Annotate

plugins/mod_httpserver.lua @ 2409:36b8de1bfa27

mod_httpserver: Rudimentary directory detection, return forbidden instead of causing a traceback (since commit 0325f241a26c)
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Jan 2010 21:32:23 +0000
parent 2361:926905cb777f
child 2925:692b3c6c5bd2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1522
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
1 -- Prosody IM
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
2 -- Copyright (C) 2008-2009 Matthew Wild
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
3 -- Copyright (C) 2008-2009 Waqas Hussain
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
4 --
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
6 -- COPYING file in the source package for more information.
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
7 --
569d58d21612 Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents: 1384
diff changeset
8
696
b35faad717f2 mod_httpserver: Add require 'net.httpserver'
Matthew Wild <mwild1@gmail.com>
parents: 635
diff changeset
9
b35faad717f2 mod_httpserver: Add require 'net.httpserver'
Matthew Wild <mwild1@gmail.com>
parents: 635
diff changeset
10 local httpserver = require "net.httpserver";
635
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local open = io.open;
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local t_concat = table.concat;
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
1812
e32593074602 mod_httpserver: Configurable filesystem path to serve from
Matthew Wild <mwild1@gmail.com>
parents: 1770
diff changeset
15 local http_base = config.get("*", "core", "http_path") or "www_files";
635
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
17 local response_400 = { status = "400 Bad Request", body = "<h1>Bad Request</h1>Sorry, we didn't understand your request :(" };
2409
36b8de1bfa27 mod_httpserver: Rudimentary directory detection, return forbidden instead of causing a traceback (since commit 0325f241a26c)
Matthew Wild <mwild1@gmail.com>
parents: 2361
diff changeset
18 local response_403 = { status = "403 Forbidden", body = "<h1>Forbidden</h1>You don't have permission to view the contents of this directory :(" };
635
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20
2356
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
21 -- TODO: Should we read this from /etc/mime.types if it exists? (startup time...?)
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
22 local mime_map = {
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
23 html = "text/html";
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
24 htm = "text/html";
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
25 xml = "text/xml";
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
26 xsl = "text/xml";
2361
926905cb777f mod_httpserver: Text files are text/plain, and not plain/text.
Waqas Hussain <waqas20@gmail.com>
parents: 2359
diff changeset
27 txt = "text/plain; charset=utf-8";
2356
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
28 js = "text/javascript";
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
29 css = "text/css";
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
30 };
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
31
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
32 local function preprocess_path(path)
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
33 if path:sub(1,1) ~= "/" then
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
34 path = "/"..path;
1770
3e17002221eb mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
35 end
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
36 local level = 0;
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
37 for component in path:gmatch("([^/]+)/") do
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
38 if component == ".." then
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
39 level = level - 1;
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
40 elseif component ~= "." then
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
41 level = level + 1;
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
42 end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
43 if level < 0 then
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
44 return nil;
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
45 end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
46 end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
47 return path;
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
48 end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
49
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
50 function serve_file(path)
2358
e05934a5c911 mod_httpserver: Read files in binary mode; fixes issues with serving binary files.
Waqas Hussain <waqas20@gmail.com>
parents: 2357
diff changeset
51 local f, err = open(http_base..path, "rb");
635
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 if not f then return response_404; end
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 local data = f:read("*a");
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 f:close();
2409
36b8de1bfa27 mod_httpserver: Rudimentary directory detection, return forbidden instead of causing a traceback (since commit 0325f241a26c)
Matthew Wild <mwild1@gmail.com>
parents: 2361
diff changeset
55 if not data then
36b8de1bfa27 mod_httpserver: Rudimentary directory detection, return forbidden instead of causing a traceback (since commit 0325f241a26c)
Matthew Wild <mwild1@gmail.com>
parents: 2361
diff changeset
56 return response_403;
36b8de1bfa27 mod_httpserver: Rudimentary directory detection, return forbidden instead of causing a traceback (since commit 0325f241a26c)
Matthew Wild <mwild1@gmail.com>
parents: 2361
diff changeset
57 end
2356
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
58 local ext = path:match("%.([^.]*)$");
2357
d978e2ae7013 mod_httpserver: Skip returning a Content-Type when not known (application/octet-stream is not a correct default).
Waqas Hussain <waqas20@gmail.com>
parents: 2356
diff changeset
59 local mime = mime_map[ext]; -- Content-Type should be nil when not known
2356
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
60 return {
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
61 headers = { ["Content-Type"] = mime; };
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
62 body = data;
6d1e745a96f8 mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents: 2355
diff changeset
63 };
635
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 end
25f1117d7886 Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
66 local function handle_file_request(method, body, request)
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
67 local path = preprocess_path(request.url.path);
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
68 if not path then return response_400; end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
69 path = path:gsub("^/[^/]+", ""); -- Strip /files/
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
70 return serve_file(path);
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
71 end
1770
3e17002221eb mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
72
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
73 local function handle_default_request(method, body, request)
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
74 local path = preprocess_path(request.url.path);
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
75 if not path then return response_400; end
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
76 return serve_file(path);
1770
3e17002221eb mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
77 end
1667
c7bb2264e3b8 mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents: 1552
diff changeset
78
2355
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
79 local function setup()
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
80 local ports = config.get(module.host, "core", "http_ports") or { 5280 };
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
81 httpserver.set_default_handler(handle_default_request);
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
82 httpserver.new_from_config(ports, handle_file_request, { base = "files" });
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
83 end
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
84 if prosody.start_time then -- already started
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
85 setup();
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
86 else
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
87 prosody.events.add_handler("server-started", setup);
08f02de5ab9d mod_httpserver: Delay setup until after server is started.
Waqas Hussain <waqas20@gmail.com>
parents: 1870
diff changeset
88 end