prosody-modules
ea17cfcbffab
mod_http_upload/mod_http_upload.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_http_upload/mod_http_upload.lua @ 4654:ea17cfcbffab

mod_http_upload: Prevent the module from starting without TLS
author Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date Wed, 25 Aug 2021 12:52:33 +0200
parent 4653:2b6e8ce5fb30
child 4976:75b6e5df65f9
comparison
equal deleted inserted replaced
4653:2b6e8ce5fb30 4654:ea17cfcbffab
4 -- 4 --
5 -- This file is MIT/X11 licensed. 5 -- This file is MIT/X11 licensed.
6 -- 6 --
7 -- Implementation of HTTP Upload file transfer mechanism used by Conversations 7 -- Implementation of HTTP Upload file transfer mechanism used by Conversations
8 -- 8 --
9
10 -- depends
11 module:depends("http");
12 module:depends("disco");
13
14 if module:http_url():match("^http://") then
15 error("File upload MUST happen with TLS but it isn’t enabled, see https://prosody.im/doc/http for how to fix this issue");
16 end
9 17
10 -- imports 18 -- imports
11 local st = require"util.stanza"; 19 local st = require"util.stanza";
12 local lfs = require"lfs"; 20 local lfs = require"lfs";
13 local url = require "socket.url"; 21 local url = require "socket.url";
44 end 52 end
45 53
46 if prosody.hosts[module.host].type == "local" then 54 if prosody.hosts[module.host].type == "local" then
47 module:log("warn", "mod_%s loaded on a user host, this may be incompatible with some client software, see docs for correct usage", module.name); 55 module:log("warn", "mod_%s loaded on a user host, this may be incompatible with some client software, see docs for correct usage", module.name);
48 end 56 end
49
50 -- depends
51 module:depends("http");
52 module:depends("disco");
53 57
54 local http_files; 58 local http_files;
55 59
56 if not pcall(function () 60 if not pcall(function ()
57 http_files = require "net.http.files"; 61 http_files = require "net.http.files";
196 :tag("max-file-size"):text(("%d"):format(file_size_limit)); 200 :tag("max-file-size"):text(("%d"):format(file_size_limit));
197 elseif not check_quota(username, host, filesize) then 201 elseif not check_quota(username, host, filesize) then
198 module:log("debug", "Upload of %dB by %s would exceed quota", filesize, user_bare); 202 module:log("debug", "Upload of %dB by %s would exceed quota", filesize, user_bare);
199 return nil, st.error_reply(stanza, "wait", "resource-constraint", "Quota reached"); 203 return nil, st.error_reply(stanza, "wait", "resource-constraint", "Quota reached");
200 end 204 end
201 local base_url = module:http_url();
202 if base_url:match("^http://") then
203 module:log("error", "File upload MUST happen with TLS but it isn’t enabled, see https://prosody.im/doc/http for how to fix this issue");
204 return nil, st.error_reply(stanza, "wait", "internal-server-error", "HTTPS is not configured properly on the server");
205 end
206 205
207 local random_dir = uuid(); 206 local random_dir = uuid();
208 local created, err = lfs.mkdir(join_path(storage_path, random_dir)); 207 local created, err = lfs.mkdir(join_path(storage_path, random_dir));
209 208
210 if not created then 209 if not created then
228 227
229 measure_slot(filesize); 228 measure_slot(filesize);
230 229
231 origin.log("debug", "Given upload slot %q", slot); 230 origin.log("debug", "Given upload slot %q", slot);
232 231
232 local base_url = module:http_url();
233 local slot_url = url.parse(base_url); 233 local slot_url = url.parse(base_url);
234 slot_url.path = url.parse_path(slot_url.path or "/"); 234 slot_url.path = url.parse_path(slot_url.path or "/");
235 t_insert(slot_url.path, random_dir); 235 t_insert(slot_url.path, random_dir);
236 t_insert(slot_url.path, filename); 236 t_insert(slot_url.path, filename);
237 slot_url.path.is_directory = false; 237 slot_url.path.is_directory = false;