Software /
code /
prosody
Annotate
plugins/mod_http.lua @ 12444:b33558969b3e 0.12
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 28 Mar 2022 14:53:24 +0100 |
parent | 12443:17d87fb2312a |
child | 12790:24b55f0e2db9 |
rev | line source |
---|---|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
2 -- Copyright (C) 2008-2012 Matthew Wild |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
3 -- Copyright (C) 2008-2012 Waqas Hussain |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
4 -- |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 -- |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 module:set_global(); |
10409
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10315
diff
changeset
|
10 pcall(function () |
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10315
diff
changeset
|
11 module:depends("http_errors"); |
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10315
diff
changeset
|
12 end); |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 |
5374 | 14 local portmanager = require "core.portmanager"; |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
15 local moduleapi = require "core.moduleapi"; |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
16 local url_parse = require "socket.url".parse; |
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
17 local url_build = require "socket.url".build; |
9504
cfbea3064aa9
mod_http: Move normalize_path to util.http
Kim Alvefur <zash@zash.se>
parents:
9503
diff
changeset
|
18 local normalize_path = require "util.http".normalize_path; |
9797
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
19 local set = require "util.set"; |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
20 |
10923
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
21 local ip_util = require "util.ip"; |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
22 local new_ip = ip_util.new_ip; |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
23 local match_ip = ip_util.match; |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
24 local parse_cidr = ip_util.parse_cidr; |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
25 |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
26 local server = require "net.http.server"; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
27 |
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
28 server.set_default_host(module:get_option_string("http_default_host")); |
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
29 |
7580
588ed6451984
mod_http: Allow configuring http parser size limits
Kim Alvefur <zash@zash.se>
parents:
6598
diff
changeset
|
30 server.set_option("body_size_limit", module:get_option_number("http_max_content_size")); |
588ed6451984
mod_http: Allow configuring http parser size limits
Kim Alvefur <zash@zash.se>
parents:
6598
diff
changeset
|
31 server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); |
588ed6451984
mod_http: Allow configuring http parser size limits
Kim Alvefur <zash@zash.se>
parents:
6598
diff
changeset
|
32 |
11727
f3aee8a825cc
Fix various spelling errors (thanks codespell)
Kim Alvefur <zash@zash.se>
parents:
11410
diff
changeset
|
33 -- CORS settings |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
34 local cors_overrides = module:get_option("http_cors_override", {}); |
9797
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
35 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
36 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
37 local opt_origins = module:get_option_set("access_control_allow_origins"); |
10258
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9852
diff
changeset
|
38 local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
39 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
40 |
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
41 local function get_http_event(host, app_path, key) |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
42 local method, path = key:match("^(%S+)%s+(.+)$"); |
4721
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
43 if not method then -- No path specified, default to "" (base path) |
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
44 method, path = key, ""; |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
45 end |
4721
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
46 if method:sub(1,1) == "/" then |
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
47 return nil; |
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
48 end |
5092
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
49 if app_path == "/" and path:sub(1,1) == "/" then |
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
50 app_path = ""; |
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
51 end |
9376
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
52 if host == "*" then |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
53 return method:upper().." "..app_path..path; |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
54 else |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
55 return method:upper().." "..host..app_path..path; |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
56 end |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
57 end |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 |
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
59 local function get_base_path(host_module, app_name, default_app_path) |
5332
5b73ac268a9e
mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents:
5230
diff
changeset
|
60 return (normalize_path(host_module:get_option("http_paths", {})[app_name] -- Host |
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
61 or module:get_option("http_paths", {})[app_name] -- Global |
5332
5b73ac268a9e
mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents:
5230
diff
changeset
|
62 or default_app_path)) -- Default |
6025
583e5c1365fe
mod_http: Use hostname from the correct context (thanks gryffus)
Kim Alvefur <zash@zash.se>
parents:
5427
diff
changeset
|
63 :gsub("%$(%w+)", { host = host_module.host }); |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
64 end |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
65 |
6504
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
66 local function redir_handler(event) |
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
67 event.response.headers.location = event.request.path.."/"; |
7518
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7359
diff
changeset
|
68 if event.request.url.query then |
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7359
diff
changeset
|
69 event.response.headers.location = event.response.headers.location .. "?" .. event.request.url.query |
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7359
diff
changeset
|
70 end |
6504
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
71 return 301; |
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
72 end |
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
73 |
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
