prosody-modules
b84493ef1d1d
mod_data_access/mod_data_access.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_data_access/mod_data_access.lua @ 486:b84493ef1d1d

mod_data_access: Implement PUT and POST.
author Kim Alvefur <zash@zash.se>
date Mon, 28 Nov 2011 18:14:22 +0100
parent 461:bbea8081c865
child 669:dd7d30c175d4
comparison
equal deleted inserted replaced
485:f8cc2be7e16a 486:b84493ef1d1d
1 -- HTTP Access to datamanager 1 -- HTTP Access to datamanager
2 -- By Kim Alvefur <zash@zash.se> 2 -- By Kim Alvefur <zash@zash.se>
3 3
4 local t_concat = table.concat;
4 local jid_prep = require "util.jid".prep; 5 local jid_prep = require "util.jid".prep;
5 local jid_split = require "util.jid".split; 6 local jid_split = require "util.jid".split;
6 local um_test_pw = require "core.usermanager".test_password; 7 local um_test_pw = require "core.usermanager".test_password;
7 local is_admin = require "core.usermanager".is_admin 8 local is_admin = require "core.usermanager".is_admin
8 local dm_load = require "util.datamanager".load; 9 local dm_load = require "util.datamanager".load;
10 local dm_store = require "util.datamanager".store;
9 local dm_list_load = require "util.datamanager".list_load; 11 local dm_list_load = require "util.datamanager".list_load;
12 local dm_list_store = require "util.datamanager".list_store;
13 local dm_list_append = require "util.datamanager".list_append;
10 local b64_decode = require "util.encodings".base64.decode; 14 local b64_decode = require "util.encodings".base64.decode;
11 --local urldecode = require "net.http".urldecode; 15 local http = require "net.http";
12 --[[local urlparams = --require "net.http".getQueryParams or whatever MattJ names it 16 local urldecode = http.urldecode;
13 function(s) 17 local urlencode = http.urlencode;
14 if not s:match("=") then return urldecode(s); end
15 local r = {}
16 s:gsub("([^=&]*)=([^&]*)", function(k,v)
17 r[ urldecode(k) ] = urldecode(v);
18 return nil
19 end)
20 return r
21 end;
22 --]]
23
24 local function http_response(code, message, extra_headers) 18 local function http_response(code, message, extra_headers)
25 local response = { 19 local response = {
26 status = code .. " " .. message; 20 status = code .. " " .. message;
27 body = message .. "\n"; } 21 body = message .. "\n"; }
28 if extra_headers then response.headers = extra_headers; end 22 if extra_headers then response.headers = extra_headers; end
31 25
32 local encoders = { 26 local encoders = {
33 lua = require "util.serialization".serialize, 27 lua = require "util.serialization".serialize,
34 json = require "util.json".encode 28 json = require "util.json".encode
35 }; 29 };
30 local decoders = {
31 lua = require "util.serialization".deserialize,
32 json = require "util.json".decode,
33 };
34 local content_type_map = {
35 ["text/x-lua"] = "lua"; lua = "text/x-lua";
36 ["application/json"] = "json"; json = "application/json";
37 }
36 --[[ 38 --[[
37 encoders.xml = function(data) 39 encoders.xml = function(data)
38 return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>"; 40 return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>";
39 end --]] 41 end --]]
40 42
43 local allowed_methods = {
44 GET = true, "GET",
45 PUT = true, "PUT",
46 POST = true, "POST",
47 }
48
41 local function handle_request(method, body, request) 49 local function handle_request(method, body, request)
42 if request.method ~= "GET" then 50 if not allowed_methods[method] then
43 return http_response(405, "Method Not Allowed", {["Allow"] = "GET"}); 51 return http_response(405, "Method Not Allowed", {["Allow"] = t_concat(allowed_methods, ", ")});
44 end -- TODO Maybe PUT? 52 end
45 53
46 if not request.headers["authorization"] then 54 if not request.headers["authorization"] then
47 return http_response(401, "Unauthorized", 55 return http_response(401, "Unauthorized",
48 {["WWW-Authenticate"]='Basic realm="WallyWorld"'}) 56 {["WWW-Authenticate"]='Basic realm="WallyWorld"'})
49 end 57 end
76 84
77 if #path < 3 then 85 if #path < 3 then
78 return http_response(404, "Not Found"); 86 return http_response(404, "Not Found");
79 end 87 end
80 88
89 local p_host, p_user, p_store, p_type = unpack(path);
90
91 if not p_store or not p_store:match("^[%a_]+$") then
92 return http_response(404, "Not Found");
93 end
94
81 if user_host ~= path[1] or user_node ~= path[2] then 95 if user_host ~= path[1] or user_node ~= path[2] then
82 -- To only give admins acces to anything, move the inside of this block after authz 96 -- To only give admins acces to anything, move the inside of this block after authz
83 module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, path[2], path[1], path[3]) 97 module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, p_user, p_host, p_store)
84 if not is_admin(user, path[1]) then 98 if not is_admin(user, p_host) then
85 return http_response(403, "Forbidden"); 99 return http_response(403, "Forbidden");
86 end 100 end
87 end 101 end
88 102
89 local data = dm_load(path[2], path[1], path[3]); 103 if method == "GET" then
90 104 local data = dm_load(p_user, p_host, p_store);
91 data = data or dm_list_load(path[2], path[1], path[3]);
92 105
93 if data and encoders[path[4] or "json"] then 106 data = data or dm_load_list(p_user, p_host, p_store);
94 return { 107
95 status = "200 OK", 108 --TODO Use the Accept header
96 body = encoders[path[4] or "json"](data) .. "\n", 109 content_type = p_type or "json";
97 headers = {["content-type"] = "text/plain; charset=utf-8"} 110 if data and encoders[content_type] then
98 --headers = {["content-type"] = encoders[data[4] or "json"].mime .. "; charset=utf-8"} 111 return {
99 -- FIXME a little nicer that the above 112 status = "200 OK",
100 -- Also, would be cooler to use the Accept header, but parsing it ... 113 body = encoders[content_type](data) .. "\n",
101 }; 114 headers = {["content-type"] = content_type_map[content_type].."; charset=utf-8"}
102 else 115 };
103 return http_response(404, "Not Found"); 116 else
117 return http_response(404, "Not Found");
118 end
119 else -- POST or PUT
120 if not body then
121 return http_response(400, "Bad Request")
122 end
123 local content_type, content = request.headers["content-type"], body;
124 content_type = content_type and content_type_map[content_type]
125 module:log("debug", "%s: %s", content_type, tostring(content));
126 content = content_type and decoders[content_type] and decoders[content_type](content);
127 module:log("debug", "%s: %s", type(content), tostring(content));
128 if not content then
129 return http_response(400, "Bad Request")
130 end
131 local ok, err
132 if method == "PUT" then
133 ok, err = dm_store(p_user, p_host, p_store, content);
134 elseif method == "POST" then
135 ok, err = dm_list_append(p_user, p_host, p_store, content);
136 elseif method == "DELETE" then
137 dm_store(p_user, p_host, p_store, nil);
138 dm_list_store(p_user, p_host, p_store, nil);
139 end
140 if ok then
141 return http_response(201, "Created", { Location = t_concat({"/data",p_host,p_user,p_store}, "/") });
142 else
143 return { status = "500 Internal Server Error", body = err }
144 end
104 end 145 end
105 end 146 end
106 147
107 local function setup() 148 local function setup()
108 local ports = module:get_option("data_access_ports") or { 5280 }; 149 local ports = module:get_option("data_access_ports") or { 5280 };