view mod_pubsub_post/README.markdown @ 3501:1df139b157fb

mod_pubsub_post: Add support for WebSub authentication
author Kim Alvefur <zash@zash.se>
date Fri, 24 Aug 2018 14:52:09 +0200
parents 0992c0398783
children 42e9e3c5eb02
line wrap: on
line source

# Introduction

Lets you easily publish data to PubSub using a HTTP POST request. The
payload can be Atom feeds, arbitrary XML, or arbitrary JSON. The type
should be indicated via the `Content-Type` header.

``` {.bash}
curl http://localhost:5280/pubsub_post/princely_musings \
    -H "Content-Type: application/json" \
    --data-binary '{"musing":"To be, or not to be: that is the question"}'
```

-   JSON data is wrapped in a [XEP-0335] container.
-   An Atom feed may have many `<entry>` and each one is published as
    its own PubSub item.
-   Other XML is simply published to a randomly named item as-is.

# Configuration

## Authentication

Authentication can be handled in two different ways.

### None

``` {.lua}
pubsub_post_actor = "superuser"
```

The module uses an internal actor that has all privileges and can always
do everything. It is strongly suggested that you do not expose this to
the Internet. *Maybe* it shouldn't be the default...

### IP

``` {.lua}
pubsub_post_actor = "request.ip"
```

Uses the IP address from the HTTP request as actor, which means this
pseudo-JID must be given a 'publisher' affiliation. This should work
nicely with the `autocreate_on_publish` setting, where the first actor
to attempt to publish to a non-existant node becomes owner of it, which
includes publishing rights.

## WebSub

``` {.lua}
-- Per node secrets
pubsub_post_secrets = {
    my_node = "shared secret"
}

-- Same secret for all nodes
pubsub_post_secret = "shared secret"
```

This enables the
[WebSub](https://www.w3.org/TR/2018/REC-websub-20180123/) [Authenticated
Content
Distribution](https://www.w3.org/TR/2018/REC-websub-20180123/#authenticated-content-distribution)
authentication method, where payloads are signed using a shared secret.

## Setting up affiliations

Prosodys PubSub module supports [setting affiliations via
XMPP](https://xmpp.org/extensions/xep-0060.html#owner-affiliations), in
trunk since [revision
384ef9732b81](https://hg.prosody.im/trunk/rev/384ef9732b81).

It can however be done from another plugin:

``` {.lua}
local mod_pubsub = module:depends("pubsub");
local pubsub = mod_pubsub.service;

pubsub:create("princely_musings", true);
pubsub:set_affiliation("princely_musings", true, "127.0.0.1", "publisher");
```