Mercurial > prosody-modules

comparison mod_http_upload/mod_http_upload.lua @ 4653:2b6e8ce5fb30

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_upload: Don’t send http: URIs to clients, this is forbidden by the XEP
author Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date Wed, 25 Aug 2021 10:22:37 +0200
parents 342664061c9b
children ea17cfcbffab
comparison
equal deleted inserted replaced
4652:e524a97730eb 4653:2b6e8ce5fb30
196 :tag("max-file-size"):text(("%d"):format(file_size_limit)); 196 :tag("max-file-size"):text(("%d"):format(file_size_limit));
197 elseif not check_quota(username, host, filesize) then 197 elseif not check_quota(username, host, filesize) then
198 module:log("debug", "Upload of %dB by %s would exceed quota", filesize, user_bare); 198 module:log("debug", "Upload of %dB by %s would exceed quota", filesize, user_bare);
199 return nil, st.error_reply(stanza, "wait", "resource-constraint", "Quota reached"); 199 return nil, st.error_reply(stanza, "wait", "resource-constraint", "Quota reached");
200 end 200 end
201 local base_url = module:http_url();
202 if base_url:match("^http://") then
203 module:log("error", "File upload MUST happen with TLS but it isn’t enabled, see https://prosody.im/doc/http for how to fix this issue");
204 return nil, st.error_reply(stanza, "wait", "internal-server-error", "HTTPS is not configured properly on the server");
205 end
201 206
202 local random_dir = uuid(); 207 local random_dir = uuid();
203 local created, err = lfs.mkdir(join_path(storage_path, random_dir)); 208 local created, err = lfs.mkdir(join_path(storage_path, random_dir));
204 209
205 if not created then 210 if not created then
223 228
224 measure_slot(filesize); 229 measure_slot(filesize);
225 230
226 origin.log("debug", "Given upload slot %q", slot); 231 origin.log("debug", "Given upload slot %q", slot);
227 232
228 local base_url = module:http_url();
229 local slot_url = url.parse(base_url); 233 local slot_url = url.parse(base_url);
230 slot_url.path = url.parse_path(slot_url.path or "/"); 234 slot_url.path = url.parse_path(slot_url.path or "/");
231 t_insert(slot_url.path, random_dir); 235 t_insert(slot_url.path, random_dir);
232 t_insert(slot_url.path, filename); 236 t_insert(slot_url.path, filename);
233 slot_url.path.is_directory = false; 237 slot_url.path.is_directory = false;