prosody
989acb4ad1de
plugins/mod_pubsub.lua
Software / code / prosody
Comparison
plugins/mod_pubsub.lua @ 5318:989acb4ad1de
mod_pubsub: More strict checks for node and ids
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 31 Jan 2013 15:33:41 +0100 |
| parent | 5317:86fab046813f |
| child | 5320:518d864b2ab8 |
comparison
equal
deleted
inserted
replaced
| 5317:86fab046813f | 5318:989acb4ad1de |
|---|---|
| 30 end | 30 end |
| 31 | 31 |
| 32 local pubsub_errors = { | 32 local pubsub_errors = { |
| 33 ["conflict"] = { "cancel", "conflict" }; | 33 ["conflict"] = { "cancel", "conflict" }; |
| 34 ["invalid-jid"] = { "modify", "bad-request", nil, "invalid-jid" }; | 34 ["invalid-jid"] = { "modify", "bad-request", nil, "invalid-jid" }; |
| 35 ["jid-required"] = { "modify", "bad-request", nil, "jid-required" }; | |
| 36 ["nodeid-required"] = { "modify", "bad-request", nil, "nodeid-required" }; | |
| 35 ["item-not-found"] = { "cancel", "item-not-found" }; | 37 ["item-not-found"] = { "cancel", "item-not-found" }; |
| 36 ["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" }; | 38 ["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" }; |
| 37 ["forbidden"] = { "cancel", "forbidden" }; | 39 ["forbidden"] = { "cancel", "forbidden" }; |
| 38 }; | 40 }; |
| 39 function pubsub_error_reply(stanza, error) | 41 function pubsub_error_reply(stanza, error) |
| 48 function handlers.get_items(origin, stanza, items) | 50 function handlers.get_items(origin, stanza, items) |
| 49 local node = items.attr.node; | 51 local node = items.attr.node; |
| 50 local item = items:get_child("item"); | 52 local item = items:get_child("item"); |
| 51 local id = item and item.attr.id; | 53 local id = item and item.attr.id; |
| 52 | 54 |
| 55 if not node then | |
| 56 return origin.send(pubsub_error_reply(stanza, "nodeid-required")); | |
| 57 end | |
| 53 local ok, results = service:get_items(node, stanza.attr.from, id); | 58 local ok, results = service:get_items(node, stanza.attr.from, id); |
| 54 if not ok then | 59 if not ok then |
| 55 return origin.send(pubsub_error_reply(stanza, results)); | 60 return origin.send(pubsub_error_reply(stanza, results)); |
| 56 end | 61 end |
| 57 | 62 |
| 70 return origin.send(reply); | 75 return origin.send(reply); |
| 71 end | 76 end |
| 72 | 77 |
| 73 function handlers.get_subscriptions(origin, stanza, subscriptions) | 78 function handlers.get_subscriptions(origin, stanza, subscriptions) |
| 74 local node = subscriptions.attr.node; | 79 local node = subscriptions.attr.node; |
| 80 if not node then | |
| 81 return origin.send(pubsub_error_reply(stanza, "nodeid-required")); | |
| 82 end | |
| 75 local ok, ret = service:get_subscriptions(node, stanza.attr.from, stanza.attr.from); | 83 local ok, ret = service:get_subscriptions(node, stanza.attr.from, stanza.attr.from); |
| 76 if not ok then | 84 if not ok then |
| 77 return origin.send(pubsub_error_reply(stanza, ret)); | 85 return origin.send(pubsub_error_reply(stanza, ret)); |
| 78 end | 86 end |
| 79 local reply = st.reply(stanza) | 87 local reply = st.reply(stanza) |
| 111 return origin.send(reply); | 119 return origin.send(reply); |
| 112 end | 120 end |
| 113 | 121 |
| 114 function handlers.set_subscribe(origin, stanza, subscribe) | 122 function handlers.set_subscribe(origin, stanza, subscribe) |
| 115 local node, jid = subscribe.attr.node, subscribe.attr.jid; | 123 local node, jid = subscribe.attr.node, subscribe.attr.jid; |
| 124 if not (node and jid) then | |
| 125 return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); | |
| 126 end | |
| 116 --[[ | 127 --[[ |
| 117 local options_tag, options = stanza.tags[1]:get_child("options"), nil; | 128 local options_tag, options = stanza.tags[1]:get_child("options"), nil; |
