Mercurial > prosody-hg
comparison plugins/mod_http_file_share.lua @ 11315:c52fcea39c8e
mod_http_file_share: Add file type filter
Unlike mod_http_upload, this can't be bypassed by uploading with a
different file extension.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 26 Jan 2021 14:53:43 +0100 |
| parents | 7c8b02c5a335 |
| children | ae0461b37fbe |
comparison
equal
deleted
inserted
replaced
| 11314:7c8b02c5a335 | 11315:c52fcea39c8e |
|---|---|
| 27 -- id, <request>, time, owner | 27 -- id, <request>, time, owner |
| 28 | 28 |
| 29 local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); | 29 local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); |
| 30 local external_base_url = module:get_option_string(module.name .. "_base_url"); | 30 local external_base_url = module:get_option_string(module.name .. "_base_url"); |
| 31 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB | 31 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB |
| 32 local file_types = module:get_option_set(module.name .. "_allowed_file_types", {}); | |
| 32 | 33 |
| 33 local access = module:get_option_set(module.name .. "_access", {}); | 34 local access = module:get_option_set(module.name .. "_access", {}); |
| 34 | 35 |
| 35 if not external_base_url then | 36 if not external_base_url then |
| 36 module:depends("http"); | 37 module:depends("http"); |
| 42 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); | 43 }:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); |
| 43 | 44 |
| 44 local upload_errors = errors.init(module.name, namespace, { | 45 local upload_errors = errors.init(module.name, namespace, { |
| 45 access = { "auth"; "forbidden" }; | 46 access = { "auth"; "forbidden" }; |
| 46 filename = { "modify"; "bad-request", "Invalid filename" }; | 47 filename = { "modify"; "bad-request", "Invalid filename" }; |
| 48 filetype = { "modify"; "not-acceptable", "File type not allowed" }; | |
| 47 filesize = { "modify"; "not-acceptable"; "File too large"; | 49 filesize = { "modify"; "not-acceptable"; "File too large"; |
| 48 st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); }; | 50 st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); }; |
| 49 }); | 51 }); |
| 50 | 52 |
| 51 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error | 53 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error |
| 59 return false, upload_errors.new("filename"); | 61 return false, upload_errors.new("filename"); |
| 60 end | 62 end |
| 61 | 63 |
| 62 if filesize > file_size_limit then | 64 if filesize > file_size_limit then |
| 63 return false, upload_errors.new("filesize"); | 65 return false, upload_errors.new("filesize"); |
| 66 end | |
| 67 | |
| 68 if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then | |
| 69 return false, upload_errors.new("filetype"); | |
| 64 end | 70 end |
| 65 | 71 |
| 66 return true; | 72 return true; |
| 67 end | 73 end |
| 68 | 74 |
