Annotate

plugins/mod_websocket.lua @ 12181:783056b4e448 0.11 0.11.12

util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
author Jonas Schäfer <jonas@wielicki.name>
date Mon, 10 Jan 2022 18:23:54 +0100
parent 11540:1937b3c3efb5
child 11560:3bbb1af92514
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
1 -- Prosody IM
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
2 -- Copyright (C) 2012-2014 Florian Zeitz
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
3 --
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
6 --
6894
f7203c7cb7ff mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents: 6893
diff changeset
7 -- luacheck: ignore 431/log
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
8
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
9 module:set_global();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
10
6893
861790282dda mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents: 6793
diff changeset
11 local add_task = require "util.timer".add_task;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
12 local add_filter = require "util.filters".add_filter;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
13 local sha1 = require "util.hashes".sha1;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
14 local base64 = require "util.encodings".base64.encode;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
15 local st = require "util.stanza";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
16 local parse_xml = require "util.xml".parse;
7761
e0e1f6d6fb4f mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents: 7760
diff changeset
17 local contains_token = require "util.http".contains_token;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
18 local portmanager = require "core.portmanager";
6793
2bf1b7e2149a mod_websocket: Import sessionmanager (fixes traceback)
Kim Alvefur <zash@zash.se>
parents: 6397
diff changeset
19 local sm_destroy_session = require"core.sessionmanager".destroy_session;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
20 local log = module._log;
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
21 local dbuffer = require "util.dbuffer";
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
22
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
23 local websocket_frames = require"net.websocket.frames";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
24 local parse_frame = websocket_frames.parse;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
25 local build_frame = websocket_frames.build;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
26 local build_close = websocket_frames.build_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
27 local parse_close = websocket_frames.parse_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
28
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
29 local t_concat = table.concat;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
30
11540
1937b3c3efb5 mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
Matthew Wild <mwild1@gmail.com>
parents: 11113
diff changeset
31 local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024 * 256);
11109
7ec7dba7ba8b mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents: 11108
diff changeset
32 local frame_buffer_limit = module:get_option_number("websocket_frame_buffer_limit", 2 * stanza_size_limit);
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
33 local frame_fragment_limit = module:get_option_number("websocket_frame_fragment_limit", 8);
6893
861790282dda mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents: 6793
diff changeset
34 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
35 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
36 local cross_domain = module:get_option_set("cross_domain_websocket", {});
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
37 if cross_domain:contains("*") or cross_domain:contains(true) then
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
38 cross_domain = true;
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
39 end
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
40
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
41 local function check_origin(origin)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
42 if cross_domain == true then
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
43 return true;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
44 end
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
45 return cross_domain:contains(origin);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
46 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
47
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
48 local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
49 local xmlns_streams = "http://etherx.jabber.org/streams";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
50 local xmlns_client = "jabber:client";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
51 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
52
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
53 module:depends("c2s")
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
54 local sessions = module:shared("c2s/sessions");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
55 local c2s_listener = portmanager.get_service("c2s").listener;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
56
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
57 --- Session methods
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
58 local function session_open_stream(session, from, to)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
59 local attr = {
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
60 xmlns = xmlns_framing,
7937
5b03a8003659 mod_websocket: Include xml:lang attribute on stream <open> (fixes #840)
Kim Alvefur <zash@zash.se>
parents: 7914
diff changeset
61 ["xml:lang"] = "en",
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
62 version = "1.0",
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
63 id = session.streamid or "",
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
64 from = from or session.host, to = to,
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
65 };
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
66 if session.stream_attrs then
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
67 session:stream_attrs(from, to, attr)
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
68 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
69 session.send(st.stanza("open", attr));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
70 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
71
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
72 local function session_close(session, reason)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
73 local log = session.log or log;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
74 if session.conn then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
75 if session.notopen then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
76 session:open_stream();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
77 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
78 if reason then -- nil == no err, initiated by us, false == initiated by client
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
79 local stream_error = st.stanza("stream:error");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
80 if type(reason) == "string" then -- assume stream error
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
81 stream_error:tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' });
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
82 elseif type(reason) == "table" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
83 if reason.condition then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
84 stream_error:tag(reason.condition, stream_xmlns_attr):up();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
85 if reason.text then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
86 stream_error:tag("text", stream_xmlns_attr):text(reason.text):up();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
87 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
88 if reason.extra then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
89 stream_error:add_child(reason.extra);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
90 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
91 elseif reason.name then -- a stanza
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
92 stream_error = reason;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
93 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
94 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
95 log("debug", "Disconnecting client, <stream:error> is: %s", tostring(stream_error));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
