| author | Kim Alvefur <zash@zash.se> |
| Thu, 28 Mar 2024 15:26:57 +0100 | |
| changeset 13472 | 98806cac64c3 |
| parent 13253 | 5884d58707fa |
| permissions | -rw-r--r-- |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 |
-- Prosody IM |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
2 |
-- Copyright (C) 2008-2012 Matthew Wild |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
3 |
-- Copyright (C) 2008-2012 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
4 |
-- |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 |
-- This project is MIT/X11 licensed. Please see the |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 |
-- COPYING file in the source package for more information. |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 |
-- |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 |
|
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 |
module:set_global(); |
|
10413
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10319
diff
changeset
|
10 |
pcall(function () |
|
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10319
diff
changeset
|
11 |
module:depends("http_errors"); |
|
abfc05495d8b
mod_http: Soften dependency on mod_http_errors
Kim Alvefur <zash@zash.se>
parents:
10319
diff
changeset
|
12 |
end); |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 |
|
|
12981
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
14 |
local portmanager = require "prosody.core.portmanager"; |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
15 |
local moduleapi = require "prosody.core.moduleapi"; |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
16 |
local url_parse = require "socket.url".parse; |
|
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
17 |
local url_build = require "socket.url".build; |
|
13130
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
18 |
local http_util = require "prosody.util.http"; |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
19 |
local normalize_path = http_util.normalize_path; |
|
12981
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
20 |
local set = require "prosody.util.set"; |
|
13169
9c13c11b199d
renamening: Fix newly added imports to use the new namespace
Kim Alvefur <zash@zash.se>
parents:
13145
diff
changeset
|
21 |
local array = require "prosody.util.array"; |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
22 |
|
|
12981
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
23 |
local ip_util = require "prosody.util.ip"; |
|
10927
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
24 |
local new_ip = ip_util.new_ip; |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
25 |
local match_ip = ip_util.match; |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
26 |
local parse_cidr = ip_util.parse_cidr; |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
27 |
|
|
12981
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
28 |
local server = require "prosody.net.http.server"; |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
29 |
|
|
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
30 |
server.set_default_host(module:get_option_string("http_default_host")); |
|
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
31 |
|
|
13218
5022525364f6
mod_http: Fix passing minimum limits in wrong argument position
Kim Alvefur <zash@zash.se>
parents:
13217
diff
changeset
|
32 |
server.set_option("body_size_limit", module:get_option_number("http_max_content_size", nil, 0)); |
|
5022525364f6
mod_http: Fix passing minimum limits in wrong argument position
Kim Alvefur <zash@zash.se>
parents:
13217
diff
changeset
|
33 |
server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size", nil, 0)); |
|
7583
588ed6451984
mod_http: Allow configuring http parser size limits
Kim Alvefur <zash@zash.se>
parents:
6601
diff
changeset
|
34 |
|
|
11731
f3aee8a825cc
Fix various spelling errors (thanks codespell)
Kim Alvefur <zash@zash.se>
parents:
11414
diff
changeset
|
35 |
-- CORS settings |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
36 |
local cors_overrides = module:get_option("http_cors_override", {}); |
|
9801
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
37 |
local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
38 |
local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
39 |
local opt_origins = module:get_option_set("access_control_allow_origins"); |
|
10262
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9856
diff
changeset
|
40 |
local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); |
|
13213
c8d949cf6b09
plugins: Switch to :get_option_period() for time range options
Kim Alvefur <zash@zash.se>
parents:
13169
diff
changeset
|
41 |
local opt_max_age = module:get_option_period("access_control_max_age", "2 hours"); |
|
12794
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
42 |
local opt_default_cors = module:get_option_boolean("http_default_cors_enabled", true); |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
43 |
|
|
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
44 |
local function get_http_event(host, app_path, key) |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
45 |
local method, path = key:match("^(%S+)%s+(.+)$"); |
|
4721
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
46 |
if not method then -- No path specified, default to "" (base path) |
|
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
47 |
method, path = key, ""; |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
48 |
end |
|
4721
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
49 |
if method:sub(1,1) == "/" then |
|
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
