mirror of
https://github.com/lxsang/antd-lua-plugin
synced 2025-01-16 01:38:26 +01:00
97 lines
2.1 KiB
Lua
97 lines
2.1 KiB
Lua
local use_ws = false
|
|
if REQUEST.query and REQUEST.query.ws == "1" then
|
|
-- override the global echo command
|
|
echo = std.ws.swrite
|
|
use_ws = true
|
|
else
|
|
std.json()
|
|
end
|
|
local exec_with_user_priv = function(data)
|
|
local uid = unix.uid(SESSION.iotos_user)
|
|
if not unix.setgid(uid.gid) or not unix.setuid(uid.id) then
|
|
echo("Cannot set permission to execute the code")
|
|
return
|
|
end
|
|
local r,e
|
|
e = "{'error': 'Unknow function'}"
|
|
if data.code then
|
|
r,e = load(data.code)
|
|
if r then
|
|
local status,result = pcall(r)
|
|
if(status) then
|
|
echo(JSON.encode(result))
|
|
else
|
|
echo(result)
|
|
end
|
|
else
|
|
echo(e)
|
|
end
|
|
elseif data.path then
|
|
r,e = loadfile(data.path)
|
|
if r then
|
|
local status,result = pcall(r, data.parameters)
|
|
if(status) then
|
|
echo(JSON.encode(result))
|
|
else
|
|
echo(result)
|
|
end
|
|
else
|
|
echo(e)
|
|
end
|
|
else
|
|
echo(e)
|
|
end
|
|
end
|
|
|
|
if(is_auth()) then
|
|
local pid = unix.fork()
|
|
if(pid == -1) then
|
|
echo("{'error':'Cannot create process'}")
|
|
elseif pid > 0 then -- parent
|
|
-- wait for the child exit
|
|
unix.waitpid(pid)
|
|
print("Parent exit")
|
|
else -- child
|
|
if use_ws then
|
|
if std.ws.enable() then
|
|
-- read header
|
|
local header = std.ws.header()
|
|
if header then
|
|
if header.mask == 0 then
|
|
print("Data is not masked")
|
|
std.ws.close(1012)
|
|
elseif header.opcode == std.ws.CLOSE then
|
|
print("Connection closed")
|
|
std.ws.close(1000)
|
|
elseif header.opcode == std.ws.TEXT then
|
|
-- read the file
|
|
local data = std.ws.read(header)
|
|
if data then
|
|
data = (JSON.decodeString(data))
|
|
exec_with_user_priv(data)
|
|
std.ws.close(1011)
|
|
else
|
|
echo("Error: Invalid request")
|
|
std.ws.close(1011)
|
|
end
|
|
end
|
|
else
|
|
std.ws.close(1011)
|
|
end
|
|
else
|
|
print("Web socket is not available.")
|
|
end
|
|
else
|
|
if REQUEST.query.json then
|
|
data = JSON.decodeString(REQUEST.query.json)
|
|
std.json()
|
|
exec_with_user_priv(data)
|
|
else
|
|
fail("Unkown request")
|
|
end
|
|
end
|
|
print("Child exit")
|
|
end
|
|
else
|
|
echo('{"error":"User unauthorized. Please login"}')
|
|
end |