1 files changed, 96 insertions, 35 deletions
diff --git a/src/http.lua b/src/http.lua
index 45ffa15..fbd5ff6 100644
--- a/src/http.lua
+++ b/src/http.lua
@@ -23,11 +23,24 @@ local _M = socket.http
 -----------------------------------------------------------------------------
 -- connection timeout in seconds
 _M.TIMEOUT = 60
-- default port for document retrieval
-_M.PORT = 80
 -- user agent field sent in request
 _M.USERAGENT = socket._VERSION
+-- supported schemes and their particulars
+local SCHEMES = {
+    http = {
+        port = 80
+        , create = function(t)
+            return socket.tcp end }
+    , https = {
+        port = 443
+        , create = function(t)
+          local https = assert(
+            require("ssl.https"), 'LuaSocket: LuaSec not found')
+          local tcp = assert(
+            https.tcp, 'LuaSocket: Function tcp() not available from LuaSec')
+          return tcp(t) end }}
 -----------------------------------------------------------------------------
 -- Reads MIME headers from a connection, unfolding where needed
 -----------------------------------------------------------------------------
@@ -76,7 +89,7 @@ socket.sourcet["http-chunked"] = function(sock, headers)
            -- was it the last chunk?
            if size > 0 then
                -- if not, get chunk and skip terminating CRLF
-                local chunk, err, part = sock:receive(size)
+                local chunk, err, _ = sock:receive(size)
                if chunk then sock:receive() end
                return chunk, err
            else
@@ -108,13 +121,13 @@ local metat = { __index = {} }
 function _M.open(host, port, create)
    -- create socket with user connect function, or with default
-    local c = socket.try((create or socket.tcp)())
+    local c = socket.try(create())
    local h = base.setmetatable({ c = c }, metat)
    -- create finalized try
    h.try = socket.newtry(function() h:close() end)
    -- set timeout before connecting
    h.try(c:settimeout(_M.TIMEOUT))
-    h.try(c:connect(host, port or _M.PORT))
+    h.try(c:connect(host, port))
    -- here everything worked
    return h
 end
@@ -144,10 +157,15 @@ function metat.__index:sendbody(headers, source, step)
 end
 function metat.__index:receivestatusline()
-    local status = self.try(self.c:receive(5))
+    local status,ec = self.try(self.c:receive(5))
    -- identify HTTP/0.9 responses, which do not contain a status line
    -- this is just a heuristic, but is what the RFC recommends
-    if status ~= "HTTP/" then return nil, status end
+    if status ~= "HTTP/" then
+        if ec == "timeout" then
+            return 408
+        end
+        return nil, status
+    end
    -- otherwise proceed reading a status line
    status = self.try(self.c:receive("*l", status))
    local code = socket.skip(2, string.find(status, "HTTP/%d*%.%d* (%d%d%d)"))
@@ -209,7 +227,10 @@ end
 local function adjustheaders(reqt)
    -- default headers
-    local host = string.gsub(reqt.authority, "^.-@", "")
+    local host = reqt.host
+    local port = tostring(reqt.port)
+    if port ~= tostring(SCHEMES[reqt.scheme].port) then
+        host = host .. ':' .. port end
    local lower = {
        ["user-agent"] = _M.USERAGENT,
        ["host"] = host,
@@ -218,15 +239,16 @@ local function adjustheaders(reqt)
    }
    -- if we have authentication information, pass it along
    if reqt.user and reqt.password then
-        lower["authorization"] = 
+        lower["authorization"] =
-            "Basic " ..  (mime.b64(reqt.user .. ":" .. reqt.password))
+            "Basic " ..  (mime.b64(reqt.user .. ":" ..
