view mod_http_logging/mod_http_logging.lua @ 5461:06640647d193

mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs Per draft-ietf-oauth-v2-1-08#section-8.4.2 > The authorization server MUST allow any port to be specified at the > time of the request for loopback IP redirect URIs, to accommodate > clients that obtain an available ephemeral port from the operating > system at the time of the request. Uncertain if it should normalize the host part, but it also seems harmless to treat IPv6 and IPv4 the same here. One thing is that "localhost" is NOT RECOMMENDED because it can sometimes be pointed to non-loopback interfaces via DNS or hosts file.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 13:51:30 +0200
parents c89be016a075
children
line wrap: on
line source

-- mod_http_logging
--
-- Copyright (C) 2015 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- Produces HTTP logs in the style of Apache
--
-- TODO
-- * Configurable format?

module:set_global();

local server = require "net.http.server";

local function get_content_len(response, body)
	local len = response.headers.content_length;
	if len then return len; end
	if not body then body = response.body; end
	if body then return #tostring(body); end
end

local function log_response(response, body)
	local len = tostring(get_content_len(response, body) or "-");
	local request = response.request;
	local ip = request.ip;
	if not ip and request.conn then
		ip = request.conn:ip();
	end
	local req = string.format("%s %s HTTP/%s", request.method, request.path, request.httpversion);
	local date = os.date("%d/%m/%Y:%H:%M:%S %z");
	module:log("info", "%s - - [%s] \"%s\" %d %s", ip, date, req, response.status_code, len);
end

local send_response = server.send_response;
local function log_and_send_response(response, body)
	if not response.finished then
		log_response(response, body);
	end
	return send_response(response, body);
end

local send_file = server.send_file;
local function log_and_send_file(response, f)
	if not response.finished then
		log_response(response);
	end
	return send_file(response, f);
end

if module.wrap_object_event then
	-- Use object event wrapping, allows clean unloading of the module
	module:wrap_object_event(server._events, false, function (handlers, event_name, event_data)
		if event_data.response then
			event_data.response.send = log_and_send_response;
			event_data.response.send_file = log_and_send_file;
		end
		return handlers(event_name, event_data);
	end);
else
	-- Fall back to monkeypatching, unlikely to behave nicely in the
	-- presence of other modules also doing this
	server.send_response = log_and_send_response;
	server.send_file = log_and_send_file;
	function module.unload()
		server.send_response = send_response;
		server.send_file = send_file;
	end
end