annotate mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 5549:01a0b67a9afd

mod_http_oauth2: Add TODO about disabling password grant Per recommendation in draft-ietf-oauth-security-topics-23 it should at the very least be disabled by default. However since this is used by the Snikket web portal some care needs to be taken not to break this, unless it's already broken by other changes to this module.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jun 2023 00:06:53 +0200
parents 3b609eaf0db5
children 2b80188448d1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
1 local array = require "util.array";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local base64 = require "util.encodings".base64;
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
3 local valid_utf8 = require "util.encodings".utf8.valid;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local ciphers = require "openssl.cipher";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local jid = require "util.jid";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local json = require "util.json";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local random = require "util.random";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
8 local set = require "util.set";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local st = require "util.stanza";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local xmlns_jmi = "urn:xmpp:jingle-message:0";
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local xmlns_push = "urn:xmpp:push:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local xmlns_push_encrypt = "tigase:push:encrypt:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local xmlns_push_encrypt_aes_128_gcm = "tigase:push:encrypt:aes-128-gcm";
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
16 local xmlns_push_jingle = "tigase:push:jingle:0";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
18 local function detect_stanza_encryption(stanza)
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
19 local eme = stanza:get_child("encryption", "urn:xmpp:eme:0");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
20 if eme then return eme.attr.namespace or ""; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
21 -- Fallback for legacy OMEMO clients without EME
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
22 local omemo = stanza:get_child("encrypted", "eu.siacs.conversations.axolotl");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
23 if omemo then return "eu.siacs.conversations.axolotl"; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
24 end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
25
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 -- https://xeps.tigase.net//docs/push-notifications/encrypt/#41-discovering-support
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function account_disco_info(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 event.reply:tag("feature", {var=xmlns_push_encrypt}):up();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 event.reply:tag("feature", {var=xmlns_push_encrypt_aes_128_gcm}):up();
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
30 event.reply:tag("feature", {var=xmlns_push_jingle}):up();
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:hook("account-disco-info", account_disco_info);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 function handle_register(event)
4329
2a5164162708 mod_cloud_notify_encrypted: Fix the location of the <encrypt> element in push registrations
Matthew Wild <mwild1@gmail.com>
parents: 4327
diff changeset
35 local encrypt = event.stanza:get_child("enable", xmlns_push):get_child("encrypt", xmlns_push_encrypt);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 if not encrypt then return; end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 local algorithm = encrypt.attr.alg;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 event.stanza, "modify", "feature-not-implemented", "Unknown encryption algorithm"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 local key_base64 = encrypt:get_text();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 local key_binary = base64.decode(key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 if not key_binary or #key_binary ~= 16 then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 event.stanza, "modify", "bad-request", "Invalid encryption key"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54
5054
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
55 module:log("debug", "Encrypted push notifications enabled");
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
56
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 event.push_info.encryption = {
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 algorithm = algorithm;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 key_base64 = key_base64;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 function handle_push(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 local encryption = event.push_info.encryption;
5054
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
65 if not encryption then
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
66 module:log("debug", "Encryption not enabled for this notification");
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
67 return;
62480053c87b mod_cloud_notify_encrypted: Additional debug logging when enabling/skipping
Matthew Wild <mwild1@gmail.com>
parents: 4651
diff changeset
68 end
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 if encryption.algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 event.reason = "Unsupported encryption algorithm: "..tostring(encryption.algorithm);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 return true;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 local push_summary = event.push_summary;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 local original_stanza = event.original_stanza;
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
78 local is_encrypted_msg = detect_stanza_encryption(original_stanza);
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
79 local body;
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
80 if is_encrypted_msg then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
81 -- TODO: localization
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
82 body = "You have received an encrypted message";
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
83 else
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
84 body = original_stanza:get_child_text("body");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
85 if body and #body > 255 then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
86 body = body:sub(1, 255);
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
87 if not valid_utf8(body) then
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
88 body = body:gsub("[\194-\244][\128-\191]*$", "");
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
89 end
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
90 end
4331
2e355540f8c8 mod_cloud_notify_encrypted: Truncate message body to 255 characters
Matthew Wild <mwild1@gmail.com>
parents: 4330
diff changeset
91 end
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 local push_payload = {
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
94 unread = tonumber(push_summary["message-count"]) or 1;
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
95 sender = jid.bare(original_stanza.attr.from);
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
96 message = body;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 if original_stanza.name == "message" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 if original_stanza.attr.type == "groupchat" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 push_payload.type = "groupchat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 push_payload.nickname = jid.resource(original_stanza.attr.from);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 elseif original_stanza.attr.type ~= "error" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 local jmi_propose = original_stanza:get_child("propose", xmlns_jmi);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 if jmi_propose then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 push_payload.type = "call";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 push_payload.sid = jmi_propose.attr.id;
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
108 local media_types = set.new();
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
109 for description in jmi_propose:childtags("description", xmlns_jingle_apps_rtp) do
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
110 local media_type = description.attr.media;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
111 if media_type then
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
112 media_types:add(media_type);
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
113 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
114 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
115 push_payload.media = array.collect(media_types:items());
4466
38bd4d557413 mod_cloud_notify_encrypted: Include full JID of sender with call notifications, per spec
Matthew Wild <mwild1@gmail.com>
parents: 4465
diff changeset
116 push_payload.sender = original_stanza.attr.from;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 else
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 push_payload.type = "chat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 elseif original_stanza.name == "presence"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 and original_stanza.attr.type == "subscribe" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 push_payload.type = "subscribe";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 local iv = random.bytes(12);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 local key_binary = base64.decode(encryption.key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 local push_json = json.encode(push_payload);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
130 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
131 -- Siskin does not validate the tag anyway.
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
132 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 :text(encrypted_payload);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
135 if push_payload.type == "call" then
4457
091d06c7d724 mod_cloud_notify_encrypted: Fix traceback (incorrect variable name)
Matthew Wild <mwild1@gmail.com>
parents: 4456
diff changeset
136 encrypted_element.attr.type = "voip";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
137 event.important = true;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
138 end
4333
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
139 -- Replace the unencrypted notification data with the encrypted one
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
140 event.notification_payload
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
141 :remove_children("x", "jabber:x:data")
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
142 :add_child(encrypted_element);
5055
3b609eaf0db5 mod_cloud_notify_encrypted: Add debug logging when successfully encrypted
Matthew Wild <mwild1@gmail.com>
parents: 5054
diff changeset
143
3b609eaf0db5 mod_cloud_notify_encrypted: Add debug logging when successfully encrypted
Matthew Wild <mwild1@gmail.com>
parents: 5054
diff changeset
144 module:log("debug", "Encrypted '%s' push notification using %s", push_payload.type, encryption.algorithm);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 module:hook("cloud_notify/registration", handle_register);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
148 module:hook("cloud_notify/push", handle_push, 1);