 171
170 local function handle_request(origin, stanza, xmlns, filename, filesize) 172 local function handle_request(origin, stanza, xmlns, filename, filesize)
171 local username, host = origin.username, origin.host; 173 local username, host = origin.username, origin.host;
172 -- local clients only 174
173 if origin.type ~= "c2s" then 175 local user_bare = jid.bare(stanza.attr.from);
176 local user_host = jid.host(user_bare);
177
178 -- local clients or whitelisted jids/hosts only
179 if not (origin.type == "c2s" or access:contains(user_bare) or access:contains(user_host)) then
174 module:log("debug", "Request for upload slot from a %s", origin.type); 180 module:log("debug", "Request for upload slot from a %s", origin.type);
175 return nil, st.error_reply(stanza, "cancel", "not-authorized"); 181 return nil, st.error_reply(stanza, "cancel", "not-authorized");
176 end 182 end
177 -- validate 183 -- validate
178 if not filename or filename:find("/") then 184 if not filename or filename:find("/") then