Annotate

plugins/mod_websocket.lua @ 12115:94de6b7596cc

mod_tombstones: Remember deleted accounts #1307 Presence subscriptions are normally revoked on account deletion, which informs the contact. Sometimes this notification gets lost e.g. due to s2s problems. The accounts JID may also be present e.g. in MUC affiliations, chat group member lists, pubsub subscriptions or other systems. These may grant privileges which would fall to someone who creates the same account again, which this module is meant to prevent.
author Kim Alvefur <zash@zash.se>
date Thu, 23 Dec 2021 14:08:20 +0100
parent 11868:ae093c259da2
child 12263:168970ce8543
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
1 -- Prosody IM
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
2 -- Copyright (C) 2012-2014 Florian Zeitz
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
3 --
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
6 --
6894
f7203c7cb7ff mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents: 6893
diff changeset
7 -- luacheck: ignore 431/log
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
8
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
9 module:set_global();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
10
6893
861790282dda mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents: 6793
diff changeset
11 local add_task = require "util.timer".add_task;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
12 local add_filter = require "util.filters".add_filter;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
13 local sha1 = require "util.hashes".sha1;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
14 local base64 = require "util.encodings".base64.encode;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
15 local st = require "util.stanza";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
16 local parse_xml = require "util.xml".parse;
7761
e0e1f6d6fb4f mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents: 7760
diff changeset
17 local contains_token = require "util.http".contains_token;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
18 local portmanager = require "core.portmanager";
6793
2bf1b7e2149a mod_websocket: Import sessionmanager (fixes traceback)
Kim Alvefur <zash@zash.se>
parents: 6397
diff changeset
19 local sm_destroy_session = require"core.sessionmanager".destroy_session;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
20 local log = module._log;
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
21 local dbuffer = require "util.dbuffer";
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
22
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
23 local websocket_frames = require"net.websocket.frames";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
24 local parse_frame = websocket_frames.parse;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
25 local build_frame = websocket_frames.build;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
26 local build_close = websocket_frames.build_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
27 local parse_close = websocket_frames.parse_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
28
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
29 local t_concat = table.concat;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
30
11540
1937b3c3efb5 mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
Matthew Wild <mwild1@gmail.com>
parents: 11113
diff changeset
31 local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024 * 256);
11109
7ec7dba7ba8b mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents: 11108
diff changeset
32 local frame_buffer_limit = module:get_option_number("websocket_frame_buffer_limit", 2 * stanza_size_limit);
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
33 local frame_fragment_limit = module:get_option_number("websocket_frame_fragment_limit", 8);
6893
861790282dda mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)
Kim Alvefur <zash@zash.se>
parents: 6793
diff changeset
34 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
35 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
9795
02735bc82126 mod_websocket: Drop CORS code in favor of that in mod_http
Kim Alvefur <zash@zash.se>
parents: 9415
diff changeset
36 local cross_domain = module:get_option("cross_domain_websocket");
02735bc82126 mod_websocket: Drop CORS code in favor of that in mod_http
Kim Alvefur <zash@zash.se>
parents: 9415
diff changeset
37 if cross_domain ~= nil then
02735bc82126 mod_websocket: Drop CORS code in favor of that in mod_http
Kim Alvefur <zash@zash.se>
parents: 9415
diff changeset
38 module:log("info", "The 'cross_domain_websocket' option has been deprecated");
7762
2208e6cd0d9f mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652)
Kim Alvefur <zash@zash.se>
parents: 7761
diff changeset
39 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
40 local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
41 local xmlns_streams = "http://etherx.jabber.org/streams";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
42 local xmlns_client = "jabber:client";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
43 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
44
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
45 module:depends("c2s")
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
46 local sessions = module:shared("c2s/sessions");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
47 local c2s_listener = portmanager.get_service("c2s").listener;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
48
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
49 --- Session methods
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
50 local function session_open_stream(session, from, to)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
51 local attr = {
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
52 xmlns = xmlns_framing,
7937
5b03a8003659 mod_websocket: Include xml:lang attribute on stream <open> (fixes #840)
Kim Alvefur <zash@zash.se>
parents: 7914
diff changeset
53 ["xml:lang"] = "en",
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
54 version = "1.0",
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
55 id = session.streamid or "",
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
56 from = from or session.host, to = to,
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
57 };
7938
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
58 if session.stream_attrs then
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
59 session:stream_attrs(from, to, attr)
3629f03817f8 mod_websocket: Make open_stream method behave like the one from util.xmppstream
Kim Alvefur <zash@zash.se>
parents: 7937
diff changeset
60 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
61 session.send(st.stanza("open", attr));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
