Mercurial > prosody-modules
view mod_http_rest/mod_http_rest.lua @ 5256:44f7edd4f845
mod_http_oauth2: Reject non-local hosts in more code paths
We're not issuing tokens for users on remote hosts, we can't even
authenticate them since they're remote. Thus the host is always the
local module.host so no need to pass around the host in most cases or
use it for anything but enforcing the same host.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 17:52:10 +0100 |
| parents | 79432b859d21 |
| children |
line wrap: on
line source
module:depends"http" local jid_split = require "util.jid".split; local jid_prep = require "util.jid".prep; local stanza = require "util.stanza"; local test_password = require "core.usermanager".test_password; local b64_decode = require "util.encodings".base64.decode; local formdecode = require "net.http".formdecode; local xml = require"util.xml"; local function handle_post(event, path, authed_user) local request = event.request; local headers = request.headers; local body_type = headers.content_type; if body_type == "text/xml" and request.body then local parsed, err = xml.parse(request.body); if parsed then module:log("debug", "Sending %s", parsed); module:send(parsed); return 201; end else return 415; end return 422; end module:provides("http", { default_path = "/rest"; route = { ["POST"] = handle_post; OPTIONS = function(e) local headers = e.response.headers; headers.allow = "POST"; headers.accept = "test/xml"; return 200; end; } });