74 local ports_by_scheme = { http = 80, https = 443, }; |
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
75 |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
76 -- Helper to deduce a module's external URL |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
77 function moduleapi.http_url(module, app_name, default_path) |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
78 app_name = app_name or (module.name:gsub("^http_", "")); |
12191
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
79 |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
80 local external_url = url_parse(module:get_option_string("http_external_url")); |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
81 if external_url then |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
82 local url = { |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
83 scheme = external_url.scheme; |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
84 host = external_url.host; |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
85 port = tonumber(external_url.port) or ports_by_scheme[external_url.scheme]; |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
86 path = normalize_path(external_url.path or "/", true) |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
87 .. (get_base_path(module, app_name, default_path or "/" .. app_name):sub(2)); |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
88 } |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
89 if ports_by_scheme[url.scheme] == url.port then url.port = nil end |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
90 return url_build(url); |
6026
8a8be471ec72
mod_http: Fix http_external_url setting without an explicit port
Kim Alvefur <zash@zash.se>
parents:
6025
diff
changeset
|
91 end |
12191
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
92 |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
93 local services = portmanager.get_active_services(); |
4915
3fbc01d1fc5a
mod_http: Fix traceback when no HTTP services succeed in binding
Matthew Wild <mwild1@gmail.com>
parents:
4911
diff
changeset
|
94 local http_services = services:get("https") or services:get("http") or {}; |
8969
48d0b908f8b6
mod_http: Silecence harmless warnings
Kim Alvefur <zash@zash.se>
parents:
8596
diff
changeset
|
95 for interface, ports in pairs(http_services) do -- luacheck: ignore 213/interface |
8970
75c3b1bd9d7b
mod_http: Rename loop variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8969
diff
changeset
|
96 for port, service in pairs(ports) do -- luacheck: ignore 512 |
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
97 local url = { |
12191
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
98 scheme = service[1].service.name; |
12268
d41e8c7890b0
mod_http: Use http_default_host for URLs generated in global context
Kim Alvefur <zash@zash.se>
parents:
12192
diff
changeset
|
99 host = module:get_option_string("http_host", module.global |
12269
a19d435dee90
mod_http: Use interface name as default default global hostname
Kim Alvefur <zash@zash.se>
parents:
12268
diff
changeset
|
100 and module:get_option_string("http_default_host", interface) or module.host); |
12191
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
101 port = port; |
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12187
diff
changeset
|
102 path = get_base_path(module, app_name, default_path or "/" .. app_name); |
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
103 } |
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
104 if ports_by_scheme[url.scheme] == url.port then url.port = nil end |
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
105 return url_build(url); |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
106 end |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
107 end |
11066
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11022
diff
changeset
|
108 if prosody.process_type == "prosody" then |
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11022
diff
changeset
|
109 module:log("warn", "No http ports enabled, can't generate an external URL"); |
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11022
diff
changeset
|
110 end |
6598
4b4852c4f96a
mod_http: Return a static string from module:http_url() when no ports are enabled and log a warning
Kim Alvefur <zash@zash.se>
parents:
6597
diff
changeset
|
111 return "http://disabled.invalid/"; |
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
112 end |
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
113 |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
114 local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
115 if allowed_origins and not allowed_origins[origin] then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
116 return; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
117 end |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
118 response.headers.access_control_allow_methods = tostring(methods); |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
119 response.headers.access_control_allow_headers = tostring(headers); |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
120 response.headers.access_control_max_age = tostring(max_age) |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
121 response.headers.access_control_allow_origin = origin or "*"; |
10258
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9852
diff
changeset
|
122 if allow_credentials then |
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9852
diff
changeset
|
123 response.headers.access_control_allow_credentials = "true"; |
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9852
diff
changeset
|
124 end |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
125 end |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
126 |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
127 function module.add_host(module) |
9376
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
128 local host = module.host; |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
129 if host ~= "*" then |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
130 host = module:get_option_string("http_host", host); |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
131 end |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
132 local apps = {}; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
133 module.environment.apps = apps; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
134 local function http_app_added(event) |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
135 local app_name = event.item.name; |
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
136 local default_app_path = event.item.default_path or "/"..app_name; |
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
137 local app_path = get_base_path(module, app_name, default_app_path); |
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
138 if not app_name then |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
139 -- TODO: Link to docs |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
