Mercurial > prosody-modules
annotate mod_http_dir_listing2/mod_http_dir_listing2.lua @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parents | ec2984aa53db |
| children |
| rev | line source |
|---|---|
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Prosody IM |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- Copyright (C) 2012 Kim Alvefur |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1099
diff
changeset
|
3 -- |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 module:set_global(); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 local server = require"net.http.server"; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local lfs = require "lfs"; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local stat = lfs.attributes; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local build_path = require"socket.url".build_path; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local base64_encode = require"util.encodings".base64.encode; |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
14 local st = require"util.stanza"; |
|
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
15 local render = require"util.interpolation".new("%b{}", st.xml_escape); |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
1064
5db8debb4531
mod_http_dir_listing: Attach the MIME type to list items for use in CSS
Kim Alvefur <zash@zash.se>
parents:
887
diff
changeset
|
17 local mime = module:shared("/*/http_files/mime"); |
|
5db8debb4531
mod_http_dir_listing: Attach the MIME type to list items for use in CSS
Kim Alvefur <zash@zash.se>
parents:
887
diff
changeset
|
18 |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 local function get_resource(resource) |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local fh = assert(module:load_resource(resource)); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 local data = fh:read"*a"; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 fh:close(); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 return data; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 end |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
26 local dir_index_template = get_resource("resources/template.html"); |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 local style = get_resource("resources/style.css"):gsub("url%((.-)%)", function(url) |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 --module:log("debug", "Inlineing %s", url); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 return "url(data:image/png;base64,"..base64_encode(get_resource("resources/"..url))..")"; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 end); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local function generate_directory_index(path, full_path) |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
33 local filelist = {}; |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 if path ~= "/" then |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
35 table.insert(filelist, { class = "parent directory", href = "..", rel = "up", text = "Parent Directory" }); |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 end |
|
1064
5db8debb4531
mod_http_dir_listing: Attach the MIME type to list items for use in CSS
Kim Alvefur <zash@zash.se>
parents:
887
diff
changeset
|
37 local mime_map = mime.types; |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 for file in lfs.dir(full_path) do |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 if file:sub(1,1) ~= "." then |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 local attr = stat(full_path..file) or {}; |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 local path = { file }; |
|
1099
754c15641369
mod_http_dir_listing: Fix file ending detection for filenames with more than one period and don't index mime types with nil
Kim Alvefur <zash@zash.se>
parents:
1095
diff
changeset
|
42 local file_ext = file:match"%.([^.]+)$"; |
|
754c15641369
mod_http_dir_listing: Fix file ending detection for filenames with more than one period and don't index mime types with nil
Kim Alvefur <zash@zash.se>
parents:
1095
diff
changeset
|
43 local type = attr.mode == "file" and file_ext and mime_map and mime_map[file_ext] or nil; |
|
1064
5db8debb4531
mod_http_dir_listing: Attach the MIME type to list items for use in CSS
Kim Alvefur <zash@zash.se>
parents:
887
diff
changeset
|
44 local class = table.concat({ attr.mode or "unknown", file_ext, type and type:match"^[^/]+" }, " "); |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 path.is_directory = attr.mode == "directory"; |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
46 table.insert(filelist, { class = class, href = build_path(path), type = type, text = file }); |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 end |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 end |
|
3003
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
49 table.sort(filelist, function (a, b) |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
50 if a.href == ".." then return true end |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
51 if b.href == ".." then return false end |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
52 if a.class:match"directory" and not b.class:match"directory" then return true end |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
53 if not a.class:match"directory" and b.class:match"directory" then return false end |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
54 return a.text < b.text; |
|
ec2984aa53db
mod_http_dir_listing2: Sort file listing such that directories come before files
Kim Alvefur <zash@zash.se>
parents:
3002
diff
changeset
|
55 end); |
|
3002
c91c9b87929e
mod_http_dir_listing2: Switch to util.interpolation for HTML rendering
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
56 return render(dir_index_template, { |
|
886
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 path = path, |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 style = style, |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 filelist = filelist, |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 footer = "Prosody "..prosody.version, |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 }); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 module:hook_object_event(server, "directory-index", function (event) |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 local ok, data = pcall(generate_directory_index, event.path, event.full_path); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 if ok then return data end |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 module:log("warn", data); |
|
1647b4fac445
mod_http_dir_index: Add. Handle generation of directory listings for mod_http_files. Included icons from the Tango project are Public Domain
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 end); |