Mercurial > prosody-modules
comparison mod_register_json/mod_register_json.lua @ 359:5d22ebcb9ec5
mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Tue, 12 Apr 2011 19:09:34 +0000 |
| parents | 4483bb889d12 |
| children | 81528ffa0b76 |
comparison
equal
deleted
inserted
replaced
| 358:4483bb889d12 | 359:5d22ebcb9ec5 |
|---|---|
| 8 local b64_decode = require "util.encodings".base64.decode; | 8 local b64_decode = require "util.encodings".base64.decode; |
| 9 local json_decode = require "util.json".decode; | 9 local json_decode = require "util.json".decode; |
| 10 | 10 |
| 11 module.host = "*" -- HTTP/BOSH Servlets need to be global. | 11 module.host = "*" -- HTTP/BOSH Servlets need to be global. |
| 12 | 12 |
| 13 -- Pick up configuration. | |
| 14 | |
| 13 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; | 15 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; |
| 16 local throttle_time = module:get_option("reg_servlet_ttime") or false; | |
| 17 local whitelist = module:get_option("reg_servlet_wl") or {}; | |
| 18 local blacklist = module:get_option("reg_servlet_bl") or {}; | |
| 19 local recent_ips = {}; | |
| 20 | |
| 21 -- Begin | |
| 22 | |
| 23 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end | |
| 24 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end | |
| 14 | 25 |
| 15 local function http_response(code, message, extra_headers) | 26 local function http_response(code, message, extra_headers) |
| 16 local response = { | 27 local response = { |
| 17 status = code .. " " .. message; | 28 status = code .. " " .. message; |
| 18 body = message .. "\n"; } | 29 body = message .. "\n"; } |
| 34 user = jid_prep(user); | 45 user = jid_prep(user); |
| 35 if not user or not password then return http_response(400, "What's this..?"); end | 46 if not user or not password then return http_response(400, "What's this..?"); end |
| 36 local user_node, user_host = jid_split(user) | 47 local user_node, user_host = jid_split(user) |
| 37 if not hosts[user_host] then return http_response(401, "Negative."); end | 48 if not hosts[user_host] then return http_response(401, "Negative."); end |
| 38 | 49 |
| 39 module:log("debug", "%s is authing to submit a new user registration data", user) | 50 module:log("warn", "%s is authing to submit a new user registration data", user) |
| 40 if not usermanager.test_password(user_node, user_host, password) then | 51 if not usermanager.test_password(user_node, user_host, password) then |
| 41 module:log("debug", "%s failed authentication", user) | 52 module:log("warn", "%s failed authentication", user) |
| 42 return http_response(401, "Who the hell are you?! Guards!"); | 53 return http_response(401, "Who the hell are you?! Guards!"); |
| 43 end | 54 end |
| 44 | 55 |
| 45 local req_body; pcall(function() req_body = json.decode(body) end); | 56 local req_body; pcall(function() req_body = json.decode(body) end); |
| 46 -- Check if user is an admin of said host | 57 -- Check if user is an admin of said host |
| 47 if not usermanager.is_admin(user, req_body["host"]) then | 58 if not usermanager.is_admin(user, req_body["host"]) then |
| 48 module:log("debug", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) | 59 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) |
| 49 return http_response(401, "I obey only to my masters... Have a nice day."); | 60 return http_response(401, "I obey only to my masters... Have a nice day."); |
| 50 else | 61 else |
| 51 -- Various sanity checks. | 62 -- Various sanity checks. |
| 52 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end | 63 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end |
| 64 | |
| 65 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | |
| 66 if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end | |
| 67 if throttle_time and not whitelist[req_body["ip"]] then | |
| 68 if not recent_ips[req_body["ip"]] then | |
| 69 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; | |
| 70 else | |
| 71 local ip = recent_ips[req_body["ip"]]; | |
| 72 ip.count = ip.count + 1; | |
| 73 | |
| 74 if os_time() - ip.time < throttle_time then | |
| 75 ip.time = os_time(); | |
| 76 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); | |
| 77 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); | |
| 78 end | |
| 79 ip.time = os_time(); | |
| 80 end | |
| 81 end | |
| 82 | |
| 53 -- We first check if the supplied username for registration is already there. | 83 -- We first check if the supplied username for registration is already there. |
| 54 if not usermanager.user_exists(req_body["username"], req_body["host"]) then | 84 if not usermanager.user_exists(req_body["username"], req_body["host"]) then |
| 55 usermanager.create_user(req_body["username"], req_body["password"], req_body["host]); | 85 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); |
| 56 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); | 86 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); |
| 57 return http_response(200, "Done."); | 87 return http_response(200, "Done."); |
| 58 else | 88 else |
| 59 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); | 89 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); |
| 60 return http_response(409, "User already exists."); | 90 return http_response(409, "User already exists."); |
| 61 end | 91 end |
| 62 end | 92 end |
| 63 end | 93 end |
| 64 | 94 |
| 95 -- Set it up! | |
| 65 local function setup() | 96 local function setup() |
| 66 local ports = module:get_option("reg_servlet_port") or { 9280 }; | 97 local ports = module:get_option("reg_servlet_port") or { 9280 }; |
| 67 local base_name = module:get_option("reg_servlet_base") or "register_account"; | 98 local base_name = module:get_option("reg_servlet_base") or "register_account"; |
| 68 local ssl_cert = module:get_option("reg_servlet_sslcert") or false; | 99 local ssl_cert = module:get_option("reg_servlet_sslcert") or false; |
| 69 local ssl_key = module:get_option("reg_servlet_sslkey") or false; | 100 local ssl_key = module:get_option("reg_servlet_sslkey") or false; |