# HG changeset patch # User Kim Alvefur # Date 1461078642 -7200 # Node ID c8923f882274f930fc7c6d88120d948824170870 # Parent 9b37aaea68e99cb94d685a2e098231e450a30287# Parent a05bf94646bad004c19b78d5d1b38dec731705fc Merge 0.10->trunk diff -r 9b37aaea68e9 -r c8923f882274 plugins/mod_bosh.lua --- a/plugins/mod_bosh.lua Mon Apr 18 21:27:13 2016 +0200 +++ b/plugins/mod_bosh.lua Tue Apr 19 17:10:42 2016 +0200 @@ -22,7 +22,6 @@ local math_min = math.min; local xpcall, tostring, type = xpcall, tostring, type; local traceback = debug.traceback; -local runner = require"util.async".runner; local xmlns_streams = "http://etherx.jabber.org/streams"; local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; @@ -63,11 +62,13 @@ local os_time = os.time; -- All sessions, and sessions that have no requests open -local sessions = module:shared("sessions"); +local sessions, inactive_sessions = module:shared("sessions", "inactive_sessions"); -- Used to respond to idle sessions (those with waiting requests) +local waiting_requests = module:shared("waiting_requests"); function on_destroy_request(request) log("debug", "Request destroyed: %s", tostring(request)); + waiting_requests[request] = nil; local session = sessions[request.context.sid]; if session then local requests = session.requests; @@ -81,24 +82,9 @@ -- If this session now has no requests open, mark it as inactive local max_inactive = session.bosh_max_inactive; if max_inactive and #requests == 0 then - if session.inactive_timer then - session.inactive_timer:stop(); - end - session.inactive_timer = module:add_timer(max_inactive, check_inactive, session, request.context, - "BOSH client silent for over "..max_inactive.." seconds"); + inactive_sessions[session] = os_time() + max_inactive; (session.log or log)("debug", "BOSH session marked as inactive (for %ds)", max_inactive); end - if session.bosh_wait_timer then - session.bosh_wait_timer:stop(); - session.bosh_wait_timer = nil; - end - end -end - -function check_inactive(now, session, context, reason) - if not sessions.destroyed then - sessions[context.sid] = nil; - sm_destroy_session(session, reason); end end @@ -132,7 +118,7 @@ local headers = response.headers; headers.content_type = "text/xml; charset=utf-8"; - if cross_domain and request.headers.origin then + if cross_domain and event.request.headers.origin then set_cross_domain_headers(response); end @@ -141,9 +127,12 @@ -- In particular, the streamopened() stream callback is where -- much of the session logic happens, because it's where we first -- get to see the 'sid' of this request. - if not stream:feed(body) then - module:log("warn", "Error parsing BOSH payload") - return 400; + local ok, err = stream:feed(body); + if not ok then + module:log("warn", "Error parsing BOSH payload; %s", err) + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + return tostring(close_reply); end -- Stanzas (if any) in the request have now been processed, and @@ -200,9 +189,13 @@ else return true; -- Inform http server we shall reply later end + elseif response.finished then + return; -- A response has been sent already end module:log("warn", "Unable to associate request with a session (incomplete request?)"); - return 400; + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "item-not-found" }); + return tostring(close_reply) .. "\n"; end function after_bosh_wait(now, request, session) @@ -263,8 +256,16 @@ -- New session request context.notopen = nil; -- Signals that we accept this opening tag - -- TODO: Sanity checks here (rid, to, known host, etc.) - if not hosts[attr.to] then + local to_host = nameprep(attr.to); + local rid = tonumber(attr.rid); + local wait = tonumber(attr.wait); + if not to_host then + log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); + response:send(tostring(close_reply)); + return; + elseif not hosts[to_host] then -- Unknown host log("debug", "BOSH client tried to connect to unknown host: %s", tostring(attr.to)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", @@ -272,12 +273,22 @@ response:send(tostring(close_reply)); return; end + if not rid or (not wait and attr.wait or wait < 0 or wait % 1 ~= 0) then + log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + response:send(tostring(close_reply)); + return; + end + + rid = rid - 1; + wait = math_min(wait, bosh_max_wait); -- New session sid = new_uuid(); local session = { - type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to, - bosh_version = attr.ver, bosh_wait = math_min(attr.wait, bosh_max_wait), streamid = sid, + type = "c2s_unauthed", conn = {}, sid = sid, rid = rid-1, host = attr.to, + bosh_version = attr.ver, bosh_wait = wait, streamid = sid, bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY, requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream, dispatch_stanza = core_process_stanza, notopen = true, @@ -420,8 +431,9 @@ log("debug", "Error parsing BOSH request payload; %s", error); if not context.sid then local response = context.response; - response.status_code = 400; - response:send(); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + response:send(tostring(close_reply)); return; end