annotate mod_http_avatar/mod_http_avatar.lua @ 5477:5986e0edd7a3

mod_http_oauth2: Use validated redirect URI when returning errors to client Parsing it from the query again without the validation done by get_redirect_uri() may lead to open redirect issues.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 14:17:58 +0200
parents 5b4e7db5943c
children 0f103a6e9ba4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3082
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
1 -- Prosody IM
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
2 -- Copyright (C) 2018 Emmanuel Gil Peyrot
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
3 --
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
6
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
7 local base64 = require"util.encodings".base64;
3084
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
8 local sha1 = require"util.hashes".sha1;
3082
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
9 local st = require"util.stanza";
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
10 module:depends"http";
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
11
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
12 local vcard_storage = module:open_store"vcard";
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
13
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
14 local default_avatar = [[<svg xmlns='http://www.w3.org/2000/svg' version='1.1' viewBox='0 0 150 150'>
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
15 <rect width='150' height='150' fill='#888' stroke-width='1' stroke='#000'/>
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
16 <text x='75' y='100' text-anchor='middle' font-size='100'>?</text>
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
17 </svg>]];
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
18
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
19 local function get_avatar(event, path)
3084
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
20 local request, response = event.request, event.response;
3082
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
21 local photo_type, binval;
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
22 local vcard, err = vcard_storage:get(path);
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
23 if vcard then
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
24 vcard = st.deserialize(vcard);
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
25 local photo = vcard:get_child("PHOTO", "vcard-temp");
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
26 if photo then
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
27 photo_type = photo:get_child_text("TYPE", "vcard-temp");
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
28 binval = photo:get_child_text("BINVAL", "vcard-temp");
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
29 end
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
30 end
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
31 if not photo_type or not binval then
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
32 response.status_code = 404;
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
33 response.headers.content_type = "image/svg+xml";
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
34 return default_avatar;
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
35 end
3084
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
36 local avatar = base64.decode(binval);
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
37 local hash = sha1(avatar, true);
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
38 if request.headers.if_none_match == hash then
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
39 return 304;
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
40 end
3082
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
41 response.headers.content_type = photo_type;
3084
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
42 response.headers.etag = hash;
5b4e7db5943c mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 3083
diff changeset
43 return avatar;
3082
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
44 end
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
45
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
46 module:provides("http", {
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
47 route = {
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
48 ["GET /*"] = get_avatar;
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
49 };
1cff081abbed mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff changeset
50 });