prosody-modules
9d5731af2c27
mod_register_json/mod_register_json.lua
Software / code / prosody-modules
Comparison
mod_register_json/mod_register_json.lua @ 753:9d5731af2c27
Merge with Oliver Gerlich
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 27 Jul 2012 14:29:59 +0100 |
| parent | 723:c26652d055b5 |
| child | 851:836e4e110c71 |
comparison
equal
deleted
inserted
replaced
| 752:9bbd99f2057a | 753:9d5731af2c27 |
|---|---|
| 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur | 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur |
| 5 -- aka Zash. | 5 -- aka Zash. |
| 6 | 6 |
| 7 local jid_prep = require "util.jid".prep | 7 local jid_prep = require "util.jid".prep |
| 8 local jid_split = require "util.jid".split | 8 local jid_split = require "util.jid".split |
| 9 local usermanager = require "core.usermanager" | 9 local usermanager = usermanager |
| 10 local b64_decode = require "util.encodings".base64.decode | 10 local b64_decode = require "util.encodings".base64.decode |
| 11 local json_decode = require "util.json".decode | 11 local json_decode = require "util.json".decode |
| 12 local os_time = os.time | 12 local os_time = os.time |
| 13 local nodeprep = require "util.encodings".stringprep.nodeprep | 13 local nodeprep = require "util.encodings".stringprep.nodeprep |
| 14 | 14 |
| 76 -- Check if user is an admin of said host | 76 -- Check if user is an admin of said host |
| 77 if not usermanager.is_admin(user, req_body["host"]) then | 77 if not usermanager.is_admin(user, req_body["host"]) then |
| 78 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) | 78 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) |
| 79 return http_response(event, 401, "I obey only to my masters... Have a nice day.") | 79 return http_response(event, 401, "I obey only to my masters... Have a nice day.") |
| 80 else | 80 else |
| 81 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | 81 -- Blacklist can be checked here. |
| 82 if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end | 82 if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end |
| 83 if throttle_time and not whitelist:contains(req_body["ip"]) then | |
| 84 if not recent_ips[req_body["ip"]] then | |
| 85 recent_ips[req_body["ip"]] = os_time() | |
| 86 else | |
| 87 if os_time() - recent_ips[req_body["ip"]] < throttle_time then | |
| 88 recent_ips[req_body["ip"]] = os_time() | |
| 89 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) | |
| 90 return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") | |
| 91 end | |
| 92 recent_ips[req_body["ip"]] = os_time() | |
| 93 end | |
| 94 end | |
| 95 | 83 |
| 96 -- We first check if the supplied username for registration is already there. | 84 -- We first check if the supplied username for registration is already there. |
| 97 -- And nodeprep the username | 85 -- And nodeprep the username |
| 98 local username = nodeprep(req_body["username"]) | 86 local username = nodeprep(req_body["username"]) |
| 99 if not usermanager.user_exists(username, req_body["host"]) then | 87 if not username then |
| 100 if not username then | 88 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) |
| 101 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) | 89 return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") |
| 102 return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") | 90 else |
| 103 else | 91 if not usermanager.user_exists(username, req_body["host"]) then |
| 92 -- if username fails to register successive requests shouldn't be throttled until one is successful. | |
| 93 if throttle_time and not whitelist:contains(req_body["ip"]) then | |
| 94 if not recent_ips[req_body["ip"]] then | |
| 95 recent_ips[req_body["ip"]] = os_time() | |
| 96 else | |
| 97 if os_time() - recent_ips[req_body["ip"]] < throttle_time then | |
| 98 recent_ips[req_body["ip"]] = os_time() | |
| 99 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) | |
| 100 return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") | |
| 101 end | |
| 102 recent_ips[req_body["ip"]] = os_time() | |
| 103 end | |
| 104 end | |
| 105 | |
| 104 local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"]) | 106 local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"]) |
| 105 if ok then | 107 if ok then |
| 106 hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } }) | 108 hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } }) |
| 107 module:log("debug", "%s registration data submission for %s@%s is successful", user, username, req_body["host"]) | 109 module:log("debug", "%s registration data submission for %s@%s is successful", user, username, req_body["host"]) |
| 108 return http_response(event, 200, "Done.") | 110 return http_response(event, 200, "Done.") |
| 109 else | 111 else |
| 110 module:log("error", "user creation failed: "..error) | 112 module:log("error", "user creation failed: "..error) |
| 111 return http_response(event, 500, "Encountered server error while creating the user: "..error) | 113 return http_response(event, 500, "Encountered server error while creating the user: "..error) |
| 112 end | 114 end |
| 115 else | |
| 116 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username) | |
| 117 return http_response(event, 409, "User already exists.") | |
| 113 end | 118 end |
| 114 else | |
| 115 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username) | |
| 116 return http_response(event, 409, "User already exists.") | |
| 117 end | 119 end |
| 118 end | 120 end |
| 119 end | 121 end |
| 120 end | 122 end |
| 121 | 123 |
