aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_httpserver.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_httpserver.lua')
-rw-r--r--plugins/mod_httpserver.lua42
1 files changed, 36 insertions, 6 deletions
diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua
index a8639281..f1f2150d 100644
--- a/plugins/mod_httpserver.lua
+++ b/plugins/mod_httpserver.lua
@@ -14,18 +14,48 @@ local t_concat = table.concat;
local http_base = "www_files";
+local response_400 = { status = "400 Bad Request", body = "<h1>Bad Request</h1>Sorry, we didn't understand your request :(" };
local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
-local http_path = { http_base };
-local function handle_request(method, body, request)
- local path = request.url.path:gsub("%.%.%/", ""):gsub("^/[^/]+", "");
- http_path[2] = path;
- local f, err = open(t_concat(http_path), "r");
+local function preprocess_path(path)
+ if path:sub(1,1) ~= "/" then
+ path = "/"..path;
+ end
+ local level = 0;
+ for component in path:gmatch("([^/]+)/") do
+ if component == ".." then
+ level = level - 1;
+ elseif component ~= "." then
+ level = level + 1;
+ end
+ if level < 0 then
+ return nil;
+ end
+ end
+ return path;
+end
+
+function serve_file(path)
+ local f, err = open(http_base..path, "r");
if not f then return response_404; end
local data = f:read("*a");
f:close();
return data;
end
+local function handle_file_request(method, body, request)
+ local path = preprocess_path(request.url.path);
+ if not path then return response_400; end
+ path = path:gsub("^/[^/]+", ""); -- Strip /files/
+ return serve_file(path);
+end
+
+local function handle_default_request(method, body, request)
+ local path = preprocess_path(request.url.path);
+ if not path then return response_400; end
+ return serve_file(path);
+end
+
local ports = config.get(module.host, "core", "http_ports") or { 5280 };
-httpserver.new_from_config(ports, "files", handle_request);
+httpserver.set_default_handler(handle_default_request);
+httpserver.new_from_config(ports, "files", handle_file_request);