annotate mod_http_index/mod_http_index.lua @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parents ba4f45b8678f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local url = require"socket.url";
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
2 local render = require"util.interpolation".new("%b{}", require"util.stanza".xml_escape);
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 module:depends"http";
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
3756
ba4f45b8678f mod_http_index: Hide http apps that haven't set a title by default
Kim Alvefur <zash@zash.se>
parents: 3752
diff changeset
6 local show_all = module:get_option_boolean(module.name .. "_show_all", false);
3752
8992f84ca870 mod_http_index: Only show http apps that include a title by default
Kim Alvefur <zash@zash.se>
parents: 3577
diff changeset
7
1827
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
8 local base_template;
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
9 do
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
10 local template_file = module:get_option_string(module.name .. "_template", module.name .. ".html");
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
11 template_file = assert(module:load_resource(template_file));
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
12 base_template = template_file:read("*a");
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
13 template_file:close();
9376e870f0e1 mod_http_index: Move template out into a file and make it configurable
Kim Alvefur <zash@zash.se>
parents: 1826
diff changeset
14 end
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local canonical = module:http_url(nil, "/");
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local function relative(base, link)
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 base = url.parse(base);
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 link = url.parse(link);
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 for k,v in pairs(base) do
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 if link[k] == v then
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 link[k] = nil;
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 end
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 end
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 return url.build(link);
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 end
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 local function handler(event)
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
30 local host_items = module:get_host_items("http-provider");
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
31 local http_apps = {}
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
32 for _, item in ipairs(host_items) do
3752
8992f84ca870 mod_http_index: Only show http apps that include a title by default
Kim Alvefur <zash@zash.se>
parents: 3577
diff changeset
33 if module.name ~= item._provided_by and (show_all or item.title) then
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
34 table.insert(http_apps, {
3336
4af114684e0a mod_http_index: Allow listed modules to include a friendlier name
Kim Alvefur <zash@zash.se>
parents: 2927
diff changeset
35 title = item.title or item.name;
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 name = item.name;
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 module = "mod_" .. item._provided_by;
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 url = relative(canonical, module:http_url(item.name, item.default_path));
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
39 });
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 end
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 end
2927
7953b7dde6e7 mod_http_index: Sort list of HTTP applications by name
Kim Alvefur <zash@zash.se>
parents: 1827
diff changeset
42 table.sort(http_apps, function (a, b) return a.name < b.name; end);
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 event.response.headers.content_type = "text/html";
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
44 return render(base_template, {
3577
f169d9a513c6 mod_http_index: Improve page title
Kim Alvefur <zash@zash.se>
parents: 3336
diff changeset
45 title = "Prosody IM - HTTP Services";
1825
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
46 items = http_apps;
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
47 prosody_version = prosody.version;
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
48 mod_name = module.name;
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
49 canonical = canonical;
1b5c817cb642 mod_http_index: Update to use util.interpolation (makes it depend on 0.10+)
Kim Alvefur <zash@zash.se>
parents: 1573
diff changeset
50 });
1573
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 end
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 module:provides("http", {
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 route = {
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 ["GET /"] = handler;
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 };
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 default_path = "/";
0d8cc6971cdb mod_http_index: Generates an index of local HTTP apps
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 });