|
1 -- Prosody IM |
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
4 -- |
|
5 -- This project is MIT/X11 licensed. Please see the |
|
6 -- COPYING file in the source package for more information. |
|
7 -- |
|
8 |
|
9 local server = require"net.http.server"; |
|
10 local lfs = require "lfs"; |
|
11 local new_cache = require "util.cache".new; |
|
12 local log = require "util.logger".init("net.http.files"); |
|
13 |
|
14 local os_date = os.date; |
|
15 local open = io.open; |
|
16 local stat = lfs.attributes; |
|
17 local build_path = require"socket.url".build_path; |
|
18 local path_sep = package.config:sub(1,1); |
|
19 |
|
20 |
|
21 local forbidden_chars_pattern = "[/%z]"; |
|
22 if package.config:sub(1,1) == "\\" then |
|
23 forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]" |
|
24 end |
|
25 |
|
26 local urldecode = require "util.http".urldecode; |
|
27 local function sanitize_path(path) --> util.paths or util.http? |
|
28 if not path then return end |
|
29 local out = {}; |
|
30 |
|
31 local c = 0; |
|
32 for component in path:gmatch("([^/]+)") do |
|
33 component = urldecode(component); |
|
34 if component:find(forbidden_chars_pattern) then |
|
35 return nil; |
|
36 elseif component == ".." then |
|
37 if c <= 0 then |
|
38 return nil; |
|
39 end |
|
40 out[c] = nil; |
|
41 c = c - 1; |
|
42 elseif component ~= "." then |
|
43 c = c + 1; |
|
44 out[c] = component; |
|
45 end |
|
46 end |
|
47 if path:sub(-1,-1) == "/" then |
|
48 out[c+1] = ""; |
|
49 end |
|
50 return "/"..table.concat(out, "/"); |
|
51 end |
|
52 |
|
53 local function serve(opts) |
|
54 if type(opts) ~= "table" then -- assume path string |
|
55 opts = { path = opts }; |
|
56 end |
|
57 local mime_map = opts.mime_map or { html = "text/html" }; |
|
58 local cache = new_cache(opts.cache_size or 256); |
|
59 local cache_max_file_size = tonumber(opts.cache_max_file_size) or 1024 |
|
60 -- luacheck: ignore 431 |
|
61 local base_path = opts.path; |
|
62 local dir_indices = opts.index_files or { "index.html", "index.htm" }; |
|
63 local directory_index = opts.directory_index; |
|
64 local function serve_file(event, path) |
|
65 local request, response = event.request, event.response; |
|
66 local sanitized_path = sanitize_path(path); |
|
67 if path and not sanitized_path then |
|
68 return 400; |
|
69 end |
|
70 path = sanitized_path; |
|
71 local orig_path = sanitize_path(request.path); |
|
72 local full_path = base_path .. (path or ""):gsub("/", path_sep); |
|
73 local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows |
|
74 if not attr then |
|
75 return 404; |
|
76 end |
|
77 |
|
78 local request_headers, response_headers = request.headers, response.headers; |
|
79 |
|
80 local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification); |
|
81 response_headers.last_modified = last_modified; |
|
82 |
|
83 local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0); |
|
84 response_headers.etag = etag; |
|
85 |
|
86 local if_none_match = request_headers.if_none_match |
|
87 local if_modified_since = request_headers.if_modified_since; |
|
88 if etag == if_none_match |
|
89 or (not if_none_match and last_modified == if_modified_since) then |
|
90 return 304; |
|
91 end |
|
92 |
|
93 local data = cache:get(orig_path); |
|
94 if data and data.etag == etag then |
|
95 response_headers.content_type = data.content_type; |
|
96 data = data.data; |
|
97 cache:set(orig_path, data); |
|
98 elseif attr.mode == "directory" and path then |
|
99 if full_path:sub(-1) ~= "/" then |
|
100 local dir_path = { is_absolute = true, is_directory = true }; |
|
101 for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end |
|
102 response_headers.location = build_path(dir_path); |
|
103 return 301; |
|
104 end |
|
105 for i=1,#dir_indices do |
|
106 if stat(full_path..dir_indices[i], "mode") == "file" then |
|
107 return serve_file(event, path..dir_indices[i]); |
|
108 end |
|
109 end |
|
110 |
|
111 if directory_index then |
|
112 data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path }); |
|
113 end |
|
114 if not data then |
|
115 return 403; |
|
116 end |
|
117 cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; }); |
|
118 response_headers.content_type = mime_map.html; |
|
119 |
|
120 else |
|
121 local f, err = open(full_path, "rb"); |
|
122 if not f then |
|
123 log("debug", "Could not open %s. Error was %s", full_path, err); |
|
124 return 403; |
|
125 end |
|
126 local ext = full_path:match("%.([^./]+)$"); |
|
127 local content_type = ext and mime_map[ext]; |
|
128 response_headers.content_type = content_type; |
|
129 if attr.size > cache_max_file_size then |
|
130 response_headers.content_length = ("%d"):format(attr.size); |
|
131 log("debug", "%d > cache_max_file_size", attr.size); |
|
132 return response:send_file(f); |
|
133 else |
|
134 data = f:read("*a"); |
|
135 f:close(); |
|
136 end |
|
137 cache:set(orig_path, { data = data; content_type = content_type; etag = etag }); |
|
138 end |
|
139 |
|
140 return response:send(data); |
|
141 end |
|
142 |
|
143 return serve_file; |
|
144 end |
|
145 |
|
146 return { |
|
147 serve = serve; |
|
148 } |
|
149 |