Software /
code /
prosody-modules
Comparison
mod_register_json/mod_register_json.lua @ 529:84e992f70ba3
mod_register_json: stick to one code "punctuation" style.
author | Marco Cirillo <maranda@lightwitch.org> |
---|---|
date | Sat, 07 Jan 2012 18:11:03 +0000 |
parent | 430:f0fafd19fd72 |
child | 536:09280dd0b22e |
comparison
equal
deleted
inserted
replaced
528:1737c08fde30 | 529:84e992f70ba3 |
---|---|
2 -- via JSON. | 2 -- via JSON. |
3 -- | 3 -- |
4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur | 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur |
5 -- aka Zash. | 5 -- aka Zash. |
6 | 6 |
7 local jid_prep = require "util.jid".prep; | 7 local jid_prep = require "util.jid".prep |
8 local jid_split = require "util.jid".split; | 8 local jid_split = require "util.jid".split |
9 local usermanager = require "core.usermanager"; | 9 local usermanager = require "core.usermanager" |
10 local b64_decode = require "util.encodings".base64.decode; | 10 local b64_decode = require "util.encodings".base64.decode |
11 local json_decode = require "util.json".decode; | 11 local json_decode = require "util.json".decode |
12 local httpserver = require "net.httpserver"; | 12 local httpserver = require "net.httpserver" |
13 local os_time = os.time; | 13 local os_time = os.time |
14 local nodeprep = require "util.encodings".stringprep.nodeprep; | 14 local nodeprep = require "util.encodings".stringprep.nodeprep |
15 | 15 |
16 module.host = "*" -- HTTP/BOSH Servlets need to be global. | 16 module.host = "*" -- HTTP/BOSH Servlets need to be global. |
17 | 17 |
18 -- Pick up configuration. | 18 -- Pick up configuration. |
19 | 19 |
20 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; | 20 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted" |
21 local throttle_time = module:get_option("reg_servlet_ttime") or false; | 21 local throttle_time = module:get_option("reg_servlet_ttime") or false |
22 local whitelist = module:get_option("reg_servlet_wl") or {}; | 22 local whitelist = module:get_option("reg_servlet_wl") or {} |
23 local blacklist = module:get_option("reg_servlet_bl") or {}; | 23 local blacklist = module:get_option("reg_servlet_bl") or {} |
24 local recent_ips = {}; | 24 local recent_ips = {} |
25 | 25 |
26 -- Begin | 26 -- Begin |
27 | 27 |
28 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end | 28 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true end |
29 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end | 29 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true end |
30 | 30 |
31 local function http_response(code, message, extra_headers) | 31 local function http_response(code, message, extra_headers) |
32 local response = { | 32 local response = { |
33 status = code .. " " .. message; | 33 status = code .. " " .. message, |
34 body = message .. "\n"; } | 34 body = message .. "\n" } |
35 if extra_headers then response.headers = extra_headers; end | 35 if extra_headers then response.headers = extra_headers end |
36 return response | 36 return response |
37 end | 37 end |
38 | 38 |
39 local function handle_req(method, body, request) | 39 local function handle_req(method, body, request) |
40 if request.method ~= "POST" then | 40 if request.method ~= "POST" then |
41 return http_response(405, "Bad method...", {["Allow"] = "POST"}); | 41 return http_response(405, "Bad method...", {["Allow"] = "POST"}) |
42 end | 42 end |
43 if not request.headers["authorization"] then | 43 if not request.headers["authorization"] then |
44 return http_response(401, "No... No...", | 44 return http_response(401, "No... No...", {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'}) |
45 {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'}) | |
46 end | 45 end |
47 | 46 |
48 local user, password = b64_decode(request.headers.authorization | 47 local user, password = b64_decode(request.headers.authorization:match("[^ ]*$") or ""):match("([^:]*):(.*)") |
49 :match("[^ ]*$") or ""):match("([^:]*):(.*)"); | 48 user = jid_prep(user) |
50 user = jid_prep(user); | 49 if not user or not password then return http_response(400, "What's this..?") end |
51 if not user or not password then return http_response(400, "What's this..?"); end | |
52 local user_node, user_host = jid_split(user) | 50 local user_node, user_host = jid_split(user) |
53 if not hosts[user_host] then return http_response(401, "Negative."); end | 51 if not hosts[user_host] then return http_response(401, "Negative.") end |
54 | 52 |
55 module:log("warn", "%s is authing to submit a new user registration data", user) | 53 module:log("warn", "%s is authing to submit a new user registration data", user) |
56 if not usermanager.test_password(user_node, user_host, password) then | 54 if not usermanager.test_password(user_node, user_host, password) then |
57 module:log("warn", "%s failed authentication", user) | 55 module:log("warn", "%s failed authentication", user) |
58 return http_response(401, "Who the hell are you?! Guards!"); | 56 return http_response(401, "Who the hell are you?! Guards!") |
59 end | 57 end |
60 | 58 |
61 local req_body; | 59 local req_body |
62 -- We check that what we have is valid JSON wise else we throw an error... | 60 -- We check that what we have is valid JSON wise else we throw an error... |
63 if not pcall(function() req_body = json_decode(body) end) then | 61 if not pcall(function() req_body = json_decode(body) end) then |
64 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); | 62 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user) |
65 return http_response(400, "JSON Decoding failed."); | 63 return http_response(400, "JSON Decoding failed.") |
66 else | 64 else |
67 -- Decode JSON data and check that all bits are there else throw an error | 65 -- Decode JSON data and check that all bits are there else throw an error |
68 req_body = json_decode(body); | 66 req_body = json_decode(body) |
69 if req_body["username"] == nil or req_body["password"] == nil or req_body["host"] == nil or req_body["ip"] == nil then | 67 if req_body["username"] == nil or req_body["password"] == nil or req_body["host"] == nil or req_body["ip"] == nil then |