96 session.send(stream_error);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
97 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
98
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
99 session.send(st.stanza("close", { xmlns = xmlns_framing }));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
100 function session.send() return false; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
101
9415
02155a10c5e9 mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents: 9378
diff changeset
102 -- luacheck: ignore 422/reason
02155a10c5e9 mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents: 9378
diff changeset
103 -- FIXME reason should be handled in common place
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
104 local reason = (reason and (reason.name or reason.text or reason.condition)) or reason;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
105 session.log("debug", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason or "session closed");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
106
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
107 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
108 local conn = session.conn;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
109 if reason == nil and not session.notopen and session.type == "c2s" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
110 -- Grace time to process data from authenticated cleanly-closed stream
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
111 add_task(stream_close_timeout, function ()
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
112 if not session.destroyed then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
113 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
114 sm_destroy_session(session, reason);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
115 conn:write(build_close(1000, "Stream closed"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
116 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
117 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
118 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
119 else
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
120 sm_destroy_session(session, reason);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
121 conn:write(build_close(1000, "Stream closed"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
122 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
123 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
124 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
125 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
126
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
127
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
128 --- Filters
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
129 local function filter_open_close(data)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
130 if not data:find(xmlns_framing, 1, true) then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
131
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
132 local oc = parse_xml(data);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
133 if not oc then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
134 if oc.attr.xmlns ~= xmlns_framing then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
135 if oc.name == "close" then return "</stream:stream>"; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
136 if oc.name == "open" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
137 oc.name = "stream:stream";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
138 oc.attr.xmlns = nil;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
139 oc.attr["xmlns:stream"] = xmlns_streams;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
140 return oc:top_tag();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
141 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
142
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
143 return data;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
144 end
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
145
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
146 local function validate_frame(frame, max_length)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
147 local opcode, length = frame.opcode, frame.length;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
148
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
149 if max_length and length > max_length then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
150 return false, 1009, "Payload too large";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
151 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
152
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
153 -- Error cases
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
154 if frame.RSV1 or frame.RSV2 or frame.RSV3 then -- Reserved bits non zero
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
155 return false, 1002, "Reserved bits not zero";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
156 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
157
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
158 if opcode == 0x8 and frame.data then -- close frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
159 if length == 1 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
160 return false, 1002, "Close frame with payload, but too short for status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
161 elseif length >= 2 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
162 local status_code = parse_close(frame.data)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
163 if status_code < 1000 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
164 return false, 1002, "Closed with invalid status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
165 elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
166 return false, 1002, "Closed with reserved status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
167 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
168 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
169 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
170
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
171 if opcode >= 0x8 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
172 if length > 125 then -- Control frame with too much payload
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
173 return false, 1002, "Payload too large";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
174 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
175
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
176 if not frame.FIN then -- Fragmented control frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
177 return false, 1002, "Fragmented control frame";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
178 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
179 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
180
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
181 if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
182 return false, 1002, "Reserved opcode";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
183 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
184
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
185 -- Check opcode
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
186 if opcode == 0x2 then -- Binary frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
187 return false, 1003, "Only text frames are supported, RFC 7395 3.2";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
188 elseif opcode == 0x8 then -- Close request
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
189 return false, 1000, "Goodbye";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
190 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
191
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
192 -- Other (XMPP-specific) validity checks
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
193 if not frame.FIN then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
194 return false, 1003, "Continuation frames are not supported, RFC 7395 3.3.3";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
195 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
196 if opcode == 0x01 and frame.data and frame.data:byte(1, 1) ~= 60 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
197 return false, 1007, "Invalid payload start character, RFC 7395 3.3.3";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
198 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
199
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
200 return true;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
201 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
202
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
203
6894
f7203c7cb7ff mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents: 6893
diff changeset
