annotate mod_http_rest/README.markdown @ 5407:149634647b48

mod_http_oauth2: Don't issue client_secret when not using authentication This is pretty much only for implicit flow, which is considered insecure anyway, so this is of limited value. If we delete all the implicit flow code, this could be reverted.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:39:32 +0200
parents 79432b859d21
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2336
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
1 ---
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
2 labels:
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
3 - 'Stage-Alpha'
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
4 summary: Send XMPP stanzas via REST/HTTP
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
5 ...
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
6
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
7 This module provides a [REST](https://en.wikipedia.org/wiki/Representational_state_transfer)ful
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
8 method for sending XMPP stanzas.
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
9
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
10 This enables you to send stanzas by making HTTP requests to `http://${prosody-url}/rest`.
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
11
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
12 **DANGER/ACHTUNG!: This module does NOT enforce any authentication or user-checking.
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
13 This means that by default stanzas can be sent *anyone* on behalf of *any* user.**
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
14
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
15 You should enable [mod_http_authentication](https://modules.prosody.im/mod_http_authentication.html),
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
16 to require authentication for calls made to this module, or alternatively, you
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
17 could use a reverse proxy like Nginx.
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
18
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
19 # To enable this module
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
20
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
21 Add `"http_rest"` to `modules_enabled`, either globally or for a particular virtual
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
22 host.
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
23
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
24 # How to test:
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
25
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
26 You can use curl to make the HTTP request to Prosody, to test whether this
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
27 module is working properly:
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
28
79432b859d21 New module: mod_http_rest.lua
JC Brand <jcbrand@minddistrict.com>
parents:
diff changeset
29 curl -k http://localhost:5280/rest -u username:password -H "Content-Type: text/xml" -d '<iq to="pubsub.localhost" type="set" id="4dd1a1e3-ef91-4017-a5aa-eaba0a82eb94-1" from="user@localhost"><pubsub xmlns="http://jabber.org/protocol/pubsub"><publish node="Test mod_rest.lua"><item>Hello World!</item></publish></pubsub></iq>'