+                url.unescape(reqt.password)))
    end
    -- if we have proxy authentication information, pass it along
    local proxy = reqt.proxy or _M.PROXY
    if proxy then
        proxy = url.parse(proxy)
        if proxy.user and proxy.password then
-            lower["proxy-authorization"] = 
+            lower["proxy-authorization"] =
                "Basic " ..  (mime.b64(proxy.user .. ":" .. proxy.password))
        end
    end
@@ -239,10 +261,8 @@ end
 -- default url parts
 local default = {
-    host = "",
+    path ="/"
-    port = _M.PORT,
+    , scheme = "http"
-    path ="/",
-    scheme = "http"
 }
 local function adjustrequest(reqt)
@@ -250,25 +270,48 @@ local function adjustrequest(reqt)
    local nreqt = reqt.url and url.parse(reqt.url, default) or {}
    -- explicit components override url
    for i,v in base.pairs(reqt) do nreqt[i] = v end
-    if nreqt.port == "" then nreqt.port = 80 end
+    -- default to scheme particulars
-    socket.try(nreqt.host and nreqt.host ~= "", 
+    local schemedefs, host, port, method
-        "invalid host '" .. base.tostring(nreqt.host) .. "'")
+        = SCHEMES[nreqt.scheme], nreqt.host, nreqt.port, nreqt.method
+    if not nreqt.create then nreqt.create = schemedefs.create(nreqt) end
+    if not (port and port ~= '') then nreqt.port = schemedefs.port end
+    if not (method and method ~= '') then nreqt.method = 'GET' end
+    if not (host and host ~= "") then
+        socket.try(nil, "invalid host '" .. base.tostring(nreqt.host) .. "'")
+    end
    -- compute uri if user hasn't overriden
    nreqt.uri = reqt.uri or adjusturi(nreqt)
    -- adjust headers in request
    nreqt.headers = adjustheaders(nreqt)
+    if nreqt.source
+        and not nreqt.headers["content-length"]
+        and not nreqt.headers["transfer-encoding"]
+    then
+        nreqt.headers["transfer-encoding"] = "chunked"
+    end
    -- ajust host and port if there is a proxy
    nreqt.host, nreqt.port = adjustproxy(nreqt)
    return nreqt
 end
 local function shouldredirect(reqt, code, headers)
-    return headers.location and
+    local location = headers.location
-           string.gsub(headers.location, "%s", "") ~= "" and
+    if not location then return false end
-           (reqt.redirect ~= false) and
+    location = string.gsub(location, "%s", "")
+    if location == "" then return false end
+    -- the RFC says the redirect URL may be relative
+    location = url.absolute(reqt.url, location)
+    local scheme = url.parse(location).scheme
+    if scheme and (not SCHEMES[scheme]) then return false end
+    -- avoid https downgrades
+    if ('https' == reqt.scheme) and ('https' ~= scheme) then return false end
+    return (reqt.redirect ~= false) and
           (code == 301 or code == 302 or code == 303 or code == 307) and
           (not reqt.method or reqt.method == "GET" or reqt.method == "HEAD")
-           and (not reqt.nredirects or reqt.nredirects < 5)
+        and ((false == reqt.maxredirects)
+                or ((reqt.nredirects or 0)
+                        < (reqt.maxredirects or 5)))
 end
 local function shouldreceivebody(reqt, code)
@@ -282,17 +325,23 @@ end
 local trequest, tredirect
 --[[local]] function tredirect(reqt, location)
+    -- the RFC says the redirect URL may be relative
+    local newurl = url.absolute(reqt.url, location)
+    -- if switching schemes, reset port and create function
+    if url.parse(newurl).scheme ~= reqt.scheme then
+        reqt.port = nil
+        reqt.create = nil end
+    -- make new request
    local result, code, headers, status = trequest {
-        -- the RFC says the redirect URL has to be absolute, but some
+        url = newurl,
-        -- servers do not respect that
-        url = url.absolute(reqt.url, location),
        source = reqt.source,
        sink = reqt.sink,
        headers = reqt.headers,
-        proxy = reqt.proxy, 
+        proxy = reqt.proxy,
+        maxredirects = reqt.maxredirects,
        nredirects = (reqt.nredirects or 0) + 1,
        create = reqt.create
-    }   
+    }
    -- pass location header back as a hint we redirected
    headers = headers or {}
    headers.location = headers.location or location
@@ -309,23 +358,25 @@ end
    h:sendheaders(nreqt.headers)
    -- if there is a body, send it
    if nreqt.source then
-        h:sendbody(nreqt.headers, nreqt.source, nreqt.step) 
+        h:sendbody(nreqt.headers, nreqt.source, nreqt.step)
    end
    local code, status = h:receivestatusline()
    -- if it is an HTTP/0.9 server, simply get the body and we are done
    if not code then
        h:receive09body(status, nreqt.sink, nreqt.step)
        return 1, 200
+    elseif code == 408 then
+        return 1, code
    end
    local headers
    -- ignore any 100-continue messages
-    while code == 100 do 
+    while code == 100 do
-        headers = h:receiveheaders()
+        h:receiveheaders()
        code, status = h:receivestatusline()
    end
    headers = h:receiveheaders()
    -- at this point we should have a honest reply from the server
-    -- we can't redirect if we already used the source, so we report the error 
+    -- we can't redirect if we already used the source, so we report the error
    if shouldredirect(nreqt, code, headers) and not nreqt.source then
        h:close()
        return tredirect(reqt, headers.location)
@@ -338,11 +389,13 @@ end
    return 1, code, headers, status
 end
-local function srequest(u, b)
+-- turns an url and a body into a generic request
+local function genericform(u, b)
    local t = {}
    local reqt = {
        url = u,
-        sink = ltn12.sink.table(t)
+        sink = ltn12.sink.table(t),
+        target = t
    }
    if b then
        reqt.source = ltn12.source.string(b)
@@ -352,8 +405,15 @@ local function srequest(u, b)
        }
        reqt.method = "POST"
    end
-    local code, headers, status = socket.skip(1, trequest(reqt))
+    return reqt
-    return table.concat(t), code, headers, status
+end
+_M.genericform = genericform
+local function srequest(u, b)
+    local reqt = genericform(u, b)
+    local _, code, headers, status = trequest(reqt)
+    return table.concat(reqt.target), code, headers, status
 end
 _M.request = socket.protect(function(reqt, body)
@@ -361,4 +421,5 @@ _M.request = socket.protect(function(reqt, body)
    else return trequest(reqt) end
 end)
+_M.schemes = SCHEMES
 return _M