50 |
return nil; |
|
1c6c4c53f08a
mod_http: Routes now require a method to be specified, but the path has become optional (defaults to the base path with no trailing '/'
Matthew Wild <mwild1@gmail.com>
parents:
4720
diff
changeset
|
51 |
end |
|
5092
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
52 |
if app_path == "/" and path:sub(1,1) == "/" then |
|
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
53 |
app_path = ""; |
|
a89f8f2f2943
mod_http: Don't produce paths with double / if a module is set to serve /
Kim Alvefur <zash@zash.se>
parents:
4915
diff
changeset
|
54 |
end |
|
9379
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
55 |
if host == "*" then |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
56 |
return method:upper().." "..app_path..path; |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
57 |
else |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
58 |
return method:upper().." "..host..app_path..path; |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
59 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
60 |
end |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
61 |
|
|
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
62 |
local function get_base_path(host_module, app_name, default_app_path) |
|
5332
5b73ac268a9e
mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents:
5230
diff
changeset
|
63 |
return (normalize_path(host_module:get_option("http_paths", {})[app_name] -- Host |
|
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
64 |
or module:get_option("http_paths", {})[app_name] -- Global |
|
5332
5b73ac268a9e
mod_http: Expand $host in http_paths
Kim Alvefur <zash@zash.se>
parents:
5230
diff
changeset
|
65 |
or default_app_path)) -- Default |
|
6025
583e5c1365fe
mod_http: Use hostname from the correct context (thanks gryffus)
Kim Alvefur <zash@zash.se>
parents:
5427
diff
changeset
|
66 |
:gsub("%$(%w+)", { host = host_module.host }); |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
67 |
end |
|
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
68 |
|
|
6507
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
69 |
local function redir_handler(event) |
|
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
70 |
event.response.headers.location = event.request.path.."/"; |
|
7521
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7362
diff
changeset
|
71 |
if event.request.url.query then |
|
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7362
diff
changeset
|
72 |
event.response.headers.location = event.response.headers.location .. "?" .. event.request.url.query |
|
829ebe806e82
mod_http: Fix indentation in redir_handler
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7362
diff
changeset
|
73 |
end |
|
6507
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
74 |
return 301; |
|
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
75 |
end |
|
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
76 |
|
|
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
77 |
local ports_by_scheme = { http = 80, https = 443, }; |
|
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
78 |
|
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
79 |
-- Helper to deduce a module's external URL |
|
13111
9c4dc1e6d2c9
mod_http: Add way to retrieve internal URL instead of external
Kim Alvefur <zash@zash.se>
parents:
13073
diff
changeset
|
80 |
function moduleapi.http_url(module, app_name, default_path, mode) |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
81 |
app_name = app_name or (module.name:gsub("^http_", "")); |
|
12195
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
82 |
|
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
83 |
local external_url = url_parse(module:get_option_string("http_external_url")); |
|
13111
9c4dc1e6d2c9
mod_http: Add way to retrieve internal URL instead of external
Kim Alvefur <zash@zash.se>
parents:
13073
diff
changeset
|
84 |
if external_url and mode ~= "internal" then |
|
13253
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
85 |
-- Current URL does not depend on knowing which ports are used, only configuration. |
|
12195
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
86 |
local url = { |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
87 |
scheme = external_url.scheme; |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
88 |
host = external_url.host; |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
89 |
port = tonumber(external_url.port) or ports_by_scheme[external_url.scheme]; |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
90 |
path = normalize_path(external_url.path or "/", true) |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
91 |
.. (get_base_path(module, app_name, default_path or "/" .. app_name):sub(2)); |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
92 |
} |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
93 |
if ports_by_scheme[url.scheme] == url.port then url.port = nil end |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
94 |
return url_build(url); |
|
6026
8a8be471ec72
mod_http: Fix http_external_url setting without an explicit port
Kim Alvefur <zash@zash.se>
parents:
6025
diff
changeset
|
95 |
end |
|
12195
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
96 |
|
|
13253
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
97 |
if prosody.process_type ~= "prosody" then |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
98 |
-- We generally don't open ports outside of Prosody, so we can't rely on |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
99 |
