apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13887 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
prosody/plugins/mod_http_file_share.lua

630 lines
21 KiB
Raw Permalink Normal View History Unescape

mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
-- Prosody IM
-- Copyright (C) 2021 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- XEP-0363: HTTP File Upload
-- Again, from the top!
local t_insert = table.insert;
plugins: Prefix module imports with prosody namespace
3 years ago
local jid = require "prosody.util.jid";
local st = require "prosody.util.stanza";
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local url = require "socket.url";
plugins: Prefix module imports with prosody namespace
3 years ago
local dm = require "prosody.core.storagemanager".olddm;
local errors = require "prosody.util.error";
local dataform = require "prosody.util.dataforms".new;
local urlencode = require "prosody.util.http".urlencode;
local dt = require "prosody.util.datetime";
local hi = require "prosody.util.human.units";
local cache = require "prosody.util.cache";
mod_http_file_share: Add internal command to check files consistency Background: Found a few files in my store that did not match the size recorded in the slot, so I needed a way to check which which those were. As it was a bit too much to type into the shell I added it here instead.
5 years ago
local lfs = require "lfs";
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local unknown = math.abs(0/0);
local unlimited = math.huge;
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local namespace = "urn:xmpp:http:upload:0";
module:depends("disco");
module:add_identity("store", "file", module:get_option_string("name", "HTTP File Upload"));
module:add_feature(namespace);
local uploads = module:open_store("uploads", "archive");
mod_http_file_share: Keep track of total storage use across restarts The value needs to be known in order to determine if additional uploads can be accepted.
4 years ago
local persist_stats = module:open_store("upload_stats", "map");
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
-- id, <request>, time, owner
plugins: Prefix module imports with prosody namespace
3 years ago
local secret = module:get_option_string(module.name.."_secret", require"prosody.util.id".long());
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
local external_base_url = module:get_option_string(module.name .. "_base_url");
plugins: Use integer config API with interval specification where sensible Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
2 years ago
local file_size_limit = module:get_option_integer(module.name .. "_size_limit", 10 * 1024 * 1024, 0); -- 10 MB
mod_http_file_share: Add file type filter Unlike mod_http_upload, this can't be bypassed by uploading with a different file extension.
5 years ago
local file_types = module:get_option_set(module.name .. "_allowed_file_types", {});
mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’) Otherwise people complain about browser 'Save as' dialog.
5 years ago
local safe_types = module:get_option_set(module.name .. "_safe_file_types", {"image/*","video/*","audio/*","text/plain"});
plugins: Switch to :get_option_period() for time range options Improves readability ("1 day" vs 86400) and centralizes validation.
2 years ago
local expiry = module:get_option_period(module.name .. "_expires_after", "1w");
plugins: Use integer config API with interval specification where sensible Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
2 years ago
local daily_quota = module:get_option_integer(module.name .. "_daily_quota", file_size_limit*10, 0); -- 100 MB / day
local total_storage_limit = module:get_option_integer(module.name.."_global_quota", unlimited, 0);
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
mod_http_file_share: Set slot token TTL so util.jwt validates expiry Overrides the util.jwt default of 1h with the intended TTL of 10 minutes. Because util.jwt now has its own expiry checks, so the 'expiry' field is no longer used and can thus be removed.
3 years ago
local create_jwt, verify_jwt = require"prosody.util.jwt".init("HS256", secret, secret, { default_ttl = 600 });
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
mod_http_file_share: Add basic access control Partly lifted from mod_external_services
5 years ago
local access = module:get_option_set(module.name .. "_access", {});
mod_http_file_share: Switch to the new authz API (BC) Behavior change: It becomes up to the authorization module whether to allow requests. The default, mod_authz_internal, will allow users on the *parent* host only, breaking use by some components. Remaining question is whether to deprecate the `http_file_share_access` setting or leave as a way to complement/bypass access control?
2 years ago
module:default_permission("prosody:registered", ":upload");
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
if not external_base_url then
module:depends("http");
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
mod_http_file_share: Add file size limit (default 10M)
5 years ago
module:add_extension(dataform {
{ name = "FORM_TYPE", type = "hidden", value = namespace },
mod_http_file_share: Move number coercion into util.dataforms
4 years ago
{ name = "max-file-size", type = "text-single", datatype = "xs:integer" },
}:form({ ["max-file-size"] = file_size_limit }, "result"));
mod_http_file_share: Add file size limit (default 10M)
5 years ago
mod_http_file_share: Return proper error if unauthorized
5 years ago
local upload_errors = errors.init(module.name, namespace, {
mod_http_file_share: Expand registry to fix extra tag Error registry compact format doesn't support extra.tag so needs to be the more verbose format
5 years ago
access = { type = "auth"; condition = "forbidden" };
filename = { type = "modify"; condition = "bad-request"; text = "Invalid filename" };
filetype = { type = "modify"; condition = "not-acceptable"; text = "File type not allowed" };
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
filesize = {
code = 413;
type = "modify";
condition = "not-acceptable";
text = "File too large";
extra = {
tag = st.stanza("file-too-large", { xmlns = namespace }):tag("max-file-size"):text(tostring(file_size_limit));
};
mod_http_file_share: Expand registry to fix extra tag Error registry compact format doesn't support extra.tag so needs to be the more verbose format
5 years ago
};
mod_http_file_share: Add missing semicolon Last comma or semicolon isn't required but makes the diffs nicer once you add another item after it.
