Annotate

plugins/mod_http.lua @ 13256:53708752cc5d

Merge 0.12->trunk
author Kim Alvefur <zash@zash.se>
date Wed, 30 Aug 2023 11:09:12 +0200
parent 13249:5884d58707fa
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- Prosody IM
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
2 -- Copyright (C) 2008-2012 Matthew Wild
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
3 -- Copyright (C) 2008-2012 Waqas Hussain
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5427
diff changeset
4 --
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 --
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 module:set_global();
10409
abfc05495d8b mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents: 10315
diff changeset
10 pcall(function ()
abfc05495d8b mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents: 10315
diff changeset
11 module:depends("http_errors");
abfc05495d8b mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents: 10315
diff changeset
12 end);
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
14 local portmanager = require "prosody.core.portmanager";
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
15 local moduleapi = require "prosody.core.moduleapi";
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
16 local url_parse = require "socket.url".parse;
5093
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
17 local url_build = require "socket.url".build;
13126
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
18 local http_util = require "prosody.util.http";
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
19 local normalize_path = http_util.normalize_path;
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
20 local set = require "prosody.util.set";
13165
9c13c11b199d renamening: Fix newly added imports to use the new namespace
Kim Alvefur <zash@zash.se>
parents: 13141
diff changeset
21 local array = require "prosody.util.array";
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
22
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
23 local ip_util = require "prosody.util.ip";
10923
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
24 local new_ip = ip_util.new_ip;
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
25 local match_ip = ip_util.match;
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
26 local parse_cidr = ip_util.parse_cidr;
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
27
12977
74b9e05af71e plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
28 local server = require "prosody.net.http.server";
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
29
4736
3514338c59c3 net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents: 4724
diff changeset
30 server.set_default_host(module:get_option_string("http_default_host"));
3514338c59c3 net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents: 4724
diff changeset
31
13214
5022525364f6 mod_http: Fix passing minimum limits in wrong argument position
Kim Alvefur <zash@zash.se>
parents: 13213
diff changeset
32 server.set_option("body_size_limit", module:get_option_number("http_max_content_size", nil, 0));
5022525364f6 mod_http: Fix passing minimum limits in wrong argument position
Kim Alvefur <zash@zash.se>
parents: 13213
diff changeset
33 server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size", nil, 0));
7580
588ed6451984 mod_http: Allow configuring http parser size limits
Kim Alvefur <zash@zash.se>
parents: 6598
diff changeset
34
11727
f3aee8a825cc Fix various spelling errors (thanks codespell)
Kim Alvefur <zash@zash.se>
parents: 11410
diff changeset
35 -- CORS settings
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
36 local cors_overrides = module:get_option("http_cors_override", {});
9797
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
37 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" });
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
38 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" });
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
39 local opt_origins = module:get_option_set("access_control_allow_origins");
10258
4ff2f14f9ac7 mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents: 9852
diff changeset
40 local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false);
13209
c8d949cf6b09 plugins: Switch to :get_option_period() for time range options
Kim Alvefur <zash@zash.se>
parents: 13165
diff changeset
41 local opt_max_age = module:get_option_period("access_control_max_age", "2 hours");
12790
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
42 local opt_default_cors = module:get_option_boolean("http_default_cors_enabled", true);
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
43
4667
d0cfc49f3f2b mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents: 4664
diff changeset
44 local function get_http_event(host, app_path, key)
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
45 local method, path = key:match("^(%S+)%s+(.+)$");
4721
1c6c4c53f08a mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents: 4720
diff changeset
46 if not method then -- No path specified, default to "" (base path)
1c6c4c53f08a mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents: 4720
diff changeset
47 method, path = key, "";
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
48 end
4721
1c6c4c53f08a mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents: 4720
diff changeset
49 if method:sub(1,1) == "/" then
1c6c4c53f08a mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents: 4720
