Annotate

mod_http_altconnect/mod_http_altconnect.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parent 3712:0a0bf87ccda6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
1 -- mod_http_altconnect
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
2 -- XEP-0156: Discovering Alternative XMPP Connection Methods
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 module:depends"http";
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
3712
0a0bf87ccda6 mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents: 1325
diff changeset
6 local mm = require "core.modulemanager";
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local json = require"util.json";
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local st = require"util.stanza";
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
9 local array = require"util.array";
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
11 local function get_supported()
1325
b21236b6b8d8 Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents: 1324
diff changeset
12 local uris = array();
3712
0a0bf87ccda6 mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents: 1325
diff changeset
13 if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then
1325
b21236b6b8d8 Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents: 1324
diff changeset
14 uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") });
b21236b6b8d8 Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents: 1324
diff changeset
15 end
3712
0a0bf87ccda6 mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents: 1325
diff changeset
16 if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then
1325
b21236b6b8d8 Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents: 1324
diff changeset
17 uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") });
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
18 end
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
19 return uris;
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
20 end
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
21
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
22
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 local function GET_xml(event)
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local request, response = event.request, event.response;
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' });
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
26 local uris = get_supported();
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
27 for i, method in ipairs(uris) do
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
28 xrd:tag("Link", method):up();
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 end
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 response.headers.content_type = "application/xrd+xml"
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 response.headers.access_control_allow_origin = "*";
1291
1ac28a953e5f mod_http_altconnect: Send XML declaration
Kim Alvefur <zash@zash.se>
parents: 1290
diff changeset
32 return '<?xml version="1.0" encoding="UTF-8"?>' .. tostring(xrd);
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 end
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 local function GET_json(event)
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 local request, response = event.request, event.response;
1290
c0957b904487 mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents: 1289
diff changeset
37 local jrd = { links = get_supported() };
1211
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 response.headers.content_type = "application/json"
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 response.headers.access_control_allow_origin = "*";
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 return json.encode(jrd);
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 end;
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 local function GET_either(event)
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 local accept_type = event.request.headers.accept or "";
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 return GET_xml(event);
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 else
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 return GET_json(event);
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 end
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 end;
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 module:provides("http", {
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 default_path = "/.well-known";
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 route = {
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 ["GET /host-meta"] = GET_either;
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 -- ["GET /host-meta.xml"] = GET_xml; -- Hmmm
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 ["GET /host-meta.json"] = GET_json;
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 };
27de4109b7e9 mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 });