Software /
code /
prosody
Annotate
plugins/mod_websocket.lua @ 12181:783056b4e448 0.11 0.11.12
util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Mon, 10 Jan 2022 18:23:54 +0100 |
parent | 11540:1937b3c3efb5 |
child | 11560:3bbb1af92514 |
rev | line source |
---|---|
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
1 -- Prosody IM |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2012-2014 Florian Zeitz |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
3 -- |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
6 -- |
6894
f7203c7cb7ff
mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents:
6893
diff
changeset
|
7 -- luacheck: ignore 431/log |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
8 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
9 module:set_global(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
10 |
6893
861790282dda
mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents:
6793
diff
changeset
|
11 local add_task = require "util.timer".add_task; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
12 local add_filter = require "util.filters".add_filter; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
13 local sha1 = require "util.hashes".sha1; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
14 local base64 = require "util.encodings".base64.encode; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
15 local st = require "util.stanza"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
16 local parse_xml = require "util.xml".parse; |
7761
e0e1f6d6fb4f
mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents:
7760
diff
changeset
|
17 local contains_token = require "util.http".contains_token; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
18 local portmanager = require "core.portmanager"; |
6793
2bf1b7e2149a
mod_websocket: Import sessionmanager (fixes traceback)
Kim Alvefur <zash@zash.se>
parents:
6397
diff
changeset
|
19 local sm_destroy_session = require"core.sessionmanager".destroy_session; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
20 local log = module._log; |
11107
ddd0007e0f1b
mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents:
10616
diff
changeset
|
21 local dbuffer = require "util.dbuffer"; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
22 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
23 local websocket_frames = require"net.websocket.frames"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
24 local parse_frame = websocket_frames.parse; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
25 local build_frame = websocket_frames.build; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
26 local build_close = websocket_frames.build_close; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
27 local parse_close = websocket_frames.parse_close; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
28 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
29 local t_concat = table.concat; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
30 |
11540
1937b3c3efb5
mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
Matthew Wild <mwild1@gmail.com>
parents:
11113
diff
changeset
|
31 local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024 * 256); |
11109
7ec7dba7ba8b
mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents:
11108
diff
changeset
|
32 local frame_buffer_limit = module:get_option_number("websocket_frame_buffer_limit", 2 * stanza_size_limit); |
11107
ddd0007e0f1b
mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents:
10616
diff
changeset
|
33 local frame_fragment_limit = module:get_option_number("websocket_frame_fragment_limit", 8); |
6893
861790282dda
mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents:
6793
diff
changeset
|
34 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
35 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); |
7762
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
36 local cross_domain = module:get_option_set("cross_domain_websocket", {}); |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
37 if cross_domain:contains("*") or cross_domain:contains(true) then |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
38 cross_domain = true; |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
39 end |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
40 |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
41 local function check_origin(origin) |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
42 if cross_domain == true then |
7762
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
43 return true; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
44 end |
7762
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
45 return cross_domain:contains(origin); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
46 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
47 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
48 local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
49 local xmlns_streams = "http://etherx.jabber.org/streams"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
50 local xmlns_client = "jabber:client"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
51 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
52 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
53 module:depends("c2s") |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
54 local sessions = module:shared("c2s/sessions"); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
55 local c2s_listener = portmanager.get_service("c2s").listener; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
56 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
57 --- Session methods |
7938
3629f03817f8
mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents:
7937
diff
changeset
|
58 local function session_open_stream(session, from, to) |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
59 local attr = { |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
60 xmlns = xmlns_framing, |
7937
5b03a8003659
mod_websocket: Include xml:lang attribute on stream <open> (fixes #840)
Kim Alvefur <zash@zash.se>
parents:
7914
diff
changeset
|
61 ["xml:lang"] = "en", |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
62 version = "1.0", |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
63 id = session.streamid or "", |
7938
3629f03817f8
mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents:
7937
diff
changeset
|
64 from = from or session.host, to = to, |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
65 }; |
7938
3629f03817f8
mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents:
7937
diff
changeset
|
66 if session.stream_attrs then |
3629f03817f8
mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents:
7937
diff
changeset
|
67 session:stream_attrs(from, to, attr) |
3629f03817f8
mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents:
7937
diff
changeset
|
68 end |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
69 session.send(st.stanza("open", attr)); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
70 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
71 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
72 local function session_close(session, reason) |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
73 local log = session.log or log; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
