search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
util.x509: Return sets of services per identity
[prosody.git] / net / http / files.lua
blob7ff81fc8ed2da71a9a381b05bcb3bfd97947c753
1 -- Prosody IM
2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
4 --
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
7 --
8
9 local server = require"net.http.server";
10 local lfs = require "lfs";
11 local new_cache = require "util.cache".new;
12 local log = require "util.logger".init("net.http.files");
13
14 local os_date = os.date;
15 local open = io.open;
16 local stat = lfs.attributes;
17 local build_path = require"socket.url".build_path;
18 local path_sep = package.config:sub(1,1);
19
20
21 local forbidden_chars_pattern = "[/%z]";
22 if package.config:sub(1,1) == "\\" then
23 forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
24 end
25
26 local urldecode = require "util.http".urldecode;
27 local function sanitize_path(path) --> util.paths or util.http?
28 if not path then return end
29 local out = {};
30
31 local c = 0;
32 for component in path:gmatch("([^/]+)") do
33 component = urldecode(component);
34 if component:find(forbidden_chars_pattern) then
35 return nil;
36 elseif component == ".." then
37 if c <= 0 then
38 return nil;
39 end
40 out[c] = nil;
41 c = c - 1;
42 elseif component ~= "." then
43 c = c + 1;
44 out[c] = component;
45 end
46 end
47 if path:sub(-1,-1) == "/" then
48 out[c+1] = "";
49 end
50 return "/"..table.concat(out, "/");
51 end
52
53 local function serve(opts)
54 if type(opts) ~= "table" then -- assume path string
55 opts = { path = opts };
56 end
57 local mime_map = opts.mime_map or { html = "text/html" };
58 local cache = new_cache(opts.cache_size or 256);
59 local cache_max_file_size = tonumber(opts.cache_max_file_size) or 1024
60 -- luacheck: ignore 431
61 local base_path = opts.path;
62 local dir_indices = opts.index_files or { "index.html", "index.htm" };
63 local directory_index = opts.directory_index;
64 local function serve_file(event, path)
65 local request, response = event.request, event.response;
66 local sanitized_path = sanitize_path(path);
67 if path and not sanitized_path then
68 return 400;
69 end
70 path = sanitized_path;
71 local orig_path = sanitize_path(request.path);
72 local full_path = base_path .. (path or ""):gsub("/", path_sep);
73 local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
74 if not attr then
75 return 404;
76 end
77
78 local request_headers, response_headers = request.headers, response.headers;
79
80 local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
81 response_headers.last_modified = last_modified;
82
83 local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0);
84 response_headers.etag = etag;
85
86 local if_none_match = request_headers.if_none_match
87 local if_modified_since = request_headers.if_modified_since;
88 if etag == if_none_match
89 or (not if_none_match and last_modified == if_modified_since) then
90 return 304;
91 end
92
93 local data = cache:get(orig_path);
94 if data and data.etag == etag then
95 response_headers.content_type = data.content_type;
96 data = data.data;
97 cache:set(orig_path, data);
98 elseif attr.mode == "directory" and path then
99 if full_path:sub(-1) ~= "/" then
100 local dir_path = { is_absolute = true, is_directory = true };
101 for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end
102 response_headers.location = build_path(dir_path);
103 return 301;
104 end
105 for i=1,#dir_indices do
106 if stat(full_path..dir_indices[i], "mode") == "file" then
107 return serve_file(event, path..dir_indices[i]);
108 end
109 end
110
111 if directory_index then
112 data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
113 end
114 if not data then
115 return 403;
116 end
117 cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; });
118 response_headers.content_type = mime_map.html;
119
120 else
121 local f, err = open(full_path, "rb");
122 if not f then
123 log("debug", "Could not open %s. Error was %s", full_path, err);
124 return 403;
125 end
126 local ext = full_path:match("%.([^./]+)$");
127 local content_type = ext and mime_map[ext];
128 response_headers.content_type = content_type;
129 if attr.size > cache_max_file_size then
130 response_headers.content_length = attr.size;
131 log("debug", "%d > cache_max_file_size", attr.size);
132 return response:send_file(f);
133 else
134 data = f:read("*a");
135 f:close();
136 end
137 cache:set(orig_path, { data = data; content_type = content_type; etag = etag });
138 end
139
140 return response:send(data);
141 end
142
143 return serve_file;
144 end
145
146 return {
147 serve = serve;
148 }
149
Prosody is a modern XMPP communication server.