mod_http_upload: Add "secret_length" option

The new "secret_length" option allows for specifying the length of the random string included in the URLs generated by mod_http_upload.
2015-08-22 00:45:45 +02:00 · 2015-08-22 00:45:45 +02:00 · a17a554a8c
parent 216e244b6a
commit a17a554a8c
2 changed files with 17 additions and 4 deletions
--- a/mod_http_upload/README.txt
+++ b/mod_http_upload/README.txt
@ -66,6 +66,12 @@ The configurable mod_http_upload options are:
  This option limits the acceptable file size.  Either a number of bytes
  (larger than zero) or 'infinity' must be specified.

+- secret_length (default: 40)
+
+  This option defines the length of the random string included in the GET
+  and PUT URLs generated by mod_http_upload.  The minimum length is 8
+  characters, but it is recommended to choose a larger value.
+
 - jid_in_url (default: 'sha1')

  When this option is set to 'node', the node identifier of the user's JID
--- a/mod_http_upload/src/mod_http_upload.erl
+++ b/mod_http_upload/src/mod_http_upload.erl
@ -75,6 +75,7 @@
 	 name                   :: binary(),
 	 access                 :: atom(),
 	 max_size               :: pos_integer() | infinity,
+	 secret_length          :: pos_integer(),
 	 jid_in_url             :: sha1 | node,
 	 docroot                :: binary(),
 	 put_url                :: binary(),
@ -143,6 +144,8 @@ mod_opt_type(max_size) ->
    fun (I) when is_integer(I), I > 0 -> I;
        (infinity) -> infinity
    end;
+mod_opt_type(secret_length) ->
+    fun (I) when is_integer(I), I >= 8-> I end;
 mod_opt_type(jid_in_url) ->
    fun(sha1) -> sha1;
       (node) -> node
@ -162,7 +165,7 @@ mod_opt_type(service_url) ->
       (<<"https://", _/binary>> = URL) -> URL
    end;
 mod_opt_type(_) ->
-    [host, name, access, max_size, jid_in_url, docroot,
+    [host, name, access, max_size, secret_length, jid_in_url, docroot,
     put_url, get_url, service_url].

 %%--------------------------------------------------------------------
@ -182,6 +185,9 @@ init({ServerHost, Opts}) ->
 			      fun (I) when is_integer(I), I > 0 -> I;
 				  (infinity) -> infinity
 			      end, 104857600),
+    SecretLength = gen_mod:get_opt(secret_length, Opts,
+				   fun(I) when is_integer(I), I >= 8 -> I end,
+				   40),
    JIDinURL = gen_mod:get_opt(jid_in_url, Opts,
 				   fun(sha1) -> sha1;
 				      (node) -> node
@ -222,7 +228,7 @@ init({ServerHost, Opts}) ->
    ejabberd_router:register_route(Host),
    {ok, #state{server_host = ServerHost, host = Host, name = Name,
 		access = Access, max_size = MaxSize,
-		jid_in_url = JIDinURL,
+		secret_length = SecretLength, jid_in_url = JIDinURL,
 		docroot = DocRoot,
 		put_url = str:strip(PutURL, right, $/),
 		get_url = str:strip(GetURL, right, $/),
@ -454,10 +460,11 @@ create_slot(#state{service_url = undefined, max_size = MaxSize},
 	      [File, User, Size]),
    {error, ?ERRT_NOT_ACCEPTABLE(Lang, Text)};
 create_slot(#state{service_url = undefined,
-		   jid_in_url = JIDinURL},
+		   jid_in_url = JIDinURL,
+		   secret_length = SecretLength},
 	    User, File, _Size, _ContentType, _Lang) ->
    UserStr = make_user_string(User, JIDinURL),
-    RandStr = make_rand_string(40),
+    RandStr = make_rand_string(SecretLength),
    SaneFile = re:replace(File, <<"[^a-zA-Z0-9_.-]">>, <<$_>>,
 			  [global, {return, binary}]),
    ?INFO_MSG("Got HTTP upload slot for ~s (file: ~s)", [User, File]),