74 if session.conn then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
75 if session.notopen then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
76 session:open_stream(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
77 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
78 if reason then -- nil == no err, initiated by us, false == initiated by client |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
79 local stream_error = st.stanza("stream:error"); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
80 if type(reason) == "string" then -- assume stream error |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
81 stream_error:tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
82 elseif type(reason) == "table" then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
83 if reason.condition then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
84 stream_error:tag(reason.condition, stream_xmlns_attr):up(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
85 if reason.text then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
86 stream_error:tag("text", stream_xmlns_attr):text(reason.text):up(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
87 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
88 if reason.extra then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
89 stream_error:add_child(reason.extra); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
90 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
91 elseif reason.name then -- a stanza |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
92 stream_error = reason; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
93 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
94 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
95 log("debug", "Disconnecting client, <stream:error> is: %s", tostring(stream_error)); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
96 session.send(stream_error); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
97 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
98 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
99 session.send(st.stanza("close", { xmlns = xmlns_framing })); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
100 function session.send() return false; end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
101 |
9415
02155a10c5e9
mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents:
9378
diff
changeset
|
102 -- luacheck: ignore 422/reason |
02155a10c5e9
mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents:
9378
diff
changeset
|
103 -- FIXME reason should be handled in common place |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
104 local reason = (reason and (reason.name or reason.text or reason.condition)) or reason; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
105 session.log("debug", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason or "session closed"); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
106 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
107 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
108 local conn = session.conn; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
109 if reason == nil and not session.notopen and session.type == "c2s" then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
110 -- Grace time to process data from authenticated cleanly-closed stream |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
111 add_task(stream_close_timeout, function () |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
112 if not session.destroyed then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
113 session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
114 sm_destroy_session(session, reason); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
115 conn:write(build_close(1000, "Stream closed")); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
116 conn:close(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
117 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
118 end); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
119 else |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
120 sm_destroy_session(session, reason); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
121 conn:write(build_close(1000, "Stream closed")); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
122 conn:close(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
123 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
124 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
125 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
126 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
127 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
128 --- Filters |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
129 local function filter_open_close(data) |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
130 if not data:find(xmlns_framing, 1, true) then return data; end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
131 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
132 local oc = parse_xml(data); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
133 if not oc then return data; end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
134 if oc.attr.xmlns ~= xmlns_framing then return data; end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
135 if oc.name == "close" then return "</stream:stream>"; end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
136 if oc.name == "open" then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
137 oc.name = "stream:stream"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
138 oc.attr.xmlns = nil; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
139 oc.attr["xmlns:stream"] = xmlns_streams; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
140 return oc:top_tag(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
141 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
142 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
143 return data; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
144 end |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
145 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
146 local function validate_frame(frame, max_length) |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
147 local opcode, length = frame.opcode, frame.length; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
148 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
149 if max_length and length > max_length then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
150 return false, 1009, "Payload too large"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
151 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
152 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
153 -- Error cases |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
154 if frame.RSV1 or frame.RSV2 or frame.RSV3 then -- Reserved bits non zero |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
155 return false, 1002, "Reserved bits not zero"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
156 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
157 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
158 if opcode == 0x8 and frame.data then -- close frame |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
159 if length == 1 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