-- portmanager to tell us which ports and services are used and derive the |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
100 |
-- URL from that, so instead we derive it entirely from configuration. |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
101 |
local https_ports = module:get_option_array("https_ports", { 5281 }); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
102 |
local scheme = "https"; |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
103 |
local port = tonumber(https_ports[1]); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
104 |
if not port then |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
105 |
-- https is disabled and no http_external_url set |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
106 |
scheme = "http"; |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
107 |
local http_ports = module:get_option_array("http_ports", { 5280 }); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
108 |
port = tonumber(http_ports[1]); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
109 |
if not port then |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
110 |
return "http://disabled.invalid/"; |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
111 |
end |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
112 |
end |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
113 |
|
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
114 |
local url = { |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
115 |
scheme = scheme; |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
116 |
host = module:get_option_string("http_host", module.global and module:get_option_string("http_default_host") or module.host); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
117 |
port = port; |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
118 |
path = get_base_path(module, app_name, default_path or "/" .. app_name); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
119 |
} |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
120 |
if ports_by_scheme[url.scheme] == url.port then |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
121 |
url.port = nil |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
122 |
end |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
123 |
return url_build(url); |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
124 |
end |
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
125 |
|
|
5884d58707fa
mod_http: Generate URL from configuration in prosodyctl
Kim Alvefur <zash@zash.se>
parents:
13218
diff
changeset
|
126 |
-- Use portmanager to find the actual port of https or http services |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
127 |
local services = portmanager.get_active_services(); |
|
4915
3fbc01d1fc5a
mod_http: Fix traceback when no HTTP services succeed in binding
Matthew Wild <mwild1@gmail.com>
parents:
4911
diff
changeset
|
128 |
local http_services = services:get("https") or services:get("http") or {}; |
|
8972
48d0b908f8b6
mod_http: Silecence harmless warnings
Kim Alvefur <zash@zash.se>
parents:
8599
diff
changeset
|
129 |
for interface, ports in pairs(http_services) do -- luacheck: ignore 213/interface |
|
8973
75c3b1bd9d7b
mod_http: Rename loop variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8972
diff
changeset
|
130 |
for port, service in pairs(ports) do -- luacheck: ignore 512 |
|
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
131 |
local url = { |
|
12195
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
132 |
scheme = service[1].service.name; |
|
12272
d41e8c7890b0
mod_http: Use http_default_host for URLs generated in global context
Kim Alvefur <zash@zash.se>
parents:
12196
diff
changeset
|
133 |
host = module:get_option_string("http_host", module.global |
|
12273
a19d435dee90
mod_http: Use interface name as default default global hostname
Kim Alvefur <zash@zash.se>
parents:
12272
diff
changeset
|
134 |
and module:get_option_string("http_default_host", interface) or module.host); |
|
12195
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
135 |
port = port; |
|
8b57362f1176
mod_http: Skip querying portmanager when http_external_url when is set
Kim Alvefur <zash@zash.se>
parents:
12191
diff
changeset
|
136 |
path = get_base_path(module, app_name, default_path or "/" .. app_name); |
|
5093
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
137 |
} |
|
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
138 |
if ports_by_scheme[url.scheme] == url.port then url.port = nil end |
|
1ce9e8068dda
mod_http: Rework how module:http_url() builds the url.
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
139 |
return url_build(url); |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
140 |
end |
|
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
141 |
end |
|
11070
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11026
diff
changeset
|
142 |
if prosody.process_type == "prosody" then |
|
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11026
diff
changeset
|
143 |
module:log("warn", "No http ports enabled, can't generate an external URL"); |
|
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11026
diff
changeset
|
144 |
end |
|
6601
4b4852c4f96a
mod_http: Return a static string from module:http_url() when no ports are enabled and log a warning
Kim Alvefur <zash@zash.se>
parents:
6600
diff
changeset
|
145 |
return "http://disabled.invalid/"; |
|
4702
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
146 |
end |
|
5a85e541de1a
mod_http: Switch to single option for specifying HTTP app bases, http_paths. Keys are app/module names, values are base paths.