diff changeset
50 return nil;
1c6c4c53f08a mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents: 4720
diff changeset
51 end
5092
a89f8f2f2943 mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents: 4915
diff changeset
52 if app_path == "/" and path:sub(1,1) == "/" then
a89f8f2f2943 mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents: 4915
diff changeset
53 app_path = "";
a89f8f2f2943 mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents: 4915
diff changeset
54 end
9376
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
55 if host == "*" then
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
56 return method:upper().." "..app_path..path;
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
57 else
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
58 return method:upper().." "..host..app_path..path;
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
59 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
60 end
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61
4702
5a85e541de1a mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents: 4696
diff changeset
62 local function get_base_path(host_module, app_name, default_app_path)
5332
5b73ac268a9e mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents: 5230
diff changeset
63 return (normalize_path(host_module:get_option("http_paths", {})[app_name] -- Host
4702
5a85e541de1a mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents: 4696
diff changeset
64 or module:get_option("http_paths", {})[app_name] -- Global
5332
5b73ac268a9e mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents: 5230
diff changeset
65 or default_app_path)) -- Default
6025
583e5c1365fe mod_http: Use hostname from the correct context (thanks gryffus)
Kim Alvefur <zash@zash.se>
parents: 5427
diff changeset
66 :gsub("%$(%w+)", { host = host_module.host });
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
67 end
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
68
6504
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
69 local function redir_handler(event)
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
70 event.response.headers.location = event.request.path.."/";
7518
829ebe806e82 mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 7359
diff changeset
71 if event.request.url.query then
829ebe806e82 mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 7359
diff changeset
72 event.response.headers.location = event.response.headers.location .. "?" .. event.request.url.query
829ebe806e82 mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 7359
diff changeset
73 end
6504
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
74 return 301;
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
75 end
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
76
5093
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
77 local ports_by_scheme = { http = 80, https = 443, };
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
78
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
79 -- Helper to deduce a module's external URL
13107
9c4dc1e6d2c9 mod_http: Add way to retrieve internal URL instead of external
Kim Alvefur <zash@zash.se>
parents: 13069
diff changeset
80 function moduleapi.http_url(module, app_name, default_path, mode)
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
81 app_name = app_name or (module.name:gsub("^http_", ""));
12191
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
82
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
83 local external_url = url_parse(module:get_option_string("http_external_url"));
13107
9c4dc1e6d2c9 mod_http: Add way to retrieve internal URL instead of external
Kim Alvefur <zash@zash.se>
parents: 13069
diff changeset
84 if external_url and mode ~= "internal" then
13249
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
85 -- Current URL does not depend on knowing which ports are used, only configuration.
12191
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
86 local url = {
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
87 scheme = external_url.scheme;
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
88 host = external_url.host;
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
89 port = tonumber(external_url.port) or ports_by_scheme[external_url.scheme];
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
90 path = normalize_path(external_url.path or "/", true)
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
91 .. (get_base_path(module, app_name, default_path or "/" .. app_name):sub(2));
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
92 }
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
93 if ports_by_scheme[url.scheme] == url.port then url.port = nil end
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
94 return url_build(url);
6026
8a8be471ec72 mod_http: Fix http_external_url setting without an explicit port
Kim Alvefur <zash@zash.se>
parents: 6025
diff changeset
95 end
12191
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
96
13249
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
97 if prosody.process_type ~= "prosody" then
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
98 -- We generally don't open ports outside of Prosody, so we can't rely on
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
99 -- portmanager to tell us which ports and services are used and derive the
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
100 -- URL from that, so instead we derive it entirely from configuration.
