aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_http_file_share.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_http_file_share: Retrieve stored total in async-friendly wayKim Alvefur2023-10-141-2/+2
| | | | Does this run in a thread?
* mod_http_file_share: Switch to the new authz API (BC)Kim Alvefur2023-09-161-1/+3
| | | | | | | | | Behavior change: It becomes up to the authorization module whether to allow requests. The default, mod_authz_internal, will allow users on the *parent* host only, breaking use by some components. Remaining question is whether to deprecate the `http_file_share_access` setting or leave as a way to complement/bypass access control?
* plugins: Handle how get_option_period returns "never"Kim Alvefur2023-07-211-1/+1
|
* plugins: Use integer config API with interval specification where sensibleKim Alvefur2023-07-171-3/+3
| | | | | | | Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
* plugins: Switch to :get_option_period() for time range optionsKim Alvefur2023-07-161-7/+1
| | | | Improves readability ("1 day" vs 86400) and centralizes validation.
* mod_http_file_share: Put 'expires' back, thought it was unusedKim Alvefur2023-07-021-0/+1
| | | | | | Removed in 536055476912 because it was not used anywhere else in the file, but per the documentation it is meant to inform external upload services of the expiry time of the upload itself.
* mod_http_file_share: Set slot token TTL so util.jwt validates expiryKim Alvefur2023-06-281-2/+1
| | | | | | Overrides the util.jwt default of 1h with the intended TTL of 10 minutes. Because util.jwt now has its own expiry checks, so the 'expiry' field is no longer used and can thus be removed.
* mod_http_file_share: use util.human.io.parse_durationJonas Schäfer2022-04-281-1/+7
| | | | | | Updated by Zash, the original patch by Jonas had put the duration parsing function in util.datetime but MattJ later did the same thing but differently in f4d7fe919969
* plugins: Prefix module imports with prosody namespaceKim Alvefur2023-03-241-14/+14
|
* mod_http_file_share: Use correct variable name (thanks riau.sni)Matthew Wild2022-09-041-3/+3
|
* mod_http_file_share: Switch to new util.jwt APIMatthew Wild2022-07-111-32/+32
| | | | | | | | Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
* mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)Matthew Wild2022-03-281-0/+1
| | | | | | | | | The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
* mod_http_file_share: Use alternate syntax for filename in Content-DispositionKim Alvefur2022-01-291-1/+2
| | | | | | | | | | | | | | The Lua string.format %q doesn't behave correctly for all characters that should be escaped in a quoted-string. And who knows what effects higher Unicode might have here. Applying percent-encoding of filenames seems like the safest way to deal with filenames, as well as being easier than implementing the actual quoted-string transform, which seems complicated and I'm not even sure it covers every possible character. Filenames can safely be assumed to be UTF-8 since they are passed in an attribute in the query without any escaping.
* mod_http_file_share: Always measure total disk usage for statistics!Kim Alvefur2022-01-111-49/+46
| | | | | | | | | | | Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
* mod_http_file_share: Fix to take retention time into accountKim Alvefur2021-12-041-1/+2
| | | | It was lost in 6f4790b8deec when switching to mod_cron.
* mod_http_file_share: Improve consistency of terminology in loggingKim Alvefur2021-12-041-8/+8
| | | | | Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
* mod_http_file_share: Rename variable for clarityKim Alvefur2021-12-041-6/+6
|
* mod_http_file_share: Fix deletion counterKim Alvefur2021-12-041-4/+3
| | | | | Before aa60f4353001 each loop had its own counter, seems incrementing of one of them was lost. But only one is needed anyhow.
* mod_http_file_share: Back out 876e1b6d6ae4Kim Alvefur2021-12-031-2/+2
|
* mod_http_file_share: Recalculate total storage usage weekly instead of dailyKim Alvefur2021-12-031-1/+1
| | | | | | Before mod_cron this job ran less frequently than the upload removal job. Running them at the same frequency seems wasteful somehow, plus the total should not drift away from the true value that fast.
* mod_http_file_share: Keep track of total storage use across restartsKim Alvefur2021-12-031-0/+5
| | | | | The value needs to be known in order to determine if additional uploads can be accepted.
* mod_http_file_share: Fix measuring total storage use before it was knownKim Alvefur2021-12-031-1/+1
| | | | Passing nil to the metrics system causes errors later.
* mod_http_file_share: Keep global storage use accurate longer.Kim Alvefur2021-11-301-5/+5
| | | | | Merging those loops removes the miscounting that would occur in case a file could not be deleted, so no need to limit it to that case.
* mod_http_file_share: Merge file expiry loopsKim Alvefur2021-11-301-13/+7
| | | | | | | | Not sure what the benefit of two separate loops was, perhaps reduced memory usage by allowing archive query state to be garbage collected before moving on to deleting files. Never measured so probably not so. This simplifies a bit.
