Software /
code /
prosody-modules
Comparison
mod_http_upload/mod_http_upload.lua @ 2683:d0948bd96a7b
mod_http_upload: Add support for limiting file types to upload
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 13 Apr 2017 20:29:41 +0200 |
parent | 2682:3fd50495c89d |
child | 2684:e491a15d7621 |
comparison
equal
deleted
inserted
replaced
2682:3fd50495c89d | 2683:d0948bd96a7b |
---|---|
29 | 29 |
30 -- config | 30 -- config |
31 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB | 31 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB |
32 local quota = module:get_option_number(module.name .. "_quota"); | 32 local quota = module:get_option_number(module.name .. "_quota"); |
33 local max_age = module:get_option_number(module.name .. "_expire_after"); | 33 local max_age = module:get_option_number(module.name .. "_expire_after"); |
34 local allowed_file_types = module:get_option_set(module.name .. "_allowed_file_types"); | |
34 | 35 |
35 --- sanity | 36 --- sanity |
36 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024); | 37 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024); |
37 if file_size_limit > parser_body_limit then | 38 if file_size_limit > parser_body_limit then |
38 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B", | 39 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B", |
138 origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension")); | 139 origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension")); |
139 return true; | 140 return true; |
140 end | 141 end |
141 end | 142 end |
142 | 143 |
144 if allowed_file_types then | |
145 if not (allowed_file_types:contains(mimetype) or allowed_file_types:contains(mimetype:gsub("/.*", "/*"))) then | |
146 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "File type not allowed")); | |
147 return true; | |
148 end | |
149 end | |
150 | |
143 local reply = st.reply(stanza); | 151 local reply = st.reply(stanza); |
144 reply:tag("slot", { xmlns = xmlns }); | 152 reply:tag("slot", { xmlns = xmlns }); |
145 | 153 |
146 local random_dir; | 154 local random_dir; |
147 repeat random_dir = uuid(); | 155 repeat random_dir = uuid(); |