Software /
code /
prosody-modules
File
mod_invites_page/mod_invites_page.lua @ 5511:0860497152af
mod_http_oauth2: Record hash of client_id to allow future verification
RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the
client. In order to do that, we must record something that can
definitely tie the client to the grant. Since the full client_id is so
large (why we have this client_subset function), a hash is stored
instead.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 02 Jun 2023 10:14:16 +0200 |
parent | 4976:75b6e5df65f9 |
child | 5630:efdaffc878a9 |
line wrap: on
line source
local st = require "util.stanza"; local url_escape = require "util.http".urlencode; local base_url = "https://"..module.host.."/"; local render_html_template = require"util.interpolation".new("%b{}", st.xml_escape, { urlescape = url_escape; lower = string.lower; classname = function (s) return (s:gsub("%W+", "-")); end; relurl = function (s) if s:match("^%w+://") then return s; end return base_url.."/"..s; end; }); local render_url = require "util.interpolation".new("%b{}", url_escape, { urlescape = url_escape; noscheme = function (url) return (url:gsub("^[^:]+:", "")); end; }); local site_name = module:get_option_string("site_name", module.host); local site_apps; -- Enable/disable built-in invite pages local external_only = module:get_option_boolean("invites_page_external", false); local http_files; if not external_only then -- Load HTTP-serving dependencies if prosody.shutdown then -- not if running under prosodyctl module:depends("http"); if prosody.process_type == "prosody" then http_files = require "net.http.files"; else http_files = module:depends"http_files"; end end -- Calculate automatic base_url default base_url = module.http_url and module:http_url(); -- Load site apps info module:depends("register_apps"); site_apps = module:shared("register_apps/apps"); end local invites = module:depends("invites"); -- Point at eg https://github.com/ge0rg/easy-xmpp-invitation -- This URL must always be absolute, as it is shared standalone local invite_url_template = module:get_option_string("invites_page", base_url and (base_url.."?{invite.token}") or nil); -- This URL is relative to the invite page, or can be absolute local register_url_template = module:get_option_string("invites_registration_page", "register?t={invite.token}&c={app.id}"); local function add_landing_url(invite) if not invite_url_template then return; end -- TODO: we don't currently have a landing page for subscription-only invites, -- so the user will only receive a URI. The client should be able to handle this -- by automatically falling back to a client-specific landing page, per XEP-0401. if not invite.allow_registration then return; end invite.landing_page = render_url(invite_url_template, { host = module.host, invite = invite }); end module:hook("invite-created", add_landing_url); if external_only then return; end local function render_app_urls(apps, invite_vars) local rendered_apps = {}; for _, unrendered_app in ipairs(apps) do local app = setmetatable({}, { __index = unrendered_app }); local template_vars = { app = app, invite = invite_vars, base_url = base_url }; if app.magic_link_format then -- Magic link generally links directly to third-party app.proceed_url = render_url(app.magic_link_format or app.link or "#", template_vars); elseif app.supports_preauth_uri then -- Proceed to a page that guides the user to download, and then -- click the URI button app.proceed_url = render_url("{base_url!}/setup/{app.id}?{invite.token}", template_vars); else -- Manual means proceed to web registration, but include app id -- so it can show post-registration instructions app.proceed_url = render_url(register_url_template, template_vars); end table.insert(rendered_apps, app); end return rendered_apps; end function serve_invite_page(event) local invite_page_template = assert(module:load_resource("html/invite.html")):read("*a"); local invalid_invite_page_template = assert(module:load_resource("html/invite_invalid.html")):read("*a"); event.response.headers["Content-Type"] = "text/html; charset=utf-8"; local invite = invites.get(event.request.url.query); if not invite then return render_html_template(invalid_invite_page_template, { site_name = site_name; static = base_url.."/static"; }); end local template_vars = { site_name = site_name; token = invite.token; uri = invite.uri; type = invite.type; jid = invite.jid; inviter = invite.inviter; static = base_url.."/static"; }; template_vars.apps = render_app_urls(site_apps, template_vars); local invite_page = render_html_template(invite_page_template, template_vars); event.response.headers["Link"] = ([[<%s>; rel="alternate"]]):format(template_vars.uri); return invite_page; end function serve_setup_page(event, app_id) local invite_page_template = assert(module:load_resource("html/client.html")):read("*a"); local invalid_invite_page_template = assert(module:load_resource("html/invite_invalid.html")):read("*a"); event.response.headers["Content-Type"] = "text/html; charset=utf-8"; local invite = invites.get(event.request.url.query); if not invite then return render_html_template(invalid_invite_page_template, { site_name = site_name; static = base_url.."/static"; }); end local template_vars = { site_name = site_name; apps = site_apps; token = invite.token; uri = invite.uri; type = invite.type; jid = invite.jid; static = base_url.."/static"; }; template_vars.app = render_app_urls({ site_apps[app_id] }, template_vars)[1]; local invite_page = render_html_template(invite_page_template, template_vars); return invite_page; end local mime_map = { png = "image/png"; svg = "image/svg+xml"; js = "application/javascript"; }; module:provides("http", { route = { ["GET"] = serve_invite_page; ["GET /setup/*"] = serve_setup_page; ["GET /static/*"] = http_files and http_files.serve({ path = module:get_directory().."/static", mime_map = mime_map }); }; });