5 years ago
filesizefmt = { type = "modify"; condition = "bad-request"; text = "File size must be positive integer"; };
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
quota = { type = "wait"; condition = "resource-constraint"; text = "Daily quota reached"; };
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
outofdisk = { type = "wait"; condition = "resource-constraint"; text = "Server global storage quota reached" };
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
authzmalformed = {
code = 401;
type = "auth";
condition = "not-authorized";
text = "Missing or malformed Authorization header";
};
unauthz = { code = 403; type = "auth"; condition = "forbidden"; text = "Unauthorized or invalid token" };
invalidslot = {
code = 400;
type = "modify";
condition = "bad-request";
text = "Invalid upload slot, must not contain '/'";
};
alreadycompleted = { code = 409; type = "cancel"; condition = "conflict"; text = "Upload already completed" };
writefail = { code = 500; type = "wait"; condition = "internal-server-error" }
mod_http_file_share: Return proper error if unauthorized
5 years ago
});
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
local upload_cache = cache.new(1024);
mod_http_file_share: Cache quotas to avoid hitting storage
5 years ago
local quota_cache = cache.new(1024);
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local total_storage_usage = unknown;
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
mod_http_file_share: Report number of items in caches to statsmanager This is neat, O(1) reporting, why don't we do this everywhere? Gives you an idea of how much stuff is in the caches, which may help inform decisions on whether the size is appropriate.
5 years ago
local measure_upload_cache_size = module:measure("upload_cache", "amount");
local measure_quota_cache_size = module:measure("quota_cache", "amount");
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local measure_total_storage_usage = module:measure("total_storage", "amount", { unit = "bytes" });
mod_http_file_share: Revert 9c62ffbdf2ae No, that wasn't running in a thread, but in a next tick timer.
1 year ago
do
mod_http_file_share: Keep track of total storage use across restarts The value needs to be known in order to determine if additional uploads can be accepted.
4 years ago
local total, err = persist_stats:get(nil, "total");
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
if not err then
total_storage_usage = tonumber(total) or 0;
end
mod_http_file_share: Revert 9c62ffbdf2ae No, that wasn't running in a thread, but in a next tick timer.
1 year ago
end
mod_http_file_share: Report number of items in caches to statsmanager This is neat, O(1) reporting, why don't we do this everywhere? Gives you an idea of how much stuff is in the caches, which may help inform decisions on whether the size is appropriate.
5 years ago
module:hook_global("stats-update", function ()
measure_upload_cache_size(upload_cache:count());
measure_quota_cache_size(quota_cache:count());
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
measure_total_storage_usage(total_storage_usage);
mod_http_file_share: Report number of items in caches to statsmanager This is neat, O(1) reporting, why don't we do this everywhere? Gives you an idea of how much stuff is in the caches, which may help inform decisions on whether the size is appropriate.
5 years ago
end);
mod_http_file_share: Build list of measuring buckets for configured size limit Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
5 years ago
local buckets = {};
for n = 10, 40, 2 do
local exp = math.floor(2 ^ n);
table.insert(buckets, exp);
if exp >= file_size_limit then break end
end
local measure_uploads = module:measure("upload", "sizes", {buckets = buckets});
mod_http_file_share: Collect statistics of files uploaded
5 years ago
mod_http_file_share: Add some logging
5 years ago
-- Convenience wrapper for logging file sizes
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local function B(bytes)
if bytes ~= bytes then
return "unknown"
elseif bytes == unlimited then
return "unlimited";
end
return hi.format(bytes, "B", "b");
end
mod_http_file_share: Add some logging
5 years ago
mod_http_file_share: Factor out function for generating full filename
5 years ago
local function get_filename(slot, create)
return dm.getpath(slot, module.host, module.name, "bin", create)
end
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
function get_daily_quota(uploader)
mod_http_file_share: Split out some variables for later reuse
5 years ago
local now = os.time();
local max_age = now - 86400;
mod_http_file_share: Cache quotas to avoid hitting storage
5 years ago
local cached = quota_cache:get(uploader);
if cached and cached.time > max_age then
return cached.size;
end
mod_http_file_share: Split out some variables for later reuse
5 years ago
local iter, err = uploads:find(nil, {with = uploader; start = max_age });
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
if not iter then return iter, err; end
local total_bytes = 0;
mod_http_file_share: Update cached value while it is reasonably fresh This should ensure that cache entries until the oldest file that counted to the last 24h becomes older than 24h.