62 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
63
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
64 local function session_close(session, reason)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
65 local log = session.log or log;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
66 if session.conn then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
67 if session.notopen then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
68 session:open_stream();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
69 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
70 if reason then -- nil == no err, initiated by us, false == initiated by client
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
71 local stream_error = st.stanza("stream:error");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
72 if type(reason) == "string" then -- assume stream error
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
73 stream_error:tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' });
11868
ae093c259da2 mod_c2s,etc: Identify stanza object with appropriate function
Kim Alvefur <zash@zash.se>
parents: 11771
diff changeset
74 elseif st.is_stanza(reason) then
ae093c259da2 mod_c2s,etc: Identify stanza object with appropriate function
Kim Alvefur <zash@zash.se>
parents: 11771
diff changeset
75 stream_error = reason;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
76 elseif type(reason) == "table" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
77 if reason.condition then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
78 stream_error:tag(reason.condition, stream_xmlns_attr):up();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
79 if reason.text then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
80 stream_error:tag("text", stream_xmlns_attr):text(reason.text):up();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
81 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
82 if reason.extra then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
83 stream_error:add_child(reason.extra);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
84 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
85 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
86 end
10111
0f335815244f plugins: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents: 10097
diff changeset
87 log("debug", "Disconnecting client, <stream:error> is: %s", stream_error);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
88 session.send(stream_error);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
89 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
90
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
91 session.send(st.stanza("close", { xmlns = xmlns_framing }));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
92 function session.send() return false; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
93
9415
02155a10c5e9 mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents: 9378
diff changeset
94 -- luacheck: ignore 422/reason
02155a10c5e9 mod_websocket: Silence the one warning instead of ignoring the entire file
Kim Alvefur <zash@zash.se>
parents: 9378
diff changeset
95 -- FIXME reason should be handled in common place
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
96 local reason = (reason and (reason.name or reason.text or reason.condition)) or reason;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
97 session.log("debug", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason or "session closed");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
98
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
99 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
100 local conn = session.conn;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
101 if reason == nil and not session.notopen and session.type == "c2s" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
102 -- Grace time to process data from authenticated cleanly-closed stream
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
103 add_task(stream_close_timeout, function ()
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
104 if not session.destroyed then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
105 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
106 sm_destroy_session(session, reason);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
107 conn:write(build_close(1000, "Stream closed"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
108 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
109 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
110 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
111 else
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
112 sm_destroy_session(session, reason);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
113 conn:write(build_close(1000, "Stream closed"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
114 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
115 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
116 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
117 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
118
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
119
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
120 --- Filters
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
121 local function filter_open_close(data)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
122 if not data:find(xmlns_framing, 1, true) then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
123
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
124 local oc = parse_xml(data);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
125 if not oc then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
126 if oc.attr.xmlns ~= xmlns_framing then return data; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
127 if oc.name == "close" then return "</stream:stream>"; end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
128 if oc.name == "open" then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
129 oc.name = "stream:stream";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
130 oc.attr.xmlns = nil;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
131 oc.attr["xmlns:stream"] = xmlns_streams;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
132 return oc:top_tag();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
133 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
134
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
135 return data;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
136 end
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
137
11393
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
138 local default_get_response_text = "It works! Now point your WebSocket client to this URL to connect to Prosody."
