Mercurial > prosody-modules
comparison mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 4330:e655581173be
mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 13 Jan 2021 14:18:24 +0000 |
| parents | 2a5164162708 |
| children | 2e355540f8c8 |
comparison
equal
deleted
inserted
replaced
| 4329:2a5164162708 | 4330:e655581173be |
|---|---|
| 56 local push_summary = event.push_summary; | 56 local push_summary = event.push_summary; |
| 57 | 57 |
| 58 local original_stanza = event.original_stanza; | 58 local original_stanza = event.original_stanza; |
| 59 | 59 |
| 60 local push_payload = { | 60 local push_payload = { |
| 61 unread = push_summary["message-count"]; | 61 unread = tonumber(push_summary["message-count"]) or 1; |
| 62 sender = push_summary["last-message-sender"]; | 62 sender = jid.bare(original_stanza.attr.from); |
| 63 message = body; | |
| 63 }; | 64 }; |
| 64 | 65 |
| 65 if original_stanza.name == "message" then | 66 if original_stanza.name == "message" then |
| 66 if original_stanza.attr.type == "groupchat" then | 67 if original_stanza.attr.type == "groupchat" then |
| 67 push_payload.type = "groupchat"; | 68 push_payload.type = "groupchat"; |
| 82 | 83 |
| 83 local iv = random.bytes(12); | 84 local iv = random.bytes(12); |
| 84 local key_binary = base64.decode(encryption.key_base64); | 85 local key_binary = base64.decode(encryption.key_base64); |
| 85 local push_json = json.encode(push_payload); | 86 local push_json = json.encode(push_payload); |
| 86 | 87 |
| 87 local encrypted_payload = ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json); | 88 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes |
| 89 -- Siskin does not validate the tag anyway. | |
| 90 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16)); | |
| 88 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) | 91 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) }) |
| 89 :text(encrypted_payload); | 92 :text(encrypted_payload); |
| 90 -- Replace the unencrypted notification with the encrypted one | 93 -- Replace the unencrypted notification with the encrypted one |
| 91 event.notification_stanza | 94 event.notification_stanza |
| 92 :get_child("pubsub", "http://jabber.org/protocol/pubsub") | 95 :get_child("pubsub", "http://jabber.org/protocol/pubsub") |
| 93 :get_child("publish") | 96 :get_child("publish") |
| 94 :get_child("item") | 97 :get_child("item") |
| 95 :remove_children("notification", xmlns_push) | 98 :remove_children("notification", xmlns_push) |
| 96 :add_child(encrypted_element); | 99 :tag("notification", { xmlns = xmlns_push }) |
| 100 :add_child(encrypted_element) | |
| 101 :up(); | |
| 97 end | 102 end |
| 98 | 103 |
| 99 module:hook("cloud_notify/registration", handle_register); | 104 module:hook("cloud_notify/registration", handle_register); |
| 100 module:hook("cloud_notify/push", handle_push); | 105 module:hook("cloud_notify/push", handle_push); |