140 module:log("error", "HTTP app has no 'name', add one or use module:provides('http', app)"); |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
141 return; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
142 end |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
143 apps[app_name] = apps[app_name] or {}; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
144 local app_handlers = apps[app_name]; |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
145 |
9797
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
146 local app_methods = opt_methods; |
11397
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11396
diff
changeset
|
147 local app_headers = opt_headers; |
11396
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
148 local app_credentials = opt_credentials; |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
149 local app_origins; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
150 if opt_origins and not (opt_origins:empty() or opt_origins:contains("*")) then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
151 opt_origins = opt_origins._items; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
152 end |
9797
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
153 |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
154 local function cors_handler(event_data) |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
155 local request, response = event_data.request, event_data.response; |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
156 apply_cors_headers(response, app_methods, app_headers, opt_max_age, app_credentials, app_origins, request.headers.origin); |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
157 end |
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
158 |
9796
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
159 local function options_handler(event_data) |
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
160 cors_handler(event_data); |
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
161 return ""; |
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
162 end |
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
163 |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
164 local cors = cors_overrides[app_name] or event.item.cors; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
165 if cors then |
12444
b33558969b3e
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
Matthew Wild <mwild1@gmail.com>
parents:
12443
diff
changeset
|
166 if cors.enabled == true then |
12443
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
167 if cors.credentials ~= nil then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
168 app_credentials = cors.credentials; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
169 end |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
170 if cors.headers then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
171 for header, enable in pairs(cors.headers) do |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
172 if enable and not app_headers:contains(header) then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
173 app_headers = app_headers + set.new { header }; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
174 elseif not enable and app_headers:contains(header) then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
175 app_headers = app_headers - set.new { header }; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
176 end |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
177 end |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
178 end |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
179 if cors.origins then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
180 if cors.origins == "*" or cors.origins[1] == "*" then |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
181 app_origins = nil; |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
182 else |
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12269
diff
changeset
|
183 app_origins = set.new(cors.origins)._items; |
11397
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11396
diff
changeset
|
184 end |
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11396
diff
changeset
|
185 end |
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11396
diff
changeset
|
186 end |
11396
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
187 end |
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
188 |
11022
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11021
diff
changeset
|
189 local streaming = event.item.streaming_uploads; |
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11021
diff
changeset
|
190 |
11399
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
191 if not event.item.route then |
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
192 -- TODO: Link to docs |
11400
19a59cb7311e
mod_http: Improve message for missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11399
diff
changeset
|
193 module:log("error", "HTTP app %q provides no 'route', add one to handle HTTP requests", app_name); |
11399
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
194 return; |
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
195 end |
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
196 |
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11397
diff
changeset
|
197 for key, handler in pairs(event.item.route) do |
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
198 local event_name = get_http_event(host, app_path, key); |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
199 if event_name then |
9797
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
200 local method = event_name:match("^%S+"); |
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
201 if not app_methods:contains(method) then |
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
202 app_methods = app_methods + set.new{ method }; |
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9796
diff
changeset
|
203 end |
9796
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
204 local options_event_name = event_name:gsub("^%S+", "OPTIONS"); |
4724
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
205 if type(handler) ~= "function" then |
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
206 local data = handler; |
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
207 handler = function () return data; end |
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
208 elseif event_name:sub(-2, -1) == "/*" then |
5230
6f5640375358
mod_http: Fix path length pattern
Kim Alvefur <zash@zash.se>
parents:
5204
diff
changeset
|
209 local base_path_len = #event_name:match("/.+$"); |
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
210 local _handler = handler; |
8972
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8971
diff
changeset
|
211 handler = function (_event) |
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8971
diff
changeset
|
212 local path = _event.request.path:sub(base_path_len); |
