Software /
code /
prosody
Annotate
plugins/mod_http_files.lua @ 7229:dcc8ed11173c
mod_http_files: Don't prepend / to path twice, sanitize path does this already
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 03 Mar 2016 15:30:00 +0100 |
parent | 7228:b5b7ae2901e6 |
child | 7230:20246b139607 |
rev | line source |
---|---|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2785
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2785
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
4 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
6 -- COPYING file in the source package for more information. |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
7 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1384
diff
changeset
|
8 |
4670
bd5e5e23942a
mod_httpserver: Adapt to use the new HTTP API
Kim Alvefur <zash@zash.se>
parents:
3353
diff
changeset
|
9 module:depends("http"); |
5263
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
10 local server = require"net.http.server"; |
3353
cd3cbf361f8f
mod_httpserver: Serve index.html if a request is made for a directory and it contains one (thanks Brian Cully)
Matthew Wild <mwild1@gmail.com>
parents:
2925
diff
changeset
|
11 local lfs = require "lfs"; |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
5235
e0373e0dd048
mod_http_files: Add Last-Modified header
Kim Alvefur <zash@zash.se>
parents:
5234
diff
changeset
|
13 local os_date = os.date; |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local open = io.open; |
3353
cd3cbf361f8f
mod_httpserver: Serve index.html if a request is made for a directory and it contains one (thanks Brian Cully)
Matthew Wild <mwild1@gmail.com>
parents:
2925
diff
changeset
|
15 local stat = lfs.attributes; |
5257
b125892e187c
mod_http_files: Escape paths in redirects
Kim Alvefur <zash@zash.se>
parents:
5256
diff
changeset
|
16 local build_path = require"socket.url".build_path; |
6030
9b91242cc137
mod_http_files: Strip path separator from end of paths, was broken on Windows (thanks Junne)
Kim Alvefur <zash@zash.se>
parents:
5716
diff
changeset
|
17 local path_sep = package.config:sub(1,1); |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
19 local base_path = module:get_option_string("http_files_dir", module:get_option_string("http_path")); |
5261
b14f02671439
mod_http_files: Rename config options and variable names
Kim Alvefur <zash@zash.se>
parents:
5260
diff
changeset
|
20 local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" }); |
b14f02671439
mod_http_files: Rename config options and variable names
Kim Alvefur <zash@zash.se>
parents:
5260
diff
changeset
|
21 local directory_index = module:get_option_boolean("http_dir_listing"); |
635
25f1117d7886
Add initial mod_httpserver for serving static content
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
5716
8a0465de172e
mod_http_files: Put the MIME type map in a global shared table instead of per-host
Kim Alvefur <zash@zash.se>
parents:
5269
diff
changeset
|
23 local mime_map = module:shared("/*/http_files/mime").types; |
5237
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
24 if not mime_map then |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
25 mime_map = { |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
26 html = "text/html", htm = "text/html", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
27 xml = "application/xml", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
28 txt = "text/plain", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
29 css = "text/css", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
30 js = "application/javascript", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
31 png = "image/png", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
32 gif = "image/gif", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
33 jpeg = "image/jpeg", jpg = "image/jpeg", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
34 svg = "image/svg+xml", |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
35 }; |
5716
8a0465de172e
mod_http_files: Put the MIME type map in a global shared table instead of per-host
Kim Alvefur <zash@zash.se>
parents:
5269
diff
changeset
|
36 module:shared("/*/http_files/mime").types = mime_map; |
5237
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
37 |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
38 local mime_types, err = open(module:get_option_string("mime_types_file", "/etc/mime.types"),"r"); |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
39 if mime_types then |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
40 local mime_data = mime_types:read("*a"); |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
41 mime_types:close(); |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
42 setmetatable(mime_map, { |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
43 __index = function(t, ext) |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
44 local typ = mime_data:match("\n(%S+)[^\n]*%s"..(ext:lower()).."%s") or "application/octet-stream"; |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
45 t[ext] = typ; |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
46 return typ; |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
47 end |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
48 }); |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
49 end |
b1038f449e15
mod_http_files: Have mimetypes in a shared table. Get mimetypes from /etc/mime.types if exists.
Kim Alvefur <zash@zash.se>
parents:
5236
diff
changeset
|
50 end |
2771
c9834f338a4e
mod_httpserver: Return Content-Type header based on file extension.
