Mercurial > prosody-modules
annotate mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 5549:01a0b67a9afd
mod_http_oauth2: Add TODO about disabling password grant
Per recommendation in draft-ietf-oauth-security-topics-23 it should at
the very least be disabled by default.
However since this is used by the Snikket web portal some care needs to
be taken not to break this, unless it's already broken by other changes
to this module.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:06:53 +0200 |
parents | 3b609eaf0db5 |
children | 2b80188448d1 |
rev | line source |
---|---|
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
1 local array = require "util.array"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local base64 = require "util.encodings".base64; |
4651
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
3 local valid_utf8 = require "util.encodings".utf8.valid; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local ciphers = require "openssl.cipher"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local jid = require "util.jid"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local json = require "util.json"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local random = require "util.random"; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
8 local set = require "util.set"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local xmlns_jmi = "urn:xmpp:jingle-message:0"; |
4465
2a7a76712e71
mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents:
4457
diff
changeset
|
12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local xmlns_push = "urn:xmpp:push:0"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local xmlns_push_encrypt = "tigase:push:encrypt:0"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local xmlns_push_encrypt_aes_128_gcm = "tigase:push:encrypt:aes-128-gcm"; |
4467
6d595857164a
mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents:
4466
diff
changeset
|
16 local xmlns_push_jingle = "tigase:push:jingle:0"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
18 local function detect_stanza_encryption(stanza) |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
19 local eme = stanza:get_child("encryption", "urn:xmpp:eme:0"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
20 if eme then return eme.attr.namespace or ""; end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
21 -- Fallback for legacy OMEMO clients without EME |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
22 local omemo = stanza:get_child("encrypted", "eu.siacs.conversations.axolotl"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
23 if omemo then return "eu.siacs.conversations.axolotl"; end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
24 end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
25 |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 -- https://xeps.tigase.net//docs/push-notifications/encrypt/#41-discovering-support |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local function account_disco_info(event) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 event.reply:tag("feature", {var=xmlns_push_encrypt}):up(); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 event.reply:tag("feature", {var=xmlns_push_encrypt_aes_128_gcm}):up(); |
4467
6d595857164a
mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents:
4466
diff
changeset
|
30 event.reply:tag("feature", {var=xmlns_push_jingle}):up(); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 module:hook("account-disco-info", account_disco_info); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 function handle_register(event) |
4329
2a5164162708
mod_cloud_notify_encrypted: Fix the location of the <encrypt> element in push registrations
Matthew Wild <mwild1@gmail.com>
parents:
4327
diff
changeset
|
35 local encrypt = event.stanza:get_child("enable", xmlns_push):get_child("encrypt", xmlns_push_encrypt); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if not encrypt then return; end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 local algorithm = encrypt.attr.alg; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 if algorithm ~= "aes-128-gcm" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 event.origin.send(st.error_reply( |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 event.stanza, "modify", "feature-not-implemented", "Unknown encryption algorithm" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 )); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 return false; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 local key_base64 = encrypt:get_text(); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 local key_binary = base64.decode(key_base64); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 if not key_binary or #key_binary ~= 16 then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 event.origin.send(st.error_reply( |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 event.stanza, "modify", "bad-request", "Invalid encryption key" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 )); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 return false; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
5054
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
55 module:log("debug", "Encrypted push notifications enabled"); |
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
56 |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 event.push_info.encryption = { |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 algorithm = algorithm; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 key_base64 = key_base64; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 }; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 function handle_push(event) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 local encryption = event.push_info.encryption; |
5054
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
65 if not encryption then |
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
66 module:log("debug", "Encryption not enabled for this notification"); |
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
67 return; |
62480053c87b
mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents:
4651
diff
changeset
|
68 end |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 if encryption.algorithm ~= "aes-128-gcm" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 event.reason = "Unsupported encryption algorithm: "..tostring(encryption.algorithm); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 return true; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local push_summary = event.push_summary; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 local original_stanza = event.original_stanza; |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
78 local is_encrypted_msg = detect_stanza_encryption(original_stanza); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
79 local body; |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
80 if is_encrypted_msg then |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
81 -- TODO: localization |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
82 body = "You have received an encrypted message"; |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
83 else |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
84 body = original_stanza:get_child_text("body"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
85 if body and #body > 255 then |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
86 body = body:sub(1, 255); |
4651
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
87 if not valid_utf8(body) then |
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
88 body = body:gsub("[\194-\244][\128-\191]*$", ""); |
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
89 end |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
90 end |
4331
2e355540f8c8
mod_cloud_notify_encrypted: Truncate message body to 255 characters
Matthew Wild <mwild1@gmail.com>
parents:
4330
diff
changeset
|
91 end |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 local push_payload = { |
4330
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
94 unread = tonumber(push_summary["message-count"]) or 1; |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
95 sender = jid.bare(original_stanza.attr.from); |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
96 message = body; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 }; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 if original_stanza.name == "message" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 if original_stanza.attr.type == "groupchat" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 push_payload.type = "groupchat"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 push_payload.nickname = jid.resource(original_stanza.attr.from); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 elseif original_stanza.attr.type ~= "error" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 local jmi_propose = original_stanza:get_child("propose", xmlns_jmi); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 if jmi_propose then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 push_payload.type = "call"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 push_payload.sid = jmi_propose.attr.id; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
108 local media_types = set.new(); |
4465
2a7a76712e71
mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents:
4457
diff
changeset
|
109 for description in jmi_propose:childtags("description", xmlns_jingle_apps_rtp) do |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
110 local media_type = description.attr.media; |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
111 if media_type then |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
112 media_types:add(media_type); |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
113 end |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
114 end |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
115 push_payload.media = array.collect(media_types:items()); |
4466
38bd4d557413
mod_cloud_notify_encrypted: Include full JID of sender with call notifications, per spec
Matthew Wild <mwild1@gmail.com>
parents:
4465
diff
changeset
|
116 push_payload.sender = original_stanza.attr.from; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 else |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 push_payload.type = "chat"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 elseif original_stanza.name == "presence" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 and original_stanza.attr.type == "subscribe" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 push_payload.type = "subscribe"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 local iv = random.bytes(12); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 local key_binary = base64.decode(encryption.key_base64); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 local push_json = json.encode(push_payload); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
4330
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
130 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
131 -- Siskin does not validate the tag anyway. |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
132 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 :text(encrypted_payload); |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
135 if push_payload.type == "call" then |
4457
091d06c7d724
mod_cloud_notify_encrypted: Fix traceback (incorrect variable name)
Matthew Wild <mwild1@gmail.com>
parents:
4456
diff
changeset
|
136 encrypted_element.attr.type = "voip"; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
137 event.important = true; |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
138 end |
4333
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
139 -- Replace the unencrypted notification data with the encrypted one |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
140 event.notification_payload |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
141 :remove_children("x", "jabber:x:data") |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
142 :add_child(encrypted_element); |
5055
3b609eaf0db5
mod_cloud_notify_encrypted: Add debug logging when successfully encrypted
Matthew Wild <mwild1@gmail.com>
parents:
5054
diff
changeset
|
143 |
3b609eaf0db5
mod_cloud_notify_encrypted: Add debug logging when successfully encrypted
Matthew Wild <mwild1@gmail.com>
parents:
5054
diff
changeset
|
144 module:log("debug", "Encrypted '%s' push notification using %s", push_payload.type, encryption.algorithm); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 module:hook("cloud_notify/registration", handle_register); |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
148 module:hook("cloud_notify/push", handle_push, 1); |