Matthew Wild <mwild1@gmail.com>
parents:
4696
diff
changeset
|
147 |
|
|
13073
45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents:
12981
diff
changeset
|
148 |
local function header_set_tostring(header_value) |
|
13144
7a6874f9fd40
mod_http: Simplify conversion of Set to Array
Kim Alvefur <zash@zash.se>
parents:
13131
diff
changeset
|
149 |
return array(header_value:items()):concat(", "); |
|
13073
45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents:
12981
diff
changeset
|
150 |
end |
|
45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents:
12981
diff
changeset
|
151 |
|
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
152 |
local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
153 |
if allowed_origins and not allowed_origins[origin] then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
154 |
return; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
155 |
end |
|
13073
45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents:
12981
diff
changeset
|
156 |
response.headers.access_control_allow_methods = header_set_tostring(methods); |
|
45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
Kim Alvefur <zash@zash.se>
parents:
12981
diff
changeset
|
157 |
response.headers.access_control_allow_headers = header_set_tostring(headers); |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
158 |
response.headers.access_control_max_age = tostring(max_age) |
|
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
159 |
response.headers.access_control_allow_origin = origin or "*"; |
|
10262
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9856
diff
changeset
|
160 |
if allow_credentials then |
|
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9856
diff
changeset
|
161 |
response.headers.access_control_allow_credentials = "true"; |
|
4ff2f14f9ac7
mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
Matthew Wild <mwild1@gmail.com>
parents:
9856
diff
changeset
|
162 |
end |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
163 |
end |
|
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
164 |
|
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
165 |
function module.add_host(module) |
|
9379
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
166 |
local host = module.host; |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
167 |
if host ~= "*" then |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
168 |
host = module:get_option_string("http_host", host); |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
169 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
170 |
local apps = {}; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
171 |
module.environment.apps = apps; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
172 |
local function http_app_added(event) |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
173 |
local app_name = event.item.name; |
|
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
174 |
local default_app_path = event.item.default_path or "/"..app_name; |
|
4892
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
175 |
local app_path = get_base_path(module, app_name, default_app_path); |
|
6c8074f47ca4
mod_http: Add module:http_url([app_name,][default_path]) for a module to get a guess at its external URL
Matthew Wild <mwild1@gmail.com>
parents:
4774
diff
changeset
|
176 |
if not app_name then |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
177 |
-- TODO: Link to docs |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
178 |
module:log("error", "HTTP app has no 'name', add one or use module:provides('http', app)"); |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
179 |
return; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
180 |
end |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
181 |
apps[app_name] = apps[app_name] or {}; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
182 |
local app_handlers = apps[app_name]; |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
183 |
|
|
9801
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
184 |
local app_methods = opt_methods; |
|
11401
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11400
diff
changeset
|
185 |
local app_headers = opt_headers; |
|
11400
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11391
diff
changeset
|
186 |
local app_credentials = opt_credentials; |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
187 |
local app_origins; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
188 |
if opt_origins and not (opt_origins:empty() or opt_origins:contains("*")) then |
|
13143
5d5869f14c4d
mod_http: Fix error if 'access_control_allow_origins' is set
Kim Alvefur <zash@zash.se>
parents:
12927
diff
changeset
|
189 |
app_origins = opt_origins._items; |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
190 |
end |
|
9801
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
191 |
|
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
192 |
local function cors_handler(event_data) |
|
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
193 |
local request, response = event_data.request, event_data.response; |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
194 |
apply_cors_headers(response, app_methods, app_headers, opt_max_age, app_credentials, app_origins, request.headers.origin); |
|
9797
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
195 |
end |
|
9993fd021d19
mod_http: Solve CORS problems once and for all
Kim Alvefur <zash@zash.se>
parents:
9507
diff
changeset
|
196 |
|
|
9800
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
197 |
local function options_handler(event_data) |
|
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
198 |
cors_handler(event_data); |
|
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
199 |
return ""; |
|
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
200 |
end |
|
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
201 |
|
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
202 |
local cors = cors_overrides[app_name] or event.item.cors; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
203 |
if cors then |
|
12448
b33558969b3e
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
Matthew Wild <mwild1@gmail.com>
parents:
12447
diff
changeset
|
204 |
if cors.enabled == true then |
|
12447
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
205 |
if cors.credentials ~= nil then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