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
101 local https_ports = module:get_option_array("https_ports", { 5281 });
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
102 local scheme = "https";
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
103 local port = tonumber(https_ports[1]);
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
104 if not port then
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
105 -- https is disabled and no http_external_url set
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
106 scheme = "http";
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
107 local http_ports = module:get_option_array("http_ports", { 5280 });
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
108 port = tonumber(http_ports[1]);
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
109 if not port then
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
110 return "http://disabled.invalid/";
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
111 end
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
112 end
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
113
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
114 local url = {
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
115 scheme = scheme;
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
116 host = module:get_option_string("http_host", module.global and module:get_option_string("http_default_host") or module.host);
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
117 port = port;
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
118 path = get_base_path(module, app_name, default_path or "/" .. app_name);
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
119 }
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
120 if ports_by_scheme[url.scheme] == url.port then
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
121 url.port = nil
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
122 end
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
123 return url_build(url);
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
124 end
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
125
5884d58707fa mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents: 13214
diff changeset
126 -- Use portmanager to find the actual port of https or http services
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
127 local services = portmanager.get_active_services();
4915
3fbc01d1fc5a mod_http: Fix traceback when no HTTP services succeed in binding
Matthew Wild <mwild1@gmail.com>
parents: 4911
diff changeset
128 local http_services = services:get("https") or services:get("http") or {};
8969
48d0b908f8b6 mod_http: Silecence harmless warnings
Kim Alvefur <zash@zash.se>
parents: 8596
diff changeset
129 for interface, ports in pairs(http_services) do -- luacheck: ignore 213/interface
8970
75c3b1bd9d7b mod_http: Rename loop variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8969
diff changeset
130 for port, service in pairs(ports) do -- luacheck: ignore 512
5093
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
131 local url = {
12191
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
132 scheme = service[1].service.name;
12268
d41e8c7890b0 mod_http: Use http_default_host for URLs generated in global context
Kim Alvefur <zash@zash.se>
parents: 12192
diff changeset
133 host = module:get_option_string("http_host", module.global
12269
a19d435dee90 mod_http: Use interface name as default default global hostname
Kim Alvefur <zash@zash.se>
parents: 12268
diff changeset
134 and module:get_option_string("http_default_host", interface) or module.host);
12191
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
135 port = port;
8b57362f1176 mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents: 12187
diff changeset
136 path = get_base_path(module, app_name, default_path or "/" .. app_name);
5093
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
137 }
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
138 if ports_by_scheme[url.scheme] == url.port then url.port = nil end
1ce9e8068dda mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
139 return url_build(url);
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
140 end
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
141 end
11066
dc41c8dfd2b1 mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents: 11022
diff changeset
142 if prosody.process_type == "prosody" then
dc41c8dfd2b1 mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents: 11022
diff changeset
143 module:log("warn", "No http ports enabled, can't generate an external URL");
dc41c8dfd2b1 mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents: 11022
diff changeset
144 end
6598
4b4852c4f96a mod_http: Return a static string from module:http_url() when no ports are enabled and log a warning
Kim Alvefur <zash@zash.se>
parents: 6597
diff changeset
145 return "http://disabled.invalid/";
4702
5a85e541de1a mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents: 4696
diff changeset
146 end
5a85e541de1a mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents: 4696
diff changeset
147
13069
45caa4e43775 mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents: 12977
diff changeset
148 local function header_set_tostring(header_value)
13140
7a6874f9fd40 mod_http: Simplify conversion of Set to Array
Kim Alvefur <zash@zash.se>
parents: 13127
diff changeset
149 return array(header_value:items()):concat(", ");
13069
45caa4e43775 mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents: 12977
diff changeset
150 end
45caa4e43775 mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents: 12977
diff changeset
151
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
152 local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin)
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
153 if allowed_origins and not allowed_origins[origin] then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
154 return;
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
155 end
13069
45caa4e43775 mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents: 12977
diff changeset
156 response.headers.access_control_allow_methods = header_set_tostring(methods);
45caa4e43775 mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents: 12977
diff changeset
157 response.headers.access_control_allow_headers = header_set_tostring(headers);
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
158 response.headers.access_control_max_age = tostring(max_age)
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
159 response.headers.access_control_allow_origin = origin or "*";
10258
4ff2f14f9ac7 mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents: 9852
diff changeset
160 if allow_credentials then
4ff2f14f9ac7 mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents: 9852
diff changeset
161 response.headers.access_control_allow_credentials = "true";
4ff2f14f9ac7 mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents: 9852
diff changeset
162 end
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
163 end
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
164
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
165 function module.add_host(module)
9376
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
166 local host = module.host;
