Mercurial > prosody-modules
comparison mod_register_json/mod_register_json.lua @ 529:84e992f70ba3
mod_register_json: stick to one code "punctuation" style.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Sat, 07 Jan 2012 18:11:03 +0000 |
| parents | f0fafd19fd72 |
| children | 09280dd0b22e |
comparison
equal
deleted
inserted
replaced
| 528:1737c08fde30 | 529:84e992f70ba3 |
|---|---|
| 2 -- via JSON. | 2 -- via JSON. |
| 3 -- | 3 -- |
| 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur | 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur |
| 5 -- aka Zash. | 5 -- aka Zash. |
| 6 | 6 |
| 7 local jid_prep = require "util.jid".prep; | 7 local jid_prep = require "util.jid".prep |
| 8 local jid_split = require "util.jid".split; | 8 local jid_split = require "util.jid".split |
| 9 local usermanager = require "core.usermanager"; | 9 local usermanager = require "core.usermanager" |
| 10 local b64_decode = require "util.encodings".base64.decode; | 10 local b64_decode = require "util.encodings".base64.decode |
| 11 local json_decode = require "util.json".decode; | 11 local json_decode = require "util.json".decode |
| 12 local httpserver = require "net.httpserver"; | 12 local httpserver = require "net.httpserver" |
| 13 local os_time = os.time; | 13 local os_time = os.time |
| 14 local nodeprep = require "util.encodings".stringprep.nodeprep; | 14 local nodeprep = require "util.encodings".stringprep.nodeprep |
| 15 | 15 |
| 16 module.host = "*" -- HTTP/BOSH Servlets need to be global. | 16 module.host = "*" -- HTTP/BOSH Servlets need to be global. |
| 17 | 17 |
| 18 -- Pick up configuration. | 18 -- Pick up configuration. |
| 19 | 19 |
| 20 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; | 20 local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted" |
| 21 local throttle_time = module:get_option("reg_servlet_ttime") or false; | 21 local throttle_time = module:get_option("reg_servlet_ttime") or false |
| 22 local whitelist = module:get_option("reg_servlet_wl") or {}; | 22 local whitelist = module:get_option("reg_servlet_wl") or {} |
| 23 local blacklist = module:get_option("reg_servlet_bl") or {}; | 23 local blacklist = module:get_option("reg_servlet_bl") or {} |
| 24 local recent_ips = {}; | 24 local recent_ips = {} |
| 25 | 25 |
| 26 -- Begin | 26 -- Begin |
| 27 | 27 |
| 28 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end | 28 for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true end |
| 29 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end | 29 for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true end |
| 30 | 30 |
| 31 local function http_response(code, message, extra_headers) | 31 local function http_response(code, message, extra_headers) |
| 32 local response = { | 32 local response = { |
| 33 status = code .. " " .. message; | 33 status = code .. " " .. message, |
| 34 body = message .. "\n"; } | 34 body = message .. "\n" } |
| 35 if extra_headers then response.headers = extra_headers; end | 35 if extra_headers then response.headers = extra_headers end |
| 36 return response | 36 return response |
| 37 end | 37 end |
| 38 | 38 |
| 39 local function handle_req(method, body, request) | 39 local function handle_req(method, body, request) |
| 40 if request.method ~= "POST" then | 40 if request.method ~= "POST" then |
| 41 return http_response(405, "Bad method...", {["Allow"] = "POST"}); | 41 return http_response(405, "Bad method...", {["Allow"] = "POST"}) |
| 42 end | 42 end |
| 43 if not request.headers["authorization"] then | 43 if not request.headers["authorization"] then |
| 44 return http_response(401, "No... No...", | 44 return http_response(401, "No... No...", {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'}) |
| 45 {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'}) | |
| 46 end | 45 end |
| 47 | 46 |
| 48 local user, password = b64_decode(request.headers.authorization | 47 local user, password = b64_decode(request.headers.authorization:match("[^ ]*$") or ""):match("([^:]*):(.*)") |
| 49 :match("[^ ]*$") or ""):match("([^:]*):(.*)"); | 48 user = jid_prep(user) |
