Annotate

plugins/mod_http_errors.lua @ 11327:6f2b69469060

mod_http_file_share: More security headers
author Kim Alvefur <zash@zash.se>
date Wed, 27 Jan 2021 19:51:36 +0100
parent 11155:8d692a8a8f48
child 11388:60a61c509d87
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 module:set_global();
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local server = require "net.http.server";
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local codes = require "net.http.codes";
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
5 local xml_escape = require "util.stanza".xml_escape;
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
6 local render = require "util.interpolation".new("%b{}", xml_escape);
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local show_private = module:get_option_boolean("http_errors_detailed", false);
4737
7b9e2a8c4710 mod_http_errors: Add two new config options, http_errors_always_show (show even for unknown errors) and http_errors_default_message (message for unknown errors)
Matthew Wild <mwild1@gmail.com>
parents: 4711
diff changeset
9 local always_serve = module:get_option_boolean("http_errors_always_show", true);
7b9e2a8c4710 mod_http_errors: Add two new config options, http_errors_always_show (show even for unknown errors) and http_errors_default_message (message for unknown errors)
Matthew Wild <mwild1@gmail.com>
parents: 4711
diff changeset
10 local default_message = { module:get_option_string("http_errors_default_message", "That's all I know.") };
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local default_messages = {
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 [400] = { "What kind of request do you call that??" };
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 [403] = { "You're not allowed to do that." };
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 [404] = { "Whatever you were looking for is not here. %";
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 "Where did you put it?", "It's behind you.", "Keep looking." };
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 [500] = { "% Check your error log for more info.";
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 "Gremlins.", "It broke.", "Don't look at me." };
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 };
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 local messages = setmetatable(module:get_option("http_errors_messages", {}), { __index = default_messages });
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 local html = [[
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 <!DOCTYPE html>
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 <html>
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 <head>
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
26 <meta charset="utf-8">
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
27 <title>{title}</title>
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
28 <style>
9760
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
29 body {
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
30 margin-top : 14%;
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
31 text-align : center;
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
32 background-color : #F8F8F8;
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
33 font-family : sans-serif
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
34 }
9760
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
35
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
36 h1 {
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
37 font-size : xx-large
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
38 }
9760
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
39
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
40 p {
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
41 font-size : x-large
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
42 }
9760
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
43
11153
e4075ca84a1a mod_http_errors: Use a class on extra data section
Kim Alvefur <zash@zash.se>
parents: 10574
diff changeset
44 p.extra {
9760
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
45 font-size : large;
88640b3ea6b8 mod_http_errors: Normalize CSS
Kim Alvefur <zash@zash.se>
parents: 8364
diff changeset
46 font-family : courier
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
47 }
11154
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
48
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
49 @media(prefers-color-scheme: dark) {
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
50 body {
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
51 background-color: #161616;
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
52 color: #eee
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
53 }
dd81a318a794 mod_http_errors: Dark theme!
Kim Alvefur <zash@zash.se>
parents: 11153
diff changeset
54 }
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
55 </style>
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 </head>
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 <body>
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
58 <h1>{title}</h1>
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
59 <p>{message}</p>
11155
8d692a8a8f48 mod_http_errors: Remove 'extra' element when empty
Kim Alvefur <zash@zash.se>
parents: 11154
diff changeset
60 {extra&<p class="extra">{extra?}</p>}
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 </body>
7492
9a749cf8c1ba mod_http_errors: Add a newline after end of HTML
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
62 </html>
9a749cf8c1ba mod_http_errors: Add a newline after end of HTML
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
63 ]];
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 local function get_page(code, extra)
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 local message = messages[code];
4737
7b9e2a8c4710 mod_http_errors: Add two new config options, http_errors_always_show (show even for unknown errors) and http_errors_default_message (message for unknown errors)
Matthew Wild <mwild1@gmail.com>
parents: 4711
diff changeset
67 if always_serve or message then
7b9e2a8c4710 mod_http_errors: Add two new config options, http_errors_always_show (show even for unknown errors) and http_errors_default_message (message for unknown errors)
Matthew Wild <mwild1@gmail.com>
parents: 4711
diff changeset
68 message = message or default_message;
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
69 return render(html, {
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 title = rawget(codes, code) or ("Code "..tostring(code));
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 message = message[1]:gsub("%%", function ()
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 return message[math.random(2, math.max(#message,2))];
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 end);
8364
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
74 extra = extra;
f91ab40a3105 mod_http_errors: Use util.interpolation to render HTML template
Kim Alvefur <zash@zash.se>
parents: 8363
diff changeset
75 });
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 end
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 end
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 module:hook_object_event(server, "http-error", function (event)
8363
e2460edc2a2f mod_http_errors: Set Content-Type header to HTML (fixes #1030)
Kim Alvefur <zash@zash.se>
parents: 7492
diff changeset
80 if event.response then
e2460edc2a2f mod_http_errors: Set Content-Type header to HTML (fixes #1030)
Kim Alvefur <zash@zash.se>
parents: 7492
diff changeset
81 event.response.headers.content_type = "text/html; charset=utf-8";
e2460edc2a2f mod_http_errors: Set Content-Type header to HTML (fixes #1030)
Kim Alvefur <zash@zash.se>
parents: 7492
diff changeset
82 end
10574
f70c874b7936 mod_http_errors: Use text from util.errror object if included
Kim Alvefur <zash@zash.se>
parents: 10430
diff changeset
83 return get_page(event.code, (show_private and event.private_message) or event.message or (event.error and event.error.text));
4711
4ddf3ba0c749 mod_http_errors: Module to handle HTTP errors with a HTML page
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 end);
10430
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
85
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
86 module:hook_object_event(server, "http-error", function (event)
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
87 local request, response = event.request, event.response;
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
88 if request and response and request.path == "/" and response.status_code == 404 then
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
89 response.headers.content_type = "text/html; charset=utf-8";
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
90 return render(html, {
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
91 title = "Prosody is running!";
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
92 message = "Welcome to the XMPP world!";
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
93 });
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
94 end
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
95 end, 1);
46dd9df2db0c mod_http_errors: Show a friendly page instead of 404 on top level
Kim Alvefur <zash@zash.se>
parents: 9760
diff changeset
96