160 return false, 1002, "Close frame with payload, but too short for status code"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
161 elseif length >= 2 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
162 local status_code = parse_close(frame.data) |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
163 if status_code < 1000 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
164 return false, 1002, "Closed with invalid status code"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
165 elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
166 return false, 1002, "Closed with reserved status code"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
167 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
168 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
169 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
170 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
171 if opcode >= 0x8 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
172 if length > 125 then -- Control frame with too much payload |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
173 return false, 1002, "Payload too large"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
174 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
175 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
176 if not frame.FIN then -- Fragmented control frame |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
177 return false, 1002, "Fragmented control frame"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
178 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
179 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
180 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
181 if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
182 return false, 1002, "Reserved opcode"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
183 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
184 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
185 -- Check opcode |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
186 if opcode == 0x2 then -- Binary frame |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
187 return false, 1003, "Only text frames are supported, RFC 7395 3.2"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
188 elseif opcode == 0x8 then -- Close request |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
189 return false, 1000, "Goodbye"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
190 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
191 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
192 -- Other (XMPP-specific) validity checks |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
193 if not frame.FIN then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
194 return false, 1003, "Continuation frames are not supported, RFC 7395 3.3.3"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
195 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
196 if opcode == 0x01 and frame.data and frame.data:byte(1, 1) ~= 60 then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
197 return false, 1007, "Invalid payload start character, RFC 7395 3.3.3"; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
198 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
199 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
200 return true; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
201 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
202 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
203 |
6894
f7203c7cb7ff
mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents:
6893
diff
changeset
|
204 function handle_request(event) |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
205 local request, response = event.request, event.response; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
206 local conn = response.conn; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
207 |
7914
a6eb3b6bf903
mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents:
7764
diff
changeset
|
208 conn.starttls = false; -- Prevent mod_tls from believing starttls can be done |
a6eb3b6bf903
mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents:
7764
diff
changeset
|
209 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
210 if not request.headers.sec_websocket_key then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
211 response.headers.content_type = "text/html"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
212 return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
213 <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p> |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
214 </body></html>]]; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
215 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
216 |
7761
e0e1f6d6fb4f
mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents:
7760
diff
changeset
|
217 local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp"); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
218 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
219 if not wants_xmpp then |
7760
801d4c8e0f58
mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents:
7716
diff
changeset
|
220 module:log("debug", "Client didn't want to talk XMPP, list of protocols was %s", request.headers.sec_websocket_protocol or "(empty)"); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
221 return 501; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
222 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
223 |
7762
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
224 if not check_origin(request.headers.origin or "") then |
9800
5c5117d41133
mod_websocket: Include the value of cross_domain_websocket in debug message
Kim Alvefur <zash@zash.se>
parents:
9415
diff
changeset
|
225 module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket' [ %s ]", request.headers.origin or "(missing header)", cross_domain); |
7762
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
226 return 403; |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
227 end |
2208e6cd0d9f
mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents:
7761
diff
changeset
|
228 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
229 local function websocket_close(code, message) |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
230 conn:write(build_close(code, message)); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
231 conn:close(); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
232 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
233 |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
234 local function websocket_handle_error(session, code, message) |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
235 if code == 1009 then -- stanza size limit exceeded |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
236 -- we close the session, rather than the connection, |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
237 -- otherwise a resuming client will simply resend the |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
238 -- offending stanza |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
239 session:close({ condition = "policy-violation", text = "stanza too large" }); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
240 else |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
241 websocket_close(code, message); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