5 years ago
local oldest_upload = now;
mod_http_file_share: Cache quotas to avoid hitting storage
5 years ago
for _, slot, when in iter do
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
local size = tonumber(slot.attr.size);
if size then total_bytes = total_bytes + size; end
mod_http_file_share: Update cached value while it is reasonably fresh This should ensure that cache entries until the oldest file that counted to the last 24h becomes older than 24h.
5 years ago
if when < oldest_upload then oldest_upload = when; end
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
end
mod_http_file_share: Update cached value while it is reasonably fresh This should ensure that cache entries until the oldest file that counted to the last 24h becomes older than 24h.
5 years ago
-- If there were no uploads then we end up caching [now, 0], which is fine
-- since we increase the size on new uploads
quota_cache:set(uploader, { time = oldest_upload, size = total_bytes });
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
return total_bytes;
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
mod_http_file_share: Add basic access control Partly lifted from mod_external_services
5 years ago
local uploader_host = jid.host(uploader);
mod_http_file_share: Switch to the new authz API (BC) Behavior change: It becomes up to the authorization module whether to allow requests. The default, mod_authz_internal, will allow users on the *parent* host only, breaking use by some components. Remaining question is whether to deprecate the `http_file_share_access` setting or leave as a way to complement/bypass access control?
2 years ago
if not (module:may(":upload", uploader) or access:contains(uploader) or access:contains(uploader_host)) then
mod_http_file_share: Return proper error if unauthorized
5 years ago
return false, upload_errors.new("access");
mod_http_file_share: Add basic access control Partly lifted from mod_external_services
5 years ago
end
mod_http_file_share: Validate that filename does not contain '/'
5 years ago
if not filename or filename:find"/" then
-- On Linux, only '/' and '\0' are invalid in filenames and NUL can't be in XML
return false, upload_errors.new("filename");
end
mod_http_file_share: Reject invalid file sizes
5 years ago
if not filesize or filesize < 0 or filesize % 1 ~= 0 then
return false, upload_errors.new("filesizefmt");
end
mod_http_file_share: Add file size limit (default 10M)
5 years ago
if filesize > file_size_limit then
return false, upload_errors.new("filesize");
end
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
if total_storage_usage + filesize > total_storage_limit then
module:log("warn", "Global storage quota reached, at %s / %s!", B(total_storage_usage), B(total_storage_limit));
return false, upload_errors.new("outofdisk");
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
end
mod_http_file_share: Add support for daily upload quotas. Daily instead of total quotas, should be more efficient to calculate. Still O(n), but a smaller n. Less affected by total retention period.
5 years ago
local uploader_quota = get_daily_quota(uploader);
if uploader_quota + filesize > daily_quota then
return false, upload_errors.new("quota");
end
mod_http_file_share: Add file type filter Unlike mod_http_upload, this can't be bypassed by uploading with a different file extension.
5 years ago
if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then
return false, upload_errors.new("filetype");
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
return true;
end
mod_http_file_share: Reorder arguments 'filetype' is optional, so having it last seems sensible. 'slot' is pretty important, so moving it earlier seems sensible.
5 years ago
function get_authz(slot, uploader, filename, filesize, filetype)
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
return create_jwt({
mod_http_file_share: Group related properties for readability
5 years ago
-- token properties
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
sub = uploader;
mod_http_file_share: Group related properties for readability
5 years ago
-- slot properties
slot = slot;
plugins: Handle how get_option_period returns "never"
2 years ago
expires = expiry < math.huge and (os.time()+expiry) or nil;
mod_http_file_share: Group related properties for readability
5 years ago
-- file properties
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
filename = filename;
filesize = filesize;
filetype = filetype;
});
end
function get_url(slot, filename)
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
local base_url = external_base_url or module:http_url();
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local slot_url = url.parse(base_url);
slot_url.path = url.parse_path(slot_url.path or "/");
t_insert(slot_url.path, slot);
if filename then
t_insert(slot_url.path, filename);
slot_url.path.is_directory = false;
else
slot_url.path.is_directory = true;
end
slot_url.path = url.build_path(slot_url.path);
return url.build(slot_url);
end
function handle_slot_request(event)
local stanza, origin = event.stanza, event.origin;
local request = st.clone(stanza.tags[1], true);
local filename = request.attr.filename;
local filesize = tonumber(request.attr.size);
mod_http_file_share: Handle content-type being optional
5 years ago
local filetype = request.attr["content-type"] or "application/octet-stream";
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local uploader = jid.bare(stanza.attr.from);
local may, why_not = may_upload(uploader, filename, filesize, filetype);
if not may then
origin.send(st.error_reply(stanza, why_not));
return true;
end
mod_http_file_share: Add some logging
5 years ago
module:log("info", "Issuing upload slot to %s for %s", uploader, B(filesize));
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local slot, storage_err = errors.coerce(uploads:append(nil, nil, request, os.time(), uploader))
if not slot then
origin.send(st.error_reply(stanza, storage_err));
return true;
end
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
total_storage_usage = total_storage_usage + filesize;
mod_http_file_share: Persist total storage usage when it increases (fixes #1891)
11 months ago
persist_stats:set(nil, "total", total_storage_usage);
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit));
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
mod_http_file_share: Update cached value while it is reasonably fresh This should ensure that cache entries until the oldest file that counted to the last 24h becomes older than 24h.
