plugins/mod_http_files.lua

   1 -- Prosody IM
   2 -- Copyright (C) 2008-2010 Matthew Wild
   3 -- Copyright (C) 2008-2010 Waqas Hussain
   4 --
   5 -- This project is MIT/X11 licensed. Please see the
   6 -- COPYING file in the source package for more information.
   7 --
   8
   9 module:depends("http");
  10 local server = require"net.http.server";
  11 local lfs = require "lfs";
  12
  13 local os_date = os.date;
  14 local open = io.open;
  15 local stat = lfs.attributes;
  16 local build_path = require"socket.url".build_path;
  17 local path_sep = package.config:sub(1,1);
  18
  19 local base_path = module:get_option_string("http_files_dir", module:get_option_string("http_path"));
  20 local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" });
  21 local directory_index = module:get_option_boolean("http_dir_listing");
  22
  23 local mime_map = module:shared("/*/http_files/mime").types;
  24 if not mime_map then
  25         mime_map = {
  26                 html = "text/html", htm = "text/html",
  27                 xml = "application/xml",
  28                 txt = "text/plain",
  29                 css = "text/css",
  30                 js = "application/javascript",
  31                 png = "image/png",
  32                 gif = "image/gif",
  33                 jpeg = "image/jpeg", jpg = "image/jpeg",
  34                 svg = "image/svg+xml",
  35         };
  36         module:shared("/*/http_files/mime").types = mime_map;
  37
  38         local mime_types, err = open(module:get_option_string("mime_types_file", "/etc/mime.types"),"r");
  39         if mime_types then
  40                 local mime_data = mime_types:read("*a");
  41                 mime_types:close();
  42                 setmetatable(mime_map, {
  43                         __index = function(t, ext)
  44                                 local typ = mime_data:match("\n(%S+)[^\n]*%s"..(ext:lower()).."%s") or "application/octet-stream";
  45                                 t[ext] = typ;
  46                                 return typ;
  47                         end
  48                 });
  49         end
  50 end
  51
  52 local forbidden_chars_pattern = "[/%z]";
  53 if prosody.platform == "windows" then
  54         forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
  55 end
  56
  57 local urldecode = require "util.http".urldecode;
  58 function sanitize_path(path)
  59         if not path then return end
  60         local out = {};
  61
  62         local c = 0;
  63         for component in path:gmatch("([^/]+)") do
  64                 component = urldecode(component);
  65                 if component:find(forbidden_chars_pattern) then
  66                         return nil;
  67                 elseif component == ".." then
  68                         if c <= 0 then
  69                                 return nil;
  70                         end
  71                         out[c] = nil;
  72                         c = c - 1;
  73                 elseif component ~= "." then
  74                         c = c + 1;
  75                         out[c] = component;
  76                 end
  77         end
  78         if path:sub(-1,-1) == "/" then
  79                 out[c+1] = "";
  80         end
  81         return "/"..table.concat(out, "/");
  82 end
  83
  84 local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to.
  85
  86 function serve(opts)
  87         if type(opts) ~= "table" then -- assume path string
  88                 opts = { path = opts };
  89         end
  90         local base_path = opts.path;
  91         local dir_indices = opts.index_files or dir_indices;
  92         local directory_index = opts.directory_index;
  93         local function serve_file(event, path)
  94                 local request, response = event.request, event.response;
  95                 local sanitized_path = sanitize_path(path);
  96                 if path and not sanitized_path then
  97                         return 400;
  98                 end
  99                 path = sanitized_path;
 100                 local orig_path = sanitize_path(request.path);
 101                 local full_path = base_path .. (path or ""):gsub("/", path_sep);
 102                 local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
 103                 if not attr then
 104                         return 404;
 105                 end
 106
 107                 local request_headers, response_headers = request.headers, response.headers;
 108
 109                 local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
 110                 response_headers.last_modified = last_modified;
 111
 112                 local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0);
 113                 response_headers.etag = etag;
 114
 115                 local if_none_match = request_headers.if_none_match
 116                 local if_modified_since = request_headers.if_modified_since;
 117                 if etag == if_none_match
 118                 or (not if_none_match and last_modified == if_modified_since) then
 119                         return 304;
 120                 end
 121
 122                 local data = cache[orig_path];
 123                 if data and data.etag == etag then
 124                         response_headers.content_type = data.content_type;
 125                         data = data.data;
 126                 elseif attr.mode == "directory" and path then
 127                         if full_path:sub(-1) ~= "/" then
 128                                 local path = { is_absolute = true, is_directory = true };
 129                                 for dir in orig_path:gmatch("[^/]+") do path[#path+1]=dir; end
 130                                 response_headers.location = build_path(path);
 131                                 return 301;
 132                         end
 133                         for i=1,#dir_indices do
 134                                 if stat(full_path..dir_indices[i], "mode") == "file" then
 135                                         return serve_file(event, path..dir_indices[i]);
 136                                 end
 137                         end
 138
 139                         if directory_index then
 140                                 data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
 141                         end
 142                         if not data then
 143                                 return 403;
 144                         end
 145                         cache[orig_path] = { data = data, content_type = mime_map.html; etag = etag; };
 146                         response_headers.content_type = mime_map.html;
 147
 148                 else
 149                         local f, err = open(full_path, "rb");
 150                         if f then
 151                                 data, err = f:read("*a");
 152                                 f:close();
 153                         end
 154                         if not data then
 155                                 module:log("debug", "Could not open or read %s. Error was %s", full_path, err);
 156                                 return 403;
 157                         end
 158                         local ext = full_path:match("%.([^./]+)$");
 159                         local content_type = ext and mime_map[ext];
 160                         cache[orig_path] = { data = data; content_type = content_type; etag = etag };
 161                         response_headers.content_type = content_type;
 162                 end
 163
 164                 return response:send(data);
 165         end
 166
 167         return serve_file;
 168 end
 169
 170 function wrap_route(routes)
 171         for route,handler in pairs(routes) do
 172                 if type(handler) ~= "function" then
 173                         routes[route] = serve(handler);
 174                 end
 175         end
 176         return routes;
 177 end
 178
 179 if base_path then
 180         module:provides("http", {
 181                 route = {
 182                         ["GET /*"] = serve {
 183                                 path = base_path;
 184                                 directory_index = directory_index;
 185                         }
 186                 };
 187         });
 188 else
 189         module:log("debug", "http_files_dir not set, assuming use by some other module");
 190 end
 191