204 function handle_request(event)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
205 local request, response = event.request, event.response;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
206 local conn = response.conn;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
207
7914
a6eb3b6bf903 mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents: 7764
diff changeset
208 conn.starttls = false; -- Prevent mod_tls from believing starttls can be done
a6eb3b6bf903 mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents: 7764
diff changeset
209
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
210 if not request.headers.sec_websocket_key then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
211 response.headers.content_type = "text/html";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
212 return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body>
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
213 <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p>
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
214 </body></html>]];
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
215 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
216
7761
e0e1f6d6fb4f mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents: 7760
diff changeset
217 local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp");
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
218
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
219 if not wants_xmpp then
7760
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
220 module:log("debug", "Client didn't want to talk XMPP, list of protocols was %s", request.headers.sec_websocket_protocol or "(empty)");
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
221 return 501;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
222 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
223
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
224 if not check_origin(request.headers.origin or "") then
9800
5c5117d41133 mod_websocket: Include the value of cross_domain_websocket in debug message
Kim Alvefur <zash@zash.se>
parents: 9415
diff changeset
225 module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket' [ %s ]", request.headers.origin or "(missing header)", cross_domain);
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
226 return 403;
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
227 end
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
228
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
229 local function websocket_close(code, message)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
230 conn:write(build_close(code, message));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
231 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
232 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
233
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
234 local function websocket_handle_error(session, code, message)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
235 if code == 1009 then -- stanza size limit exceeded
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
236 -- we close the session, rather than the connection,
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
237 -- otherwise a resuming client will simply resend the
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
238 -- offending stanza
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
239 session:close({ condition = "policy-violation", text = "stanza too large" });
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
240 else
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
241 websocket_close(code, message);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
242 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
243 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
244
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
245 local function handle_frame(frame)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
246 module:log("debug", "Websocket received frame: opcode=%0x, %i bytes", frame.opcode, #frame.data);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
247
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
248 -- Check frame makes sense
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
249 local frame_ok, err_status, err_text = validate_frame(frame, stanza_size_limit);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
250 if not frame_ok then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
251 return frame_ok, err_status, err_text;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
252 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
253
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
254 local opcode = frame.opcode;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
255 if opcode == 0x9 then -- Ping frame
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
256 frame.opcode = 0xA;
10581
10d6d0d91f4e mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484)
Kim Alvefur <zash@zash.se>
parents: 10092
diff changeset
257 frame.MASK = false; -- Clients send masked frames, servers don't, see #1484
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
258 conn:write(build_frame(frame));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
259 return "";
7314
e327e5b592f5 mod_websocket: Remove warning about unsolicited pong frames "MAY be sent unsolicited" per RFC 6455 (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7294
diff changeset
260 elseif opcode == 0xA then -- Pong frame, MAY be sent unsolicited, eg as keepalive
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
261 return "";
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
262 elseif opcode ~= 0x1 then -- Not text frame (which is all we support)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
263 log("warn", "Received frame with unsupported opcode %i", opcode);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
264 return "";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
265 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
266
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
267 return frame.data;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
268 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
269
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
270 conn:setlistener(c2s_listener);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
271 c2s_listener.onconnect(conn);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
272
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
273 local session = sessions[conn];
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
274
8595
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
275 -- Use upstream IP if a HTTP proxy was used
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
276 -- See mod_http and #540
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
277 session.ip = request.ip;
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
278
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
279 session.secure = consider_websocket_secure or session.secure;
8789
4ae8dd415e94 mod_websocket: Store the request object on the session for use by other modules
Matthew Wild <mwild1@gmail.com>
parents: 8145
diff changeset
280 session.websocket_request = request;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
281
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
282 session.open_stream = session_open_stream;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
283 session.close = session_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
284
11109
7ec7dba7ba8b mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents: 11108
diff changeset
285 local frameBuffer = dbuffer.new(frame_buffer_limit, frame_fragment_limit);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
286 add_filter(session, "bytes/in", function(data)
11108
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
287 if not frameBuffer:write(data) then
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
288 session.log("warn", "websocket frame buffer full - terminating session");
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
289 session:close({ condition = "resource-constraint", text = "frame buffer exceeded" });
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
290 return;
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
291 end
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
292
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
293 local cache = {};
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
294 local frame, length, partial = parse_frame(frameBuffer);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
295
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
296 while frame do
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
297 frameBuffer:discard(length);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
