Mercurial > prosody-modules
annotate mod_http_altconnect/mod_http_altconnect.lua @ 5448:9d542e86e19a
mod_http_oauth2: Allow requesting a subset of scopes on token refresh
This enables clients to request access tokens with fewer permissions
than the grant they were given, reducing impact of token leak. Clients
could e.g. request access tokens with some privileges and immediately
revoke them after use, or other strategies.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 11 May 2023 21:40:09 +0200 |
| parents | 0a0bf87ccda6 |
| children |
| rev | line source |
|---|---|
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
1 -- mod_http_altconnect |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
2 -- XEP-0156: Discovering Alternative XMPP Connection Methods |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 module:depends"http"; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
3712
0a0bf87ccda6
mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents:
1325
diff
changeset
|
6 local mm = require "core.modulemanager"; |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local json = require"util.json"; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local st = require"util.stanza"; |
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
9 local array = require"util.array"; |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
11 local function get_supported() |
|
1325
b21236b6b8d8
Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents:
1324
diff
changeset
|
12 local uris = array(); |
|
3712
0a0bf87ccda6
mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents:
1325
diff
changeset
|
13 if mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh") then |
|
1325
b21236b6b8d8
Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents:
1324
diff
changeset
|
14 uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") }); |
|
b21236b6b8d8
Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents:
1324
diff
changeset
|
15 end |
|
3712
0a0bf87ccda6
mod_http_altconnect: Handle connection modules being global or host-local
Kim Alvefur <zash@zash.se>
parents:
1325
diff
changeset
|
16 if mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket") then |
|
1325
b21236b6b8d8
Backed out changeset 853a382c9bd6
Kim Alvefur <zash@zash.se>
parents:
1324
diff
changeset
|
17 uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") }); |
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
18 end |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
19 return uris; |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
20 end |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
21 |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
22 |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 local function GET_xml(event) |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local request, response = event.request, event.response; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' }); |
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
26 local uris = get_supported(); |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
27 for i, method in ipairs(uris) do |
|
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
28 xrd:tag("Link", method):up(); |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 response.headers.content_type = "application/xrd+xml" |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 response.headers.access_control_allow_origin = "*"; |
|
1291
1ac28a953e5f
mod_http_altconnect: Send XML declaration
Kim Alvefur <zash@zash.se>
parents:
1290
diff
changeset
|
32 return '<?xml version="1.0" encoding="UTF-8"?>' .. tostring(xrd); |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 end |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local function GET_json(event) |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 local request, response = event.request, event.response; |
|
1290
c0957b904487
mod_http_altconnect: Refactor to have module/connection method lookup in a common place
Kim Alvefur <zash@zash.se>
parents:
1289
diff
changeset
|
37 local jrd = { links = get_supported() }; |
|
1211
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 response.headers.content_type = "application/json" |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 response.headers.access_control_allow_origin = "*"; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 return json.encode(jrd); |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 end; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 local function GET_either(event) |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 local accept_type = event.request.headers.accept or ""; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 if ( accept_type:find("xml") or #accept_type ) < ( accept_type:find("json") or #accept_type+1 ) then |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 return GET_xml(event); |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 else |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 return GET_json(event); |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 end |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 module:provides("http", { |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 default_path = "/.well-known"; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 route = { |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 ["GET /host-meta"] = GET_either; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 -- ["GET /host-meta.xml"] = GET_xml; -- Hmmm |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 ["GET /host-meta.json"] = GET_json; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 }; |
|
27de4109b7e9
mod_http_altconnect: Exposes BOSH and WebSocket endpoints over HTTP per http://legastero.github.io/customxeps/extensions/xep-0156.html#http
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 }); |