You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

52 lines
1.5 KiB

local filename, args = ...
local uri_prefix = args["prefix"]
local doc_root = args["document-root"]
local secret = args["secret"]
local timeout = tonumber(args["timeout"])
local function deny_access(vr, status)
vr:handle_direct()
vr.resp.status = status
end
local function handle_secdownload(vr)
local path = vr.req.uri.path
local prefix_len = uri_prefix:len()
if path:sub(1, prefix_len) == uri_prefix and not vr.is_handled then
local md5str = path:sub(prefix_len + 1, prefix_len + 32)
if md5str:len() ~= 32 then return deny_access(vr, 403) end
if path:sub(prefix_len + 33, prefix_len + 33) ~= "/" then return deny_access(vr, 403) end
local slash = path:find("/", prefix_len + 34)
if slash == nil then return deny_access(vr, 403) end
local ts_string = path:sub(prefix_len + 34, slash - 1)
local timestamp = tonumber(ts_string, 16)
if timestamp == nil then return deny_access(vr, 403) end
path = path:sub(slash)
local ts = os.time()
if (timestamp < ts - timeout) or (timestamp > ts + timeout) then
-- Gone, not Timeout (don't retry later)
return deny_access(vr, 410)
end
-- modify md5content as you wish :)
local md5content = secret .. path .. ts_string
-- vr:debug("checking md5: '" .. md5content .. "', md5: " .. md5str)
if md5str ~= lighty.md5(secret .. path .. ts_string) then
return deny_access(vr, 403)
end
-- rewrite physical paths
vr.phys.doc_root = doc_root
vr.phys.path = doc_root .. path
end
end
actions = handle_secdownload