Mercurial > prosody-modules
annotate mod_unified_push/mod_unified_push.lua @ 5407:149634647b48
mod_http_oauth2: Don't issue client_secret when not using authentication
This is pretty much only for implicit flow, which is considered insecure
anyway, so this is of limited value. If we delete all the implicit flow
code, this could be reverted.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:39:32 +0200 |
parents | 18ed655c755d |
children |
rev | line source |
---|---|
5155
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
1 local unified_push_secret = module:get_option_string("unified_push_secret"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local push_registration_ttl = module:get_option_number("unified_push_registration_ttl", 86400); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local base64 = require "util.encodings".base64; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local datetime = require "util.datetime"; |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
6 local id = require "util.id"; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
7 local jid = require "util.jid"; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
8 local jwt = require "util.jwt"; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local urlencode = require "util.http".urlencode; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local xmlns_up = "http://gultsch.de/xmpp/drafts/unified-push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 module:depends("http"); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
15 module:depends("disco"); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
16 |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
17 module:add_feature(xmlns_up); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
19 local acl = module:get_option_set("unified_push_acl", { |
5151
514c8a0e9aa1
mod_unified_push: Fix default ACL in component mode
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
20 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]+%.(.+)$") |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
21 }); |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
22 |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
23 local function is_jid_permitted(user_jid) |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
24 for acl_entry in acl do |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
25 if jid.compare(user_jid, acl_entry) then |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
26 return true; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
27 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
28 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
29 return false; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
30 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
31 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 local function check_sha256(s) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 if not s then return nil, "no value provided"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local d = base64.decode(s); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not d then return nil, "invalid base64"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if #d ~= 32 then return nil, "incorrect decoded length, expected 32"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return s; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
40 local push_store = module:open_store(); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
41 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
42 local backends = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
43 jwt = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
44 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
45 return jwt.sign(unified_push_secret, data); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
46 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
47 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
48 verify = function (token) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
49 local ok, result = jwt.verify(unified_push_secret, token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
50 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
51 if not ok then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
52 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
53 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
54 if result.exp and result.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
55 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
56 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
57 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
58 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
59 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
60 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
61 storage = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
62 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
63 local reg_id = id.long(); |
5152
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
64 local ok, err = push_store:set(reg_id, data); |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
65 if not ok then |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
66 return nil, err; |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
67 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
68 return reg_id; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
69 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
70 verify = function (token) |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
71 if token == "_private" then return nil, "invalid-token"; end |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
72 local data = push_store:get(token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
73 if not data then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
74 return nil, "item-not-found"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
75 elseif data.exp and data.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
76 push_store:set(token, nil); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
77 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
78 end |
5152
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
79 return true, data; |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
80 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
81 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
82 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
83 |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
84 if pcall(require, "util.paseto") and require "util.paseto".v3_local then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
85 local paseto = require "util.paseto".v3_local; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
86 local state = push_store:get("_private"); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
87 local key = state and state.paseto_v3_local_key; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
88 if not key then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
89 key = paseto.new_key(); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
90 push_store:set("_private", { paseto_v3_local_key = key }); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
91 end |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
92 local sign, verify = paseto.init(key); |
5153
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
93 backends.paseto = { |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
94 sign = sign; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
95 verify = function (token) |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
96 local payload, err = verify(token); |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
97 if not payload then |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
98 return nil, err; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
99 end |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
100 return true, payload; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
101 end; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
102 }; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
103 end |
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
104 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
105 local backend = module:get_option_string("unified_push_backend", backends.paseto and "paseto" or "storage"); |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
106 |
5155
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
107 assert(backend ~= "jwt" or unified_push_secret, "required option missing: unified_push_secret"); |
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
108 |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
109 local function register_route(params) |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
110 local expiry = os.time() + push_registration_ttl; |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
111 local token, err = backends[backend].sign({ |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
112 instance = params.instance; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
113 application = params.application; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
114 sub = params.jid; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
115 exp = expiry; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
116 }); |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
117 if not token then return nil, err; end |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
118 return { |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
119 url = module:http_url("push").."/"..urlencode(token); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
120 expiry = expiry; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
121 }; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
122 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
123 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 -- Handle incoming registration from XMPP client |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 function handle_register(event) |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
126 module:log("debug", "Push registration request received"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 local origin, stanza = event.origin, event.stanza; |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
128 if not is_jid_permitted(stanza.attr.from) then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
129 module:log("debug", "Sender <%s> not permitted to register on this UnifiedPush service", stanza.attr.from); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
130 return origin.send(st.error_reply(stanza, "auth", "forbidden")); |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
131 end |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 if not instance then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
134 return origin.send(st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err)); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 local application, application_err = check_sha256(stanza.tags[1].attr.application); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 if not application then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
138 return origin.send(st.error_reply(stanza, "modify", "bad-request", "application: "..application_err)); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 end |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
140 |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
141 local route, register_err = register_route({ |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 instance = instance; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 application = application; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
144 jid = stanza.attr.from; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
145 }); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
146 |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
147 if not route then |
5154
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
148 module:log("warn", "Failed to create registration using %s backend: %s", backend, register_err); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
149 return origin.send(st.error_reply(stanza, "wait", "internal-server-error")); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
150 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
151 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 module:log("debug", "New push registration successful"); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 return origin.send(st.reply(stanza):tag("registered", { |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
154 expiration = datetime.datetime(route.expiry); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
155 endpoint = route.url; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 xmlns = xmlns_up; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 })); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 module:hook("iq-set/host/"..xmlns_up..":register", handle_register); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 -- Handle incoming POST |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 function handle_push(event, subpath) |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
164 module:log("debug", "Incoming push received!"); |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
165 local ok, data = backends[backend].verify(subpath); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
166 if not ok then |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
167 module:log("debug", "Received push to unacceptable token (%s)", data); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 local payload = event.request.body; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 if not payload or payload == "" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
172 module:log("warn", "Missing or empty push payload"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 return 400; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 elseif #payload > 4096 then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
175 module:log("warn", "Push payload too large"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 return 413; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 end |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
178 local push_id = event.request.id or id.short(); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
179 module:log("debug", "Push notification received [%s], relaying to device...", push_id); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
180 local push_iq = st.iq({ type = "set", to = data.sub, from = module.host, id = push_id }) |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 :text_tag("push", base64.encode(payload), { instance = data.instance, application = data.application, xmlns = xmlns_up }); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 return module:send_iq(push_iq):next(function () |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
183 module:log("debug", "Push notification delivered [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 return 201; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 end, function (error_event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 local e_type, e_cond, e_text = error_event.stanza:get_error(); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 if e_cond == "item-not-found" or e_cond == "feature-not-implemented" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
188 module:log("debug", "Push rejected [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 elseif e_cond == "service-unavailable" or e_cond == "recipient-unavailable" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
191 module:log("debug", "Recipient temporarily unavailable [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 return 503; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 module:log("warn", "Unexpected push error response: %s/%s/%s", e_type, e_cond, e_text); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 return 500; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 end); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 module:provides("http", { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 name = "push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 route = { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 ["GET /*"] = function (event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 event.response.headers.content_type = "application/json"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 return [[{"unifiedpush":{"version":1}}]]; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 end; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 ["POST /*"] = handle_push; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 }; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 }); |