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
167 if host ~= "*" then
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
168 host = module:get_option_string("http_host", host);
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
169 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
170 local apps = {};
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
171 module.environment.apps = apps;
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
172 local function http_app_added(event)
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
173 local app_name = event.item.name;
4667
d0cfc49f3f2b mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents: 4664
diff changeset
174 local default_app_path = event.item.default_path or "/"..app_name;
4892
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
175 local app_path = get_base_path(module, app_name, default_app_path);
6c8074f47ca4 mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents: 4774
diff changeset
176 if not app_name then
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
177 -- TODO: Link to docs
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
178 module:log("error", "HTTP app has no 'name', add one or use module:provides('http', app)");
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
179 return;
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
180 end
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
181 apps[app_name] = apps[app_name] or {};
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
182 local app_handlers = apps[app_name];
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
183
9797
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
184 local app_methods = opt_methods;
11397
27a22a1f141c mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents: 11396
diff changeset
185 local app_headers = opt_headers;
11396
f6bb3b193277 mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents: 11387
diff changeset
186 local app_credentials = opt_credentials;
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
187 local app_origins;
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
188 if opt_origins and not (opt_origins:empty() or opt_origins:contains("*")) then
13139
5d5869f14c4d mod_http: Fix error if 'access_control_allow_origins' is set
Kim Alvefur <zash@zash.se>
parents: 12923
diff changeset
189 app_origins = opt_origins._items;
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
190 end
9797
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
191
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
192 local function cors_handler(event_data)
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
193 local request, response = event_data.request, event_data.response;
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
194 apply_cors_headers(response, app_methods, app_headers, opt_max_age, app_credentials, app_origins, request.headers.origin);
9793
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
195 end
9993fd021d19 mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
196
9796
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
197 local function options_handler(event_data)
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
198 cors_handler(event_data);
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
199 return "";
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
200 end
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
201
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
202 local cors = cors_overrides[app_name] or event.item.cors;
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
203 if cors then
12444
b33558969b3e mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
Matthew Wild <mwild1@gmail.com>
parents: 12443
diff changeset
204 if cors.enabled == true then
12443
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
205 if cors.credentials ~= nil then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
206 app_credentials = cors.credentials;
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
207 end
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
208 if cors.headers then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
209 for header, enable in pairs(cors.headers) do
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
210 if enable and not app_headers:contains(header) then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
211 app_headers = app_headers + set.new { header };
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
212 elseif not enable and app_headers:contains(header) then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
213 app_headers = app_headers - set.new { header };
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
214 end
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
215 end
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
216 end
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
217 if cors.origins then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
218 if cors.origins == "*" or cors.origins[1] == "*" then
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
219 app_origins = nil;
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
220 else
17d87fb2312a mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents: 12269
diff changeset
221 app_origins = set.new(cors.origins)._items;
11397
27a22a1f141c mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents: 11396
diff changeset
222 end
27a22a1f141c mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents: 11396
diff changeset
223 end
12790
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
224 elseif cors.enabled == false then
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
225 cors = nil;
11397
27a22a1f141c mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents: 11396
diff changeset
226 end
12790
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
227 else
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
228 cors = opt_default_cors;
11396
f6bb3b193277 mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents: 11387
diff changeset
229 end
f6bb3b193277 mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents: 11387
diff changeset
230
11022
3e5bc34be734 mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents: 11021
diff changeset
231 local streaming = event.item.streaming_uploads;
3e5bc34be734 mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents: 11021
diff changeset
232
11399
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
233 if not event.item.route then
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
234 -- TODO: Link to docs
11400
19a59cb7311e mod_http: Improve message for missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11399
diff changeset
235 module:log("error", "HTTP app %q provides no 'route', add one to handle HTTP requests", app_name);
11399
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
236 return;
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
237 end
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
238
d5d895313be2 mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents: 11397
diff changeset
239 for key, handler in pairs(event.item.route) do
4667
d0cfc49f3f2b mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents: 4664
diff changeset
240 local event_name = get_http_event(host, app_path, key);
