Mercurial > prosody-modules
annotate mod_http_avatar/mod_http_avatar.lua @ 5477:5986e0edd7a3
mod_http_oauth2: Use validated redirect URI when returning errors to client
Parsing it from the query again without the validation done by
get_redirect_uri() may lead to open redirect issues.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 18 May 2023 14:17:58 +0200 |
parents | 5b4e7db5943c |
children | 0f103a6e9ba4 |
rev | line source |
---|---|
3082
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
1 -- Prosody IM |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
2 -- Copyright (C) 2018 Emmanuel Gil Peyrot |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
3 -- |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
6 |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
7 local base64 = require"util.encodings".base64; |
3084
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
8 local sha1 = require"util.hashes".sha1; |
3082
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
9 local st = require"util.stanza"; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
10 module:depends"http"; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
11 |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
12 local vcard_storage = module:open_store"vcard"; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
13 |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
14 local default_avatar = [[<svg xmlns='http://www.w3.org/2000/svg' version='1.1' viewBox='0 0 150 150'> |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
15 <rect width='150' height='150' fill='#888' stroke-width='1' stroke='#000'/> |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
16 <text x='75' y='100' text-anchor='middle' font-size='100'>?</text> |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
17 </svg>]]; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
18 |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
19 local function get_avatar(event, path) |
3084
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
20 local request, response = event.request, event.response; |
3082
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
21 local photo_type, binval; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
22 local vcard, err = vcard_storage:get(path); |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
23 if vcard then |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
24 vcard = st.deserialize(vcard); |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
25 local photo = vcard:get_child("PHOTO", "vcard-temp"); |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
26 if photo then |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
27 photo_type = photo:get_child_text("TYPE", "vcard-temp"); |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
28 binval = photo:get_child_text("BINVAL", "vcard-temp"); |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
29 end |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
30 end |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
31 if not photo_type or not binval then |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
32 response.status_code = 404; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
33 response.headers.content_type = "image/svg+xml"; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
34 return default_avatar; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
35 end |
3084
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
36 local avatar = base64.decode(binval); |
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
37 local hash = sha1(avatar, true); |
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
38 if request.headers.if_none_match == hash then |
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
39 return 304; |
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
40 end |
3082
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
41 response.headers.content_type = photo_type; |
3084
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
42 response.headers.etag = hash; |
5b4e7db5943c
mod_http_avatar: Add caching support.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
3083
diff
changeset
|
43 return avatar; |
3082
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
44 end |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
45 |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
46 module:provides("http", { |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
47 route = { |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
48 ["GET /*"] = get_avatar; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
49 }; |
1cff081abbed
mod_http_avatar: Add a module to serve vCard-temp avatars over HTTP.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
diff
changeset
|
50 }); |