5 years ago
local cached_quota = quota_cache:get(uploader);
if cached_quota and cached_quota.time > os.time()-86400 then
cached_quota.size = cached_quota.size + filesize;
quota_cache:set(uploader, cached_quota);
end
mod_http_file_share: Cache quotas to avoid hitting storage
5 years ago
mod_http_file_share: Reorder arguments 'filetype' is optional, so having it last seems sensible. 'slot' is pretty important, so moving it earlier seems sensible.
5 years ago
local authz = get_authz(slot, uploader, filename, filesize, filetype);
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local slot_url = get_url(slot, filename);
local upload_url = slot_url;
local reply = st.reply(stanza)
:tag("slot", { xmlns = namespace })
:tag("get", { url = slot_url }):up()
:tag("put", { url = upload_url })
mod_http_file_share: Move Authorization type string It belongs with the header more than the token itself
5 years ago
:text_tag("header", "Bearer "..authz, {name="Authorization"})
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
:reset();
origin.send(reply);
return true;
end
function handle_upload(event, path) -- PUT /upload/:slot
local request = event.request;
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
local upload_info = request.http_file_share_upload_info;
if not upload_info then -- Initial handling of request
local authz = request.headers.authorization;
if authz then
authz = authz:match("^Bearer (.*)")
end
if not authz then
module:log("debug", "Missing or malformed Authorization header");
event.response.headers.www_authenticate = "Bearer";
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("authzmalformed", { request = request });
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
end
local authed, authed_upload_info = verify_jwt(authz);
if not authed then
module:log("debug", "Unauthorized or invalid token: %s, %q", authz, authed_upload_info);
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("unauthz", { request = request; wrapped_error = authed_upload_info });
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
end
mod_http_file_share: Use correct variable name (thanks riau.sni)
3 years ago
if not path or authed_upload_info.slot ~= path:match("^[^/]+") then
module:log("debug", "Invalid upload slot: %q, path: %q", authed_upload_info.slot, path);
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("unauthz", { request = request });
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
end
mod_http_file_share: Use correct variable name (thanks riau.sni)
3 years ago
if request.headers.content_length and tonumber(request.headers.content_length) ~= authed_upload_info.filesize then
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("filesize", { request = request });
mod_http_file_share: Switch to new util.jwt API Some changes/improvements in this commit: - Default token lifetime is now 3600s (from 300s) - Tokens are only validated once per upload - "iat"/"exp" are handled automatically by util.jwt
4 years ago
-- Note: We don't know the size if the upload is streamed in chunked encoding,
-- so we also check the final file size on completion.
end
upload_info = authed_upload_info;
request.http_file_share_upload_info = upload_info;
mod_http_file_share: Validate file size early in HTTP PUT request
5 years ago
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
mod_http_file_share: Factor out function for generating full filename
5 years ago
local filename = get_filename(upload_info.slot, true);
mod_http_file_share: Use '.bin' file extension Distinct from '.dat' used by datamanager / internal stortage for Lua object storage so that they can't easily be loaded by accident that way.
5 years ago
mod_http_file_share: Prevent attempt to upload again after completion
5 years ago
do
-- check if upload has been completed already
-- we want to allow retry of a failed upload attempt, but not after it's been completed
local f = io.open(filename, "r");
if f then
f:close();
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("alreadycompleted", { request = request });
mod_http_file_share: Prevent attempt to upload again after completion
5 years ago
end
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
if not request.body_sink then
mod_http_file_share: Add some logging
5 years ago
module:log("debug", "Preparing to receive upload into %q, expecting %s", filename, B(upload_info.filesize));
mod_http_file_share: Log error opening file for writing util.error.coerce() doesn't work well with iolib
5 years ago
local fh, err = io.open(filename.."~", "w");
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
if not fh then
mod_http_file_share: Log error opening file for writing util.error.coerce() doesn't work well with iolib
5 years ago
module:log("error", "Could not open file for writing: %s", err);
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
return upload_errors.new("writefail", { request = request; wrapped_error = err });
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
end
mod_http_file_share: Silence luacheck warning
4 years ago
function event.response:on_destroy() -- luacheck: ignore 212/self
mod_http_file_share: Clean up incomplete uploads If the request fails in the middle then the file~ could be left behind because no code was invoked to delete it then. This gets rid of it when the request is removed. It may still be left in case of an unclean shutdown.