206 |
app_credentials = cors.credentials; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
207 |
end |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
208 |
if cors.headers then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
209 |
for header, enable in pairs(cors.headers) do |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
210 |
if enable and not app_headers:contains(header) then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
211 |
app_headers = app_headers + set.new { header }; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
212 |
elseif not enable and app_headers:contains(header) then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
213 |
app_headers = app_headers - set.new { header }; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
214 |
end |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
215 |
end |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
216 |
end |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
217 |
if cors.origins then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
218 |
if cors.origins == "*" or cors.origins[1] == "*" then |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
219 |
app_origins = nil; |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
220 |
else |
|
17d87fb2312a
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
Matthew Wild <mwild1@gmail.com>
parents:
12273
diff
changeset
|
221 |
app_origins = set.new(cors.origins)._items; |
|
11401
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11400
diff
changeset
|
222 |
end |
|
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11400
diff
changeset
|
223 |
end |
|
12794
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
224 |
elseif cors.enabled == false then |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
225 |
cors = nil; |
|
11401
27a22a1f141c
mod_http: Allow modifying CORS header list via :provides API
Kim Alvefur <zash@zash.se>
parents:
11400
diff
changeset
|
226 |
end |
|
12794
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
227 |
else |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
228 |
cors = opt_default_cors; |
|
11400
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11391
diff
changeset
|
229 |
end |
|
f6bb3b193277
mod_http: Allow setting the CORS credentials flag via :provides API
Kim Alvefur <zash@zash.se>
parents:
11391
diff
changeset
|
230 |
|
|
11026
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11025
diff
changeset
|
231 |
local streaming = event.item.streaming_uploads; |
|
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11025
diff
changeset
|
232 |
|
|
11403
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
233 |
if not event.item.route then |
|
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
234 |
-- TODO: Link to docs |
|
11404
19a59cb7311e
mod_http: Improve message for missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11403
diff
changeset
|
235 |
module:log("error", "HTTP app %q provides no 'route', add one to handle HTTP requests", app_name); |
|
11403
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
236 |
return; |
|
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
237 |
end |
|
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
238 |
|
|
d5d895313be2
mod_http: Warn if app is missing 'route'
Kim Alvefur <zash@zash.se>
parents:
11401
diff
changeset
|
239 |
for key, handler in pairs(event.item.route) do |
|
4667
d0cfc49f3f2b
mod_http: Support for default_path in apps
Matthew Wild <mwild1@gmail.com>
parents:
4664
diff
changeset
|
240 |
local event_name = get_http_event(host, app_path, key); |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
241 |
if event_name then |
|
9801
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
242 |
local method = event_name:match("^%S+"); |
|
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
243 |
if not app_methods:contains(method) then |
|
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
244 |
app_methods = app_methods + set.new{ method }; |
|
071538a567d5
mod_http: Determine CORS methods to whitelist from actual methods used
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
245 |
end |
|
9800
adfb29f44412
mod_http: Set up to handle OPTIONS
Kim Alvefur <zash@zash.se>
parents:
9797
diff
changeset
|
246 |
local options_event_name = event_name:gsub("^%S+", "OPTIONS"); |
|
4724
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
247 |
if type(handler) ~= "function" then |
|
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
248 |
local data = handler; |
|
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
249 |
handler = function () return data; end |
|
a8c234332258
mod_http: Allow a route value to be static data rather than a handler function
Matthew Wild <mwild1@gmail.com>
parents:
4721
diff
changeset
|
250 |
elseif event_name:sub(-2, -1) == "/*" then |
|
5230
6f5640375358
mod_http: Fix path length pattern
Kim Alvefur <zash@zash.se>
parents:
5204
diff
changeset
|
251 |
local base_path_len = #event_name:match("/.+$"); |
|
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
252 |
local _handler = handler; |
|
8975
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8974
diff
changeset
|
253 |
handler = function (_event) |
|
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8974
diff
changeset
|
254 |
local path = _event.request.path:sub(base_path_len); |
|
0b254439d451
mod_http: Rename argument to avoid name clash with outer scope [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8974
diff
changeset
|
255 |
return _handler(_event, path); |
|
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
256 |
end; |
|
6507
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
257 |
module:hook_object_event(server, event_name:sub(1, -3), redir_handler, -1); |
|
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
258 |
elseif event_name:sub(-1, -1) == "/" then |
|
e1659f32852e
mod_http: For URLs that end with / or wildcard handlers, add a low-priority redirect from without to with slash
Kim Alvefur <zash@zash.se>
parents:
6086
diff
changeset
|
259 |
module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1); |
|
4669
0e0a72679f77
mod_http: Pass portion of path that matched wildcard to wildcard handlers, as a second parameter
Matthew Wild <mwild1@gmail.com>
parents:
4667
diff
changeset
|
260 |
end |
|
11026
3e5bc34be734
mod_http: Add way to signal that a module supports streaming uploads
