The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
The Lua string.format %q doesn't behave correctly for all characters
that should be escaped in a quoted-string. And who knows what effects
higher Unicode might have here.
Applying percent-encoding of filenames seems like the safest way to deal
with filenames, as well as being easier than implementing the actual
quoted-string transform, which seems complicated and I'm not even sure
it covers every possible character.
Filenames can safely be assumed to be UTF-8 since they are passed in an
attribute in the query without any escaping.
Metrics available or not depending on configuration is weird, even tho
it might be expensive to calculate and it's only really needed when
there is a global quota.
Default quota is set to infinity, which is essentially what it was.
Reports NaN if there is an error, which should count as over the
infinite default quota.
Before mod_cron this job ran less frequently than the upload removal
job. Running them at the same frequency seems wasteful somehow, plus the
total should not drift away from the true value that fast.
Not sure what the benefit of two separate loops was, perhaps reduced
memory usage by allowing archive query state to be garbage collected
before moving on to deleting files. Never measured so probably not so.
This simplifies a bit.
This is probably a bad idea, as files that could not be deleted for some
reason will not be tried again. I was just thinking of what the 'task'
argument could be used for.
If the request fails in the middle then the file~ could be left behind
because no code was invoked to delete it then. This gets rid of it when
the request is removed. It may still be left in case of an unclean
shutdown.
Can't find anything saying anything on whether this is needed or not.
kawaii reported that both Chrome and Firefox complained unless the
header was added to the list of allowed headers.
Before, maximum storage usage (assuming all users upload as much as they
could) would depend on the quota, retention period and number of users.
Since number of users can vary, this makes it hard to know how much
storage will be needed.
Adding a limit to the total overall storage use solves this, making it
simple to set it to some number based on what storage is actually
available.
Summary job run less often than the prune job since it touches the
entire archive; and started before the prune job since it's needed
before the first upload.
X-Frame-Options was replaced by the Content-Security-Policy
'frame-ancestors' directive, but Internet Explorer does not support that
part of CSP.
Since it's just one line it doesn't hurt to keep until some future
spring cleaning event :)
Only a starting point is supported due to the way response:send_file()
sends everything it gets from the provided file handle but does not have
any way to specify how much to read.
This matches what Conversations appears to be doing.
Lets an external upload service know this so it can do expiry itself.
Could possibly have been calculated based on the token expiry or
issuance time, explicit > implicit.
Background: Found a few files in my store that did not match the size
recorded in the slot, so I needed a way to check which which those were.
As it was a bit too much to type into the shell I added it here instead.
This is neat, O(1) reporting, why don't we do this everywhere?
Gives you an idea of how much stuff is in the caches, which may help
inform decisions on whether the size is appropriate.
If any of the expired files could not be deleted then we should not
forget about that, we should complain loudly and try again.
The code got this backwards and would have removed only the entries
referring to still existing files.
Test procedure:
1. Upload a file
2. chown root:root http_file_share/
3. In uploads.list, decrease 'when' enough to ensure expiry
4. Reload mod_http_file_share
5. Should see an error in the logs about failure to delete the file
6. Should see that the metadata in uploads.list is still there
7. chown http_file_share/ back to the previous owner
8. Reload mod_http_file_share
9. Should see logs about successful removal of expired file
10. Should see that the metadata in uploads.list is gone
11. Should see that the file was deleted