4 years ago
-- Clean up incomplete upload
if io.type(fh) == "file" then -- still open
fh:close();
os.remove(filename.."~");
end
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
request.body_sink = fh;
if request.body == false then
mod_http_file_share: Support sending 100 Continue E.g. curl will ask for this when sending large uploads. Removes a delay while it waits for an error or go-agead.
5 years ago
if request.headers.expect == "100-continue" then
request.conn:write("HTTP/1.1 100 Continue\r\n\r\n");
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
return true;
end
end
if request.body then
mod_http_file_share: Add some logging
5 years ago
module:log("debug", "Complete upload available, %s", B(#request.body));
-- Small enough to have been uploaded already
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local written, err = errors.coerce(request.body_sink:write(request.body));
if not written then
return err;
end
request.body = nil;
end
if request.body_sink then
mod_http_file_share: Verify final file size on completion of upload
5 years ago
local final_size = request.body_sink:seek();
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
local uploaded, err = errors.coerce(request.body_sink:close());
mod_http_file_share: Verify final file size on completion of upload
5 years ago
if final_size ~= upload_info.filesize then
-- Could be too short as well, but we say the same thing
mod_http_file_share: Improve error reporting by using util.error more This should pass back the error message as well as the status code to the client.
10 months ago
uploaded, err = false, upload_errors.new("filesize", { request = request });
mod_http_file_share: Verify final file size on completion of upload
5 years ago
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
if uploaded then
mod_http_file_share: Add some logging
5 years ago
module:log("debug", "Upload of %q completed, %s", filename, B(final_size));
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
assert(os.rename(filename.."~", filename));
mod_http_file_share: Collect statistics of files uploaded
5 years ago
measure_uploads(final_size);
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
upload_cache:set(upload_info.slot, {
name = upload_info.filename;
size = tostring(upload_info.filesize);
type = upload_info.filetype;
time = os.time();
});
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
return 201;
else
assert(os.remove(filename.."~"));
return err;
end
end
end
mod_http_file_share: Collect cache hit/miss statistics for downloads
5 years ago
local download_cache_hit = module:measure("download_cache_hit", "rate");
local download_cache_miss = module:measure("download_cache_miss", "rate");
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
function handle_download(event, path) -- GET /uploads/:slot+filename
local request, response = event.request, event.response;
local slot_id = path:match("^[^/]+");
mod_http_file_share: Extract all file properties into variables earlier A step towards adding caching, which will unpack into the same variables.
5 years ago
local basename, filetime, filetype, filesize;
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
local cached = upload_cache:get(slot_id);
if cached then
module:log("debug", "Cache hit");
mod_http_file_share: Collect cache hit/miss statistics for downloads
5 years ago
download_cache_hit();
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
basename = cached.name;
filesize = cached.size;
filetype = cached.type;
filetime = cached.time;
upload_cache:set(slot_id, cached);
-- TODO cache negative hits?
mod_http_file_share: Extract all file properties into variables earlier A step towards adding caching, which will unpack into the same variables.
5 years ago
else
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
module:log("debug", "Cache miss");
mod_http_file_share: Collect cache hit/miss statistics for downloads
5 years ago
download_cache_miss();
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
local slot, when = errors.coerce(uploads:get(nil, slot_id));
if not slot then
module:log("debug", "uploads:get(%q) --> not-found, %s", slot_id, when);
else
module:log("debug", "uploads:get(%q) --> %s, %d", slot_id, slot, when);
basename = slot.attr.filename;
filesize = slot.attr.size;
filetype = slot.attr["content-type"];
filetime = when;
upload_cache:set(slot_id, {
name = basename;
size = slot.attr.size;
type = filetype;
time = when;
});
end
mod_http_file_share: Extract all file properties into variables earlier A step towards adding caching, which will unpack into the same variables.
5 years ago
end
if not basename then
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
return 404;
end
mod_http_file_share: Extract all file properties into variables earlier A step towards adding caching, which will unpack into the same variables.
5 years ago
local last_modified = os.date('!%a, %d %b %Y %H:%M:%S GMT', filetime);
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
if request.headers.if_modified_since == last_modified then
return 304;
end
mod_http_file_share: Factor out function for generating full filename
5 years ago
local filename = get_filename(slot_id);
mod_http_file_share: Fix reporting of missing files This just gave an unhelpful 500 error. It would be nice to have some wrapper code that could untangle the embedded filename in the io libs errors.
5 years ago
local handle, ferr = io.open(filename);
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
if not handle then
mod_http_file_share: Fix logging of error opening file It's annoying that Lua interpolates the filename into the error message.
5 years ago
module:log("error", "Could not open file for reading: %s", ferr);
mod_http_file_share: Fix reporting of missing files This just gave an unhelpful 500 error. It would be nice to have some wrapper code that could untangle the embedded filename in the io libs errors.
