prosody-modules
16995e7624f0
mod_http_upload_external/mod_http_upload_external.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_http_upload_external/mod_http_upload_external.lua @ 4509:16995e7624f0

mod_http_upload_external: add access control option
author Nicolas Cedilnik <nicoco@nicoco.fr>
date Sun, 14 Mar 2021 17:19:38 +0100
parent 3167:bedd3f4a8f90
comparison
equal deleted inserted replaced
4508:0329cf8cdecb 4509:16995e7624f0
9 local st = require"util.stanza"; 9 local st = require"util.stanza";
10 local uuid = require"util.uuid".generate; 10 local uuid = require"util.uuid".generate;
11 local http = require "util.http"; 11 local http = require "util.http";
12 local dataform = require "util.dataforms".new; 12 local dataform = require "util.dataforms".new;
13 local HMAC = require "util.hashes".hmac_sha256; 13 local HMAC = require "util.hashes".hmac_sha256;
14 local jid = require "util.jid";
14 15
15 -- config 16 -- config
16 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 100 * 1024 * 1024); -- 100 MB 17 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 100 * 1024 * 1024); -- 100 MB
17 local base_url = assert(module:get_option_string(module.name .. "_base_url"), 18 local base_url = assert(module:get_option_string(module.name .. "_base_url"),
18 module.name .. "_base_url is a required option"); 19 module.name .. "_base_url is a required option");
19 local secret = assert(module:get_option_string(module.name .. "_secret"), 20 local secret = assert(module:get_option_string(module.name .. "_secret"),
20 module.name .. "_secret is a required option"); 21 module.name .. "_secret is a required option");
22 local access = module:get_option_set(module.name .. "_access", {});
21 23
22 local token_protocol = module:get_option_string(module.name .. "_protocol", "v1"); 24 local token_protocol = module:get_option_string(module.name .. "_protocol", "v1");
23 25
24 -- depends 26 -- depends
25 module:depends("disco"); 27 module:depends("disco");
54 random, filename = http.urlencode(random), http.urlencode(filename); 56 random, filename = http.urlencode(random), http.urlencode(filename);
55 return base_url .. random .. "/" .. filename, "?"..param.."=" .. digest; 57 return base_url .. random .. "/" .. filename, "?"..param.."=" .. digest;
56 end 58 end
57 59
58 local function handle_request(origin, stanza, xmlns, filename, filesize, filetype) 60 local function handle_request(origin, stanza, xmlns, filename, filesize, filetype)
59 -- local clients only 61 local user_bare = jid.bare(stanza.attr.from);
60 if origin.type ~= "c2s" then 62 local user_host = jid.host(user_bare);
63
64 -- local clients or whitelisted jids/hosts only
65 if not (origin.type == "c2s" or access:contains(user_bare) or access:contains(user_host)) then
61 module:log("debug", "Request for upload slot from a %s", origin.type); 66 module:log("debug", "Request for upload slot from a %s", origin.type);
62 origin.send(st.error_reply(stanza, "cancel", "not-authorized")); 67 origin.send(st.error_reply(stanza, "cancel", "not-authorized"));
63 return nil, nil; 68 return nil, nil;
64 end 69 end
65 -- validate 70 -- validate