parsav: Diff

Differences From Artifact [8605ea50bd]:

File route.t — part of check-in [af5ed65b68] at 2021-01-07 09:39:29 on branch trunk — further iteration on media (user: lexi, size: 19903) [annotate] [blame] [check-ins using]

To Artifact [881176d2e1]:

File route.t — part of check-in [93aea04a05] at 2021-01-07 20:39:57 on branch trunk — media uploads work now, some types can be viewed (user: lexi, size: 20723) [annotate] [blame] [check-ins using]


terra http.file_serve_raw(co: &lib.srv.convo, id: lib.mem.ptr(int8))
	var id, idok = lib.math.shorthand.parse(id.ptr, id.ct)
	if not idok then goto e404 end
	var data, mime = co.srv:artifact_load(id)
	if not data then goto e404 end
	do defer data:free() defer mime:free()
		lib.net.mg_printf(co.con, 'HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\n\r\n', mime.ct, mime.ptr, data.ct + 2)














		lib.net.mg_send(co.con, data.ptr, data.ct)
		lib.net.mg_send(co.con, '\r\n', 2)
	return end

	::e404:: do co:complain(404, 'artifact not found', 'no such artifact has been uploaded to this instance') return end
end








|
>
>
>
>
>
>
>
>
>
>
>
>
>
>


terra http.file_serve_raw(co: &lib.srv.convo, id: lib.mem.ptr(int8))
	var id, idok = lib.math.shorthand.parse(id.ptr, id.ct)
	if not idok then goto e404 end
	var data, mime = co.srv:artifact_load(id)
	if not data then goto e404 end
	do defer data:free() defer mime:free()
		var safemime = mime
		-- TODO this is not a satisfactory solution; it's a bandaid on a gaping
		-- chest wound. ultimately we need to compile a whitelist of safe mime
		-- types as part of mimelib, but that is no small task. for now, this
		-- will keep the patient from immediately bleeding out
		if mime:cmp(lib.str.plit'text/html') or
			mime:cmp(lib.str.plit'text/xml') or
			mime:cmp(lib.str.plit'application/xhtml+xml') or
			mime:cmp(lib.str.plit'application/vnd.wap.xhtml+xml')
		then -- danger will robinson
			safemime = lib.str.plit'text/plain'
		elseif mime:cmp(lib.str.plit'application/x-shockwave-flash') then
			safemime = lib.str.plit'application/octet-stream'
		end
		lib.net.mg_printf(co.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\nContent-Security-Policy: sandbox; default-src 'none'; form-action 'none'; navigate-to 'none';\r\nX-Content-Options: nosniff\r\n\r\n", safemime.ct, safemime.ptr, data.ct + 2)
		lib.net.mg_send(co.con, data.ptr, data.ct)
		lib.net.mg_send(co.con, '\r\n', 2)
	return end

	::e404:: do co:complain(404, 'artifact not found', 'no such artifact has been uploaded to this instance') return end
end

parsav Diff

Differences From Artifact [8605ea50bd]:

To Artifact [881176d2e1]: