Comparison

mod_register_json/mod_register_json.lua @ 361:146496a3be78

mod_register_json: Failed at JSON successful decode check, fixed with a code refactor.
author Marco Cirillo <maranda@lightwitch.org>
date Tue, 12 Apr 2011 20:41:57 +0000
parent 360:81528ffa0b76
child 362:bd0a8c032163
comparison
equal deleted inserted replaced
360:81528ffa0b76 361:146496a3be78
2 -- via JSON. 2 -- via JSON.
3 -- 3 --
4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur
5 -- aka Zash. 5 -- aka Zash.
6 6
7 local jid_prep = require "util.jid".prep;
8 local jid_split = require "util.jid".split;
7 local usermanager = require "core.usermanager"; 9 local usermanager = require "core.usermanager";
8 local b64_decode = require "util.encodings".base64.decode; 10 local b64_decode = require "util.encodings".base64.decode;
9 local json_decode = require "util.json".decode; 11 local json_decode = require "util.json".decode;
10 12
11 module.host = "*" -- HTTP/BOSH Servlets need to be global. 13 module.host = "*" -- HTTP/BOSH Servlets need to be global.
51 if not usermanager.test_password(user_node, user_host, password) then 53 if not usermanager.test_password(user_node, user_host, password) then
52 module:log("warn", "%s failed authentication", user) 54 module:log("warn", "%s failed authentication", user)
53 return http_response(401, "Who the hell are you?! Guards!"); 55 return http_response(401, "Who the hell are you?! Guards!");
54 end 56 end
55 57
56 local req_body; pcall(function() req_body = json.decode(body) end); 58 local req_body;
57 -- Check if user is an admin of said host 59 -- We check that what we have is valid JSON wise else we throw an error...
58 if not usermanager.is_admin(user, req_body["host"]) then 60 if not pcall(function() req_body = json_decode(body) end) then
59 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) 61 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user);
60 return http_response(401, "I obey only to my masters... Have a nice day."); 62 return http_response(400, "JSON Decoding failed.");
61 else 63 else
62 -- Various sanity checks. 64 -- Check if user is an admin of said host
63 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end 65 if not usermanager.is_admin(user, req_body["host"]) then
64 66 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]);
65 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) 67 return http_response(401, "I obey only to my masters... Have a nice day.");
66 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end 68 else
67 if throttle_time and not whitelist[req_body["ip"]] then 69 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
68 if not recent_ips[req_body["ip"]] then 70 if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end
69 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; 71 if throttle_time and not whitelist[req_body["ip"]] then
72 if not recent_ips[req_body["ip"]] then
73 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 };
74 else
75 local ip = recent_ips[req_body["ip"]];
76 ip.count = ip.count + 1;
77
78 if os_time() - ip.time < throttle_time then
79 ip.time = os_time();
80 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
81 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
82 end
83 ip.time = os_time();
84 end
85 end
86
87 -- We first check if the supplied username for registration is already there.
88 if not usermanager.user_exists(req_body["username"], req_body["host"]) then
89 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
90 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
91 return http_response(200, "Done.");
70 else 92 else
71 local ip = recent_ips[req_body["ip"]]; 93 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
72 ip.count = ip.count + 1; 94 return http_response(409, "User already exists.");
73
74 if os_time() - ip.time < throttle_time then
75 ip.time = os_time();
76 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
77 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
78 end
79 ip.time = os_time();
80 end 95 end
81 end
82
83 -- We first check if the supplied username for registration is already there.
84 if not usermanager.user_exists(req_body["username"], req_body["host"]) then
85 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
86 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
87 return http_response(200, "Done.");
88 else
89 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
90 return http_response(409, "User already exists.");
91 end 96 end
92 end 97 end
93 end 98 end
94 99
95 -- Set it up! 100 -- Set it up!