Kim Alvefur <zash@zash.se>
parents:
11025
diff
changeset
|
261 |
if not streaming then |
|
11025
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
262 |
-- COMPAT Modules not compatible with streaming uploads behave as before. |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
263 |
local _handler = handler; |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
264 |
function handler(event) -- luacheck: ignore 432/event |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
265 |
if event.request.body ~= false then |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
266 |
return _handler(event); |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
267 |
end |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
268 |
end |
|
9673c95895fb
net.http.parser: Allow specifying sink for large request bodies
Kim Alvefur <zash@zash.se>
parents:
10927
diff
changeset
|
269 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
270 |
if not app_handlers[event_name] then |
|
10319
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10262
diff
changeset
|
271 |
app_handlers[event_name] = { |
|
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10262
diff
changeset
|
272 |
main = handler; |
|
12794
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
273 |
cors = cors and cors_handler; |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
274 |
options = cors and options_handler; |
|
10319
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10262
diff
changeset
|
275 |
}; |
|
4696
4700e318add1
mod_http: Use module:hook/unhook_event_object() so that handlers get unregistered if mod_http is unloaded
Matthew Wild <mwild1@gmail.com>
parents:
4678
diff
changeset
|
276 |
module:hook_object_event(server, event_name, handler); |
|
12794
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
277 |
if cors then |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
278 |
module:hook_object_event(server, event_name, cors_handler, 1); |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
279 |
module:hook_object_event(server, options_event_name, options_handler, -1); |
|
24b55f0e2db9
mod_http: Allow disabling CORS in the http_cors_override option and by default
Matthew Wild <mwild1@gmail.com>
parents:
12448
diff
changeset
|
280 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
281 |
else |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
282 |
module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); |
|
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
283 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
284 |
else |
|
7362
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7250
diff
changeset
|
285 |
module:log("error", "Invalid route in %s, %q. See https://prosody.im/doc/developers/http#routes", app_name, key); |
|
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
286 |
end |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
287 |
end |
|
6600
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6599
diff
changeset
|
288 |
local services = portmanager.get_active_services(); |
|
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6599
diff
changeset
|
289 |
if services:get("https") or services:get("http") then |
|
10464
5ce6cbb5ce6a
mod_http: Log served URLs at 'info' level
Kim Alvefur <zash@zash.se>
parents:
10413
diff
changeset
|
290 |
module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); |
|
11070
dc41c8dfd2b1
mod_http: Silence warnings when running under prosodyctl
Matthew Wild <mwild1@gmail.com>
parents:
11026
diff
changeset
|
291 |
elseif prosody.process_type == "prosody" then |
|
12196
6a772a0c0dfd
mod_http: Increase severity of loading unreachable http modules
Kim Alvefur <zash@zash.se>
parents:
12195
diff
changeset
|
292 |
module:log("error", "Not listening on any ports, '%s' will be unreachable", app_name); |
|
6600
321321f566fb
mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled
Kim Alvefur <zash@zash.se>
parents:
6599
diff
changeset
|
293 |
end |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
294 |
end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
295 |
|
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
296 |
local function http_app_removed(event) |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
297 |
local app_handlers = apps[event.item.name]; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
298 |
apps[event.item.name] = nil; |
|
10319
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10262
diff
changeset
|
299 |
for event_name, handlers in pairs(app_handlers) do |
|
d4c538a7d655
mod_http: Unhook CORS related event handlers
Kim Alvefur <zash@zash.se>
parents:
10262
diff
changeset
|
300 |
module:unhook_object_event(server, event_name, handlers.main); |
|
12927
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
301 |
if handlers.cors then |
|
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
302 |
module:unhook_object_event(server, event_name, handlers.cors); |
|
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
303 |
end |
|
12117
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
304 |
|
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
305 |
if event_name:sub(-2, -1) == "/*" then |
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
306 |
module:unhook_object_event(server, event_name:sub(1, -3), redir_handler, -1); |
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
307 |
elseif event_name:sub(-1, -1) == "/" then |
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
308 |
module:unhook_object_event(server, event_name:sub(1, -2), redir_handler, -1); |
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
309 |
end |
|
86e6f0810956
mod_http: Clean up redirects handlers for wildcard on http module unload
Kim Alvefur <zash@zash.se>
parents:
11731
diff
changeset
|
310 |
|
|
12927
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
311 |
if handlers.options then |
|
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
312 |
local options_event_name = event_name:gsub("^%S+", "OPTIONS"); |
|
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
313 |
module:unhook_object_event(server, options_event_name, handlers.options); |
|
419e55abd285
mod_http: Unhook CORS handlers only if active (fixes #1801)
Kim Alvefur <zash@zash.se>
parents:
12794
diff
changeset
|
314 |
end |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
315 |
end |
|
4636
41983ec223f0
mod_http: Include handlers of non-global modules.
