Mercurial > prosody-modules

annotate mod_register_json/mod_register_json.lua @ 359:5d22ebcb9ec5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
author Marco Cirillo <maranda@lightwitch.org>
date Tue, 12 Apr 2011 19:09:34 +0000
parents 4483bb889d12
children 81528ffa0b76
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
1 -- Expose a simple servlet to handle user registrations from web pages
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
2 -- via JSON.
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
3 --
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
5 -- aka Zash.
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
6
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
7 local usermanager = require "core.usermanager";
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
8 local b64_decode = require "util.encodings".base64.decode;
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
9 local json_decode = require "util.json".decode;
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
10
357
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
11 module.host = "*" -- HTTP/BOSH Servlets need to be global.
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
12
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
13 -- Pick up configuration.
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
14
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
15 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted";
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
16 local throttle_time = module:get_option("reg_servlet_ttime") or false;
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
17 local whitelist = module:get_option("reg_servlet_wl") or {};
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
18 local blacklist = module:get_option("reg_servlet_bl") or {};
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
19 local recent_ips = {};
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
20
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
21 -- Begin
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
22
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
23 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
24 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
25
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
26 local function http_response(code, message, extra_headers)
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
27 local response = {
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
28 status = code .. " " .. message;
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
29 body = message .. "\n"; }
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
30 if extra_headers then response.headers = extra_headers; end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
31 return response
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
32 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
33
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
34 local function handle_req(method, body, request)
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
35 if request.method ~= "POST" then
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
36 return http_response(405, "Bad method...", {["Allow"] = "POST"});
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
37 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
38 if not request.headers["authorization"] then
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
39 return http_response(401, "No... No...",
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
40 {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'})
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
41 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
42
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
43 local user, password = b64_decode(request.headers.authorization
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
44 :match("[^ ]*$") or ""):match("([^:]*):(.*)");
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
45 user = jid_prep(user);
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
46 if not user or not password then return http_response(400, "What's this..?"); end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
47 local user_node, user_host = jid_split(user)
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
48 if not hosts[user_host] then return http_response(401, "Negative."); end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
49
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
50 module:log("warn", "%s is authing to submit a new user registration data", user)
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
51 if not usermanager.test_password(user_node, user_host, password) then
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
52 module:log("warn", "%s failed authentication", user)
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
53 return http_response(401, "Who the hell are you?! Guards!");
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
54 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
55
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
56 local req_body; pcall(function() req_body = json.decode(body) end);
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
57 -- Check if user is an admin of said host
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
58 if not usermanager.is_admin(user, req_body["host"]) then
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
59 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"])
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
60 return http_response(401, "I obey only to my masters... Have a nice day.");
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
61 else
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
62 -- Various sanity checks.
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
63 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
64
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
65 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code)
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
66 if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
67 if throttle_time and not whitelist[req_body["ip"]] then
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
68 if not recent_ips[req_body["ip"]] then
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
69 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 };
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
70 else
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
71 local ip = recent_ips[req_body["ip"]];
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
72 ip.count = ip.count + 1;
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
73
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
74 if os_time() - ip.time < throttle_time then
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
75 ip.time = os_time();
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
76 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]);
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
77 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.");
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
78 end
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
79 ip.time = os_time();
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
80 end
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
81 end
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
82
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
83 -- We first check if the supplied username for registration is already there.
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
84 if not usermanager.user_exists(req_body["username"], req_body["host"]) then
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
85 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
86 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]);
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
87 return http_response(200, "Done.");
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
88 else
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
89 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]);
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
90 return http_response(409, "User already exists.");
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
91 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
92 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
93 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
94
359
5d22ebcb9ec5 mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
Marco Cirillo <maranda@lightwitch.org>
parents: 358
diff changeset
95 -- Set it up!
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
96 local function setup()
358
4483bb889d12 mod_register_json: Minor refactor, default to port 9280 if option is unspecified or default to port 9443 if SSL is used. (Good, bad?)
Marco Cirillo <maranda@lightwitch.org>
parents: 357
diff changeset
97 local ports = module:get_option("reg_servlet_port") or { 9280 };
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
98 local base_name = module:get_option("reg_servlet_base") or "register_account";
357
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
99 local ssl_cert = module:get_option("reg_servlet_sslcert") or false;
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
100 local ssl_key = module:get_option("reg_servlet_sslkey") or false;
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
101 if not ssl_cert or not ssl_key then
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
102 require "net.httpserver".new_from_config(ports, handle_req, { base = base_name });
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
103 else
358
4483bb889d12 mod_register_json: Minor refactor, default to port 9280 if option is unspecified or default to port 9443 if SSL is used. (Good, bad?)
Marco Cirillo <maranda@lightwitch.org>
parents: 357
diff changeset
104 if module:get_option("reg_servlet_port") == nil then ports = { 9443 }; end
357
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
105 require "net.httpserver".new_from_config(ports, handle_req, { ssl = { key = ssl_key, certificate = ssl_cert }, base = base_name });
59345fd38ad9 mod_register_json: Changed a few bits to allow the service to be specified as standalone (by default uses port 9443), Q: Does it work?
Marco Cirillo <maranda@lightwitch.org>
parents: 356
diff changeset
106 end
355
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
107 end
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
108 if prosody.start_time then -- already started
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
109 setup();
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
110 else
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
111 prosody.events.add_handler("server-started", setup);
a5da789b2e7d mod_register_json: First commit (needs tests).
Marco Cirillo <maranda@lightwitch.org>
parents:
diff changeset
112 end