prosody
d043834f15d2
util/jsonpointer.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/jsonpointer.lua @ 13126:d043834f15d2

mod_http: Use RFC 7239 Forwarded header to find original client IP Prefer over X-Forwarded-* since it has an actual specification. Main practical difference is that Forwarded may carry more properties than only the IP address since it is a structured header. Since we parse it into an array, it is easier to do the logical thing and iterate backwards trough proxies until an untrusted one is encountered. Compare the handling of X-Forwarded-For. The 'secure' field now accounts for the full chain of proxies, which must be secure all the way to be considered secure.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 17:10:04 +0200
parent 12781:22066b02887f
line wrap: on
line source

local m_type = math.type;

local function unescape_token(escaped_token)
	local unescaped = escaped_token:gsub("~1", "/"):gsub("~0", "~")
	return unescaped
end

local function resolve_json_pointer(ref, path)
	local ptr_len = #path + 1
	for part, pos in path:gmatch("/([^/]*)()") do
		local token = unescape_token(part)
		if not (type(ref) == "table") then
			return nil
		end
		local idx = next(ref)
		local new_ref

		if type(idx) == "string" then
			new_ref = ref[token]
		elseif m_type(idx) == "integer" then
			local i = tonumber(token)
			if token == "-" then
				i = #ref + 1
			end
			new_ref = ref[i + 1]
		else
			return nil, "invalid-table"
		end

		if pos == ptr_len then
			return new_ref
		elseif type(new_ref) == "table" then
			ref = new_ref
		elseif not (type(ref) == "table") then
			return nil, "invalid-path"
		end

	end
	return ref
end

return { resolve = resolve_json_pointer }