prosody-modules
d6badf56ab5f
mod_http_upload_external/mod_http_upload_external.lua
Software / code / prosody-modules
Comparison
mod_http_upload_external/mod_http_upload_external.lua @ 2877:d6badf56ab5f
mod_http_upload_external: add support for XEP-0363 version 0.3
| author | Jonas Wielicki <jonas@wielicki.name> |
|---|---|
| date | Sun, 11 Feb 2018 16:11:17 +0100 |
| parent | 2332:c2cf5b40b66d |
| child | 2939:280305c043b0 |
comparison
equal
deleted
inserted
replaced
| 2876:ea6b5321db50 | 2877:d6badf56ab5f |
|---|---|
| 19 | 19 |
| 20 -- depends | 20 -- depends |
| 21 module:depends("disco"); | 21 module:depends("disco"); |
| 22 | 22 |
| 23 -- namespace | 23 -- namespace |
| 24 local xmlns_http_upload = "urn:xmpp:http:upload"; | 24 local legacy_namespace = "urn:xmpp:http:upload"; |
| 25 local namespace = "urn:xmpp:http:upload:0"; | |
| 25 | 26 |
| 26 -- identity and feature advertising | 27 -- identity and feature advertising |
| 27 module:add_identity("store", "file", module:get_option_string("name", "HTTP File Upload")) | 28 module:add_identity("store", "file", module:get_option_string("name", "HTTP File Upload")) |
| 28 module:add_feature(xmlns_http_upload); | 29 module:add_feature(namespace); |
| 30 module:add_feature(legacy_namespace); | |
| 29 | 31 |
| 30 module:add_extension(dataform { | 32 module:add_extension(dataform { |
| 31 { name = "FORM_TYPE", type = "hidden", value = xmlns_http_upload }, | 33 { name = "FORM_TYPE", type = "hidden", value = namespace }, |
| 34 { name = "max-file-size", type = "text-single" }, | |
| 35 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); | |
| 36 | |
| 37 module:add_extension(dataform { | |
| 38 { name = "FORM_TYPE", type = "hidden", value = legacy_namespace }, | |
| 32 { name = "max-file-size", type = "text-single" }, | 39 { name = "max-file-size", type = "text-single" }, |
| 33 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); | 40 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); |
| 34 | 41 |
| 35 local function magic_crypto_dust(random, filename, filesize) | 42 local function magic_crypto_dust(random, filename, filesize) |
| 36 local message = string.format("%s/%s %d", random, filename, filesize); | 43 local message = string.format("%s/%s %d", random, filename, filesize); |
| 37 local digest = HMAC(secret, message, true); | 44 local digest = HMAC(secret, message, true); |
| 38 random, filename = http.urlencode(random), http.urlencode(filename); | 45 random, filename = http.urlencode(random), http.urlencode(filename); |
| 39 return base_url .. random .. "/" .. filename, "?v=" .. digest; | 46 return base_url .. random .. "/" .. filename, "?v=" .. digest; |
| 40 end | 47 end |
| 41 | 48 |
| 42 -- hooks | 49 local function handle_request(origin, stanza, xmlns, filename, filesize) |
| 43 module:hook("iq/host/"..xmlns_http_upload..":request", function (event) | |
| 44 local stanza, origin = event.stanza, event.origin; | |
| 45 local request = stanza.tags[1]; | |
| 46 -- local clients only | 50 -- local clients only |
| 47 if origin.type ~= "c2s" then | 51 if origin.type ~= "c2s" then |
| 48 module:log("debug", "Request for upload slot from a %s", origin.type); | 52 module:log("debug", "Request for upload slot from a %s", origin.type); |
| 49 origin.send(st.error_reply(stanza, "cancel", "not-authorized")); | 53 origin.send(st.error_reply(stanza, "cancel", "not-authorized")); |
| 50 return true; | 54 return nil, nil; |
| 51 end | 55 end |
| 52 -- validate | 56 -- validate |
| 53 local filename = request:get_child_text("filename"); | |
| 54 if not filename or filename:find("/") then | 57 if not filename or filename:find("/") then |
| 55 module:log("debug", "Filename %q not allowed", filename or ""); | 58 module:log("debug", "Filename %q not allowed", filename or ""); |
