author | Kim Alvefur <zash@zash.se> |
Thu, 13 Oct 2016 18:57:15 +0200 | |
changeset 2336 | c2cf5b40b66d |
child 2881 | d6badf56ab5f |
permissions | -rw-r--r-- |
2336
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- mod_http_upload_external |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- Copyright (C) 2015-2016 Kim Alvefur |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- This file is MIT/X11 licensed. |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
-- |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
-- imports |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
local st = require"util.stanza"; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local uuid = require"util.uuid".generate; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
local http = require "util.http"; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
local dataform = require "util.dataforms".new; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
local HMAC = require "util.hashes".hmac_sha256; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
-- config |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 100 * 1024 * 1024); -- 100 MB |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
local base_url = assert(module:get_option_string(module.name .. "_base_url"), module.name .. "_base_url is a required option"); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local secret = assert(module:get_option_string(module.name .. "_secret"), module.name .. "_secret is a required option"); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
-- depends |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
module:depends("disco"); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
-- namespace |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
local xmlns_http_upload = "urn:xmpp:http:upload"; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
-- identity and feature advertising |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
module:add_identity("store", "file", module:get_option_string("name", "HTTP File Upload")) |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
module:add_feature(xmlns_http_upload); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
module:add_extension(dataform { |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
{ name = "FORM_TYPE", type = "hidden", value = xmlns_http_upload }, |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
{ name = "max-file-size", type = "text-single" }, |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
}:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
local function magic_crypto_dust(random, filename, filesize) |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
local message = string.format("%s/%s %d", random, filename, filesize); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
local digest = HMAC(secret, message, true); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
random, filename = http.urlencode(random), http.urlencode(filename); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
return base_url .. random .. "/" .. filename, "?v=" .. digest; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
end |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
|
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
-- hooks |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
module:hook("iq/host/"..xmlns_http_upload..":request", function (event) |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
local stanza, origin = event.stanza, event.origin; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
local request = stanza.tags[1]; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
-- local clients only |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
if origin.type ~= "c2s" then |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
module:log("debug", "Request for upload slot from a %s", origin.type); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
origin.send(st.error_reply(stanza, "cancel", "not-authorized")); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
return true; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
end |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
-- validate |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
local filename = request:get_child_text("filename"); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
if not filename or filename:find("/") then |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
module:log("debug", "Filename %q not allowed", filename or ""); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid filename")); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
return true; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
end |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
local filesize = tonumber(request:get_child_text("size")); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
if not filesize then |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
module:log("debug", "Missing file size"); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing or invalid file size")); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
return true; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
elseif filesize > file_size_limit then |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
module:log("debug", "File too large (%d > %d)", filesize, file_size_limit); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
origin.send(st.error_reply(stanza, "modify", "not-acceptable", "File too large", |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
st.stanza("file-too-large", {xmlns=xmlns_http_upload}) |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
:tag("max-size"):text(tostring(file_size_limit)))); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
return true; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
end |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
local reply = st.reply(stanza); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
reply:tag("slot", { xmlns = xmlns_http_upload }); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
local random = uuid(); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
local get_url, verify = magic_crypto_dust(random, filename, filesize); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
reply:tag("get"):text(get_url):up(); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
reply:tag("put"):text(get_url .. verify):up(); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
module:log("info", "Handed out upload slot %s to %s@%s", get_url, origin.username, origin.host); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
origin.send(reply); |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
return true; |
c2cf5b40b66d
mod_http_upload_external: Variant of mod_http_upload that delegates HTTP handling to other server using signed URLs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
end); |