prosody
26a004c96ef8
spec/scansion/http_upload.scs

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

spec/scansion/http_upload.scs @ 12694:26a004c96ef8

util.paseto: Implementation of PASETO v4.public tokens PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service.
author Matthew Wild <mwild1@gmail.com>
date Fri, 24 Jun 2022 17:03:28 +0100
parent 11360:f36a2e54ac81
line wrap: on
line source

# XEP-0363 HTTP Upload with mod_http_file_share

[Client] Romeo
	password: password
	jid: filesharingenthusiast@localhost/krxLaE3s

-----

Romeo connects

Romeo sends:
	<iq to='upload.localhost' type='get' id='932c02fe-4461-4ad4-9c85-54863294b4dc' xml:lang='en'>
		<request content-type='text/plain' filename='verysmall.dat' xmlns='urn:xmpp:http:upload:0' size='5'/>
	</iq>

Romeo receives:
	<iq id='932c02fe-4461-4ad4-9c85-54863294b4dc' from='upload.localhost' type='result'>
		<slot xmlns='urn:xmpp:http:upload:0'>
			<get url='{scansion:any}'/>
			<put url='{scansion:any}'>
				<header name='Authorization'></header>
			</put>
		</slot>
	</iq>

Romeo sends:
	<iq to='upload.localhost' type='get' id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' xml:lang='en'>
		<request content-type='text/plain' filename='toolarge.dat' xmlns='urn:xmpp:http:upload:0' size='10000000000'/>
	</iq>

Romeo receives:
	<iq id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' from='upload.localhost' type='error'>
		<error type='modify'>
			<not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File too large</text>
			<file-too-large xmlns='urn:xmpp:http:upload:0'>
				<max-file-size>10000000</max-file-size>
			</file-too-large>
		</error>
	</iq>

Romeo sends:
	<iq to='upload.localhost' type='get' id='497c20dd-dda2-4feb-8199-7086e203de46' xml:lang='en'>
		<request content-type='text/plain' filename='negative.dat' xmlns='urn:xmpp:http:upload:0' size='-1000'/>
	</iq>

Romeo receives:
	<iq id='497c20dd-dda2-4feb-8199-7086e203de46' from='upload.localhost' type='error'>
		<error type='modify'>
			<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File size must be positive integer</text>
		</error>
	</iq>

Romeo sends:
	<iq to='upload.localhost' type='get' id='ac56d83f-a627-4732-8399-60492d1210b6' xml:lang='en'>
		<request content-type='text/plain' filename='invalid/filename.dat' xmlns='urn:xmpp:http:upload:0' size='1000'/>
	</iq>

Romeo receives:
	<iq id='ac56d83f-a627-4732-8399-60492d1210b6' from='upload.localhost' type='error'>
		<error type='modify'>
			<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Invalid filename</text>
		</error>
	</iq>

Romeo sends:
	<iq to='upload.localhost' type='get' id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' xml:lang='en'>
		<request content-type='application/x-executable' filename='evil.exe' xmlns='urn:xmpp:http:upload:0' size='1000'/>
	</iq>

Romeo receives:
	<iq id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' from='upload.localhost' type='error'>
		<error type='modify'>
			<not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File type not allowed</text>
		</error>
	</iq>

Romeo disconnects

# recording ended on 2021-01-27T22:10:46Z