298 local result, err_status, err_text = handle_frame(frame);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
299 if not result then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
300 websocket_handle_error(session, err_status, err_text);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
301 break;
11110
67fb92e312f1 mod_websocket: Enforce stanza size limit and close stream
Matthew Wild <mwild1@gmail.com>
parents: 11109
diff changeset
302 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
303 cache[#cache+1] = filter_open_close(result);
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
304 frame, length, partial = parse_frame(frameBuffer);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
305 end
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
306
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
307 if partial then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
308 -- The header of the next frame is already in the buffer, run
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
309 -- some early validation here
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
310 local frame_ok, err_status, err_text = validate_frame(partial, stanza_size_limit);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
311 if not frame_ok then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
312 websocket_handle_error(session, err_status, err_text);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
313 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
314 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
315
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
316 return t_concat(cache, "");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
317 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
318
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
319 add_filter(session, "stanzas/out", function(stanza)
10092
4b3c129e96f2 mod_websocket: Clone stanza before mutating (fixes #1398)
Kim Alvefur <zash@zash.se>
parents: 9805
diff changeset
320 stanza = st.clone(stanza);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
321 local attr = stanza.attr;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
322 attr.xmlns = attr.xmlns or xmlns_client;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
323 if stanza.name:find("^stream:") then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
324 attr["xmlns:stream"] = attr["xmlns:stream"] or xmlns_streams;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
325 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
326 return stanza;
7294
5f4d0753c818 mod_websocket: Make sure stanza xmlns filter runs late in the chain
Kim Alvefur <zash@zash.se>
parents: 6894
diff changeset
327 end, -1000);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
328
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
329 add_filter(session, "bytes/out", function(data)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
330 return build_frame({ FIN = true, opcode = 0x01, data = tostring(data)});
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
331 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
332
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
333 response.status_code = 101;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
334 response.headers.upgrade = "websocket";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
335 response.headers.connection = "Upgrade";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
336 response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
337 response.headers.sec_webSocket_protocol = "xmpp";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
338
10616
37936c72846d mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents: 10581
diff changeset
339 module:fire_event("websocket-session", { session = session, request = request });
37936c72846d mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents: 10581
diff changeset
340
7760
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
341 session.log("debug", "Sending WebSocket handshake");
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
342
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
343 return "";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
344 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
345
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
346 local function keepalive(event)
7340
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
347 local session = event.session;
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
348 if session.open_stream == session_open_stream then
7716
779a9ef6b4fd mod_websocket: Set FIN flag on ping frames (fixes #773)
Kim Alvefur <zash@zash.se>
parents: 7340
diff changeset
349 return session.conn:write(build_frame({ opcode = 0x9, FIN = true }));
7340
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
350 end
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
351 end
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
352
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
353 module:hook("c2s-read-timeout", keepalive, -0.9);
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
354
9378
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
355 module:depends("http");
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
356 module:provides("http", {
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
357 name = "websocket";
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
358 default_path = "xmpp-websocket";
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
359 route = {
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
360 ["GET"] = handle_request;
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
361 ["GET /"] = handle_request;
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
362 };
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
363 });
a6f54df39624 mod_websocket: Serve HTTP in global context
Kim Alvefur <zash@zash.se>
parents: 8794
diff changeset
364
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
365 function module.add_host(module)
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
366 module:hook("c2s-read-timeout", keepalive, -0.9);
7763
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
367
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
368 if cross_domain ~= true then
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
369 local url = require "socket.url";
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
370 local ws_url = module:http_url("websocket", "xmpp-websocket");
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
371 local url_components = url.parse(ws_url);
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
372 -- The 'Origin' consists of the base URL without path
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
373 url_components.path = nil;
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
374 local this_origin = url.build(url_components);
7764
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
375 local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin });
9805
7bfc4269dc36 mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents: 9800
diff changeset
376 if local_cross_domain:contains(true) then
7bfc4269dc36 mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents: 9800
diff changeset
377 module:log("error", "cross_domain_websocket = true only works in the global section");
7bfc4269dc36 mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents: 9800
diff changeset
378 return;
7bfc4269dc36 mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents: 9800
diff changeset
379 end
7bfc4269dc36 mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section
Kim Alvefur <zash@zash.se>
parents: 9800
diff changeset
380
7764
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
381 -- Don't add / remove something added by another host
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
382 -- This might be weird with random load order
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
383 local_cross_domain:exclude(cross_domain);
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
384 cross_domain:include(local_cross_domain);
8145
4d0f5ea19851 mod_websocket: Convert set to string (syslog sink needs a better fix)
Kim Alvefur <zash@zash.se>
parents: 8052
diff changeset
385 module:log("debug", "cross_domain = %s", tostring(cross_domain));
7763
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
386 function module.unload()
7764
d6b96e42e8e6 mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host
Kim Alvefur <zash@zash.se>
parents: 7763
diff changeset
387 cross_domain:exclude(local_cross_domain);
7763
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
388 end
c5ce14539fc4 mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'
Kim Alvefur <zash@zash.se>
parents: 7762
diff changeset
389 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
390 end