Mercurial > prosody-modules
annotate mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 4651:8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
The `body:sub()` call risks splitting the string in the middle of a
multi-byte UTF-8 sequence. This should have been caught by util.stanza
validation, but that would have caused some havoc, at the very least causing
the notification to not be sent.
There have been no reports of this happening. Likely because this module
isn't widely deployed among users with languages that use many longer UTF-8
sequences.
The util.encodings.utf8.valid() function is O(n) where only the last
sequence really needs to be checked, but it's in C and expected to be fast.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 22 Aug 2021 13:22:59 +0200 |
parents | 44af84178cea |
children | 62480053c87b |
rev | line source |
---|---|
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
1 local array = require "util.array"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local base64 = require "util.encodings".base64; |
4651
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
3 local valid_utf8 = require "util.encodings".utf8.valid; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local ciphers = require "openssl.cipher"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local jid = require "util.jid"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local json = require "util.json"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local random = require "util.random"; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
8 local set = require "util.set"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local st = require "util.stanza"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local xmlns_jmi = "urn:xmpp:jingle-message:0"; |
4465
2a7a76712e71
mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents:
4457
diff
changeset
|
12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local xmlns_push = "urn:xmpp:push:0"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local xmlns_push_encrypt = "tigase:push:encrypt:0"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local xmlns_push_encrypt_aes_128_gcm = "tigase:push:encrypt:aes-128-gcm"; |
4467
6d595857164a
mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents:
4466
diff
changeset
|
16 local xmlns_push_jingle = "tigase:push:jingle:0"; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
18 local function detect_stanza_encryption(stanza) |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
19 local eme = stanza:get_child("encryption", "urn:xmpp:eme:0"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
20 if eme then return eme.attr.namespace or ""; end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
21 -- Fallback for legacy OMEMO clients without EME |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
22 local omemo = stanza:get_child("encrypted", "eu.siacs.conversations.axolotl"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
23 if omemo then return "eu.siacs.conversations.axolotl"; end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
24 end |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
25 |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 -- https://xeps.tigase.net//docs/push-notifications/encrypt/#41-discovering-support |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local function account_disco_info(event) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 event.reply:tag("feature", {var=xmlns_push_encrypt}):up(); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 event.reply:tag("feature", {var=xmlns_push_encrypt_aes_128_gcm}):up(); |
4467
6d595857164a
mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents:
4466
diff
changeset
|
30 event.reply:tag("feature", {var=xmlns_push_jingle}):up(); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 module:hook("account-disco-info", account_disco_info); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 function handle_register(event) |
4329
2a5164162708
mod_cloud_notify_encrypted: Fix the location of the <encrypt> element in push registrations
Matthew Wild <mwild1@gmail.com>
parents:
4327
diff
changeset
|
35 local encrypt = event.stanza:get_child("enable", xmlns_push):get_child("encrypt", xmlns_push_encrypt); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if not encrypt then return; end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 local algorithm = encrypt.attr.alg; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 if algorithm ~= "aes-128-gcm" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 event.origin.send(st.error_reply( |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 event.stanza, "modify", "feature-not-implemented", "Unknown encryption algorithm" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 )); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 return false; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 local key_base64 = encrypt:get_text(); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 local key_binary = base64.decode(key_base64); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 if not key_binary or #key_binary ~= 16 then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 event.origin.send(st.error_reply( |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 event.stanza, "modify", "bad-request", "Invalid encryption key" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 )); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 return false; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 event.push_info.encryption = { |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 algorithm = algorithm; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 key_base64 = key_base64; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 }; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 function handle_push(event) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 local encryption = event.push_info.encryption; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 if not encryption then return; end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 if encryption.algorithm ~= "aes-128-gcm" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 event.reason = "Unsupported encryption algorithm: "..tostring(encryption.algorithm); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 return true; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 local push_summary = event.push_summary; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 local original_stanza = event.original_stanza; |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
73 local is_encrypted_msg = detect_stanza_encryption(original_stanza); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
74 local body; |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
75 if is_encrypted_msg then |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
76 -- TODO: localization |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
77 body = "You have received an encrypted message"; |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
78 else |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
79 body = original_stanza:get_child_text("body"); |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
80 if body and #body > 255 then |
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
81 body = body:sub(1, 255); |
4651
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
82 if not valid_utf8(body) then |
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
83 body = body:gsub("[\194-\244][\128-\191]*$", ""); |
8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents:
4650
diff
changeset
|
84 end |
4650
44af84178cea
mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents:
4467
diff
changeset
|
85 end |
4331
2e355540f8c8
mod_cloud_notify_encrypted: Truncate message body to 255 characters
Matthew Wild <mwild1@gmail.com>
parents:
4330
diff
changeset
|
86 end |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 local push_payload = { |
4330
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
89 unread = tonumber(push_summary["message-count"]) or 1; |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
90 sender = jid.bare(original_stanza.attr.from); |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
91 message = body; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 }; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 if original_stanza.name == "message" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 if original_stanza.attr.type == "groupchat" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 push_payload.type = "groupchat"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 push_payload.nickname = jid.resource(original_stanza.attr.from); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 elseif original_stanza.attr.type ~= "error" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 local jmi_propose = original_stanza:get_child("propose", xmlns_jmi); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 if jmi_propose then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 push_payload.type = "call"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 push_payload.sid = jmi_propose.attr.id; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
103 local media_types = set.new(); |
4465
2a7a76712e71
mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents:
4457
diff
changeset
|
104 for description in jmi_propose:childtags("description", xmlns_jingle_apps_rtp) do |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
105 local media_type = description.attr.media; |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
106 if media_type then |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
107 media_types:add(media_type); |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
108 end |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
109 end |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
110 push_payload.media = array.collect(media_types:items()); |
4466
38bd4d557413
mod_cloud_notify_encrypted: Include full JID of sender with call notifications, per spec
Matthew Wild <mwild1@gmail.com>
parents:
4465
diff
changeset
|
111 push_payload.sender = original_stanza.attr.from; |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 else |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 push_payload.type = "chat"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 elseif original_stanza.name == "presence" |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 and original_stanza.attr.type == "subscribe" then |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 push_payload.type = "subscribe"; |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 local iv = random.bytes(12); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 local key_binary = base64.decode(encryption.key_base64); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 local push_json = json.encode(push_payload); |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
4330
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
125 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
126 -- Siskin does not validate the tag anyway. |
e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents:
4329
diff
changeset
|
127 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 :text(encrypted_payload); |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
130 if push_payload.type == "call" then |
4457
091d06c7d724
mod_cloud_notify_encrypted: Fix traceback (incorrect variable name)
Matthew Wild <mwild1@gmail.com>
parents:
4456
diff
changeset
|
131 encrypted_element.attr.type = "voip"; |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
132 event.important = true; |
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
133 end |
4333
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
134 -- Replace the unencrypted notification data with the encrypted one |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
135 event.notification_payload |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
136 :remove_children("x", "jabber:x:data") |
97f369745ec7
mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents:
4331
diff
changeset
|
137 :add_child(encrypted_element); |
4327
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 end |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
beb3342f1137
mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 module:hook("cloud_notify/registration", handle_register); |
4456
8ed1989e99f9
mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents:
4373
diff
changeset
|
141 module:hook("cloud_notify/push", handle_push, 1); |