prosody
c52fcea39c8e
plugins/mod_http_file_share.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_http_file_share.lua @ 11315:c52fcea39c8e

mod_http_file_share: Add file type filter Unlike mod_http_upload, this can't be bypassed by uploading with a different file extension.
author Kim Alvefur <zash@zash.se>
date Tue, 26 Jan 2021 14:53:43 +0100
parent 11314:7c8b02c5a335
child 11316:ae0461b37fbe
comparison
equal deleted inserted replaced
11314:7c8b02c5a335 11315:c52fcea39c8e
27 -- id, <request>, time, owner 27 -- id, <request>, time, owner
28 28
29 local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); 29 local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
30 local external_base_url = module:get_option_string(module.name .. "_base_url"); 30 local external_base_url = module:get_option_string(module.name .. "_base_url");
31 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB 31 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
32 local file_types = module:get_option_set(module.name .. "_allowed_file_types", {});
32 33
33 local access = module:get_option_set(module.name .. "_access", {}); 34 local access = module:get_option_set(module.name .. "_access", {});
34 35
35 if not external_base_url then 36 if not external_base_url then
36 module:depends("http"); 37 module:depends("http");
42 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); 43 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result"));
43 44
44 local upload_errors = errors.init(module.name, namespace, { 45 local upload_errors = errors.init(module.name, namespace, {
45 access = { "auth"; "forbidden" }; 46 access = { "auth"; "forbidden" };
46 filename = { "modify"; "bad-request", "Invalid filename" }; 47 filename = { "modify"; "bad-request", "Invalid filename" };
48 filetype = { "modify"; "not-acceptable", "File type not allowed" };
47 filesize = { "modify"; "not-acceptable"; "File too large"; 49 filesize = { "modify"; "not-acceptable"; "File too large";
48 st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); }; 50 st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); };
49 }); 51 });
50 52
51 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error 53 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
59 return false, upload_errors.new("filename"); 61 return false, upload_errors.new("filename");
60 end 62 end
61 63
62 if filesize > file_size_limit then 64 if filesize > file_size_limit then
63 return false, upload_errors.new("filesize"); 65 return false, upload_errors.new("filesize");
66 end
67
68 if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then
69 return false, upload_errors.new("filetype");
64 end 70 end
65 71
66 return true; 72 return true;
67 end 73 end
68 74