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
139 local websocket_get_response_text = module:get_option_string("websocket_get_response_text", default_get_response_text)
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
140
10728
2764beb552cd mod_bosh, mod_websocket: Add config options to override GET responses
Matthew Wild <mwild1@gmail.com>
parents: 10617
diff changeset
141 local default_get_response_body = [[<!DOCTYPE html><html><head><title>Websocket</title></head><body>
11393
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
142 <p>]]..websocket_get_response_text..[[</p>
10728
2764beb552cd mod_bosh, mod_websocket: Add config options to override GET responses
Matthew Wild <mwild1@gmail.com>
parents: 10617
diff changeset
143 </body></html>]]
2764beb552cd mod_bosh, mod_websocket: Add config options to override GET responses
Matthew Wild <mwild1@gmail.com>
parents: 10617
diff changeset
144 local websocket_get_response_body = module:get_option_string("websocket_get_response_body", default_get_response_body)
2764beb552cd mod_bosh, mod_websocket: Add config options to override GET responses
Matthew Wild <mwild1@gmail.com>
parents: 10617
diff changeset
145
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
146 local function validate_frame(frame, max_length)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
147 local opcode, length = frame.opcode, frame.length;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
148
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
149 if max_length and length > max_length then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
150 return false, 1009, "Payload too large";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
151 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
152
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
153 -- Error cases
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
154 if frame.RSV1 or frame.RSV2 or frame.RSV3 then -- Reserved bits non zero
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
155 return false, 1002, "Reserved bits not zero";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
156 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
157
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
158 if opcode == 0x8 and frame.data then -- close frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
159 if length == 1 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
160 return false, 1002, "Close frame with payload, but too short for status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
161 elseif length >= 2 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
162 local status_code = parse_close(frame.data)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
163 if status_code < 1000 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
164 return false, 1002, "Closed with invalid status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
165 elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
166 return false, 1002, "Closed with reserved status code";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
167 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
168 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
169 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
170
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
171 if opcode >= 0x8 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
172 if length > 125 then -- Control frame with too much payload
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
173 return false, 1002, "Payload too large";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
174 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
175
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
176 if not frame.FIN then -- Fragmented control frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
177 return false, 1002, "Fragmented control frame";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
178 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
179 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
180
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
181 if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
182 return false, 1002, "Reserved opcode";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
183 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
184
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
185 -- Check opcode
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
186 if opcode == 0x2 then -- Binary frame
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
187 return false, 1003, "Only text frames are supported, RFC 7395 3.2";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
188 elseif opcode == 0x8 then -- Close request
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
189 return false, 1000, "Goodbye";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
190 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
191
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
192 -- Other (XMPP-specific) validity checks
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
193 if not frame.FIN then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
194 return false, 1003, "Continuation frames are not supported, RFC 7395 3.3.3";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
195 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
196 if opcode == 0x01 and frame.data and frame.data:byte(1, 1) ~= 60 then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
197 return false, 1007, "Invalid payload start character, RFC 7395 3.3.3";
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
198 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
199
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
200 return true;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
201 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
202
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
203
6894
f7203c7cb7ff mod_websocket: Silence luacheck warnings
Kim Alvefur <zash@zash.se>
parents: 6893
diff changeset
204 function handle_request(event)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
205 local request, response = event.request, event.response;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
206 local conn = response.conn;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
207
7914
a6eb3b6bf903 mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents: 7764
diff changeset
208 conn.starttls = false; -- Prevent mod_tls from believing starttls can be done
a6eb3b6bf903 mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837)
Kim Alvefur <zash@zash.se>
parents: 7764
diff changeset
209
10325
f2bbad04cf64 mod_websocket: Guard against upgrading to websocket from a HEAD request
Kim Alvefur <zash@zash.se>
parents: 10111
diff changeset
210 if not request.headers.sec_websocket_key or request.method ~= "GET" then
11393
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
211 return module:fire_event("http-message", {
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
212 response = event.response;
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
213 ---
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
214 title = "Prosody WebSocket endpoint";
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
215 message = websocket_get_response_text;
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