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
241 if event_name then
9797
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
242 local method = event_name:match("^%S+");
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
243 if not app_methods:contains(method) then
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
244 app_methods = app_methods + set.new{ method };
071538a567d5 mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents: 9796
diff changeset
245 end
9796
adfb29f44412 mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents: 9793
diff changeset
246 local options_event_name = event_name:gsub("^%S+", "OPTIONS");
4724
a8c234332258 mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents: 4721
diff changeset
247 if type(handler) ~= "function" then
a8c234332258 mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents: 4721
diff changeset
248 local data = handler;
a8c234332258 mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents: 4721
diff changeset
249 handler = function () return data; end
a8c234332258 mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents: 4721
diff changeset
250 elseif event_name:sub(-2, -1) == "/*" then
5230
6f5640375358 mod_http: Fix path length pattern
Kim Alvefur <zash@zash.se>
parents: 5204
diff changeset
251 local base_path_len = #event_name:match("/.+$");
4669
0e0a72679f77 mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents: 4667
diff changeset
252 local _handler = handler;
8972
0b254439d451 mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8971
diff changeset
253 handler = function (_event)
0b254439d451 mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8971
diff changeset
254 local path = _event.request.path:sub(base_path_len);
0b254439d451 mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8971
diff changeset
255 return _handler(_event, path);
4669
0e0a72679f77 mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents: 4667
diff changeset
256 end;
6504
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
257 module:hook_object_event(server, event_name:sub(1, -3), redir_handler, -1);
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
258 elseif event_name:sub(-1, -1) == "/" then
e1659f32852e mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents: 6086
diff changeset
259 module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1);
4669
0e0a72679f77 mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents: 4667
diff changeset
260 end
11022
3e5bc34be734 mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents: 11021
diff changeset
261 if not streaming then
11021
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
262 -- COMPAT Modules not compatible with streaming uploads behave as before.
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
263 local _handler = handler;
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
264 function handler(event) -- luacheck: ignore 432/event
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
265 if event.request.body ~= false then
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
266 return _handler(event);
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
267 end
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
268 end
9673c95895fb net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents: 10923
diff changeset
269 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
270 if not app_handlers[event_name] then
10315
d4c538a7d655 mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents: 10258
diff changeset
271 app_handlers[event_name] = {
d4c538a7d655 mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents: 10258
diff changeset
272 main = handler;
12790
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
273 cors = cors and cors_handler;
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
274 options = cors and options_handler;
10315
d4c538a7d655 mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents: 10258
diff changeset
275 };
4696
4700e318add1 mod_http: Use module:hook/unhook_event_object() so that handlers get unregistered if mod_http is unloaded
Matthew Wild <mwild1@gmail.com>
parents: 4678
diff changeset
276 module:hook_object_event(server, event_name, handler);
12790
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
277 if cors then
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
278 module:hook_object_event(server, event_name, cors_handler, 1);
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
279 module:hook_object_event(server, options_event_name, options_handler, -1);
24b55f0e2db9 mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents: 12444
diff changeset
280 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
281 else
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
282 module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name);
4636
41983ec223f0 mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents: 4635
diff changeset
283 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
284 else
7359
a5a080c12c96 Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 7247
diff changeset
285 module:log("error", "Invalid route in %s, %q. See https://prosody.im/doc/developers/http#routes", app_name, key);
4636
41983ec223f0 mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents: 4635
diff changeset
286 end
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
287 end
6597
321321f566fb mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents: 6596
diff changeset
288 local services = portmanager.get_active_services();
321321f566fb mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents: 6596
diff changeset
289 if services:get("https") or services:get("http") then
10460
5ce6cbb5ce6a mod_http: Log served URLs at 'info' level
Kim Alvefur <zash@zash.se>
parents: 10409
diff changeset
290 module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path));
11066
dc41c8dfd2b1 mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents: 11022
diff changeset
291 elseif prosody.process_type == "prosody" then
12192
6a772a0c0dfd mod_http: Increase severity of loading unreachable http modules
Kim Alvefur <zash@zash.se>
parents: 12191
diff changeset
292 module:log("error", "Not listening on any ports, '%s' will be unreachable", app_name);
6597
321321f566fb mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents: 6596
diff changeset
293 end
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
294 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5427
diff changeset
295
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
296 local function http_app_removed(event)
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
297 local app_handlers = apps[event.item.name];
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
298 apps[event.item.name] = nil;
10315
d4c538a7d655 mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents: 10258
diff changeset
299 for event_name, handlers in pairs(app_handlers) do
d4c538a7d655 mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents: 10258
diff changeset
300 module:unhook_object_event(server, event_name, handlers.main);
12923
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
301 if handlers.cors then
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
302 module:unhook_object_event(server, event_name, handlers.cors);
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
