9 |
9 |
10 local httpserver = require "net.httpserver"; |
10 local httpserver = require "net.httpserver"; |
11 |
11 |
12 local open = io.open; |
12 local open = io.open; |
13 local t_concat = table.concat; |
13 local t_concat = table.concat; |
|
14 local check_http_path; |
14 |
15 |
15 local http_base = "www_files"; |
16 local http_base = "www_files"; |
16 |
17 |
|
18 local response_403 = { status = "403 Forbidden", body = "<h1>Invalid URL</h1>Sorry, we couldn't find what you were looking for :(" }; |
17 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" }; |
19 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" }; |
18 |
20 |
19 local http_path = { http_base }; |
21 local http_path = { http_base }; |
20 local function handle_request(method, body, request) |
22 local function handle_request(method, body, request) |
21 local path = request.url.path:gsub("%.%.%/", ""):gsub("^/[^/]+", ""); |
23 local path = check_http_path(request.url.path:gsub("^/[^/]+%.*", "")); |
|
24 if not path then |
|
25 return response_403; |
|
26 end |
22 http_path[2] = path; |
27 http_path[2] = path; |
23 local f, err = open(t_concat(http_path), "r"); |
28 local f, err = open(t_concat(http_path), "r"); |
24 if not f then return response_404; end |
29 if not f then return response_404; end |
25 local data = f:read("*a"); |
30 local data = f:read("*a"); |
26 f:close(); |
31 f:close(); |
27 return data; |
32 return data; |
28 end |
33 end |
29 |
34 |
30 local ports = config.get(module.host, "core", "http_ports") or { 5280 }; |
35 local ports = config.get(module.host, "core", "http_ports") or { 5280 }; |
31 httpserver.new_from_config(ports, "files", handle_request); |
36 httpserver.new_from_config(ports, "files", handle_request); |
|
37 |
|
38 function check_http_path(url) |
|
39 if url:sub(1,1) ~= "/" then |
|
40 url = "/"..url; |
|
41 end |
|
42 |
|
43 local level = 0; |
|
44 for part in url:gmatch("%/([^/]+)") do |
|
45 if part == ".." then |
|
46 level = level - 1; |
|
47 elseif part ~= "." then |
|
48 level = level + 1; |
|
49 end |
|
50 if level < 0 then |
|
51 return nil; |
|
52 end |
|
53 end |
|
54 return url; |
|
55 end |