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8971
diff
changeset
|
213 return _handler(_event, path); |
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
214 end; |
6504
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
215 module:hook_object_event(server, event_name:sub(1, -3), redir_handler, -1); |
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
216 elseif event_name:sub(-1, -1) == "/" then |
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
217 module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1); |
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
218 end |
11022
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11021
diff
changeset
|
219 if not streaming then |
11021
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
220 -- COMPAT Modules not compatible with streaming uploads behave as before. |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
221 local _handler = handler; |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
222 function handler(event) -- luacheck: ignore 432/event |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
223 if event.request.body ~= false then |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
224 return _handler(event); |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
225 end |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
226 end |
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10923
diff
changeset
|
227 end |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
228 if not app_handlers[event_name] then |
10315
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
229 app_handlers[event_name] = { |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
230 main = handler; |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
231 cors = cors_handler; |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
232 options = options_handler; |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
233 }; |
4696
4700e318add1
mod_http: Use module:hook/unhook_event_object() so that handlers get unregistered if mod_http is unloaded
Matthew Wild <mwild1@gmail.com>
parents:
4678
diff
changeset
|
234 module:hook_object_event(server, event_name, handler); |
9793
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9504
diff
changeset
|
235 module:hook_object_event(server, event_name, cors_handler, 1); |
9796
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9793
diff
changeset
|
236 module:hook_object_event(server, options_event_name, options_handler, -1); |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
237 else |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
238 module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); |
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
239 end |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
240 else |
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7247
diff
changeset
|
241 module:log("error", "Invalid route in %s, %q. See https://prosody.im/doc/developers/http#routes", app_name, key); |
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
242 end |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
243 end |
6597
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6596
diff
changeset
|
244 local services = portmanager.get_active_services(); |
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6596
diff
changeset
|
245 if services:get("https") or services:get("http") then |
10460
5ce6cbb5ce6a
mod_http: Log served URLs at 'info' level
Kim Alvefur <zash@zash.se>
parents:
10409
diff
changeset
|
246 module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); |
11066
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11022
diff
changeset
|
247 elseif prosody.process_type == "prosody" then |
12192
6a772a0c0dfd
mod_http: Increase severity of loading unreachable http modules
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
248 module:log("error", "Not listening on any ports, '%s' will be unreachable", app_name); |
6597
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6596
diff
changeset
|
249 end |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
250 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
251 |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
252 local function http_app_removed(event) |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
253 local app_handlers = apps[event.item.name]; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
254 apps[event.item.name] = nil; |
10315
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
255 for event_name, handlers in pairs(app_handlers) do |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
256 module:unhook_object_event(server, event_name, handlers.main); |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
257 module:unhook_object_event(server, event_name, handlers.cors); |
12113
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
258 |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
259 if event_name:sub(-2, -1) == "/*" then |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
260 module:unhook_object_event(server, event_name:sub(1, -3), redir_handler, -1); |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
261 elseif event_name:sub(-1, -1) == "/" then |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
262 module:unhook_object_event(server, event_name:sub(1, -2), redir_handler, -1); |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
263 end |
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11727
diff
changeset
|
264 |
10315
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
265 local options_event_name = event_name:gsub("^%S+", "OPTIONS"); |
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10258
diff
changeset
|
266 module:unhook_object_event(server, options_event_name, handlers.options); |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
267 end |
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
268 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
269 |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
270 module:handle_items("http-provider", http_app_added, http_app_removed); |
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
271 |
9376
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
272 if host ~= "*" then |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
273 server.add_host(host); |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
274 function module.unload() |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
275 server.remove_host(host); |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
276 end |
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
277 end |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
278 end |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
279 |
9376
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
280 module.add_host(module); -- set up handling on global context too |
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9338
diff
changeset
|
281 |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