| 118 if options_tag then | 129 if options_tag then |
| 119 options = options_form:data(options_tag.tags[1]); | 130 options = options_form:data(options_tag.tags[1]); |
| 120 end | 131 end |
| 149 end | 160 end |
| 150 end | 161 end |
| 151 | 162 |
| 152 function handlers.set_unsubscribe(origin, stanza, unsubscribe) | 163 function handlers.set_unsubscribe(origin, stanza, unsubscribe) |
| 153 local node, jid = unsubscribe.attr.node, unsubscribe.attr.jid; | 164 local node, jid = unsubscribe.attr.node, unsubscribe.attr.jid; |
| 165 if not (node and jid) then | |
| 166 return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); | |
| 167 end | |
| 154 local ok, ret = service:remove_subscription(node, stanza.attr.from, jid); | 168 local ok, ret = service:remove_subscription(node, stanza.attr.from, jid); |
| 155 local reply; | 169 local reply; |
| 156 if ok then | 170 if ok then |
| 157 reply = st.reply(stanza); | 171 reply = st.reply(stanza); |
| 158 else | 172 else |
| 161 return origin.send(reply); | 175 return origin.send(reply); |
| 162 end | 176 end |
| 163 | 177 |
| 164 function handlers.set_publish(origin, stanza, publish) | 178 function handlers.set_publish(origin, stanza, publish) |
| 165 local node = publish.attr.node; | 179 local node = publish.attr.node; |
| 180 if not node then | |
| 181 return origin.send(pubsub_error_reply(stanza, "nodeid-required")); | |
| 182 end | |
| 166 local item = publish:get_child("item"); | 183 local item = publish:get_child("item"); |
| 167 local id = (item and item.attr.id) or uuid_generate(); | 184 local id = (item and item.attr.id) or uuid_generate(); |
| 168 local ok, ret = service:publish(node, stanza.attr.from, id, item); | 185 local ok, ret = service:publish(node, stanza.attr.from, id, item); |
| 169 local reply; | 186 local reply; |
| 170 if ok then | 187 if ok then |
| 182 local node, notify = retract.attr.node, retract.attr.notify; | 199 local node, notify = retract.attr.node, retract.attr.notify; |
| 183 notify = (notify == "1") or (notify == "true"); | 200 notify = (notify == "1") or (notify == "true"); |
| 184 local item = retract:get_child("item"); | 201 local item = retract:get_child("item"); |
| 185 local id = item and item.attr.id | 202 local id = item and item.attr.id |
| 186 if not (node and id) then | 203 if not (node and id) then |
| 187 origin.send(st.error_reply(stanza, "modify", "bad-request")); | 204 return origin.send(pubsub_error_reply(stanza, node and "item-not-found" or "nodeid-required")); |
| 188 return true; | |
| 189 end | 205 end |
| 190 local reply, notifier; | 206 local reply, notifier; |
| 191 if notify then | 207 if notify then |
| 192 notifier = st.stanza("retract", { id = id }); | 208 notifier = st.stanza("retract", { id = id }); |
| 193 end | 209 end |
| 203 function handlers.set_purge(origin, stanza, purge) | 219 function handlers.set_purge(origin, stanza, purge) |
| 204 local node, notify = purge.attr.node, purge.attr.notify; | 220 local node, notify = purge.attr.node, purge.attr.notify; |
| 205 notify = (notify == "1") or (notify == "true"); | 221 notify = (notify == "1") or (notify == "true"); |
| 206 local reply; | 222 local reply; |
| 207 if not node then | 223 if not node then |
| 208 origin.send(st.error_reply(stanza, "modify", "bad-request")); | 224 return origin.send(pubsub_error_reply(stanza, "nodeid-required")); |
| 209 return true; | |
| 210 end | 225 end |
| 211 local ok, ret = service:purge(node, stanza.attr.from, notify); | 226 local ok, ret = service:purge(node, stanza.attr.from, notify); |
| 212 if ok then | 227 if ok then |
| 213 reply = st.reply(stanza); | 228 reply = st.reply(stanza); |
| 214 else | 229 else |