303 end
12113
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
304
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
305 if event_name:sub(-2, -1) == "/*" then
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
306 module:unhook_object_event(server, event_name:sub(1, -3), redir_handler, -1);
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
307 elseif event_name:sub(-1, -1) == "/" then
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
308 module:unhook_object_event(server, event_name:sub(1, -2), redir_handler, -1);
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
309 end
86e6f0810956 mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents: 11727
diff changeset
310
12923
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
311 if handlers.options then
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
312 local options_event_name = event_name:gsub("^%S+", "OPTIONS");
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
313 module:unhook_object_event(server, options_event_name, handlers.options);
419e55abd285 mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents: 12790
diff changeset
314 end
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
315 end
4636
41983ec223f0 mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents: 4635
diff changeset
316 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5427
diff changeset
317
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
318 module:handle_items("http-provider", http_app_added, http_app_removed);
4736
3514338c59c3 net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents: 4724
diff changeset
319
9376
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
320 if host ~= "*" then
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
321 server.add_host(host);
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
322 function module.unload()
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
323 server.remove_host(host);
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
324 end
4736
3514338c59c3 net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents: 4724
diff changeset
325 end
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
326 end
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
327
9376
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
328 module.add_host(module); -- set up handling on global context too
220468f7a103 mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents: 9338
diff changeset
329
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
330 local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items;
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
331
13125
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
332 --- deal with [ipv6]:port / ip:port format
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
333 local function normal_ip(ip)
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
334 return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip;
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
335 end
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
336
10923
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
337 local function is_trusted_proxy(ip)
13125
90394be5e6a5 mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents: 13107
diff changeset
338 ip = normal_ip(ip);
11385
c81b6b8c6b19 mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents: 11383
diff changeset
339 if trusted_proxies[ip] then
c81b6b8c6b19 mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents: 11383
diff changeset
340 return true;
c81b6b8c6b19 mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents: 11383
diff changeset
341 end
10923
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
342 local parsed_ip = new_ip(ip)
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
343 for trusted_proxy in trusted_proxies do
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
344 if match_ip(parsed_ip, parse_cidr(trusted_proxy)) then
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
345 return true;
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
346 end
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
347 end
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
348 return false
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
349 end
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
350
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
351 local function get_forwarded_connection_info(request) --> ip:string, secure:boolean
11409
d30c44a829c1 net.http.server: Set request.ip so mod_http doesn't have to
Kim Alvefur <zash@zash.se>
parents: 11408
diff changeset
352 local ip = request.ip;
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
353 local secure = request.secure; -- set by net.http.server
13126
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
354
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
355 local forwarded = http_util.parse_forwarded(request.headers.forwarded);
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
356 if forwarded then
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
357 request.forwarded = forwarded;
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
358 for i = #forwarded, 1, -1 do
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
359 local proxy = forwarded[i]
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
360 if is_trusted_proxy(ip) then
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
361 ip = normal_ip(proxy["for"]);
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
362 secure = secure and proxy.proto == "https";
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
363 else
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
364 break
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
365 end
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
366 end
13127
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
367 end
13126
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
368
13127
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
369 return ip, secure;
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
370 end
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
371
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
372 -- TODO switch to RFC 7239 by default once support is more common
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
373 if module:get_option_boolean("http_legacy_x_forwarded", true) then
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
374 function get_forwarded_connection_info(request) --> ip:string, secure:boolean
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
375 local ip = request.ip;
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
376 local secure = request.secure; -- set by net.http.server
13126
d043834f15d2 mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents: 13125
diff changeset
377
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
378 local forwarded_for = request.headers.x_forwarded_for;
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
379 if forwarded_for then
10841
22f783d80eec mod_http: Tell luacheck to ignore the long comment lines
Kim Alvefur <zash@zash.se>
parents: 10840
diff changeset
380 -- luacheck: ignore 631
10840
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
381 -- This logic looks weird at first, but it makes sense.