216 warning = not (consider_websocket_secure or request.secure) and "This endpoint is not considered secure!" or nil;
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
217 }) or websocket_get_response_body;
e6122e6a40a0 mod_websocket: Use mod_http_errors html template #1172
Kim Alvefur <zash@zash.se>
parents: 11384
diff changeset
218 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
219
7761
e0e1f6d6fb4f mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP
Kim Alvefur <zash@zash.se>
parents: 7760
diff changeset
220 local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp");
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
221
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
222 if not wants_xmpp then
7760
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
223 module:log("debug", "Client didn't want to talk XMPP, list of protocols was %s", request.headers.sec_websocket_protocol or "(empty)");
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
224 return 501;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
225 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
226
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
227 local function websocket_close(code, message)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
228 conn:write(build_close(code, message));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
229 conn:close();
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
230 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
231
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
232 local function websocket_handle_error(session, code, message)
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
233 if code == 1009 then -- stanza size limit exceeded
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
234 -- we close the session, rather than the connection,
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
235 -- otherwise a resuming client will simply resend the
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
236 -- offending stanza
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
237 session:close({ condition = "policy-violation", text = "stanza too large" });
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
238 else
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
239 websocket_close(code, message);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
240 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
241 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
242
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
243 local function handle_frame(frame)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
244 module:log("debug", "Websocket received frame: opcode=%0x, %i bytes", frame.opcode, #frame.data);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
245
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
246 -- Check frame makes sense
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
247 local frame_ok, err_status, err_text = validate_frame(frame, stanza_size_limit);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
248 if not frame_ok then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
249 return frame_ok, err_status, err_text;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
250 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
251
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
252 local opcode = frame.opcode;
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
253 if opcode == 0x9 then -- Ping frame
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
254 frame.opcode = 0xA;
10581
10d6d0d91f4e mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484)
Kim Alvefur <zash@zash.se>
parents: 10092
diff changeset
255 frame.MASK = false; -- Clients send masked frames, servers don't, see #1484
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
256 conn:write(build_frame(frame));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
257 return "";
7314
e327e5b592f5 mod_websocket: Remove warning about unsolicited pong frames "MAY be sent unsolicited" per RFC 6455 (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7294
diff changeset
258 elseif opcode == 0xA then -- Pong frame, MAY be sent unsolicited, eg as keepalive
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
259 return "";
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
260 elseif opcode ~= 0x1 then -- Not text frame (which is all we support)
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
261 log("warn", "Received frame with unsupported opcode %i", opcode);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
262 return "";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
263 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
264
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
265 return frame.data;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
266 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
267
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
268 conn:setlistener(c2s_listener);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
269 c2s_listener.onconnect(conn);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
270
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
271 local session = sessions[conn];
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
272
8595
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
273 -- Use upstream IP if a HTTP proxy was used
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
274 -- See mod_http and #540
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
275 session.ip = request.ip;
d3bbff01df9d mod_websocket: Transfer IP address derived by mod_http
Kim Alvefur <zash@zash.se>
parents: 8145
diff changeset
276
11384
f9edf26c66fc mod_websocket: Inherit security status from http request
Kim Alvefur <zash@zash.se>
parents: 11114
diff changeset
277 session.secure = consider_websocket_secure or request.secure or session.secure;
8789
4ae8dd415e94 mod_websocket: Store the request object on the session for use by other modules
Matthew Wild <mwild1@gmail.com>
parents: 8145
diff changeset
278 session.websocket_request = request;
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
279
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
280 session.open_stream = session_open_stream;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
281 session.close = session_close;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
282
11109
7ec7dba7ba8b mod_websocket: Add separate limit for frame buffer size
Matthew Wild <mwild1@gmail.com>
parents: 11108
diff changeset
283 local frameBuffer = dbuffer.new(frame_buffer_limit, frame_fragment_limit);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
284 add_filter(session, "bytes/in", function(data)
11108
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
285 if not frameBuffer:write(data) then
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
286 session.log("warn", "websocket frame buffer full - terminating session");
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
287 session:close({ condition = "resource-constraint", text = "frame buffer exceeded" });
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
288 return;
fa1821b56f75 mod_websocket: handle full frame buffer and raise stream error
Matthew Wild <mwild1@gmail.com>
parents: 11107
diff changeset
289 end
11107
ddd0007e0f1b mod_websocket: Switch partial frame buffering to util.dbuffer
Matthew Wild <mwild1@gmail.com>