Waqas Hussain <waqas20@gmail.com>
parents:
4635
diff
changeset
|
316 |
end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5427
diff
changeset
|
317 |
|
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
318 |
module:handle_items("http-provider", http_app_added, http_app_removed); |
|
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
319 |
|
|
9379
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
320 |
if host ~= "*" then |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
321 |
server.add_host(host); |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
322 |
function module.unload() |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
323 |
server.remove_host(host); |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
324 |
end |
|
4736
3514338c59c3
net.http.server, mod_http: Support http_default_host config option to specify where to direct requests for unknown HTTP vhosts
Matthew Wild <mwild1@gmail.com>
parents:
4724
diff
changeset
|
325 |
end |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
326 |
end |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
327 |
|
|
9379
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
328 |
module.add_host(module); -- set up handling on global context too |
|
220468f7a103
mod_http: Support global HTTP modules
Kim Alvefur <zash@zash.se>
parents:
9341
diff
changeset
|
329 |
|
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
330 |
local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
331 |
|
|
13129
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
332 |
--- deal with [ipv6]:port / ip:port format |
|
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
333 |
local function normal_ip(ip) |
|
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
334 |
return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip; |
|
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
335 |
end |
|
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
336 |
|
|
10927
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
337 |
local function is_trusted_proxy(ip) |
|
13129
90394be5e6a5
mod_http: Handle bracketed IP address format from RFC 7239
Kim Alvefur <zash@zash.se>
parents:
13111
diff
changeset
|
338 |
ip = normal_ip(ip); |
|
11389
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
339 |
if trusted_proxies[ip] then |
|
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
340 |
return true; |
|
c81b6b8c6b19
mod_http: Optimize proxy IP check
Kim Alvefur <zash@zash.se>
parents:
11387
diff
changeset
|
341 |
end |
|
10927
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
342 |
local parsed_ip = new_ip(ip) |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
343 |
for trusted_proxy in trusted_proxies do |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
344 |
if match_ip(parsed_ip, parse_cidr(trusted_proxy)) then |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
345 |
return true; |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
346 |
end |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
347 |
end |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
348 |
return false |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
349 |
end |
|
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
350 |
|
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
351 |
local function get_forwarded_connection_info(request) --> ip:string, secure:boolean |
|
11413
d30c44a829c1
net.http.server: Set request.ip so mod_http doesn't have to
Kim Alvefur <zash@zash.se>
parents:
11412
diff
changeset
|
352 |
local ip = request.ip; |
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
353 |
local secure = request.secure; -- set by net.http.server |
|
13130
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
354 |
|
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
355 |
local forwarded = http_util.parse_forwarded(request.headers.forwarded); |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
356 |
if forwarded then |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
357 |
request.forwarded = forwarded; |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
358 |
for i = #forwarded, 1, -1 do |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
359 |
local proxy = forwarded[i] |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
360 |
if is_trusted_proxy(ip) then |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
361 |
ip = normal_ip(proxy["for"]); |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
362 |
secure = secure and proxy.proto == "https"; |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
363 |
else |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
364 |
break |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
365 |
end |
|
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
366 |
end |
|
13131
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
367 |
end |
|
13130
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
368 |
|
|
13131
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
369 |
return ip, secure; |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
370 |
end |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
371 |
|
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
372 |
-- TODO switch to RFC 7239 by default once support is more common |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
373 |
if module:get_option_boolean("http_legacy_x_forwarded", true) then |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
374 |
function get_forwarded_connection_info(request) --> ip:string, secure:boolean |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
375 |
local ip = request.ip; |
|
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
376 |
local secure = request.secure; -- set by net.http.server |
|
13130
d043834f15d2
mod_http: Use RFC 7239 Forwarded header to find original client IP
Kim Alvefur <zash@zash.se>
parents:
13129
diff
changeset
|
377 |
|
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
378 |
local forwarded_for = request.headers.x_forwarded_for; |
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
379 |
if forwarded_for then |
|
10845
22f783d80eec
mod_http: Tell luacheck to ignore the long comment lines
Kim Alvefur <zash@zash.se>
parents:
10844
diff
changeset
|
380 |
-- luacheck: ignore 631 |
|
10844
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
381 |
-- This logic looks weird at first, but it makes sense. |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
382 |
-- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
383 |
-- We append the original request IP to the header. Then, since the last IP wins, there are two cases: |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
384 |
-- Case a) The original request IP is *not* in trusted proxies, in which case the X-Forwarded-For header will, effectively, be ineffective; the original request IP will win because it overrides any other IP in the header. |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
385 |
-- Case b) The original request IP is in trusted proxies. In that case, the if branch in the for loop will skip the last IP, causing it to be ignored. The second-to-last IP will be taken instead. |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
386 |
-- Case c) If the second-to-last IP is also a trusted proxy, it will also be ignored, iteratively, up to the last IP which isn’t in trusted proxies. |
|
a83bfb266b15
mod_http: Add documentation to the non-obvious logic of get_ip_from_request
Jonas Schäfer <jonas@wielicki.name>
parents:
10469
diff
changeset
|
387 |
-- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP. |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
388 |
forwarded_for = forwarded_for..", "..ip; |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
389 |
for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do |
|
10927
dff1aebd0f2b
mod_http: Support CIDR for trusted proxies.
