Diff

mod_strict_https/mod_strict_https.lua @ 5411:b3158647cb36

mod_strict_https: Update to use modern APIs instead of monkey patching Updates one of the least recently updated modules :) Mapping HTTP Host to Prosody host remains awkward.
author Kim Alvefur <zash@zash.se>
date Wed, 03 May 2023 10:16:15 +0200
parent 863:efa9c1676d1f
child 5415:f8797e3284ff
line wrap: on
line diff
--- a/mod_strict_https/mod_strict_https.lua	Tue May 02 19:06:17 2023 +0200
+++ b/mod_strict_https/mod_strict_https.lua	Wed May 03 10:16:15 2023 +0200
@@ -1,5 +1,5 @@
 -- HTTP Strict Transport Security
--- https://tools.ietf.org/html/rfc6797
+-- https://www.rfc-editor.org/info/rfc6797
 
 module:set_global();
 
@@ -7,38 +7,16 @@
 
 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
 
-local _old_send_response;
-local _old_fire_event;
-
-local modules = {};
-
-function module.load()
-	_old_send_response = http_server.send_response;
-	function http_server.send_response(response, body)
-		response.headers.strict_transport_security = hsts_header;
-		return _old_send_response(response, body);
-	end
-
-	_old_fire_event = http_server._events.fire_event;
-	function http_server._events.fire_event(event, payload)
-		local request = payload.request;
-		local host = event:match("^[A-Z]+ ([^/]+)");
-		local module = modules[host];
-		if module and not request.secure then
-			payload.response.headers.location = module:http_url(request.path);
+module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
+	local request, response = event_data.request, event_data.response;
+	if request and response then
+		if request.secure then
+			response.headers.strict_transport_security = hsts_header;
+		else
+			-- This won't get the port number right
+			response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
 			return 301;
 		end
-		return _old_fire_event(event, payload);
 	end
-end
-function module.unload()
-	http_server.send_response = _old_send_response;
-	http_server._events.fire_event = _old_fire_event;
-end
-function module.add_host(module)
-	local http_host = module:get_option_string("http_host", module.host);
-	modules[http_host] = module;
-	function module.unload()
-		modules[http_host] = nil;
-	end
-end
+	return handlers(event_name, event_data);
+end);