5 years ago
-- This can be because the upload slot wasn't used, or the file disappeared
-- somehow, or permission issues.
return 410;
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
end
mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’) Otherwise people complain about browser 'Save as' dialog.
5 years ago
mod_http_file_share: Support download resumption via Range requests Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
5 years ago
local request_range = request.headers.range;
local response_range;
if request_range then
mod_http_file_share: Fix off by one in Range response See #1914
9 months ago
local last_byte = string.format("%d", tonumber(filesize) - 1);
mod_http_file_share: Support download resumption via Range requests Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
5 years ago
local range_start, range_end = request_range:match("^bytes=(%d+)%-(%d*)$")
-- Only support resumption, ie ranges from somewhere in the middle until the end of the file.
mod_http_file_share: Fix off by one in Range response See #1914
9 months ago
if (range_start and range_start ~= "0") and (range_end == "" or range_end == last_byte) then
mod_http_file_share: Handle out of bounds Range request Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
5 years ago
local pos, size = tonumber(range_start), tonumber(filesize);
local new_pos = pos < size and handle:seek("set", pos);
if new_pos and new_pos < size then
mod_http_file_share: Fix off by one in Range response See #1914
9 months ago
response_range = "bytes "..range_start.."-"..last_byte.."/"..filesize;
mod_http_file_share: Handle out of bounds Range request Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
5 years ago
filesize = string.format("%d", size-pos);
else
handle:close();
return 416;
mod_http_file_share: Support download resumption via Range requests Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
5 years ago
end
mod_http_file_share: Explicitly reject all unsupported ranges Fail fast. Otherwise it sends the whole file.
9 months ago
else
handle:close();
return 416;
mod_http_file_share: Support download resumption via Range requests Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
5 years ago
end
end
mod_http_file_share: Fix traceback on missing file-type attempt to index a nil value (local 'filetype') casued by the :gsub call
5 years ago
if not filetype then
filetype = "application/octet-stream";
end
mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’) Otherwise people complain about browser 'Save as' dialog.
5 years ago
local disposition = "attachment";
if safe_types:contains(filetype) or safe_types:contains(filetype:gsub("/.*", "/*")) then
disposition = "inline";
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
response.headers.last_modified = last_modified;
mod_http_file_share: Extract all file properties into variables earlier A step towards adding caching, which will unpack into the same variables.
5 years ago
response.headers.content_length = filesize;
mod_http_file_share: Fix traceback on missing file-type attempt to index a nil value (local 'filetype') casued by the :gsub call
5 years ago
response.headers.content_type = filetype;
mod_http_file_share: Use alternate syntax for filename in Content-Disposition The Lua string.format %q doesn't behave correctly for all characters that should be escaped in a quoted-string. And who knows what effects higher Unicode might have here. Applying percent-encoding of filenames seems like the safest way to deal with filenames, as well as being easier than implementing the actual quoted-string transform, which seems complicated and I'm not even sure it covers every possible character. Filenames can safely be assumed to be UTF-8 since they are passed in an attribute in the query without any escaping.
4 years ago
response.headers.content_disposition = string.format("%s; filename*=UTF-8''%s", disposition, urlencode(basename));
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
mod_http_file_share: Support download resumption via Range requests Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
5 years ago
if response_range then
response.status_code = 206;
response.headers.content_range = response_range;
end
response.headers.accept_ranges = "bytes";
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
response.headers.cache_control = "max-age=31556952, immutable";
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header This allows certain media files to be loaded when navigated to directly in a web browser. Note that in some browsers (Chrome), the media gets transformed internally into a HTML page with some basic styles, but these are blocked due to our default-src policy of 'none' Although this could be unblocked with style-src unsafe-inline, it is not our plan to fix this, because this would have negative security implications. The reason for our CSP is to prevent the file share service from being used to host malicious HTML/CSS/JS. Yes, CSS can be malicious. Our file share service is for uploading and downloading files, it is not a substitute for website/content hosting.
8 months ago
response.headers.content_security_policy = "default-src 'none'; media-src 'self'; frame-ancestors 'none';"
mod_http_file_share: More security headers
5 years ago
response.headers.strict_transport_security = "max-age=31556952";
response.headers.x_content_type_options = "nosniff";
mod_http_file_share: Update comment about x-frame-options X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
5 years ago
response.headers.x_frame_options = "DENY"; -- COMPAT IE missing support for CSP frame-ancestors
mod_http_file_share: More security headers
5 years ago
response.headers.x_xss_protection = "1; mode=block";
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
return response:send_file(handle);
end
mod_http_file_share: Fix expiry disabled check for new config API Similar to 26c30844cac6
2 years ago
if expiry < math.huge and not external_base_url then
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
-- TODO HTTP DELETE to the external endpoint?
plugins: Prefix module imports with prosody namespace
3 years ago
local array = require "prosody.util.array";
local async = require "prosody.util.async";
local ENOENT = require "prosody.util.pposix".ENOENT;
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
mod_http_file_share: Insert pauses to avoid blocknig for long periods Similar to the mod_mam cleanup job
5 years ago
local function sleep(t)
local wait, done = async.waiter();
module:add_timer(t, done)
wait();
end
mod_http_file_share: Fix measuring how long periodic task take
4 years ago
local prune_start = module:measure("prune", "times");
mod_http_file_share: Fix to take retention time into account It was lost in 6f4790b8deec when switching to mod_cron.