Waqas Hussain <waqas20@gmail.com>
parents:
1870
diff
changeset
|
51 |
7058
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
52 local forbidden_chars_pattern = "[/%z]"; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
53 if prosody.platform == "windows" then |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
54 forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]" |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
55 end |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
56 |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
57 local urldecode = require "util.http".urldecode; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
58 function sanitize_path(path) |
7228
b5b7ae2901e6
mod_http_files: Fix traceback when serving a non-wildcard path (fixes #611)
Kim Alvefur <zash@zash.se>
parents:
7058
diff
changeset
|
59 if not path then return end |
7058
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
60 local out = {}; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
61 |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
62 local c = 0; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
63 for component in path:gmatch("([^/]+)") do |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
64 component = urldecode(component); |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
65 if component:find(forbidden_chars_pattern) then |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
66 return nil; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
67 elseif component == ".." then |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
68 if c <= 0 then |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
69 return nil; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
70 end |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
71 out[c] = nil; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
72 c = c - 1; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
73 elseif component ~= "." then |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
74 c = c + 1; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
75 out[c] = component; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
76 end |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
77 end |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
78 return "/"..table.concat(out, "/"); |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
79 end |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
80 |
5236
8d116a0cdacd
mod_http_files: Cache data read from disk in a weak table
Kim Alvefur <zash@zash.se>
parents:
5235
diff
changeset
|
81 local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to. |
8d116a0cdacd
mod_http_files: Cache data read from disk in a weak table
Kim Alvefur <zash@zash.se>
parents:
5235
diff
changeset
|
82 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
83 function serve(opts) |
5268
69964d1cbe66
mod_http_files: Allow passing a string to serve()
Kim Alvefur <zash@zash.se>
parents:
5265
diff
changeset
|
84 if type(opts) ~= "table" then -- assume path string |
69964d1cbe66
mod_http_files: Allow passing a string to serve()
Kim Alvefur <zash@zash.se>
parents:
5265
diff
changeset
|
85 opts = { path = opts }; |
69964d1cbe66
mod_http_files: Allow passing a string to serve()
Kim Alvefur <zash@zash.se>
parents:
5265
diff
changeset
|
86 end |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
87 local base_path = opts.path; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
88 local dir_indices = opts.index_files or dir_indices; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
89 local directory_index = opts.directory_index; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
90 local function serve_file(event, path) |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
91 local request, response = event.request, event.response; |
7228
b5b7ae2901e6
mod_http_files: Fix traceback when serving a non-wildcard path (fixes #611)
Kim Alvefur <zash@zash.se>
parents:
7058
diff
changeset
|
92 local sanitized_path = sanitize_path(path); |
b5b7ae2901e6
mod_http_files: Fix traceback when serving a non-wildcard path (fixes #611)
Kim Alvefur <zash@zash.se>
parents:
7058
diff
changeset
|
93 if path and not sanitized_path then |
7058
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
94 return 400; |
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
95 end |
7228
b5b7ae2901e6
mod_http_files: Fix traceback when serving a non-wildcard path (fixes #611)
Kim Alvefur <zash@zash.se>
parents:
7058
diff
changeset
|
96 path = sanitized_path; |
7058
e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
Matthew Wild <mwild1@gmail.com>
parents:
6873
diff
changeset
|
97 local orig_path = sanitize_path(request.path); |
7229
dcc8ed11173c
mod_http_files: Don't prepend / to path twice, sanitize path does this already
Kim Alvefur <zash@zash.se>
parents:
7228
diff
changeset
|
98 local full_path = base_path .. (path or ""):gsub("/", path_sep); |
6872
eb28067faadf
mod_http_files: Strip trailing directory separator regardless of directionality of the slash (fixes #545)
Kim Alvefur <zash@zash.se>
parents:
6030
diff
changeset
|
99 local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
100 if not attr then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
101 return 404; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
102 end |
5248
13553f4132a8
mod_http_files: Compare If-Modified-Since to last modification date
Kim Alvefur <zash@zash.se>
parents:
5247
diff
changeset
|
103 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
104 local request_headers, response_headers = request.headers, response.headers; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
105 |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
106 local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
107 response_headers.last_modified = last_modified; |
5234
a9f0a1becc66
mod_http_files: Add ETag and check If-None-Match to allow client-side cache
Kim Alvefur <zash@zash.se>
parents:
5233
diff
changeset
|
108 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
109 local etag = ("%02x-%x-%x-%x"):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
110 response_headers.etag = etag; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
111 |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
112 local if_none_match = request_headers.if_none_match |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
113 local if_modified_since = request_headers.if_modified_since; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
114 if etag == if_none_match |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
115 or (not if_none_match and last_modified == if_modified_since) then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
116 return 304; |
4868
550f0a5e85c5
mod_http_files: Respond with a 301 redirect for directories to append a / (fixes relative links)
Kim Alvefur <zash@zash.se>
parents:
4722
diff
changeset
|
117 end |
550f0a5e85c5
mod_http_files: Respond with a 301 redirect for directories to append a / (fixes relative links)
Kim Alvefur <zash@zash.se>
parents:
4722
diff
changeset
|
118 |
5264
700ff21a0451
mod_http_files: Work with non-wildcard-routes. Key cache on the original HTTP path.
Kim Alvefur <zash@zash.se>
parents:
5263
diff
changeset
|
119 local data = cache[orig_path]; |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
120 if data and data.etag == etag then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
121 response_headers.content_type = data.content_type; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
122 data = data.data; |
5264
700ff21a0451
mod_http_files: Work with non-wildcard-routes. Key cache on the original HTTP path.