70 module:log("debug", "%s supplied an insufficent number of elements or wrong elements for the JSON registration", user); | 68 module:log("debug", "%s supplied an insufficent number of elements or wrong elements for the JSON registration", user) |
71 return http_response(400, "Invalid syntax."); | 69 return http_response(400, "Invalid syntax.") |
72 end | 70 end |
73 -- Check if user is an admin of said host | 71 -- Check if user is an admin of said host |
74 if not usermanager.is_admin(user, req_body["host"]) then | 72 if not usermanager.is_admin(user, req_body["host"]) then |
75 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]); | 73 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) |
76 return http_response(401, "I obey only to my masters... Have a nice day."); | 74 return http_response(401, "I obey only to my masters... Have a nice day.") |
77 else | 75 else |
78 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | 76 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) |
79 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end | 77 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end |
80 if throttle_time and not whitelist[req_body["ip"]] then | 78 if throttle_time and not whitelist[req_body["ip"]] then |
81 if not recent_ips[req_body["ip"]] then | 79 if not recent_ips[req_body["ip"]] then |
82 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; | 80 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 } |
83 else | 81 else |
84 local ip = recent_ips[req_body["ip"]]; | 82 local ip = recent_ips[req_body["ip"]] |
85 ip.count = ip.count + 1; | 83 ip.count = ip.count + 1 |
86 | 84 |
87 if os_time() - ip.time < throttle_time then | 85 if os_time() - ip.time < throttle_time then |
88 ip.time = os_time(); | 86 ip.time = os_time() |
89 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); | 87 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) |
90 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); | 88 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") |
91 end | 89 end |
92 ip.time = os_time(); | 90 ip.time = os_time() |
93 end | 91 end |
94 end | 92 end |
95 | 93 |
96 -- We first check if the supplied username for registration is already there. | 94 -- We first check if the supplied username for registration is already there. |
97 -- And nodeprep the username | 95 -- And nodeprep the username |
98 local username = nodeprep(req_body["username"]); | 96 local username = nodeprep(req_body["username"]) |
99 if not usermanager.user_exists(username, req_body["host"]) then | 97 if not usermanager.user_exists(username, req_body["host"]) then |
100 if not username then | 98 if not username then |
101 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username); | 99 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) |
102 return http_response(406, "Supplied username contains invalid characters, see RFC 6122."); | 100 return http_response(406, "Supplied username contains invalid characters, see RFC 6122.") |
103 else | 101 else |
104 usermanager.create_user(username, req_body["password"], req_body["host"]); | 102 usermanager.create_user(username, req_body["password"], req_body["host"]) |
105 module:log("debug", "%s registration data submission for %s is successful", user, username); | 103 module:log("debug", "%s registration data submission for %s is successful", user, username) |
106 return http_response(200, "Done."); | 104 return http_response(200, "Done.") |
107 end | 105 end |
108 else | 106 else |
109 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username); | 107 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username) |
110 return http_response(409, "User already exists."); | 108 return http_response(409, "User already exists.") |
111 end | 109 end |
112 end | 110 end |
113 end | 111 end |
114 end | 112 end |
115 | 113 |
116 -- Set it up! | 114 -- Set it up! |
117 local function setup() | 115 local function setup() |
118 local ports = module:get_option("reg_servlet_ports") or { 9280 }; | 116 local ports = module:get_option("reg_servlet_ports") or { 9280 } |
119 local port_number, base_name, ssl_table; | 117 local port_number, base_name, ssl_table |
120 for _, opts in ipairs(ports) do | 118 for _, opts in ipairs(ports) do |
121 if type(opts) == "number" then | 119 if type(opts) == "number" then |
122 port_number, base_name = opts, "register_account"; | 120 port_number, base_name = opts, "register_account" |
123 elseif type(opts) == "table" then | 121 elseif type(opts) == "table" then |
124 port_number, base_name, ssl_table = opts.port or 9280, opts.path or "register_account", opts.ssl or nil; | 122 port_number, base_name, ssl_table = opts.port or 9280, opts.path or "register_account", opts.ssl or nil |
125 elseif type(opts) == "string" then | 123 elseif type(opts) == "string" then |
126 base_name, port_number = opts, 9280; | 124 base_name, port_number = opts, 9280 |
127 end | 125 end |
128 end | 126 end |
129 | 127 |
130 if ssl_table == nil then | 128 if ssl_table == nil then |
131 ports = { { port = port_number } }; | 129 ports = { { port = port_number } } |
132 httpserver.new_from_config(ports, handle_req, { base = base_name }); | 130 httpserver.new_from_config(ports, handle_req, { base = base_name }) |
133 else | 131 else |
134 if port_number == 9280 then port_number = 9443; end | 132 if port_number == 9280 then port_number = 9443 end |
135 ports = { { port = port_number, ssl = ssl_table } }; | 133 ports = { { port = port_number, ssl = ssl_table } } |
136 httpserver.new_from_config(ports, handle_req, { base = base_name }); | 134 httpserver.new_from_config(ports, handle_req, { base = base_name }) |
137 end | 135 end |
138 end | 136 end |
139 | 137 |
140 if prosody.start_time then -- already started | 138 if prosody.start_time then -- already started |
141 setup(); | 139 setup() |
142 else | 140 else |
143 prosody.events.add_handler("server-started", setup); | 141 prosody.events.add_handler("server-started", setup) |
144 end | 142 end |