4 years ago
module:daily("Remove expired files", function(_, current_time)
mod_http_file_share: Fix measuring how long periodic task take
4 years ago
local prune_done = prune_start();
mod_http_file_share: Fix to take retention time into account It was lost in 6f4790b8deec when switching to mod_cron.
4 years ago
local boundary_time = (current_time or os.time()) - expiry;
mod_http_file_share: Back out 876e1b6d6ae4
4 years ago
local iter, total = assert(uploads:find(nil, {["end"] = boundary_time; total = true}));
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
if total == 0 then
mod_http_file_share: Clarify log message No expired ... what? Could be inferred from the module logging it, but better to be explicit.
5 years ago
module:log("info", "No expired uploaded files to prune");
mod_http_file_share: Measure how long it takes to prune expired files
5 years ago
prune_done();
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
return;
end
module:log("info", "Pruning expired files uploaded earlier than %s", dt.datetime(boundary_time));
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit));
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
local obsolete_uploads = array();
mod_http_file_share: Rename variable for clarity
4 years ago
local num_expired = 0;
mod_http_file_share: Fix deletion counter Before aa60f4353001 each loop had its own counter, seems incrementing of one of them was lost. But only one is needed anyhow.
4 years ago
local size_sum = 0;
mod_http_file_share: Merge file expiry loops Not sure what the benefit of two separate loops was, perhaps reduced memory usage by allowing archive query state to be garbage collected before moving on to deleting files. Never measured so probably not so. This simplifies a bit.
4 years ago
local problem_deleting = false;
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
for slot_id, slot_info in iter do
mod_http_file_share: Rename variable for clarity
4 years ago
num_expired = num_expired + 1;
mod_http_file_share: Cache file metadata For faster access by avoiding archive ID. No benchmarks were harmed in the making of this commit. ... no benchmarks were performed at all.
5 years ago
upload_cache:set(slot_id, nil);
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
local filename = get_filename(slot_id);
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
local deleted, err, errno = os.remove(filename);
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
if deleted or errno == ENOENT then -- removed successfully or it was already gone
mod_http_file_share: Merge file expiry loops Not sure what the benefit of two separate loops was, perhaps reduced memory usage by allowing archive query state to be garbage collected before moving on to deleting files. Never measured so probably not so. This simplifies a bit.
4 years ago
size_sum = size_sum + tonumber(slot_info.attr.size);
obsolete_uploads:push(slot_id);
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
else
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
module:log("error", "Could not prune expired file %q: %s", filename, err);
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
problem_deleting = true;
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
end
mod_http_file_share: Rename variable for clarity
4 years ago
if num_expired % 100 == 0 then sleep(0.1); end
mod_http_file_share: Merge file expiry loops Not sure what the benefit of two separate loops was, perhaps reduced memory usage by allowing archive query state to be garbage collected before moving on to deleting files. Never measured so probably not so. This simplifies a bit.
4 years ago
end
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
-- obsolete_uploads now contains slot ids for which the files have been
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
-- removed and that needs to be cleared from the database
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
local deletion_query = {["end"] = boundary_time};
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
if not problem_deleting then
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
module:log("info", "All (%d, %s) expired files successfully pruned", num_expired, B(size_sum));
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
-- we can delete based on time
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
else
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
module:log("warn", "%d out of %d expired files could not be pruned", num_expired-#obsolete_uploads, num_expired);
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
-- we'll need to delete only those entries where the files were
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
-- successfully removed, and then try again with the failed ones.
mod_http_file_share: Remove correct entries when not all expired files were deleted If any of the expired files could not be deleted then we should not forget about that, we should complain loudly and try again. The code got this backwards and would have removed only the entries referring to still existing files. Test procedure: 1. Upload a file 2. chown root:root http_file_share/ 3. In uploads.list, decrease 'when' enough to ensure expiry 4. Reload mod_http_file_share 5. Should see an error in the logs about failure to delete the file 6. Should see that the metadata in uploads.list is still there 7. chown http_file_share/ back to the previous owner 8. Reload mod_http_file_share 9. Should see logs about successful removal of expired file 10. Should see that the metadata in uploads.list is gone 11. Should see that the file was deleted
5 years ago
-- eventually the admin ought to notice and fix the permissions or
-- whatever the problem is.
deletion_query = {ids = obsolete_uploads};
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
end
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
total_storage_usage = total_storage_usage - size_sum;
module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit));
persist_stats:set(nil, "total", total_storage_usage);
mod_http_file_share: Keep global storage use accurate longer. Merging those loops removes the miscounting that would occur in case a file could not be deleted, so no need to limit it to that case.
