Mercurial > prosody-modules

comparison mod_http_upload/mod_http_upload.lua @ 2683:d0948bd96a7b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_upload: Add support for limiting file types to upload
author Kim Alvefur <zash@zash.se>
date Thu, 13 Apr 2017 20:29:41 +0200
parents 3fd50495c89d
children e491a15d7621
comparison
equal deleted inserted replaced
2682:3fd50495c89d 2683:d0948bd96a7b
29 29
30 -- config 30 -- config
31 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB 31 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB
32 local quota = module:get_option_number(module.name .. "_quota"); 32 local quota = module:get_option_number(module.name .. "_quota");
33 local max_age = module:get_option_number(module.name .. "_expire_after"); 33 local max_age = module:get_option_number(module.name .. "_expire_after");
34 local allowed_file_types = module:get_option_set(module.name .. "_allowed_file_types");
34 35
35 --- sanity 36 --- sanity
36 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024); 37 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024);
37 if file_size_limit > parser_body_limit then 38 if file_size_limit > parser_body_limit then
38 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B", 39 module:log("warn", "%s_file_size_limit exceeds HTTP parser limit on body size, capping file size to %d B",
138 origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension")); 139 origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension"));
139 return true; 140 return true;
140 end 141 end
141 end 142 end
142 143
144 if allowed_file_types then
145 if not (allowed_file_types:contains(mimetype) or allowed_file_types:contains(mimetype:gsub("/.*", "/*"))) then
146 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "File type not allowed"));
147 return true;
148 end
149 end
150
143 local reply = st.reply(stanza); 151 local reply = st.reply(stanza);
144 reply:tag("slot", { xmlns = xmlns }); 152 reply:tag("slot", { xmlns = xmlns });
145 153
146 local random_dir; 154 local random_dir;
147 repeat random_dir = uuid(); 155 repeat random_dir = uuid();