Mercurial > prosody-modules
comparison mod_data_access/mod_data_access.lua @ 318:84caab2bc02c
mod_data_access: New plugin providing a HTTP interface to Prosodys datamanager
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 19 Jan 2011 20:18:38 +0100 |
| parents | |
| children | 52f2188ec47d |
comparison
equal
deleted
inserted
replaced
| 317:4f78f5020aa9 | 318:84caab2bc02c |
|---|---|
| 1 -- HTTP Access to datamanager | |
| 2 -- By Kim Alvefur <zash@zash.se> | |
| 3 | |
| 4 local jid_prep = require "util.jid".prep; | |
| 5 local jid_split = require "util.jid".split; | |
| 6 local um_test_pw = require "core.usermanager".test_password; | |
| 7 local is_admin = require "core.usermanager".is_admin | |
| 8 local dm_load = require "util.datamanager".load; | |
| 9 local dm_list_load = require "util.datamanager".list_load; | |
| 10 local b64_decode = require "util.encodings".base64.decode; | |
| 11 --local urldecode = require "net.http".urldecode; | |
| 12 --[[local urlparams = --require "net.http".getQueryParams or whatever MattJ names it | |
| 13 function(s) | |
| 14 if not s:match("=") then return urldecode(s); end | |
| 15 local r = {} | |
| 16 s:gsub("([^=&]*)=([^&]*)", function(k,v) | |
| 17 r[ urldecode(k) ] = urldecode(v); | |
| 18 return nil | |
| 19 end) | |
| 20 return r | |
| 21 end; | |
| 22 --]] | |
| 23 | |
| 24 local function http_response(code, message, extra_headers) | |
| 25 local response = { | |
| 26 status = code .. " " .. message; | |
| 27 body = message .. "\n"; } | |
| 28 if extra_headers then response.headers = extra_headers; end | |
| 29 return response | |
| 30 end | |
| 31 | |
| 32 local encoders = { | |
| 33 lua = require "util.serialization".serialize, | |
| 34 json = require "util.json".encode | |
| 35 }; | |
| 36 --[[ | |
| 37 encoders.xml = function(data) | |
| 38 return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>"; | |
| 39 end --]] | |
| 40 | |
| 41 local function handle_request(method, body, request) | |
| 42 if request.method ~= "GET" then | |
| 43 return http_response(405, "Method Not Allowed", {["Allow"] = "GET"}); | |
| 44 end -- TODO Maybe PUT? | |
| 45 | |
| 46 if not request.headers["authorization"] then | |
| 47 return http_response(401, "Unauthorized", | |
| 48 {["WWW-Authenticate"]='Basic realm="WallyWorld"'}) | |
| 49 end | |
| 50 local user, password = b64_decode(request.headers.authorization | |
| 51 :match("[^ ]*$") or ""):match("([^:]*):(.*)"); | |
| 52 user = jid_prep(user); | |
| 53 if not user or not password then return http_response(400, "Bad Request"); end | |
| 54 local user_node, user_host = jid_split(user) | |
| 55 if not hosts[user_host] then return http_response(401, "Unauthorized"); end | |
| 56 | |
| 57 module:log("debug", "authz %s", user) | |
| 58 if not um_test_pw(user_node, user_host, password) then | |
| 59 return http_response(401, "Unauthorized"); | |
| 60 end | |
| 61 | |
| 62 module:log("debug", "spliting path"); | |
| 63 local path = {}; | |
| 64 for i in string.gmatch(request.url.path, "[^/]+") do | |
| 65 table.insert(path, i); | |
| 66 end | |
| 67 table.remove(path, 1); -- the first /data | |
| 68 module:log("debug", "split path, got %d parts: %s", #path, table.concat(path, ", ")); | |
| 69 | |
| 70 if #path < 3 then | |
| 71 module:log("debug", "since we need at least 3 parts, adding %s/%s", user_host, user_node); | |
| 72 table.insert(path, 1, user_node); | |
| 73 table.insert(path, 1, user_host); | |
| 74 --return http_response(400, "Bad Request"); | |
| 75 end | |
| 76 | |
| 77 if #path < 3 then | |
| 78 return http_response(404, "Not Found"); | |
| 79 end | |
| 80 | |
| 81 if user_host ~= path[1] or user_node ~= path[2] then | |
| 82 -- To only give admins acces to anything, move the inside of this block after authz | |
| 83 module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, path[2], path[1], path[3]) | |
| 84 if not is_admin(user, path[1]) then | |
| 85 return http_response(403, "Forbidden"); | |
| 86 end | |
| 87 end | |
| 88 | |
| 89 local data = dm_load(path[2], path[1], path[3]); | |
| 90 | |
| 91 data = data or dm_list_load(path[2], path[1], path[3]); | |
| 92 | |
| 93 if data and encoders[path[4] or "json"] then | |
| 94 return { | |
| 95 status = "200 OK", | |
| 96 body = encoders[path[4] or "json"](data) .. "\n", | |
| 97 headers = {["content-type"] = "text/plain; charset=utf-8"} | |
| 98 --headers = {["content-type"] = encoders[data[4] or "json"].mime .. "; charset=utf-8"} | |
| 99 -- FIXME a little nicer that the above | |
| 100 -- Also, would be cooler to use the Accept header, but parsing it ... | |
| 101 }; | |
| 102 else | |
| 103 return http_response(404, "Not Found"); | |
| 104 end | |
| 105 end | |
| 106 | |
| 107 local function setup() | |
| 108 local ports = module:get_option("data_access_ports") or { 5280 }; | |
| 109 require "net.httpserver".new_from_config(ports, handle_request, { base = "data" }); | |
| 110 end | |
| 111 if prosody.start_time then -- already started | |
| 112 setup(); | |
| 113 else | |
| 114 prosody.events.add_handler("server-started", setup); | |
| 115 end |