-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
---
+--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
module:depends("http");
+local server = require"net.http.server";
local lfs = require "lfs";
+local os_date = os.date;
local open = io.open;
local stat = lfs.attributes;
+local build_path = require"socket.url".build_path;
+local path_sep = package.config:sub(1,1);
+
+local base_path = module:get_option_string("http_files_dir", module:get_option_string("http_path"));
+local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" });
+local directory_index = module:get_option_boolean("http_dir_listing");
+
+local mime_map = module:shared("/*/http_files/mime").types;
+if not mime_map then
+ mime_map = {
+ html = "text/html", htm = "text/html",
+ xml = "application/xml",
+ txt = "text/plain",
+ css = "text/css",
+ js = "application/javascript",
+ png = "image/png",
+ gif = "image/gif",
+ jpeg = "image/jpeg", jpg = "image/jpeg",
+ svg = "image/svg+xml",
+ };
+ module:shared("/*/http_files/mime").types = mime_map;
+
+ local mime_types, err = open(module:get_option_string("mime_types_file", "/etc/mime.types"),"r");
+ if mime_types then
+ local mime_data = mime_types:read("*a");
+ mime_types:close();
+ setmetatable(mime_map, {
+ __index = function(t, ext)
+ local typ = mime_data:match("\n(%S+)[^\n]*%s"..(ext:lower()).."%s") or "application/octet-stream";
+ t[ext] = typ;
+ return typ;
+ end
+ });
+ end
+end
+
+local forbidden_chars_pattern = "[/%z]";
+if prosody.platform == "windows" then
+ forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
+end
+
+local urldecode = require "util.http".urldecode;
+function sanitize_path(path)
+ local out = {};
-local http_base = module:get_option_string("http_files_dir", module:get_option_string("http_path", "www_files"));
-
--- TODO: Should we read this from /etc/mime.types if it exists? (startup time...?)
-local mime_map = {
- html = "text/html";
- htm = "text/html";
- xml = "text/xml";
- xsl = "text/xml";
- txt = "text/plain; charset=utf-8";
- js = "text/javascript";
- css = "text/css";
-};
-
-function serve_file(event, path)
- local response = event.response;
- local full_path = http_base.."/"..path;
- if stat(full_path, "mode") == "directory" then
- if stat(full_path.."/index.html", "mode") == "file" then
- return serve_file(event, path.."/index.html");
+ local c = 0;
+ for component in path:gmatch("([^/]+)") do
+ component = urldecode(component);
+ if component:find(forbidden_chars_pattern) then
+ return nil;
+ elseif component == ".." then
+ if c <= 0 then
+ return nil;
+ end
+ out[c] = nil;
+ c = c - 1;
+ elseif component ~= "." then
+ c = c + 1;
+ out[c] = component;
end
- return 403;
end
- local f, err = open(full_path, "rb");
- if not f then
- module:log("warn", "Failed to open file: %s", err);
- return 404;
+ return "/"..table.concat(out, "/");
+end
+
+local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to.
+
+function serve(opts)
+ if type(opts) ~= "table" then -- assume path string
+ opts = { path = opts };
+ end
+ local base_path = opts.path;
+ local dir_indices = opts.index_files or dir_indices;
+ local directory_index = opts.directory_index;
+ local function serve_file(event, path)
+ local request, response = event.request, event.response;
+ path = sanitize_path(path);
+ if not path then
+ return 400;
+ end
+ local orig_path = sanitize_path(request.path);
+ local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep);
+ local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
+ if not attr then
+ return 404;
+ end
+
+ local request_headers, response_headers = request.headers, response.headers;
+
+ local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
+ response_headers.last_modified = last_modified;
+
+ local etag = ("%02x-%x-%x-%x"):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0);
+ response_headers.etag = etag;
+
+ local if_none_match = request_headers.if_none_match
+ local if_modified_since = request_headers.if_modified_since;
+ if etag == if_none_match
+ or (not if_none_match and last_modified == if_modified_since) then
+ return 304;
+ end
+
+ local data = cache[orig_path];
+ if data and data.etag == etag then
+ response_headers.content_type = data.content_type;
+ data = data.data;
+ elseif attr.mode == "directory" and path then
+ if full_path:sub(-1) ~= "/" then
+ local path = { is_absolute = true, is_directory = true };
+ for dir in orig_path:gmatch("[^/]+") do path[#path+1]=dir; end
+ response_headers.location = build_path(path);
+ return 301;
+ end
+ for i=1,#dir_indices do
+ if stat(full_path..dir_indices[i], "mode") == "file" then
+ return serve_file(event, path..dir_indices[i]);
+ end
+ end
+
+ if directory_index then
+ data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
+ end
+ if not data then
+ return 403;
+ end
+ cache[orig_path] = { data = data, content_type = mime_map.html; etag = etag; };
+ response_headers.content_type = mime_map.html;
+
+ else
+ local f, err = open(full_path, "rb");
+ if f then
+ data, err = f:read("*a");
+ f:close();
+ end
+ if not data then
+ module:log("debug", "Could not open or read %s. Error was %s", full_path, err);
+ return 403;
+ end
+ local ext = full_path:match("%.([^./]+)$");
+ local content_type = ext and mime_map[ext];
+ cache[orig_path] = { data = data; content_type = content_type; etag = etag };
+ response_headers.content_type = content_type;
+ end
+
+ return response:send(data);
end
- local data = f:read("*a");
- f:close();
- if not data then
- return 403;
+
+ return serve_file;
+end
+
+function wrap_route(routes)
+ for route,handler in pairs(routes) do
+ if type(handler) ~= "function" then
+ routes[route] = serve(handler);
+ end
end
- local ext = path:match("%.([^.]*)$");
- response.headers.content_type = mime_map[ext]; -- Content-Type should be nil when not known
- return response:send(data);
+ return routes;
end
-module:provides("http", {
- route = {
- ["GET /*"] = serve_file;
- };
-});
+if base_path then
+ module:provides("http", {
+ route = {
+ ["GET /*"] = serve {
+ path = base_path;
+ directory_index = directory_index;
+ }
+ };
+ });
+else
+ module:log("debug", "http_files_dir not set, assuming use by some other module");
+end
projects / prosody.git / blobdiff