parents: 10616
diff changeset
290
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
291 local cache = {};
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
292 local frame, length, partial = parse_frame(frameBuffer);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
293
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
294 while frame do
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
295 frameBuffer:discard(length);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
296 local result, err_status, err_text = handle_frame(frame);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
297 if not result then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
298 websocket_handle_error(session, err_status, err_text);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
299 break;
11110
67fb92e312f1 mod_websocket: Enforce stanza size limit and close stream
Matthew Wild <mwild1@gmail.com>
parents: 11109
diff changeset
300 end
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
301 cache[#cache+1] = filter_open_close(result);
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
302 frame, length, partial = parse_frame(frameBuffer);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
303 end
11113
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
304
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
305 if partial then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
306 -- The header of the next frame is already in the buffer, run
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
307 -- some early validation here
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
308 local frame_ok, err_status, err_text = validate_frame(partial, stanza_size_limit);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
309 if not frame_ok then
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
310 websocket_handle_error(session, err_status, err_text);
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
311 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
312 end
10301c214f4e mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints
Matthew Wild <mwild1@gmail.com>
parents: 11111
diff changeset
313
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
314 return t_concat(cache, "");
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
315 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
316
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
317 add_filter(session, "stanzas/out", function(stanza)
10092
4b3c129e96f2 mod_websocket: Clone stanza before mutating (fixes #1398)
Kim Alvefur <zash@zash.se>
parents: 9805
diff changeset
318 stanza = st.clone(stanza);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
319 local attr = stanza.attr;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
320 attr.xmlns = attr.xmlns or xmlns_client;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
321 if stanza.name:find("^stream:") then
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
322 attr["xmlns:stream"] = attr["xmlns:stream"] or xmlns_streams;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
323 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
324 return stanza;
7294
5f4d0753c818 mod_websocket: Make sure stanza xmlns filter runs late in the chain
Kim Alvefur <zash@zash.se>
parents: 6894
diff changeset
325 end, -1000);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
326
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
327 add_filter(session, "bytes/out", function(data)
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
328 return build_frame({ FIN = true, opcode = 0x01, data = tostring(data)});
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
329 end);
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
330
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
331 response.status_code = 101;
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
332 response.headers.upgrade = "websocket";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
333 response.headers.connection = "Upgrade";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
334 response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"));
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
335 response.headers.sec_webSocket_protocol = "xmpp";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
336
10616
37936c72846d mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents: 10581
diff changeset
337 module:fire_event("websocket-session", { session = session, request = request });
37936c72846d mod_websocket: Fire event on session creation (thanks Aaron van Meerten)
Matthew Wild <mwild1@gmail.com>
parents: 10581
diff changeset
338
7760
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
339 session.log("debug", "Sending WebSocket handshake");
801d4c8e0f58 mod_websocket: Add some debug messages
Kim Alvefur <zash@zash.se>
parents: 7716
diff changeset
340
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
341 return "";
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
342 end
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
343
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
344 local function keepalive(event)
7340
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
345 local session = event.session;
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
346 if session.open_stream == session_open_stream then
7716
779a9ef6b4fd mod_websocket: Set FIN flag on ping frames (fixes #773)
Kim Alvefur <zash@zash.se>
parents: 7340
diff changeset
347 return session.conn:write(build_frame({ opcode = 0x9, FIN = true }));
7340
7dea28dafc49 mod_websocket: Fix read timeout handler (thanks mt)
Kim Alvefur <zash@zash.se>
parents: 7315
diff changeset
348 end
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
349 end
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
350
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
351 function module.add_host(module)
7315
4fd984d1e445 mod_websocket: Send a ping on read timeout
Kim Alvefur <zash@zash.se>
parents: 7314
diff changeset
352 module:hook("c2s-read-timeout", keepalive, -0.9);
11771
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
353
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
354 module:depends("http");
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
355 module:provides("http", {
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
356 name = "websocket";
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
357 default_path = "xmpp-websocket";
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
358 route = {
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
359 ["GET"] = handle_request;
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
360 ["GET /"] = handle_request;
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
361 };
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
362 });
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
363
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
364 module:hook("c2s-read-timeout", keepalive, -0.9);
6397
6f75f8043936 mod_websocket: Initial commit (based on the prosody-modules version)
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff changeset
365 end
11771
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
366
4c0802b52673 mod_bosh,mod_websocket: Make into global-shared modules (...again)
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
367 module:add_host();