* mod_http_file_share: Limit query to time since last expiryKim Alvefur2021-11-301-2/+2
| | | | | | This is probably a bad idea, as files that could not be deleted for some reason will not be tried again. I was just thinking of what the 'task' argument could be used for.
* mod_http_file_share: Switch to mod_cron for periodic tasksKim Alvefur2021-11-221-14/+5
|
* mod_http_file_share: Move number coercion into util.dataformsKim Alvefur2021-10-251-2/+2
|
* mod_http_file_share: Silence luacheck warningKim Alvefur2021-10-231-1/+1
|
* mod_http_file_share: Clean up incomplete uploadsKim Alvefur2021-10-231-0/+7
| | | | | | | If the request fails in the middle then the file~ could be left behind because no code was invoked to delete it then. This gets rid of it when the request is removed. It may still be left in case of an unclean shutdown.
* mod_http_file_share: Allow 'Authorization' header via CORS (thanks kawaii)Kim Alvefur2021-10-201-0/+3
| | | | | | Can't find anything saying anything on whether this is needed or not. kawaii reported that both Chrome and Firefox complained unless the header was added to the list of allowed headers.
* mod_http_file_share: return 401 instead of 403 if authentication failedJonas Schäfer2021-10-191-1/+1
| | | | | | | This is as per the HTTP standards [1]. Thankfully, the REQUIRED www-authenticate header is already generated by the code. [1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1
* mod_http_file_share: Fix measuring how long periodic task takeKim Alvefur2021-09-141-2/+6
|
* mod_http_file_share: Measure current total usageKim Alvefur2021-09-121-0/+7
| | | | | In order to allow monitoring. Especially as there's not much in the way of hard numbers on how much space gets used.
* mod_http_file_share: Fix traceback in global quota debug logging (thanks Martin)Kim Alvefur2021-09-121-2/+4
| | | | | Error in util.human.units.format because of B(nil) when the global quota is unset.
* mod_http_file_share: Add optional global quota on total storage usageKim Alvefur2021-09-121-3/+55
| | | | | | | | | | | | | | | Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
* mod_http_file_share: Update comment about x-frame-optionsKim Alvefur2021-06-201-1/+1
| | | | | | | | | X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
* mod_http_file_share: Build list of measuring buckets for configured size limitKim Alvefur2021-06-081-1/+7
| | | | | Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
* mod_http_file_share: Handle out of bounds Range requestKim Alvefur2021-05-171-3/+8
| | | | | | | Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
* mod_http_file_share: Support download resumption via Range requestsKim Alvefur2021-05-161-0/+20
| | | | | | | | Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
* mod_http_file_share: Include expiry time of the upload itself in tokenKim Alvefur2021-04-051-0/+1
| | | | | | Lets an external upload service know this so it can do expiry itself. Could possibly have been calculated based on the token expiry or issuance time, explicit > implicit.
* mod_http_file_share: Include time of issuance in auth tokenKim Alvefur2021-04-051-1/+3
| | | | | In case an external upload service wants to have the original creation time, or calculate the token expiry itself.
* mod_http_file_share: Group related properties for readabilityKim Alvefur2021-04-051-2/+6
|
* mod_http_file_share: Log error opening file for writingKim Alvefur2021-04-051-2/+3
| | | | util.error.coerce() doesn't work well with iolib
* mod_http_file_share: Fix logging of error opening fileKim Alvefur2021-04-051-1/+1
| | | | It's annoying that Lua interpolates the filename into the error message.
* mod_http_file_share: Include storage in prune time measurementKim Alvefur2021-03-311-1/+1
| | | | Maybe the original idea was that you would measure storage separately?
* mod_http_file_share: Add internal command to check files consistencyKim Alvefur2021-03-281-0/+18
| | | | | | Background: Found a few files in my store that did not match the size recorded in the slot, so I needed a way to check which which those were. As it was a bit too much to type into the shell I added it here instead.
* mod_http_file_share: Fix reporting of missing filesKim Alvefur2021-03-281-2/+5
| | | | | | | This just gave an unhelpful 500 error. It would be nice to have some wrapper code that could untangle the embedded filename in the io libs errors.
* mod_http_file_share: Report number of items in caches to statsmanagerKim Alvefur2021-03-281-0/+8
| | | | | | This is neat, O(1) reporting, why don't we do this everywhere? Gives you an idea of how much stuff is in the caches, which may help inform decisions on whether the size is appropriate.
* mod_http_file_share: Skip removal of nothingKim Alvefur2021-02-261-5/+9
| | | | | In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
* mod_http_file_share: Remove correct entries when not all expired files were ↵Kim Alvefur2021-02-251-10/+20
| | | | | | | | | | | | | | | | | | | | | | | deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 18:14:21 +0000