| 50 user = jid_prep(user); | 49 if not user or not password then return http_response(400, "What's this..?") end |
| 51 if not user or not password then return http_response(400, "What's this..?"); end | |
| 52 local user_node, user_host = jid_split(user) | 50 local user_node, user_host = jid_split(user) |
| 53 if not hosts[user_host] then return http_response(401, "Negative."); end | 51 if not hosts[user_host] then return http_response(401, "Negative.") end |
| 54 | 52 |
| 55 module:log("warn", "%s is authing to submit a new user registration data", user) | 53 module:log("warn", "%s is authing to submit a new user registration data", user) |
| 56 if not usermanager.test_password(user_node, user_host, password) then | 54 if not usermanager.test_password(user_node, user_host, password) then |
| 57 module:log("warn", "%s failed authentication", user) | 55 module:log("warn", "%s failed authentication", user) |
| 58 return http_response(401, "Who the hell are you?! Guards!"); | 56 return http_response(401, "Who the hell are you?! Guards!") |
| 59 end | 57 end |
| 60 | 58 |
| 61 local req_body; | 59 local req_body |
| 62 -- We check that what we have is valid JSON wise else we throw an error... | 60 -- We check that what we have is valid JSON wise else we throw an error... |
| 63 if not pcall(function() req_body = json_decode(body) end) then | 61 if not pcall(function() req_body = json_decode(body) end) then |
| 64 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); | 62 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user) |
| 65 return http_response(400, "JSON Decoding failed."); | 63 return http_response(400, "JSON Decoding failed.") |
| 66 else | 64 else |
| 67 -- Decode JSON data and check that all bits are there else throw an error | 65 -- Decode JSON data and check that all bits are there else throw an error |
| 68 req_body = json_decode(body); | 66 req_body = json_decode(body) |
| 69 if req_body["username"] == nil or req_body["password"] == nil or req_body["host"] == nil or req_body["ip"] == nil then | 67 if req_body["username"] == nil or req_body["password"] == nil or req_body["host"] == nil or req_body["ip"] == nil then |
| 70 module:log("debug", "%s supplied an insufficent number of elements or wrong elements for the JSON registration", user); | 68 module:log("debug", "%s supplied an insufficent number of elements or wrong elements for the JSON registration", user) |
| 71 return http_response(400, "Invalid syntax."); | 69 return http_response(400, "Invalid syntax.") |
| 72 end | 70 end |
| 73 -- Check if user is an admin of said host | 71 -- Check if user is an admin of said host |
| 74 if not usermanager.is_admin(user, req_body["host"]) then | 72 if not usermanager.is_admin(user, req_body["host"]) then |
| 75 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]); | 73 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) |
| 76 return http_response(401, "I obey only to my masters... Have a nice day."); | 74 return http_response(401, "I obey only to my masters... Have a nice day.") |
| 77 else | 75 else |
| 78 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | 76 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) |
| 79 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end | 77 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end |
| 80 if throttle_time and not whitelist[req_body["ip"]] then | 78 if throttle_time and not whitelist[req_body["ip"]] then |
| 81 if not recent_ips[req_body["ip"]] then | 79 if not recent_ips[req_body["ip"]] then |
| 82 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; | 80 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 } |
| 83 else | 81 else |
| 84 local ip = recent_ips[req_body["ip"]]; | 82 local ip = recent_ips[req_body["ip"]] |
| 85 ip.count = ip.count + 1; | 83 ip.count = ip.count + 1 |
| 86 | 84 |
| 87 if os_time() - ip.time < throttle_time then | 85 if os_time() - ip.time < throttle_time then |
| 88 ip.time = os_time(); | 86 ip.time = os_time() |
| 89 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); | 87 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) |
| 90 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); | 88 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") |
