Mercurial > prosody-modules

view mod_http_pep_avatar/mod_http_pep_avatar.lua @ 3503:882180b459a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_pubsub_post: Restructure authentication and authorization (BC) This deprecates the default "superuser" actor model and makes the default equivalent to the previous "request.id". A single actor and secret per node is supported because HTTP and WebHooks don't normally include any authorization identity. Allowing authentication bypass when no secret is given should be relatively safe when the actor is unprivileged, as will be unless explicitly configured otherwise.
author Kim Alvefur <zash@zash.se>
date Sat, 30 Mar 2019 21:16:13 +0100
parents 213679266dcb
children 00bdecb12779
line wrap: on
line source

-- HTTP Access to PEP Avatar
-- By Kim Alvefur <zash@zash.se>

local mod_pep = module:depends"pep";

local um = require "core.usermanager";
local nodeprep = require "util.encodings".stringprep.nodeprep;
local base64_decode = require "util.encodings".base64.decode;
local urlencode = require "util.http".urlencode;

module:depends("http")
module:provides("http", {
	route = {
		["GET /*"] = function (event, user)
			local request, response = event.request, event.response;
			local actor = request.ip;

			local prepped = nodeprep(user);
			if not prepped then return 400; end
			if prepped ~= user then
				response.headers.location = module:http_url() .. "/" .. urlencode(prepped);
				return 302;
			end
			if not um.user_exists(user, module.host) then
				return 404;
			end

			local pep_service = mod_pep.get_pep_service(user);

			local ok, avatar_hash, avatar_meta = pep_service:get_last_item("urn:xmpp:avatar:metadata", actor);

			if not ok or not avatar_hash then
				return 404;
			end

			if avatar_hash == request.headers.if_none_match then
				return 304;
			end

			local data_ok, avatar_data = pep_service:get_items("urn:xmpp:avatar:data", actor, avatar_hash);
			if not data_ok or type(avatar_data) ~= "table" or not avatar_data[avatar_hash] then
				return 404;
			end

			response.headers.etag = avatar_hash;

			local info = avatar_meta.tags[1]:get_child("info");
			response.headers.content_type = info and info.attr.type or "application/octet-stream";

			local data = avatar_data[avatar_hash];
			return base64_decode(data.tags[1]:get_text());
		end;
	}
});