Mercurial > prosody-modules
annotate mod_welcome_page/mod_welcome_page.lua @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parents | 75b6e5df65f9 |
| children |
| rev | line source |
|---|---|
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local url_escape = require "util.http".urlencode; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local render_html_template = require"util.interpolation".new("%b{}", st.xml_escape, { |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 urlescape = url_escape; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 }); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local template_path = module:get_option_string("welcome_page_template_path", module:get_directory().."/html"); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local user_vars = module:get_option("welcome_page_variables", {}); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local site_name = module:get_option("site_name", module.host); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local invite_only = module:get_option_boolean("registration_invite_only", true); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local open_registration = module:get_option_boolean("welcome_page_open_registration", not invite_only); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 module:depends("http"); |
|
4605
ffb709728210
mod_welcome_page: Add dependency on mod_http_libjs
Kim Alvefur <zash@zash.se>
parents:
4193
diff
changeset
|
14 module:depends("http_libjs"); |
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local invites = module:depends("invites"); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local function load_template(path) |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 local template_file, err = io.open(path); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 if not template_file then |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 error("Unable to load template file: "..tostring(err)); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 local template = template_file:read("*a"); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 template_file:close(); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 return template; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local template = load_template(template_path.."/index.html"); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 local function serve_page(event) |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 event.response.headers["Content-Type"] = "text/html; charset=utf-8"; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 return render_html_template(template, { |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 site_name = site_name; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 request = event.request; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 var = user_vars; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 }); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 local function handle_submit(event) |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 local submission = { allowed = open_registration, request = event.request }; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 module:fire_event("mod_welcome_page/submission", submission); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 if not submission.allowed then |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 event.response.headers["Content-Type"] = "text/html; charset=utf-8"; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 return render_html_template(template, { |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 site_name = site_name; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 request = event.request; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 var = user_vars; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 message = { |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 class = "alert-danger"; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 text = submission.reason or "Account creation is not possible at this time"; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 }; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 }); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 local invite = invites.create_account(nil, { source = module.name }); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 if not invite then |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 return 500; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 event.response.headers.Location = invite.landing_page or invite.uri; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 return 303; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 end |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
|
4975
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
64 local http_files |
|
4976
75b6e5df65f9
various: Improve error reporting if missing file server module on 0.12
Kim Alvefur <zash@zash.se>
parents:
4975
diff
changeset
|
65 if prosody.process_type == "prosody" then |
|
4975
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
66 -- Prosody >= 0.12 |
|
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
67 http_files = require "net.http.files"; |
|
4976
75b6e5df65f9
various: Improve error reporting if missing file server module on 0.12
Kim Alvefur <zash@zash.se>
parents:
4975
diff
changeset
|
68 else |
|
4975
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
69 -- Prosody <= 0.11 |
|
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
70 http_files = module:depends "http_files"; |
|
733e5513f691
various: Use 0.12+ API for serving files from the file system over HTTP
Kim Alvefur <zash@zash.se>
parents:
4605
diff
changeset
|
71 end |
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 module:provides("http", { |
|
4193
8d1e996034ee
mod_welcome_page: Serve from top level path (/) by default
Kim Alvefur <zash@zash.se>
parents:
4184
diff
changeset
|
74 default_path = "/"; |
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 route = { |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 ["GET"] = serve_page; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 ["GET /*"] = http_files.serve({ path = template_path }); |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 ["POST"] = handle_submit; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 }; |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 }); |