282 local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
283 |
10923
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
284 local function is_trusted_proxy(ip) |
11385
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11383
diff
changeset
|
285 if trusted_proxies[ip] then |
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11383
diff
changeset
|
286 return true; |
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11383
diff
changeset
|
287 end |
10923
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
288 local parsed_ip = new_ip(ip) |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
289 for trusted_proxy in trusted_proxies do |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
290 if match_ip(parsed_ip, parse_cidr(trusted_proxy)) then |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
291 return true; |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
292 end |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
293 end |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
294 return false |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
295 end |
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
296 |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
297 local function get_forwarded_connection_info(request) --> ip:string, secure:boolean |
11409
d30c44a829c1
net.http.server: Set request.ip so mod_http doesn't have to
Kim Alvefur <zash@zash.se>
parents:
11408
diff
changeset
|
298 local ip = request.ip; |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
299 local secure = request.secure; -- set by net.http.server |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
300 local forwarded_for = request.headers.x_forwarded_for; |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
301 if forwarded_for then |
10841
22f783d80eec
mod_http: Tell luacheck to ignore the long comment lines
Kim Alvefur <zash@zash.se>
parents:
10840
diff
changeset
|
302 -- luacheck: ignore 631 |
10840
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
303 -- This logic looks weird at first, but it makes sense. |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
304 -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
305 -- We append the original request IP to the header. Then, since the last IP wins, there are two cases: |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
306 -- Case a) The original request IP is *not* in trusted proxies, in which case the X-Forwarded-For header will, effectively, be ineffective; the original request IP will win because it overrides any other IP in the header. |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
307 -- Case b) The original request IP is in trusted proxies. In that case, the if branch in the for loop will skip the last IP, causing it to be ignored. The second-to-last IP will be taken instead. |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
308 -- Case c) If the second-to-last IP is also a trusted proxy, it will also be ignored, iteratively, up to the last IP which isn’t in trusted proxies. |
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10465
diff
changeset
|
309 -- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP. |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
310 forwarded_for = forwarded_for..", "..ip; |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
311 for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do |
10923
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10841
diff
changeset
|
312 if not is_trusted_proxy(forwarded_ip) then |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
313 ip = forwarded_ip; |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
314 end |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
315 end |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
316 end |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
317 |
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
318 secure = secure or request.headers.x_forwarded_proto == "https"; |
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
319 |
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
320 return ip, secure; |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
321 end |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
322 |
8596
71da54c7f797
mod_http: Pass util.events object to API, fixes traceback
Kim Alvefur <zash@zash.se>
parents:
8594
diff
changeset
|
323 module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
324 local request = event_data.request; |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
325 if request and is_trusted_proxy(request.ip) then |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
326 -- Not included in eg http-error events |
11410
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11409
diff
changeset
|
327 request.ip, request.secure = get_forwarded_connection_info(request); |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
328 end |
9338
9beb767295d4
Revert 2dc7490899ae::5d6b252bc36f: Unfinished and broken
Kim Alvefur <zash@zash.se>
parents:
9336
diff
changeset
|
329 return handlers(event_name, event_data); |
8594
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
330 end); |
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7868
diff
changeset
|
331 |
5120
bcabea740c00
mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents:
5093
diff
changeset
|
332 module:provides("net", { |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
333 name = "http"; |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
334 listener = server.listener; |
12187
94253e02d47d
mod_http: Limit unencrypted http port (5280) to loopback by default
Kim Alvefur <zash@zash.se>
parents:
12113
diff
changeset
|
335 private = true; |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
336 default_port = 5280; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
337 multiplex = { |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
338 pattern = "^[A-Z]"; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
339 }; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
340 }); |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
341 |
5120
bcabea740c00
mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents:
5093
diff
changeset
|
342 module:provides("net", { |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
343 name = "https"; |
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
344 listener = server.listener; |
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
345 default_port = 5281; |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
346 encryption = "ssl"; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
347 multiplex = { |
10465
09697a673015
mod_net_multiplex: Add support for using ALPN
Kim Alvefur <zash@zash.se>
parents:
10460
diff
changeset
|
348 protocol = "http/1.1"; |
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
349 pattern = "^[A-Z]"; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
350 }; |
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
351 }); |