Mercurial > prosody-modules
comparison mod_pubsub_feed/mod_pubsub_feed.lua @ 325:4e50e591a7fc
mod_pubsub_feed: Implement signature verification
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 01 Feb 2011 00:24:19 +0100 |
| parents | 100b3ad2e10c |
| children | f42fe4229f8a |
comparison
equal
deleted
inserted
replaced
| 324:100b3ad2e10c | 325:4e50e591a7fc |
|---|---|
| 31 local st = require "util.stanza"; | 31 local st = require "util.stanza"; |
| 32 local httpserver = require "net.httpserver"; | 32 local httpserver = require "net.httpserver"; |
| 33 local formencode = require "net.http".formencode; | 33 local formencode = require "net.http".formencode; |
| 34 local dump = require "util.serialization".serialize; | 34 local dump = require "util.serialization".serialize; |
| 35 local uuid = require "util.uuid".generate; | 35 local uuid = require "util.uuid".generate; |
| 36 local hmac_sha1 = require "util.hmac".sha1; | |
| 36 | 37 |
| 37 local urldecode = require "net.http".urldecode; | 38 local urldecode = require "net.http".urldecode; |
| 38 local urlencode = require "net.http".urlencode; | 39 local urlencode = require "net.http".urlencode; |
| 39 local urlparams = --require "net.http".getQueryParams or whatever MattJ names it, FIXME | 40 local urlparams = --require "net.http".getQueryParams or whatever MattJ names it, FIXME |
| 40 function(s) | 41 function(s) |
| 163 return refresh_interval; | 164 return refresh_interval; |
| 164 end | 165 end |
| 165 | 166 |
| 166 function subscribe(feed) | 167 function subscribe(feed) |
| 167 feed.token = uuid(); | 168 feed.token = uuid(); |
| 169 feed.secret = uuid(); | |
| 168 local _body, body = { | 170 local _body, body = { |
| 169 ["hub.callback"] = "http://"..module.host..":5280/callback?node=" .. urlencode(feed.node); --FIXME figure out your own hostname reliably? | 171 ["hub.callback"] = "http://"..module.host..":5280/callback?node=" .. urlencode(feed.node); --FIXME figure out your own hostname reliably? |
| 170 ["hub.mode"] = "subscribe"; --TODO unsubscribe | 172 ["hub.mode"] = "subscribe"; --TODO unsubscribe |
| 171 ["hub.topic"] = feed.url; | 173 ["hub.topic"] = feed.url; |
| 172 ["hub.verify"] = "async"; | 174 ["hub.verify"] = "async"; |
| 173 ["hub.verify_token"] = feed.token; | 175 ["hub.verify_token"] = feed.token; |
| 174 --["hub.secret"] = ""; -- TODO http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.3.html#authednotify | 176 ["hub.secret"] = feed.secret; |
| 175 --["hub.lease_seconds"] = ""; | 177 --["hub.lease_seconds"] = ""; |
| 176 }, { }; | 178 }, { }; |
| 177 for name, value in pairs(_body) do | 179 for name, value in pairs(_body) do |
| 178 t_insert(body, { name = name, value = value }); | 180 t_insert(body, { name = name, value = value }); |
| 179 end --FIXME Why do I have to do this? | 181 end --FIXME Why do I have to do this? |
| 194 local query = request.url.query; | 196 local query = request.url.query; |
| 195 if query and type(query) == "string" then | 197 if query and type(query) == "string" then |
| 196 query = urlparams(query); | 198 query = urlparams(query); |
| 197 --module:log("debug", "GET data: %s", dump(query)); | 199 --module:log("debug", "GET data: %s", dump(query)); |
| 198 end | 200 end |
| 201 --module:log("debug", "Headers: %s", dump(request.headers)); | |
| 199 | 202 |
| 200 if method == "GET" then | 203 if method == "GET" then |
| 201 if query.node and feed_list[query.node] then | 204 if query.node and feed_list[query.node] then |
| 202 local feed = feed_list[query.node]; | 205 local feed = feed_list[query.node]; |
| 203 if query["hub.topic"] ~= feed.url then | 206 if query["hub.topic"] ~= feed.url then |
| 223 elseif method == "POST" then | 226 elseif method == "POST" then |
| 224 -- TODO http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.3.html#authednotify | 227 -- TODO http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.3.html#authednotify |
| 225 if #body > 0 and feed_list[query.node] then | 228 if #body > 0 and feed_list[query.node] then |
| 226 module:log("debug", "got %d bytes PuSHed for %s", #body, query.node); | 229 module:log("debug", "got %d bytes PuSHed for %s", #body, query.node); |
| 227 local feed = feed_list[query.node]; | 230 local feed = feed_list[query.node]; |
| 231 local signature = request.headers["x-hub-signature"]; | |
| 232 if feed.secret then | |
| 233 local localsig = "sha1=" .. hmac_sha1(feed.secret, body, true); | |
| 234 if localsig ~= signature then | |
| 235 module:log("debug", "Invalid signature"); | |
| 236 return http_response(403); | |
| 237 end | |
| 238 module:log("debug", "Valid signature"); | |
| 239 end | |
| 228 feed.data = body; | 240 feed.data = body; |
| 229 update_entry(feed); | 241 update_entry(feed); |
| 230 feed.last_update = time(); | 242 feed.last_update = time(); |
| 231 return http_response(202); | 243 return http_response(202); |
| 232 end | 244 end |