4 years ago
mod_http_file_share: Skip removal of nothing In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
5 years ago
if #obsolete_uploads == 0 then
module:log("debug", "No metadata to remove");
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
else
mod_http_file_share: Skip removal of nothing In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
5 years ago
local removed, err = uploads:delete(nil, deletion_query);
mod_http_file_share: Rename variable for clarity
4 years ago
if removed == true or removed == num_expired or removed == #obsolete_uploads then
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
module:log("debug", "Expired upload metadata pruned successfully");
mod_http_file_share: Skip removal of nothing In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
5 years ago
else
mod_http_file_share: Improve consistency of terminology in logging Prefer 'prune' over 'delete' since it more strongly implies removal of excess.
4 years ago
module:log("error", "Problem removing metadata for expired files: %s", err);
mod_http_file_share: Skip removal of nothing In case none of the expired files could be deleted then it's a waste of an API call to try to remove any of the metadata at all.
5 years ago
end
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
end
mod_http_file_share: Measure how long it takes to prune expired files
5 years ago
prune_done();
mod_http_file_share: Add support for removing old files (default 2 weeks)
5 years ago
end);
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local summary_start = module:measure("summary", "times");
mod_http_file_share: Fix measuring how long periodic task take
4 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
module:weekly("Calculate total storage usage", function()
local summary_done = summary_start();
local iter = assert(uploads:find(nil));
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
local count, sum = 0, 0;
for _, file in iter do
sum = sum + tonumber(file.attr.size);
count = count + 1;
end
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
module:log("info", "Uploaded files total: %s in %d files", B(sum), count);
if persist_stats:set(nil, "total", sum) then
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
total_storage_usage = sum;
mod_http_file_share: Always measure total disk usage for statistics! Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota.
4 years ago
else
total_storage_usage = unknown;
end
module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit));
summary_done();
end);
mod_http_file_share: Add optional global quota on total storage usage Before, maximum storage usage (assuming all users upload as much as they could) would depend on the quota, retention period and number of users. Since number of users can vary, this makes it hard to know how much storage will be needed. Adding a limit to the total overall storage use solves this, making it simple to set it to some number based on what storage is actually available. Summary job run less often than the prune job since it touches the entire archive; and started before the prune job since it's needed before the first upload.
4 years ago
mod_http_file_share: Add internal command to check files consistency Background: Found a few files in my store that did not match the size recorded in the slot, so I needed a way to check which which those were. As it was a bit too much to type into the shell I added it here instead.
5 years ago
-- Reachable from the console
function check_files(query)
local issues = {};
local iter = assert(uploads:find(nil, query));
for slot_id, file in iter do
local filename = get_filename(slot_id);
local size, err = lfs.attributes(filename, "size");
if not size then
issues[filename] = err;
elseif tonumber(file.attr.size) ~= size then
issues[filename] = "file size mismatch";
end
end
return next(issues) == nil, issues;
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
module:hook("iq-get/host/urn:xmpp:http:upload:0:request", handle_slot_request);
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
if not external_base_url then
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
module:provides("http", {
streaming_uploads = true;
mod_http_file_share: Allow credentials via CORS (needed for auth token)
5 years ago
cors = {
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
4 years ago
enabled = true;
mod_http_file_share: Allow credentials via CORS (needed for auth token)
5 years ago
credentials = true;
mod_http_file_share: Allow 'Authorization' header via CORS (thanks kawaii) Can't find anything saying anything on whether this is needed or not. kawaii reported that both Chrome and Firefox complained unless the header was added to the list of allowed headers.
4 years ago
headers = {
Authorization = true;
};
mod_http_file_share: Allow credentials via CORS (needed for auth token)
5 years ago
};
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
route = {
["PUT /*"] = handle_upload;
["GET /*"] = handle_download;
mod_http_file_share: Return a message from the base URL
5 years ago
["GET /"] = function (event)
return prosody.events.fire_event("http-message", {
response = event.response;
---
title = "Prosody HTTP Upload endpoint";
message = "This is where files will be uploaded to, and served from.";
warning = not (event.request.secure) and "This endpoint is not considered secure!" or nil;
}) or "This is the Prosody HTTP Upload endpoint.";
end
mod_http_file_share: Let's write another XEP-0363 implementation This variant is meant to improve upon mod_http_upload in some ways: * Handle files much of arbitrary size efficiently * Allow GET and PUT URLs to be different * Remember Content-Type sent by client * Avoid dependency on mod_http_files * Built-in way to delegate storage to another httpd
5 years ago
}
});
mod_http_file_share: Add support for external file upload service PUT /upload/:slot/:filename Authorization: Bearer JWT{ uploader, filename, filesize, filetype, exp }
5 years ago
end