prosody
94e341dee51c
util/http.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/http.lua @ 10224:94e341dee51c

core.certmanager: Move EECDH ciphers before EDH in default cipherstring The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
author Kim Alvefur <zash@zash.se>
date Sun, 25 Aug 2019 20:22:35 +0200
parent 9785:ff88b03c343f
child 13124:f15e23840780
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5299
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
1 -- Prosody IM
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
2 -- Copyright (C) 2013 Florian Zeitz
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
3 --
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
6 --
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
7
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
8 local format, char = string.format, string.char;
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
9 local pairs, ipairs = pairs, ipairs;
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
10 local t_insert, t_concat = table.insert, table.concat;
5299
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
11
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
12 local url_codes = {};
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
13 for i = 0, 255 do
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
14 local c = char(i);
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
15 local u = format("%%%02x", i);
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
16 url_codes[c] = u;
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
17 url_codes[u] = c;
9785
ff88b03c343f util.http: Fix decoding of uppercase URL encoded chars
Kim Alvefur <zash@zash.se>
parents: 9759
diff changeset
18 url_codes[u:upper()] = c;
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
19 end
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
20 local function urlencode(s)
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
21 return s and (s:gsub("[^a-zA-Z0-9.~_-]", url_codes));
5458
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
22 end
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
23 local function urldecode(s)
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
24 return s and (s:gsub("%%%x%x", url_codes));
5458
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
25 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
26
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
27 local function _formencodepart(s)
9759
1af5106a2c34 util.http: Pre-generate urlencoding mappings (optimization)
Kim Alvefur <zash@zash.se>
parents: 9504
diff changeset
28 return s and (urlencode(s):gsub("%%20", "+"));
5458
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
29 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
30
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
31 local function formencode(form)
5458
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
32 local result = {};
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
33 if form[1] then -- Array of ordered { name, value }
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
34 for _, field in ipairs(form) do
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
35 t_insert(result, _formencodepart(field.name).."=".._formencodepart(field.value));
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
36 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
37 else -- Unordered map of name -> value
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
38 for name, value in pairs(form) do
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
39 t_insert(result, _formencodepart(name).."=".._formencodepart(value));
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
40 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
41 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
42 return t_concat(result, "&");
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
43 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
44
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
45 local function formdecode(s)
5458
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
46 if not s:match("=") then return urldecode(s); end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
47 local r = {};
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
48 for k, v in s:gmatch("([^=&]*)=([^&]*)") do
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
49 k, v = k:gsub("%+", "%%20"), v:gsub("%+", "%%20");
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
50 k, v = urldecode(k), urldecode(v);
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
51 t_insert(r, { name = k, value = v });
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
52 r[k] = v;
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
53 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
54 return r;
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
55 end
84162b81c863 net.http, util.http: Move definitions of urlencode/decode and formencode/decode to util.http (possible to use them without unnecessary network-related dependencies)
Matthew Wild <mwild1@gmail.com>
parents: 5299
diff changeset
56
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
57 local function contains_token(field, token)
5299
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
58 field = ","..field:gsub("[ \t]", ""):lower()..",";
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
59 return field:find(","..token:lower()..",", 1, true) ~= nil;
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
60 end
cc9d460aa779 util.http: New module for HTTP helper functions
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
61
9504
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
62 local function normalize_path(path, is_dir)
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
63 if is_dir then
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
64 if path:sub(-1,-1) ~= "/" then path = path.."/"; end
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
65 else
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
66 if path:sub(-1,-1) == "/" then path = path:sub(1, -2); end
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
67 end
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
68 if path:sub(1,1) ~= "/" then path = "/"..path; end
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
69 return path;
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
70 end
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
71
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
72 return {
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
73 urlencode = urlencode, urldecode = urldecode;
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
74 formencode = formencode, formdecode = formdecode;
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
75 contains_token = contains_token;
9504
cfbea3064aa9 mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents: 5471
diff changeset
76 normalize_path = normalize_path;
5471
34bfd26525f5 util.http: Refactor and import all necessary functions
Matthew Wild <mwild1@gmail.com>
parents: 5458
diff changeset
77 };