Mercurial Hosting > luan
annotate src/luan/host/WebHandler.java @ 1330:f41919741100
fix security
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Mon, 11 Feb 2019 01:38:55 -0700 |
parents | 307e76ccd0d6 |
children | 11b7e11f9ed5 |
rev | line source |
---|---|
1185
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
1 package luan.host; |
1135 | 2 |
3 import java.io.File; | |
4 import org.slf4j.Logger; | |
5 import org.slf4j.LoggerFactory; | |
1185
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
6 import luan.webserver.Handler; |
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
7 import luan.webserver.Request; |
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
8 import luan.webserver.Response; |
1315 | 9 import luan.webserver.handlers.DomainHandler; |
1330 | 10 import luan.Luan; |
1135 | 11 import luan.LuanState; |
12 import luan.LuanException; | |
13 import luan.LuanTable; | |
1330 | 14 import luan.LuanFunction; |
15 import luan.LuanClosure; | |
16 import luan.modules.BasicLuan; | |
1185
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
17 import luan.modules.http.LuanHandler; |
1321
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
18 import luan.modules.logging.LuanLogger; |
1135 | 19 |
20 | |
1185
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
21 public class WebHandler implements Handler { |
1135 | 22 private static final Logger logger = LoggerFactory.getLogger(WebHandler.class); |
23 | |
1330 | 24 private static final class LuanRuntimeException extends RuntimeException { |
25 final LuanException e; | |
26 | |
27 LuanRuntimeException(LuanException e) { | |
28 this.e = e; | |
29 } | |
30 } | |
31 | |
1315 | 32 private static final DomainHandler.Factory factory = new DomainHandler.Factory() { |
33 public Handler newHandler(String domain) { | |
34 File dir = new File(sitesDir,domain); | |
35 if( !dir.exists() /* && !recover(dir) */ ) | |
36 return null; | |
37 String dirStr = dir.toString(); | |
1230 | 38 |
1315 | 39 String logDir = dirStr + "/site/private/local/logs/web"; |
40 new File(logDir).mkdirs(); | |
1230 | 41 |
1315 | 42 LuanState luan = new LuanState(); |
1321
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
43 try { |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
44 LuanLogger.newLoggerRepository(luan); |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
45 } catch(LuanException e) { |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
46 throw new RuntimeException(e); |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
47 } |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
48 initLuan(luan,dirStr,domain,true); |
307e76ccd0d6
generalize separate logging
Franklin Schmidt <fschmidt@gmail.com>
parents:
1315
diff
changeset
|
49 return new LuanHandler(luan); |
1230 | 50 } |
1315 | 51 }; |
1230 | 52 |
1330 | 53 public static String securityPassword = "password"; // change for security |
1315 | 54 private static final DomainHandler domainHandler = new DomainHandler(factory); |
1202 | 55 private static String sitesDir = null; |
1135 | 56 |
57 public static boolean isServing() { | |
58 return sitesDir != null; | |
59 } | |
60 | |
1185
94cf2576a922
implement WebHandler for nginx
Franklin Schmidt <fschmidt@gmail.com>
parents:
1182
diff
changeset
|
61 public WebHandler(String dir) { |
1135 | 62 if( sitesDir != null ) |
63 throw new RuntimeException("already set"); | |
64 if( !new File(dir).exists() ) | |
65 throw new RuntimeException(); | |
1230 | 66 sitesDir = dir; |
1135 | 67 } |
68 | |
1315 | 69 @Override public Response handle(Request request) { |
70 return domainHandler.handle(request); | |
1135 | 71 } |
72 | |
73 public static Object runLuan(String domain,String sourceText,String sourceName) throws LuanException { | |
1315 | 74 LuanHandler luanHandler = (LuanHandler)domainHandler.getHandler(domain); |
75 return luanHandler.runLuan(sourceText,sourceName); | |
1135 | 76 } |
77 | |
78 public static Object callSite(String domain,String fnName,Object... args) throws LuanException { | |
1315 | 79 LuanHandler luanHandler = (LuanHandler)domainHandler.getHandler(domain); |
80 return luanHandler.call_rpc(fnName,args); | |
1135 | 81 } |
82 | |
83 /* | |
84 private static boolean recover(File dir) { | |
85 File backups = new File(dir.getParentFile().getParentFile(),"backups"); | |
86 if( !backups.exists() ) | |
87 return false; | |
88 String name = dir.getName(); | |
89 File from = null; | |
90 for( File backup : backups.listFiles() ) { | |
91 File d = new File(backup,"current/"+name); | |
92 if( d.exists() && (from==null || from.lastModified() < d.lastModified()) ) | |
93 from = d; | |
94 } | |
95 if( from == null ) | |
96 return false; | |
97 if( !from.renameTo(dir) ) | |
98 throw new RuntimeException("couldn't rename "+from+" to "+dir); | |
99 logger.info("recovered "+name+" from "+from); | |
100 return true; | |
101 } | |
102 */ | |
1330 | 103 static void initLuan(LuanState luan,String dir,String domain,boolean logging) { |
104 security(luan,dir); | |
1135 | 105 try { |
1330 | 106 LuanFunction fn = BasicLuan.load_file(luan,"classpath:luan/host/init.luan"); |
107 fn.call(luan,new Object[]{dir,domain,logging}); | |
1135 | 108 } catch(LuanException e) { |
1330 | 109 throw new LuanRuntimeException(e); |
1135 | 110 } |
111 } | |
112 | |
1315 | 113 public static void removeHandler(String domain) { |
114 domainHandler.removeHandler(domain); | |
1135 | 115 } |
116 | |
1330 | 117 public static void loadHandler(String domain) throws LuanException { |
118 try { | |
119 domainHandler.getHandler(domain); | |
120 } catch(LuanRuntimeException e) { | |
121 throw e.e; | |
122 } | |
1135 | 123 } |
124 | |
1330 | 125 private static final void security(LuanState luan,String dir) { |
1174
bdf27aa2a65c
fix luanhost security bug
Franklin Schmidt <fschmidt@gmail.com>
parents:
1136
diff
changeset
|
126 final String siteUri = "file:" + dir + "/site"; |
1330 | 127 Luan.Security security = new Luan.Security() { |
128 public void check(LuanState luan,LuanClosure closure,String op,Object... args) | |
129 throws LuanException | |
130 { | |
131 if( op.equals("uri") ) { | |
132 String name = (String)args[0]; | |
133 if( name.startsWith("file:") ) { | |
134 if( name.contains("..") ) | |
135 throw new LuanException("Security violation - '"+name+"' contains '..'"); | |
136 if( !(name.equals(siteUri) || name.startsWith(siteUri+"/")) ) | |
137 throw new LuanException("Security violation - '"+name+"' outside of site dir"); | |
138 } | |
139 else if( name.startsWith("classpath:luan/host/") ) { | |
140 throw new LuanException("Security violation"); | |
141 } | |
142 else if( name.startsWith("os:") || name.startsWith("bash:") ) { | |
143 throw new LuanException("Security violation"); | |
144 } | |
145 } else { | |
146 String name = closure.sourceName; | |
147 if( !( | |
148 name.startsWith("luan:") | |
149 || name.startsWith("classpath:") | |
150 || name.matches("^file:[^/]+$") | |
151 ) ) | |
152 throw new LuanException("Security violation - only luan:* modules can load Java"); | |
153 if( name.equals("luan:logging/Logging") ) | |
154 throw new LuanException("Security violation - cannot reload Logging"); | |
1135 | 155 } |
156 } | |
157 }; | |
1330 | 158 Luan.setSecurity(luan,security); |
1135 | 159 } |
160 | |
161 } |