mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_http_file_share: Strip authorization type prefix a bit earlier

Browse source
This commit is contained in:
Kim Alvefur 2021-01-27 18:26:24 +01:00
parent ae4ad08b4a
commit 2cb87c6ffa
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
plugins/mod_http_file_share.lua
View file

@ -152,11 +152,14 @@ end
function handle_upload(event, path) -- PUT /upload/:slot
local request = event.request;
local authz = request.headers.authorization;
if not authz or not authz:find"^Bearer ." then
if authz then
authz = authz:match("^Bearer (.*)")
end
if not authz then
module:log("debug", "Missing Authorization");
return 403;
end
local authed, upload_info = jwt.verify(secret, authz:match("^Bearer (.*)"));
local authed, upload_info = jwt.verify(secret, authz);
if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then
module:log("debug", "Unauthorized or invalid token: %s, %q", authed, upload_info);
return 401;