Kim Alvefur <zash@zash.se>
parents:
5263
diff
changeset
|
123 elseif attr.mode == "directory" and path then |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
124 if full_path:sub(-1) ~= "/" then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
125 local path = { is_absolute = true, is_directory = true }; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
126 for dir in orig_path:gmatch("[^/]+") do path[#path+1]=dir; end |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
127 response_headers.location = build_path(path); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
128 return 301; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
129 end |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
130 for i=1,#dir_indices do |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
131 if stat(full_path..dir_indices[i], "mode") == "file" then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
132 return serve_file(event, path..dir_indices[i]); |
5238
0cc0359d8c39
mod_http_files: Generate simple directory index.
Kim Alvefur <zash@zash.se>
parents:
5237
diff
changeset
|
133 end |
0cc0359d8c39
mod_http_files: Generate simple directory index.
Kim Alvefur <zash@zash.se>
parents:
5237
diff
changeset
|
134 end |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
135 |
5263
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
136 if directory_index then |
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
137 data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path }); |
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
138 end |
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
139 if not data then |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
140 return 403; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
141 end |
5264
700ff21a0451
mod_http_files: Work with non-wildcard-routes. Key cache on the original HTTP path.
Kim Alvefur <zash@zash.se>
parents:
5263
diff
changeset
|
142 cache[orig_path] = { data = data, content_type = mime_map.html; etag = etag; }; |
5263
736e7ec8cd2e
mod_http_files: Replace file listing with an event, allowing a different plugin to generate it
Kim Alvefur <zash@zash.se>
parents:
5262
diff
changeset
|
143 response_headers.content_type = mime_map.html; |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
144 |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
145 else |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
146 local f, err = open(full_path, "rb"); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
147 if f then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
148 data, err = f:read("*a"); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
149 f:close(); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
150 end |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
151 if not data then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
152 module:log("debug", "Could not open or read %s. Error was %s", full_path, err); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
153 return 403; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
154 end |
5269
7bc52402966d
mod_http_files: Fix sending Content-Type for index files
Kim Alvefur <zash@zash.se>
parents:
5268
diff
changeset
|
155 local ext = full_path:match("%.([^./]+)$"); |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
156 local content_type = ext and mime_map[ext]; |
5264
700ff21a0451
mod_http_files: Work with non-wildcard-routes. Key cache on the original HTTP path.
Kim Alvefur <zash@zash.se>
parents:
5263
diff
changeset
|
157 cache[orig_path] = { data = data; content_type = content_type; etag = etag }; |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
158 response_headers.content_type = content_type; |
5238
0cc0359d8c39
mod_http_files: Generate simple directory index.
Kim Alvefur <zash@zash.se>
parents:
5237
diff
changeset
|
159 end |
0cc0359d8c39
mod_http_files: Generate simple directory index.
Kim Alvefur <zash@zash.se>
parents:
5237
diff
changeset
|
160 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
161 return response:send(data); |
3353
cd3cbf361f8f
mod_httpserver: Serve index.html if a request is made for a directory and it contains one (thanks Brian Cully)
Matthew Wild <mwild1@gmail.com>
parents:
2925
diff
changeset
|
162 end |
5233
342c46e62f50
mod_http_files: Return 404 faster if file does not exist
Kim Alvefur <zash@zash.se>
parents:
5232
diff
changeset
|
163 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
164 return serve_file; |
1667
c7bb2264e3b8
mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
165 end |
1770
3e17002221eb
mod_httpserver: Backport from trunk more thorough validation of URLs prior to processing
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
166 |
5265
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
167 function wrap_route(routes) |
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
168 for route,handler in pairs(routes) do |
5268
69964d1cbe66
mod_http_files: Allow passing a string to serve()
Kim Alvefur <zash@zash.se>
parents:
5265
diff
changeset
|
169 if type(handler) ~= "function" then |
5265
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
170 routes[route] = serve(handler); |
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
171 end |
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
172 end |
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
173 return routes; |
cc2aed452a62
mod_http_files: Expose function other modules can use to combine their routes with file paths to serve
Kim Alvefur <zash@zash.se>
parents:
5264
diff
changeset
|
174 end |
1667
c7bb2264e3b8
mod_httpserver: Set default file handler (you can now request static files as /*) and restructure code a bit
Matthew Wild <mwild1@gmail.com>
parents:
1552
diff
changeset
|
175 |
5262
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
176 if base_path then |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
177 module:provides("http", { |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
178 route = { |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
179 ["GET /*"] = serve { |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
180 path = base_path; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
181 directory_index = directory_index; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
182 } |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
183 }; |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
184 }); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
185 else |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
186 module:log("debug", "http_files_dir not set, assuming use by some other module"); |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
187 end |
4e58fde55594
mod_http_files: Export function can be used by other modules to serve files. Don't serve files by default unless http_files_dir is set
Kim Alvefur <zash@zash.se>
parents:
5261
diff
changeset
|
188 |