242 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
243 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
244 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
245 local function handle_frame(frame) |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
246 module:log("debug", "Websocket received frame: opcode=%0x, %i bytes", frame.opcode, #frame.data); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
247 |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
248 -- Check frame makes sense |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
249 local frame_ok, err_status, err_text = validate_frame(frame, stanza_size_limit); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
250 if not frame_ok then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
251 return frame_ok, err_status, err_text; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
252 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
253 |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
254 local opcode = frame.opcode; |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
255 if opcode == 0x9 then -- Ping frame |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
256 frame.opcode = 0xA; |
10581
10d6d0d91f4e
mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484)
Kim Alvefur <zash@zash.se>
parents:
10092
diff
changeset
|
257 frame.MASK = false; -- Clients send masked frames, servers don't, see #1484 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
258 conn:write(build_frame(frame)); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
259 return ""; |
7314
e327e5b592f5
mod_websocket: Remove warning about unsolicited pong frames "MAY be sent unsolicited" per RFC 6455 (thanks mt)
Kim Alvefur <zash@zash.se>
parents:
7294
diff
changeset
|
260 elseif opcode == 0xA then -- Pong frame, MAY be sent unsolicited, eg as keepalive |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
261 return ""; |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
262 elseif opcode ~= 0x1 then -- Not text frame (which is all we support) |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
263 log("warn", "Received frame with unsupported opcode %i", opcode); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
264 return ""; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
265 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
266 |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
267 return frame.data; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
268 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
269 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
270 conn:setlistener(c2s_listener); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
271 c2s_listener.onconnect(conn); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
272 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
273 local session = sessions[conn]; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
274 |
8595
d3bbff01df9d
mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents:
8145
diff
changeset
|
275 -- Use upstream IP if a HTTP proxy was used |
d3bbff01df9d
mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents:
8145
diff
changeset
|
276 -- See mod_http and #540 |
d3bbff01df9d
mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents:
8145
diff
changeset
|
277 session.ip = request.ip; |
d3bbff01df9d
mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents:
8145
diff
changeset
|
278 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
279 session.secure = consider_websocket_secure or session.secure; |
8789
4ae8dd415e94
mod_websocket: Store the request object on the session for use by other modules
Matthew Wild <mwild1@gmail.com>
parents:
8145
diff
changeset
|
280 session.websocket_request = request; |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
281 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
282 session.open_stream = session_open_stream; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
283 session.close = session_close; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
284 |
11109
7ec7dba7ba8b
mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents:
11108
diff
changeset
|
285 local frameBuffer = dbuffer.new(frame_buffer_limit, frame_fragment_limit); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
286 add_filter(session, "bytes/in", function(data) |
11108
fa1821b56f75
mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents:
11107
diff
changeset
|
287 if not frameBuffer:write(data) then |
fa1821b56f75
mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents:
11107
diff
changeset
|
288 session.log("warn", "websocket frame buffer full - terminating session"); |
fa1821b56f75
mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents:
11107
diff
changeset
|
289 session:close({ condition = "resource-constraint", text = "frame buffer exceeded" }); |
fa1821b56f75
mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents:
11107
diff
changeset
|
290 return; |
fa1821b56f75
mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents:
11107
diff
changeset
|
291 end |
11107
ddd0007e0f1b
mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents:
10616
diff
changeset
|
292 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
293 local cache = {}; |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
294 local frame, length, partial = parse_frame(frameBuffer); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
295 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
296 while frame do |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
297 frameBuffer:discard(length); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
298 local result, err_status, err_text = handle_frame(frame); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
299 if not result then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
300 websocket_handle_error(session, err_status, err_text); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
301 break; |
11110
67fb92e312f1
mod_websocket: Enforce stanza size limit and close stream
Matthew Wild <mwild1@gmail.com>
parents:
11109
diff
changeset
|
302 end |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
303 cache[#cache+1] = filter_open_close(result); |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
304 frame, length, partial = parse_frame(frameBuffer); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
305 end |
11113
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
306 |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
307 if partial then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
308 -- The header of the next frame is already in the buffer, run |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
309 -- some early validation here |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
310 local frame_ok, err_status, err_text = validate_frame(partial, stanza_size_limit); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
311 if not frame_ok then |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
312 websocket_handle_error(session, err_status, err_text); |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
313 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
314 end |
10301c214f4e
mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents:
11111
diff
changeset
|
315 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
316 return t_concat(cache, ""); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
