haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #828 from SamWhited/mod_token_use_proper_path 

Use valid path for HTTP token fetches
This commit is contained in:
Paweł Domas 2016-09-01 10:02:47 -05:00 committed by GitHub
parent e2c5439112 9ec120d7cb
commit 5ef547d285
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
prosody-plugins/mod_auth_token.lua
View File

@ -3,11 +3,13 @@
local basexx = require "basexx";
local have_async, async = pcall(require, "util.async");
local hex = require "util.hex";
local formdecode = require "util.http".formdecode;
local generate_uuid = require "util.uuid".generate;
local http = require "net.http";
local json = require "cjson";
local new_sasl = require "util.sasl".new;
local path = require "util.paths";
local sasl = require "util.sasl";
local sha256 = require "util.hashes".sha256;
local timer = require "util.timer";
@ -99,12 +101,13 @@ function get_public_key(keyId)
end
done();
end
module:log("debug", "Fetching public key from: "..asapKeyServer..keyId);
local keyurl = path.join(asapKeyServer, hex.to(sha256(keyId))..'.pem');
module:log("debug", "Fetching public key from: "..keyurl);
-- We hash the key ID to work around some legacy behavior and make
-- deployment easier. It also helps prevent directory
-- traversal attacks (although path cleaning could have done this too).
local request = http.request(asapKeyServer..sha256(keyId)..'.pem', {
local request = http.request(keyurl, {
headers = http_headers or {},
method = "GET"
}, cb);