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
382 -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`.
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
383 -- We append the original request IP to the header. Then, since the last IP wins, there are two cases:
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
384 -- Case a) The original request IP is *not* in trusted proxies, in which case the X-Forwarded-For header will, effectively, be ineffective; the original request IP will win because it overrides any other IP in the header.
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
385 -- Case b) The original request IP is in trusted proxies. In that case, the if branch in the for loop will skip the last IP, causing it to be ignored. The second-to-last IP will be taken instead.
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
386 -- Case c) If the second-to-last IP is also a trusted proxy, it will also be ignored, iteratively, up to the last IP which isn’t in trusted proxies.
a83bfb266b15 mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents: 10465
diff changeset
387 -- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP.
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
388 forwarded_for = forwarded_for..", "..ip;
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
389 for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do
10923
dff1aebd0f2b mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents: 10841
diff changeset
390 if not is_trusted_proxy(forwarded_ip) then
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
391 ip = forwarded_ip;
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
392 end
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
393 end
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
394 end
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
395
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
396 secure = secure or request.headers.x_forwarded_proto == "https";
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
397
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
398 return ip, secure;
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
399 end
13127
f45a29b32f7a mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents: 13126
diff changeset
400 end
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
401
8596
71da54c7f797 mod_http: Pass util.events object to API, fixes traceback
Kim Alvefur <zash@zash.se>
parents: 8594
diff changeset
402 module:wrap_object_event(server._events, false, function (handlers, event_name, event_data)
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
403 local request = event_data.request;
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
404 if request and is_trusted_proxy(request.ip) then
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
405 -- Not included in eg http-error events
11410
2ea70d291429 mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents: 11409
diff changeset
406 request.ip, request.secure = get_forwarded_connection_info(request);
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
407 end
9338
9beb767295d4 Revert 2dc7490899ae::5d6b252bc36f: Unfinished and broken
Kim Alvefur <zash@zash.se>
parents: 9336
diff changeset
408 return handlers(event_name, event_data);
8594
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
409 end);
b4a0bc46c82d mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents: 7868
diff changeset
410
5120
bcabea740c00 mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents: 5093
diff changeset
411 module:provides("net", {
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
412 name = "http";
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
413 listener = server.listener;
12187
94253e02d47d mod_http: Limit unencrypted http port (5280) to loopback by default
Kim Alvefur <zash@zash.se>
parents: 12113
diff changeset
414 private = true;
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
415 default_port = 5280;
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
416 multiplex = {
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
417 pattern = "^[A-Z]";
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
418 };
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
419 });
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
420
5120
bcabea740c00 mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents: 5093
diff changeset
421 module:provides("net", {
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
422 name = "https";
4664
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
423 listener = server.listener;
7438b3c68576 mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents: 4636
diff changeset
424 default_port = 5281;
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
425 encryption = "ssl";
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
426 multiplex = {
10465
09697a673015 mod_net_multiplex: Add support for using ALPN
Kim Alvefur <zash@zash.se>
parents: 10460
diff changeset
427 protocol = "http/1.1";
4635
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
428 pattern = "^[A-Z]";
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
429 };
ea5215bd2783 mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
430 });