317 end); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
318 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
319 add_filter(session, "stanzas/out", function(stanza) |
10092
4b3c129e96f2
mod_websocket: Clone stanza before mutating (fixes #1398)
Kim Alvefur <zash@zash.se>
parents:
9805
diff
changeset
|
320 stanza = st.clone(stanza); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
321 local attr = stanza.attr; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
322 attr.xmlns = attr.xmlns or xmlns_client; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
323 if stanza.name:find("^stream:") then |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
324 attr["xmlns:stream"] = attr["xmlns:stream"] or xmlns_streams; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
325 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
326 return stanza; |
7294
5f4d0753c818
mod_websocket: Make sure stanza xmlns filter runs late in the chain
Kim Alvefur <zash@zash.se>
parents:
6894
diff
changeset
|
327 end, -1000); |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
328 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
329 add_filter(session, "bytes/out", function(data) |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
330 return build_frame({ FIN = true, opcode = 0x01, data = tostring(data)}); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
331 end); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
332 |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
333 response.status_code = 101; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
334 response.headers.upgrade = "websocket"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
335 response.headers.connection = "Upgrade"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
336 response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
337 response.headers.sec_webSocket_protocol = "xmpp"; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
338 |
10616
37936c72846d
mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents:
10581
diff
changeset
|
339 module:fire_event("websocket-session", { session = session, request = request }); |
37936c72846d
mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents:
10581
diff
changeset
|
340 |
7760
801d4c8e0f58
mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents:
7716
diff
changeset
|
341 session.log("debug", "Sending WebSocket handshake"); |
801d4c8e0f58
mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents:
7716
diff
changeset
|
342 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
343 return ""; |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
344 end |
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
345 |
7315
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
346 local function keepalive(event) |
7340
7dea28dafc49
mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents:
7315
diff
changeset
|
347 local session = event.session; |
7dea28dafc49
mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents:
7315
diff
changeset
|
348 if session.open_stream == session_open_stream then |
7716
779a9ef6b4fd
mod_websocket: Set FIN flag on ping frames (fixes #773)
Kim Alvefur <zash@zash.se>
parents:
7340
diff
changeset
|
349 return session.conn:write(build_frame({ opcode = 0x9, FIN = true })); |
7340
7dea28dafc49
mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents:
7315
diff
changeset
|
350 end |
7315
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
351 end |
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
352 |
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
353 module:hook("c2s-read-timeout", keepalive, -0.9); |
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
354 |
9378
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
355 module:depends("http"); |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
356 module:provides("http", { |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
357 name = "websocket"; |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
358 default_path = "xmpp-websocket"; |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
359 route = { |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
360 ["GET"] = handle_request; |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
361 ["GET /"] = handle_request; |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
362 }; |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
363 }); |
a6f54df39624
mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents:
8794
diff
changeset
|
364 |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
365 function module.add_host(module) |
7315
4fd984d1e445
mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents:
7314
diff
changeset
|
366 module:hook("c2s-read-timeout", keepalive, -0.9); |
7763
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
367 |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
368 if cross_domain ~= true then |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
369 local url = require "socket.url"; |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
370 local ws_url = module:http_url("websocket", "xmpp-websocket"); |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
371 local url_components = url.parse(ws_url); |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
372 -- The 'Origin' consists of the base URL without path |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
373 url_components.path = nil; |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
374 local this_origin = url.build(url_components); |
7764
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
375 local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin }); |
9805
7bfc4269dc36
mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
376 if local_cross_domain:contains(true) then |
7bfc4269dc36
mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
377 module:log("error", "cross_domain_websocket = true only works in the global section"); |
7bfc4269dc36
mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
378 return; |
7bfc4269dc36
mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
379 end |
7bfc4269dc36
mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents:
9800
diff
changeset
|
380 |
7764
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
381 -- Don't add / remove something added by another host |
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
382 -- This might be weird with random load order |
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
383 local_cross_domain:exclude(cross_domain); |
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
384 cross_domain:include(local_cross_domain); |
8145
4d0f5ea19851
mod_websocket: Convert set to string (syslog sink needs a better fix)
Kim Alvefur <zash@zash.se>
parents:
8052
diff
changeset
|
385 module:log("debug", "cross_domain = %s", tostring(cross_domain)); |
7763
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
386 function module.unload() |
7764
d6b96e42e8e6
mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents:
7763
diff
changeset
|
387 cross_domain:exclude(local_cross_domain); |
7763
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
388 end |
c5ce14539fc4
mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents:
7762
diff
changeset
|
389 end |
6397
6f75f8043936
mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
390 end |