| 56 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid filename")); | 59 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid filename")); |
| 57 return true; | 60 return nil, nil; |
| 58 end | 61 end |
| 59 local filesize = tonumber(request:get_child_text("size")); | |
| 60 if not filesize then | 62 if not filesize then |
| 61 module:log("debug", "Missing file size"); | 63 module:log("debug", "Missing file size"); |
| 62 origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing or invalid file size")); | 64 origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing or invalid file size")); |
| 63 return true; | 65 return nil, nil; |
| 64 elseif filesize > file_size_limit then | 66 elseif filesize > file_size_limit then |
| 65 module:log("debug", "File too large (%d > %d)", filesize, file_size_limit); | 67 module:log("debug", "File too large (%d > %d)", filesize, file_size_limit); |
| 66 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "File too large", | 68 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "File too large", |
| 67 st.stanza("file-too-large", {xmlns=xmlns_http_upload}) | 69 st.stanza("file-too-large", {xmlns=xmlns}) |
| 68 :tag("max-size"):text(tostring(file_size_limit)))); | 70 :tag("max-size"):text(tostring(file_size_limit)))); |
| 71 return nil, nil; | |
| 72 end | |
| 73 local random = uuid(); | |
| 74 local get_url, verify = magic_crypto_dust(random, filename, filesize); | |
| 75 local put_url = get_url .. verify; | |
| 76 | |
| 77 module:log("info", "Handing out upload slot %s to %s@%s", get_url, origin.username, origin.host); | |
| 78 | |
| 79 return get_url, put_url; | |
| 80 end | |
| 81 | |
| 82 -- hooks | |
| 83 module:hook("iq/host/"..legacy_namespace..":request", function (event) | |
| 84 local stanza, origin = event.stanza, event.origin; | |
| 85 local request = stanza.tags[1]; | |
| 86 local filename = request:get_child_text("filename"); | |
| 87 local filesize = tonumber(request:get_child_text("size")); | |
| 88 | |
| 89 local get_url, put_url = handle_request( | |
| 90 origin, stanza, legacy_namespace, filename, filesize); | |
| 91 | |
| 92 if not get_url then | |
| 93 -- error was already sent | |
| 69 return true; | 94 return true; |
| 70 end | 95 end |
| 71 local reply = st.reply(stanza); | 96 |
| 72 reply:tag("slot", { xmlns = xmlns_http_upload }); | 97 local reply = st.reply(stanza) |
| 73 local random = uuid(); | 98 :tag("slot", { xmlns = legacy_namespace }) |
| 74 local get_url, verify = magic_crypto_dust(random, filename, filesize); | 99 :tag("get"):text(get_url):up() |
| 75 reply:tag("get"):text(get_url):up(); | 100 :tag("put"):text(put_url):up() |
| 76 reply:tag("put"):text(get_url .. verify):up(); | 101 :up(); |
| 77 module:log("info", "Handed out upload slot %s to %s@%s", get_url, origin.username, origin.host); | |
| 78 origin.send(reply); | 102 origin.send(reply); |
| 79 return true; | 103 return true; |
| 80 end); | 104 end); |
| 105 | |
| 106 module:hook("iq/host/"..namespace..":request", function (event) | |
| 107 local stanza, origin = event.stanza, event.origin; | |
| 108 local request = stanza.tags[1]; | |
| 109 local filename = request.attr.filename; | |
| 110 local filesize = tonumber(request.attr.size); | |
| 111 local get_url, put_url = handle_request( | |
| 112 origin, stanza, legacy_namespace, filename, filesize); | |
| 113 | |
| 114 if not get_url then | |
| 115 -- error was already sent | |
| 116 return true; | |
| 117 end | |
| 118 | |
| 119 local reply = st.reply(stanza) | |
| 120 :tag("slot", { xmlns = namespace}) | |
| 121 :tag("get", { url = get_url }):up() | |
| 122 :tag("put", { url = put_url }):up() | |
| 123 :up(); | |
| 124 origin.send(reply); | |
| 125 return true; | |
| 126 end); |