| 91 end | 89 end |
| 92 ip.time = os_time(); | 90 ip.time = os_time() |
| 93 end | 91 end |
| 94 end | 92 end |
| 95 | 93 |
| 96 -- We first check if the supplied username for registration is already there. | 94 -- We first check if the supplied username for registration is already there. |
| 97 -- And nodeprep the username | 95 -- And nodeprep the username |
| 98 local username = nodeprep(req_body["username"]); | 96 local username = nodeprep(req_body["username"]) |
| 99 if not usermanager.user_exists(username, req_body["host"]) then | 97 if not usermanager.user_exists(username, req_body["host"]) then |
| 100 if not username then | 98 if not username then |
| 101 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username); | 99 module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) |
| 102 return http_response(406, "Supplied username contains invalid characters, see RFC 6122."); | 100 return http_response(406, "Supplied username contains invalid characters, see RFC 6122.") |
| 103 else | 101 else |
| 104 usermanager.create_user(username, req_body["password"], req_body["host"]); | 102 usermanager.create_user(username, req_body["password"], req_body["host"]) |
| 105 module:log("debug", "%s registration data submission for %s is successful", user, username); | 103 module:log("debug", "%s registration data submission for %s is successful", user, username) |
| 106 return http_response(200, "Done."); | 104 return http_response(200, "Done.") |
| 107 end | 105 end |
| 108 else | 106 else |
| 109 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username); | 107 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username) |
| 110 return http_response(409, "User already exists."); | 108 return http_response(409, "User already exists.") |
| 111 end | 109 end |
| 112 end | 110 end |
| 113 end | 111 end |
| 114 end | 112 end |
| 115 | 113 |
| 116 -- Set it up! | 114 -- Set it up! |
| 117 local function setup() | 115 local function setup() |
| 118 local ports = module:get_option("reg_servlet_ports") or { 9280 }; | 116 local ports = module:get_option("reg_servlet_ports") or { 9280 } |
| 119 local port_number, base_name, ssl_table; | 117 local port_number, base_name, ssl_table |
| 120 for _, opts in ipairs(ports) do | 118 for _, opts in ipairs(ports) do |
| 121 if type(opts) == "number" then | 119 if type(opts) == "number" then |
| 122 port_number, base_name = opts, "register_account"; | 120 port_number, base_name = opts, "register_account" |
| 123 elseif type(opts) == "table" then | 121 elseif type(opts) == "table" then |
| 124 port_number, base_name, ssl_table = opts.port or 9280, opts.path or "register_account", opts.ssl or nil; | 122 port_number, base_name, ssl_table = opts.port or 9280, opts.path or "register_account", opts.ssl or nil |
| 125 elseif type(opts) == "string" then | 123 elseif type(opts) == "string" then |
| 126 base_name, port_number = opts, 9280; | 124 base_name, port_number = opts, 9280 |
| 127 end | 125 end |
| 128 end | 126 end |
| 129 | 127 |
| 130 if ssl_table == nil then | 128 if ssl_table == nil then |
| 131 ports = { { port = port_number } }; | 129 ports = { { port = port_number } } |
| 132 httpserver.new_from_config(ports, handle_req, { base = base_name }); | 130 httpserver.new_from_config(ports, handle_req, { base = base_name }) |
| 133 else | 131 else |
| 134 if port_number == 9280 then port_number = 9443; end | 132 if port_number == 9280 then port_number = 9443 end |
| 135 ports = { { port = port_number, ssl = ssl_table } }; | 133 ports = { { port = port_number, ssl = ssl_table } } |
| 136 httpserver.new_from_config(ports, handle_req, { base = base_name }); | 134 httpserver.new_from_config(ports, handle_req, { base = base_name }) |
| 137 end | 135 end |
| 138 end | 136 end |
| 139 | 137 |
| 140 if prosody.start_time then -- already started | 138 if prosody.start_time then -- already started |
| 141 setup(); | 139 setup() |
| 142 else | 140 else |
| 143 prosody.events.add_handler("server-started", setup); | 141 prosody.events.add_handler("server-started", setup) |
| 144 end | 142 end |