Software /
code /
prosody-modules
Annotate
mod_unified_push/mod_unified_push.lua @ 5447:aa4828f040c5
mod_http_oauth2: Enforce client scope restrictions in authorization
When registering a client, a scope field can be included as a promise to
only ever use those. Here we enforce that promise, if given, ensuring a
client can't request or be granted a scope it didn't provide in its
registration. While currently there is no restrictions at registration
time, this could be changed in the future in various ways.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 11 May 2023 19:33:44 +0200 |
parent | 5155:18ed655c755d |
rev | line source |
---|---|
5155
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
1 local unified_push_secret = module:get_option_string("unified_push_secret"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local push_registration_ttl = module:get_option_number("unified_push_registration_ttl", 86400); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local base64 = require "util.encodings".base64; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local datetime = require "util.datetime"; |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
6 local id = require "util.id"; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
7 local jid = require "util.jid"; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
8 local jwt = require "util.jwt"; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local urlencode = require "util.http".urlencode; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local xmlns_up = "http://gultsch.de/xmpp/drafts/unified-push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 module:depends("http"); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
15 module:depends("disco"); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
16 |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
17 module:add_feature(xmlns_up); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
19 local acl = module:get_option_set("unified_push_acl", { |
5151
514c8a0e9aa1
mod_unified_push: Fix default ACL in component mode
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
20 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]+%.(.+)$") |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
21 }); |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
22 |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
23 local function is_jid_permitted(user_jid) |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
24 for acl_entry in acl do |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
25 if jid.compare(user_jid, acl_entry) then |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
26 return true; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
27 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
28 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
29 return false; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
30 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
31 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 local function check_sha256(s) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 if not s then return nil, "no value provided"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local d = base64.decode(s); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not d then return nil, "invalid base64"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if #d ~= 32 then return nil, "incorrect decoded length, expected 32"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return s; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
40 local push_store = module:open_store(); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
41 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
42 local backends = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
43 jwt = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
44 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
45 return jwt.sign(unified_push_secret, data); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
46 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
47 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
48 verify = function (token) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
49 local ok, result = jwt.verify(unified_push_secret, token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
50 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
51 if not ok then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
52 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
53 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
54 if result.exp and result.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
55 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
56 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
57 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
58 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
59 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
60 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
61 storage = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
62 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
63 local reg_id = id.long(); |
5152
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
64 local ok, err = push_store:set(reg_id, data); |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
65 if not ok then |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
66 return nil, err; |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
67 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
68 return reg_id; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
69 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
70 verify = function (token) |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
71 if token == "_private" then return nil, "invalid-token"; end |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
72 local data = push_store:get(token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
73 if not data then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
74 return nil, "item-not-found"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
75 elseif data.exp and data.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
76 push_store:set(token, nil); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
77 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
78 end |
5152
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
79 return true, data; |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
80 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
81 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
82 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
83 |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
84 if pcall(require, "util.paseto") and require "util.paseto".v3_local then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
85 local paseto = require "util.paseto".v3_local; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
86 local state = push_store:get("_private"); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
87 local key = state and state.paseto_v3_local_key; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
88 if not key then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
89 key = paseto.new_key(); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
90 push_store:set("_private", { paseto_v3_local_key = key }); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
91 end |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
92 local sign, verify = paseto.init(key); |
5153
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
93 backends.paseto = { |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
94 sign = sign; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
95 verify = function (token) |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
96 local payload, err = verify(token); |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
97 if not payload then |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
98 return nil, err; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
99 end |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
100 return true, payload; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
101 end; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
102 }; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
103 end |
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
104 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
105 local backend = module:get_option_string("unified_push_backend", backends.paseto and "paseto" or "storage"); |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
106 |
5155
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
107 assert(backend ~= "jwt" or unified_push_secret, "required option missing: unified_push_secret"); |
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
108 |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
109 local function register_route(params) |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
110 local expiry = os.time() + push_registration_ttl; |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
111 local token, err = backends[backend].sign({ |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
112 instance = params.instance; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
113 application = params.application; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
114 sub = params.jid; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
115 exp = expiry; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
116 }); |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
117 if not token then return nil, err; end |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
118 return { |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
119 url = module:http_url("push").."/"..urlencode(token); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
120 expiry = expiry; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
121 }; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
122 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
123 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 -- Handle incoming registration from XMPP client |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 function handle_register(event) |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
126 module:log("debug", "Push registration request received"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 local origin, stanza = event.origin, event.stanza; |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
128 if not is_jid_permitted(stanza.attr.from) then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
129 module:log("debug", "Sender <%s> not permitted to register on this UnifiedPush service", stanza.attr.from); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
130 return origin.send(st.error_reply(stanza, "auth", "forbidden")); |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
131 end |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 if not instance then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
134 return origin.send(st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err)); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 local application, application_err = check_sha256(stanza.tags[1].attr.application); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 if not application then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
138 return origin.send(st.error_reply(stanza, "modify", "bad-request", "application: "..application_err)); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 end |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
140 |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
141 local route, register_err = register_route({ |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 instance = instance; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 application = application; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
144 jid = stanza.attr.from; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
145 }); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
146 |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
147 if not route then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
148 module:log("warn", "Failed to create registration using %s backend: %s", backend, register_err); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
149 return origin.send(st.error_reply(stanza, "wait", "internal-server-error")); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
150 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
151 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 module:log("debug", "New push registration successful"); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 return origin.send(st.reply(stanza):tag("registered", { |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
154 expiration = datetime.datetime(route.expiry); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
155 endpoint = route.url; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 xmlns = xmlns_up; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 })); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 module:hook("iq-set/host/"..xmlns_up..":register", handle_register); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 -- Handle incoming POST |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 function handle_push(event, subpath) |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
164 module:log("debug", "Incoming push received!"); |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
165 local ok, data = backends[backend].verify(subpath); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
166 if not ok then |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
167 module:log("debug", "Received push to unacceptable token (%s)", data); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 local payload = event.request.body; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 if not payload or payload == "" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
172 module:log("warn", "Missing or empty push payload"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 return 400; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 elseif #payload > 4096 then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
175 module:log("warn", "Push payload too large"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 return 413; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 end |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
178 local push_id = event.request.id or id.short(); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
179 module:log("debug", "Push notification received [%s], relaying to device...", push_id); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
180 local push_iq = st.iq({ type = "set", to = data.sub, from = module.host, id = push_id }) |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 :text_tag("push", base64.encode(payload), { instance = data.instance, application = data.application, xmlns = xmlns_up }); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 return module:send_iq(push_iq):next(function () |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
183 module:log("debug", "Push notification delivered [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 return 201; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 end, function (error_event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 local e_type, e_cond, e_text = error_event.stanza:get_error(); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 if e_cond == "item-not-found" or e_cond == "feature-not-implemented" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
188 module:log("debug", "Push rejected [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 elseif e_cond == "service-unavailable" or e_cond == "recipient-unavailable" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
191 module:log("debug", "Recipient temporarily unavailable [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 return 503; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 module:log("warn", "Unexpected push error response: %s/%s/%s", e_type, e_cond, e_text); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 return 500; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 end); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 module:provides("http", { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 name = "push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 route = { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 ["GET /*"] = function (event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 event.response.headers.content_type = "application/json"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 return [[{"unifiedpush":{"version":1}}]]; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 end; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 ["POST /*"] = handle_push; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 }; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 }); |