Comparison

mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 4330:e655581173be

mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
author Matthew Wild <mwild1@gmail.com>
date Wed, 13 Jan 2021 14:18:24 +0000
parent 4329:2a5164162708
child 4331:2e355540f8c8
comparison
equal deleted inserted replaced
4329:2a5164162708 4330:e655581173be
56 local push_summary = event.push_summary; 56 local push_summary = event.push_summary;
57 57
58 local original_stanza = event.original_stanza; 58 local original_stanza = event.original_stanza;
59 59
60 local push_payload = { 60 local push_payload = {
61 unread = push_summary["message-count"]; 61 unread = tonumber(push_summary["message-count"]) or 1;
62 sender = push_summary["last-message-sender"]; 62 sender = jid.bare(original_stanza.attr.from);
63 message = body;
63 }; 64 };
64 65
65 if original_stanza.name == "message" then 66 if original_stanza.name == "message" then
66 if original_stanza.attr.type == "groupchat" then 67 if original_stanza.attr.type == "groupchat" then
67 push_payload.type = "groupchat"; 68 push_payload.type = "groupchat";
82 83
83 local iv = random.bytes(12); 84 local iv = random.bytes(12);
84 local key_binary = base64.decode(encryption.key_base64); 85 local key_binary = base64.decode(encryption.key_base64);
85 local push_json = json.encode(push_payload); 86 local push_json = json.encode(push_payload);
86 87
87 local encrypted_payload = ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json); 88 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
89 -- Siskin does not validate the tag anyway.
90 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
88 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) 91 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
89 :text(encrypted_payload); 92 :text(encrypted_payload);
90 -- Replace the unencrypted notification with the encrypted one 93 -- Replace the unencrypted notification with the encrypted one
91 event.notification_stanza 94 event.notification_stanza
92 :get_child("pubsub", "http://jabber.org/protocol/pubsub") 95 :get_child("pubsub", "http://jabber.org/protocol/pubsub")
93 :get_child("publish") 96 :get_child("publish")
94 :get_child("item") 97 :get_child("item")
95 :remove_children("notification", xmlns_push) 98 :remove_children("notification", xmlns_push)
96 :add_child(encrypted_element); 99 :tag("notification", { xmlns = xmlns_push })
100 :add_child(encrypted_element)
101 :up();
97 end 102 end
98 103
99 module:hook("cloud_notify/registration", handle_register); 104 module:hook("cloud_notify/registration", handle_register);
100 module:hook("cloud_notify/push", handle_push); 105 module:hook("cloud_notify/push", handle_push);