Mercurial > prosody-modules
annotate mod_unified_push/mod_unified_push.lua @ 5151:514c8a0e9aa1
mod_unified_push: Fix default ACL in component mode
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 14 Jan 2023 16:14:50 +0000 |
parents | 2b6c543c4d3a |
children | 342baedbd1c8 |
rev | line source |
---|---|
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local unified_push_secret = assert(module:get_option_string("unified_push_secret"), "required option: unified_push_secret"); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local push_registration_ttl = module:get_option_number("unified_push_registration_ttl", 86400); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local base64 = require "util.encodings".base64; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local datetime = require "util.datetime"; |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
6 local id = require "util.id"; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
7 local jid = require "util.jid"; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
8 local jwt = require "util.jwt"; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local urlencode = require "util.http".urlencode; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local xmlns_up = "http://gultsch.de/xmpp/drafts/unified-push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 module:depends("http"); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
15 module:depends("disco"); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
16 |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
17 module:add_feature(xmlns_up); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
19 local acl = module:get_option_set("unified_push_acl", { |
5151
514c8a0e9aa1
mod_unified_push: Fix default ACL in component mode
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
20 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]+%.(.+)$") |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
21 }); |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
22 |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
23 local function is_jid_permitted(user_jid) |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
24 for acl_entry in acl do |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
25 if jid.compare(user_jid, acl_entry) then |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
26 return true; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
27 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
28 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
29 return false; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
30 end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
31 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 local function check_sha256(s) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 if not s then return nil, "no value provided"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local d = base64.decode(s); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not d then return nil, "invalid base64"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if #d ~= 32 then return nil, "incorrect decoded length, expected 32"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return s; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
40 local push_store = module:open_store(); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
41 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
42 local backends = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
43 jwt = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
44 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
45 return jwt.sign(unified_push_secret, data); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
46 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
47 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
48 verify = function (token) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
49 local ok, result = jwt.verify(unified_push_secret, token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
50 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
51 if not ok then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
52 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
53 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
54 if result.exp and result.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
55 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
56 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
57 return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
58 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
59 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
60 |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
61 storage = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
62 sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
63 local reg_id = id.long(); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
64 local user, host = jid.split(data.sub); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
65 if host ~= module.host or not user then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
66 return; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
67 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
68 push_store:set(reg_id, data); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
69 return reg_id; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
70 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
71 verify = function (token) |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
72 if token == "_private" then return nil, "invalid-token"; end |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
73 local data = push_store:get(token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
74 if not data then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
75 return nil, "item-not-found"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
76 elseif data.exp and data.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
77 push_store:set(token, nil); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
78 return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
79 end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
80 return data; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
81 end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
82 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
83 }; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
84 |
5150
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
85 if pcall(require, "util.paseto") and require "util.paseto".v3_local then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
86 local paseto = require "util.paseto".v3_local; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
87 local state = push_store:get("_private"); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
88 local key = state and state.paseto_v3_local_key; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
89 if not key then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
90 key = paseto.new_key(); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
91 push_store:set("_private", { paseto_v3_local_key = key }); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
92 end |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5149
diff
changeset
|
93 local sign, verify = paseto.init(key); |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
94 backends.paseto = { sign = sign, verify = verify }; |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
95 end |
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
96 |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
97 local backend = module:get_option_string("unified_push_backend", backends.paseto and "paseto" or "storage"); |
5139
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5136
diff
changeset
|
98 |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
99 local function register_route(params) |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
100 local expiry = os.time() + push_registration_ttl; |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
101 local token = backends[backend].sign({ |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
102 instance = params.instance; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
103 application = params.application; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
104 sub = params.jid; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
105 exp = expiry; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
106 }); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
107 return { |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
108 url = module:http_url("push").."/"..urlencode(token); |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
109 expiry = expiry; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
110 }; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
111 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
112 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 -- Handle incoming registration from XMPP client |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 function handle_register(event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 local origin, stanza = event.origin, event.stanza; |
5147
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
116 if not is_jid_permitted(stanza.attr.from) then |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
117 return st.error_reply(stanza, "auth", "forbidden"); |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5146
diff
changeset
|
118 end |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 if not instance then |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 local application, application_err = check_sha256(stanza.tags[1].attr.application); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 if not application then |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 return st.error_reply(stanza, "modify", "bad-request", "application: "..application_err); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 end |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
127 local route = register_route({ |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 instance = instance; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 application = application; |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
130 jid = stanza.attr.from; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
131 }); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
132 |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
133 if not route then |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
134 return st.error_reply(stanza, "wait", "internal-server-error"); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
135 end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
136 |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 module:log("debug", "New push registration successful"); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 return origin.send(st.reply(stanza):tag("registered", { |
5148
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
139 expiration = datetime.datetime(route.expiry); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5147
diff
changeset
|
140 endpoint = route.url; |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 xmlns = xmlns_up; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 })); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 module:hook("iq-set/host/"..xmlns_up..":register", handle_register); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 -- Handle incoming POST |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 function handle_push(event, subpath) |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
149 module:log("debug", "Incoming push received!"); |
5149
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5148
diff
changeset
|
150 local ok, data = backends[backend].verify(subpath); |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
151 if not ok then |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
152 module:log("debug", "Received push to unacceptable token (%s)", data); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 local payload = event.request.body; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 if not payload or payload == "" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
157 module:log("warn", "Missing or empty push payload"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 return 400; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 elseif #payload > 4096 then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
160 module:log("warn", "Push payload too large"); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 return 413; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 end |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
163 local push_id = event.request.id or id.short(); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
164 module:log("debug", "Push notification received [%s], relaying to device...", push_id); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
165 local push_iq = st.iq({ type = "set", to = data.sub, from = module.host, id = push_id }) |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 :text_tag("push", base64.encode(payload), { instance = data.instance, application = data.application, xmlns = xmlns_up }); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 return module:send_iq(push_iq):next(function () |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
168 module:log("debug", "Push notification delivered [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 return 201; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 end, function (error_event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 local e_type, e_cond, e_text = error_event.stanza:get_error(); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 if e_cond == "item-not-found" or e_cond == "feature-not-implemented" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
173 module:log("debug", "Push rejected [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 elseif e_cond == "service-unavailable" or e_cond == "recipient-unavailable" then |
5136
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5128
diff
changeset
|
176 module:log("debug", "Recipient temporarily unavailable [%s]", push_id); |
5128
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 return 503; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 module:log("warn", "Unexpected push error response: %s/%s/%s", e_type, e_cond, e_text); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 return 500; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 end); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 module:provides("http", { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 name = "push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 route = { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 ["GET /*"] = function (event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 event.response.headers.content_type = "application/json"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 return [[{"unifiedpush":{"version":1}}]]; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 end; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 ["POST /*"] = handle_push; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 }; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 }); |