53 return nil, 400; |
53 return nil, 400; |
54 end |
54 end |
55 return post_body; |
55 return post_body; |
56 end |
56 end |
57 |
57 |
|
58 local function parse_query(request) |
|
59 local q = request.url.query; |
|
60 return q and http_util.formdecode(q) or nil; |
|
61 end |
|
62 |
58 -- Cookies |
63 -- Cookies |
59 |
64 |
60 local function add_header(headers, header, value) |
65 local function add_header(headers, header, value) |
61 if headers[header] then |
66 if headers[header] then |
62 headers[header] = headers[header] .. ", " .. value; |
67 headers[header] = headers[header] .. ", " .. value; |
69 if headers[header] then |
74 if headers[header] then |
70 headers[header] = value .. ", " .. headers[header]; |
75 headers[header] = value .. ", " .. headers[header]; |
71 else |
76 else |
72 headers[header] = value; |
77 headers[header] = value; |
73 end |
78 end |
|
79 end |
|
80 |
|
81 local response_mt = {}; |
|
82 |
|
83 local function redirect(to, code) |
|
84 return setmetatable({ |
|
85 status_code = code or 303; |
|
86 headers = { |
|
87 Location = to; |
|
88 } |
|
89 }, response_mt); |
|
90 end |
|
91 |
|
92 local function is_response(obj) |
|
93 return getmetatable(obj) == response_mt; |
74 end |
94 end |
75 |
95 |
76 local function set_cookie(headers, cookie, opts) |
96 local function set_cookie(headers, cookie, opts) |
77 if opts then |
97 if opts then |
78 local params = {""}; |
98 local params = {""}; |
95 end |
115 end |
96 |
116 |
97 prefix_header(headers, "set_cookie", cookie); |
117 prefix_header(headers, "set_cookie", cookie); |
98 end |
118 end |
99 |
119 |
|
120 local function set_auth_cookie(username, response, secret) |
|
121 local expires = config.cookie_ttl or 604800; |
|
122 local cookie = usercookie.generate(username, os.time()+expires, secret); |
|
123 cookie = "__Host-auth=".. cookie .. "; Path="..config.base_path |
|
124 .."; Max-Age="..tostring(expires).."; Secure; HttpOnly"; |
|
125 return set_cookie(response.headers, cookie); |
|
126 end |
|
127 |
|
128 local function verify_auth_cookie(request, secret) |
|
129 unpack_cookies(request); |
|
130 request.cookies.auth = usercookie.verify(request.cookies["__Host-auth"], secret); |
|
131 end |
|
132 |
100 return { |
133 return { |
101 unpack_cookies = unpack_cookies; |
134 unpack_cookies = unpack_cookies; |
102 validate_csrf = validate_csrf; |
135 validate_csrf = validate_csrf; |
103 parse_body_and_csrf = parse_body_and_csrf; |
136 parse_body_and_csrf = parse_body_and_csrf; |
104 parse_body = parse_body; |
137 parse_body = parse_body; |
|
138 parse_query = parse_query; |
105 add_header = add_header; |
139 add_header = add_header; |
106 prefix_header = prefix_header; |
140 prefix_header = prefix_header; |
|
141 redirect = redirect; |
107 set_cookie = set_cookie; |
142 set_cookie = set_cookie; |
|
143 set_auth_cookie = set_auth_cookie; |
|
144 verify_auth_cookie = verify_auth_cookie; |
|
145 is_response = is_response; |
108 }; |
146 }; |