Boris Grozev <boris@jitsi.org>
parents:
10845
diff
changeset
|
390 |
if not is_trusted_proxy(forwarded_ip) then |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
391 |
ip = forwarded_ip; |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
392 |
end |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
393 |
end |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
394 |
end |
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
395 |
|
|
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
396 |
secure = secure or request.headers.x_forwarded_proto == "https"; |
|
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
397 |
|
|
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
398 |
return ip, secure; |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
399 |
end |
|
13131
f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Kim Alvefur <zash@zash.se>
parents:
13130
diff
changeset
|
400 |
end |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
401 |
|
|
8599
71da54c7f797
mod_http: Pass util.events object to API, fixes traceback
Kim Alvefur <zash@zash.se>
parents:
8597
diff
changeset
|
402 |
module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
403 |
local request = event_data.request; |
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
404 |
if request and is_trusted_proxy(request.ip) then |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
405 |
-- Not included in eg http-error events |
|
11414
2ea70d291429
mod_http: Consolidate handling of proxied connection details
Kim Alvefur <zash@zash.se>
parents:
11413
diff
changeset
|
406 |
request.ip, request.secure = get_forwarded_connection_info(request); |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
407 |
end |
|
9341
9beb767295d4
Revert 2dc7490899ae::5d6b252bc36f: Unfinished and broken
Kim Alvefur <zash@zash.se>
parents:
9339
diff
changeset
|
408 |
return handlers(event_name, event_data); |
|
8597
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
409 |
end); |
|
b4a0bc46c82d
mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) (fixes #540)
Kim Alvefur <zash@zash.se>
parents:
7871
diff
changeset
|
410 |
|
|
5120
bcabea740c00
mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents:
5093
diff
changeset
|
411 |
module:provides("net", { |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
412 |
name = "http"; |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
413 |
listener = server.listener; |
|
12191
94253e02d47d
mod_http: Limit unencrypted http port (5280) to loopback by default
Kim Alvefur <zash@zash.se>
parents:
12117
diff
changeset
|
414 |
private = true; |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
415 |
default_port = 5280; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
416 |
multiplex = { |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
417 |
pattern = "^[A-Z]"; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
418 |
}; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
419 |
}); |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
420 |
|
|
5120
bcabea740c00
mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents:
5093
diff
changeset
|
421 |
module:provides("net", { |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
422 |
name = "https"; |
|
4664
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
423 |
listener = server.listener; |
|
7438b3c68576
mod_http: Revamp module for new API and config
Matthew Wild <mwild1@gmail.com>
parents:
4636
diff
changeset
|
424 |
default_port = 5281; |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
425 |
encryption = "ssl"; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
426 |
multiplex = { |
|
10469
09697a673015
mod_net_multiplex: Add support for using ALPN
Kim Alvefur <zash@zash.se>
parents:
10464
diff
changeset
|
427 |
protocol = "http/1.1"; |
|
4635
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
428 |
pattern = "^[A-Z]"; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
429 |
}; |
|
ea5215bd2783
mod_http: Provide HTTP service.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
430 |
}); |