Mercurial > prosody-hg
comparison plugins/mod_http_file_share.lua @ 13259:9097149923ae
mod_http_file_share: Switch to the new authz API (BC)
Behavior change: It becomes up to the authorization module whether to
allow requests. The default, mod_authz_internal, will allow users on the
*parent* host only, breaking use by some components.
Remaining question is whether to deprecate the `http_file_share_access`
setting or leave as a way to complement/bypass access control?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 16 Sep 2023 14:23:08 +0200 |
| parents | 26c30844cac6 |
| children | 9c62ffbdf2ae |
comparison
equal
deleted
inserted
replaced
| 13258:c8c0cfb7f5df | 13259:9097149923ae |
|---|---|
| 45 | 45 |
| 46 local create_jwt, verify_jwt = require"prosody.util.jwt".init("HS256", secret, secret, { default_ttl = 600 }); | 46 local create_jwt, verify_jwt = require"prosody.util.jwt".init("HS256", secret, secret, { default_ttl = 600 }); |
| 47 | 47 |
| 48 local access = module:get_option_set(module.name .. "_access", {}); | 48 local access = module:get_option_set(module.name .. "_access", {}); |
| 49 | 49 |
| 50 module:default_permission("prosody:registered", ":upload"); | |
| 51 | |
| 50 if not external_base_url then | 52 if not external_base_url then |
| 51 module:depends("http"); | 53 module:depends("http"); |
| 52 end | 54 end |
| 53 | 55 |
| 54 module:add_extension(dataform { | 56 module:add_extension(dataform { |
| 134 return total_bytes; | 136 return total_bytes; |
| 135 end | 137 end |
| 136 | 138 |
| 137 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error | 139 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error |
| 138 local uploader_host = jid.host(uploader); | 140 local uploader_host = jid.host(uploader); |
| 139 if not ((access:empty() and prosody.hosts[uploader_host]) or access:contains(uploader) or access:contains(uploader_host)) then | 141 if not (module:may(":upload", uploader) or access:contains(uploader) or access:contains(uploader_host)) then |
| 140 return false, upload_errors.new("access"); | 142 return false, upload_errors.new("access"); |
| 141 end | 143 end |
| 142 | 144 |
| 143 if not filename or filename:find"/" then | 145 if not filename or filename:find"/" then |
| 144 -- On Linux, only '/' and '\0' are invalid in filenames and NUL can't be in XML | 146 -- On Linux, only '/' and '\0' are invalid in filenames and NUL can't be in XML |
