diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_httpserver.lua | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua index a8639281..f1f2150d 100644 --- a/plugins/mod_httpserver.lua +++ b/plugins/mod_httpserver.lua @@ -14,18 +14,48 @@ local t_concat = table.concat; local http_base = "www_files"; +local response_400 = { status = "400 Bad Request", body = "<h1>Bad Request</h1>Sorry, we didn't understand your request :(" }; local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" }; -local http_path = { http_base }; -local function handle_request(method, body, request) - local path = request.url.path:gsub("%.%.%/", ""):gsub("^/[^/]+", ""); - http_path[2] = path; - local f, err = open(t_concat(http_path), "r"); +local function preprocess_path(path) + if path:sub(1,1) ~= "/" then + path = "/"..path; + end + local level = 0; + for component in path:gmatch("([^/]+)/") do + if component == ".." then + level = level - 1; + elseif component ~= "." then + level = level + 1; + end + if level < 0 then + return nil; + end + end + return path; +end + +function serve_file(path) + local f, err = open(http_base..path, "r"); if not f then return response_404; end local data = f:read("*a"); f:close(); return data; end +local function handle_file_request(method, body, request) + local path = preprocess_path(request.url.path); + if not path then return response_400; end + path = path:gsub("^/[^/]+", ""); -- Strip /files/ + return serve_file(path); +end + +local function handle_default_request(method, body, request) + local path = preprocess_path(request.url.path); + if not path then return response_400; end + return serve_file(path); +end + local ports = config.get(module.host, "core", "http_ports") or { 5280 }; -httpserver.new_from_config(ports, "files", handle_request); +httpserver.set_default_handler(handle_default_request); +httpserver.new_from_config(ports, "files", handle_file_request); |