Comparison

mod_register_json/mod_register_json.lua @ 359:5d22ebcb9ec5

mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
author Marco Cirillo <maranda@lightwitch.org>
date Tue, 12 Apr 2011 19:09:34 +0000
parent 358:4483bb889d12
child 360:81528ffa0b76
comparison
equal deleted inserted replaced
358:4483bb889d12 359:5d22ebcb9ec5
8 local b64_decode = require "util.encodings".base64.decode; 8 local b64_decode = require "util.encodings".base64.decode;
9 local json_decode = require "util.json".decode; 9 local json_decode = require "util.json".decode;
10 10
11 module.host = "*" -- HTTP/BOSH Servlets need to be global. 11 module.host = "*" -- HTTP/BOSH Servlets need to be global.
12 12
13 -- Pick up configuration.
14
13 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; 15 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted";
16 local throttle_time = module:get_option("reg_servlet_ttime") or false;
17 local whitelist = module:get_option("reg_servlet_wl") or {};
18 local blacklist = module:get_option("reg_servlet_bl") or {};
19 local recent_ips = {};
20
21 -- Begin
22
23 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end
24 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end
14 25
15 local function http_response(code, message, extra_headers) 26 local function http_response(code, message, extra_headers)
16 local response = { 27 local response = {
17 status = code .. " " .. message; 28 status = code .. " " .. message;
18 body = message .. "\n"; } 29 body = message .. "\n"; }
34 user = jid_prep(user); 45 user = jid_prep(user);
35 if not user or not password then return http_response(400, "What's this..?"); end 46 if not user or not password then return http_response(400, "What's this..?"); end
36 local user_node, user_host = jid_split(user) 47 local user_node, user_host = jid_split(user)
37 if not hosts[user_host] then return http_response(401, "Negative."); end 48 if not hosts[user_host] then return http_response(401, "Negative."); end
38 49
39 module:log("debug", "%s is authing to submit a new user registration data", user) 50 module:log("warn", "%s is authing to submit a new user registration data", user)
40 if not usermanager.test_password(user_node, user_host, password) then 51 if not usermanager.test_password(user_node, user_host, password) then
41 module:log("debug", "%s failed authentication", user) 52 module:log("warn", "%s failed authentication", user)
42 return http_response(401, "Who the hell are you?! Guards!"); 53 return http_response(401, "Who the hell are you?! Guards!");
43 end 54 end
44 55
45 local req_body; pcall(function() req_body = json.decode(body) end); 56 local req_body; pcall(function() req_body = json.decode(body) end);
46 -- Check if user is an admin of said host 57 -- Check if user is an admin of said host
47 if not usermanager.is_admin(user, req_body["host"]) then 58 if not usermanager.is_admin(user, req_body["host"]) then
48 module:log("debug", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) 59 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"])
49 return http_response(401, "I obey only to my masters... Have a nice day."); 60 return http_response(401, "I obey only to my masters... Have a nice day.");
50 else 61 else
51 -- Various sanity checks. 62 -- Various sanity checks.
52 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end 63 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end
64
65 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
66 if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end
67 if throttle_time and not whitelist[req_body["ip"]] then
68 if not recent_ips[req_body["ip"]] then
69 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 };
70 else
71 local ip = recent_ips[req_body["ip"]];
72 ip.count = ip.count + 1;
73
74 if os_time() - ip.time < throttle_time then
75 ip.time = os_time();
76 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
77 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
78 end
79 ip.time = os_time();
80 end
81 end
82
53 -- We first check if the supplied username for registration is already there. 83 -- We first check if the supplied username for registration is already there.
54 if not usermanager.user_exists(req_body["username"], req_body["host"]) then 84 if not usermanager.user_exists(req_body["username"], req_body["host"]) then
55 usermanager.create_user(req_body["username"], req_body["password"], req_body["host]); 85 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
56 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); 86 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
57 return http_response(200, "Done."); 87 return http_response(200, "Done.");
58 else 88 else
59 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); 89 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
60 return http_response(409, "User already exists."); 90 return http_response(409, "User already exists.");
61 end 91 end
62 end 92 end
63 end 93 end
64 94
95 -- Set it up!
65 local function setup() 96 local function setup()
66 local ports = module:get_option("reg_servlet_port") or { 9280 }; 97 local ports = module:get_option("reg_servlet_port") or { 9280 };
67 local base_name = module:get_option("reg_servlet_base") or "register_account"; 98 local base_name = module:get_option("reg_servlet_base") or "register_account";
68 local ssl_cert = module:get_option("reg_servlet_sslcert") or false; 99 local ssl_cert = module:get_option("reg_servlet_sslcert") or false;
69 local ssl_key = module:get_option("reg_servlet_sslkey") or false; 100 local ssl_key = module:get_option("reg_servlet_sslkey") or false;