Sun, 30 Dec 2018 09:43:36 +0000
client: Ignore timeout timer if we received a stanza
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 | local verse = require "verse"; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 | |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 | local server = require "net.server"; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 | local http_server = require "net.http.server"; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 | local http = require "net.http"; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 | local json = require "util.json"; |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
7 | local time = require "socket".gettime; |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 | |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 | function handle_request() |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 | return "Hello world"; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 | end |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 | |
158
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
13 | local function set_cross_domain_headers(response, origin) |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
14 | local headers = response.headers; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
15 | headers.access_control_allow_methods = "GET, POST, OPTIONS"; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
16 | headers.access_control_allow_headers = "Content-Type"; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
17 | headers.access_control_max_age = "7200"; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
18 | headers.access_control_allow_origin = origin; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
19 | return response; |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
20 | end |
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
21 | |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 | local function run(config, run_script) |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 | function handle_run_request(event) |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
24 | local request, response = event.request, event.response; |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
25 | |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
26 | local function log(type, data) |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
27 | local entry = { type = type, data = data, time = time() }; |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
28 | local chunk = json.encode(entry) .. "\r\n"; |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
29 | response.conn:write(("%x\r\n%s\r\n"):format(#chunk, chunk)); |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 | end |
157
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
31 | |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
32 | -- SECURITY NOTE: We MUST validate Origin before running the Scansion script, |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
33 | -- since we don't want arbitrary websites to have local RCEs (CORS does not |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
34 | -- protect us here, it at best keeps the script from seeing the response) |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
35 | if request.headers.origin ~= config.origin and config.origin ~= "*" then |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
36 | verse.log("warn", "Rejecting origin: %s", request.headers.origin); |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
37 | response.status_code = 403; -- spec suggested response when we don't like the origin |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
38 | response.headers.connection = "close"; |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
39 | return ""; |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
40 | end |
b35dc87ebff0
Make --serve and --serve-port take an origin argument, in order to disallow random websites from accessing the local port
Waqas Hussain <waqas20@gmail.com>
parents:
156
diff
changeset
|
41 | |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
42 | response.status_code = 201; |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
43 | response.headers.connection = "close"; |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
44 | response.headers.transfer_encoding = "chunked"; |
158
f09fe6c16e10
Allow CORS for /run end-point
Waqas Hussain <waqas20@gmail.com>
parents:
157
diff
changeset
|
45 | set_cross_domain_headers(response, config.origin); -- Let browser JS see the response |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
46 | response.conn:send(table.concat(http_server.prepare_header(response))); |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
47 | |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
48 | local ok, ret = pcall(run_script, "web", event.request.body, log); |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
49 | |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
50 | if not ok then |
162
f888f236321f
Make current line number available in all error events
Waqas Hussain <waqas20@gmail.com>
parents:
159
diff
changeset
|
51 | local line = nil; |
f888f236321f
Make current line number available in all error events
Waqas Hussain <waqas20@gmail.com>
parents:
159
diff
changeset
|
52 | if type(ret) == "string" then |
f888f236321f
Make current line number available in all error events
Waqas Hussain <waqas20@gmail.com>
parents:
159
diff
changeset
|
53 | line = tonumber(ret:match("%(line (%d+)%)$")); |
f888f236321f
Make current line number available in all error events
Waqas Hussain <waqas20@gmail.com>
parents:
159
diff
changeset
|
54 | end |
f888f236321f
Make current line number available in all error events
Waqas Hussain <waqas20@gmail.com>
parents:
159
diff
changeset
|
55 | log("error", { message = ret, line = line }); |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 | end |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 | |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
58 | response.conn:write("0\r\n\r\n"); |
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
59 | response:done(); |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 | |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
61 | return true; |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 | end |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 | |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 | http_server.add_host("localhost"); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 | http_server.set_default_host("localhost"); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 | http_server.add_handler("GET localhost/*", handle_request); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 | http_server.add_handler("POST localhost/run", handle_run_request); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 | http_server.add_handler("http-error", function (e) |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 | verse.log("error", "HTTP error: %s", e.code); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 | end); |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 | --http_server.add_handler("GET localhost/stream/*", handle_stream_request); |
159
0aa4f7bda3f8
serve: Log port and origin as part of startup
Waqas Hussain <waqas20@gmail.com>
parents:
158
diff
changeset
|
72 | local port = config.port or 8007; |
0aa4f7bda3f8
serve: Log port and origin as part of startup
Waqas Hussain <waqas20@gmail.com>
parents:
158
diff
changeset
|
73 | http_server.listen_on(port); |
0aa4f7bda3f8
serve: Log port and origin as part of startup
Waqas Hussain <waqas20@gmail.com>
parents:
158
diff
changeset
|
74 | verse.log("info", "Listening on port %d for origin %s", port, config.origin); |
156
807dc9c0f140
scansion.serve: Add support for chunked encoding (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
137
diff
changeset
|
75 | repeat until not verse.loop(); |
137
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 | end |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 | |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 | return { |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 | run = run; |
091212cef52a
main, scansion.serve: Add mode that serves /run API for executing scripts
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 | } |