view mod_http_muc_log/mod_http_muc_log.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parents 7bce75e74f86
children df483d9056f5
line wrap: on
line source

local mt = require"util.multitable";
local datetime = require"util.datetime";
local jid_split = require"util.jid".split;
local nodeprep = require"util.encodings".stringprep.nodeprep;
local url = require"socket.url";
local os_time, os_date = os.time, os.date;
local httplib = require "util.http";
local render_funcs = {};
local render = require"util.interpolation".new("%b{}", require"util.stanza".xml_escape, render_funcs);

local archive = module:open_store("muc_log", "archive");

-- Prosody 0.11+ MUC API
local mod_muc = module:depends"muc";
local each_room = mod_muc.each_room;
local get_room_from_jid = mod_muc.get_room_from_jid;

local function get_room(name)
	local jid = name .. '@' .. module.host;
	return get_room_from_jid(jid);
end

local use_oob = module:get_option_boolean(module.name .. "_show_images", false);
module:depends"http";

local template;
do
	local template_filename = module:get_option_string(module.name .. "_template", "res/" .. module.name .. ".html");
	local template_file, err = module:load_resource(template_filename);
	if template_file then
		template, err = template_file:read("*a");
		template_file:close();
	end
	if not template then
		module:log("error", "Error loading template: %s", err);
		template = render("<h1>mod_{module} could not read the template</h1>\
		<p>Tried to open <b>{filename}</b></p>\
		<pre>{error}</pre>",
			{ module = module.name, filename = template_filename, error = err });
	end
end

local resources = module:get_option_path(module.name .. "_resources", "static");

-- local base_url = module:http_url() .. '/'; -- TODO: Generate links in a smart way
local get_link do
	local link, path = { path = '/' }, { "", "", is_directory = true };
	function get_link(room, date)
		path[1], path[2] = room, date;
		path.is_directory = not date;
		link.path = url.build_path(path);
		return url.build(link);
	end
end

local function get_absolute_link(room, date)
	local link = url.parse(module:http_url());
	local path = url.parse_path(link.path);
	if room then
		table.insert(path, room);
		if date then
			table.insert(path, date)
			path.is_directory = false;
		else
			path.is_directory = true;
		end
	end
	link.path = url.build_path(path)
	return url.build(link)
end

-- Whether room can be joined by anyone
local function open_room(room) -- : boolean
	if type(room) == "string" then
		room = get_room(room);
		-- assumed to be a room object otherwise
	end
	if not room then
		return nil;
	end

	if (room.get_members_only or room.is_members_only)(room) then
		return false;
	end

	if room:get_password() then
		return false;
	end

	return true;
end

-- Can be set to "latest"
local default_view = module:get_option_string(module.name .. "_default_view", nil);

module:hook("muc-disco#info", function (event)
	local room = event.room;
	if open_room(room) then
		table.insert(event.form, { name = "muc#roominfo_logs", type="text-single" });
		event.formdata["muc#roominfo_logs"] = get_absolute_link(jid_split(event.room.jid), default_view);
	end
end);

local function sort_Y(a,b) return a.year > b.year end
local function sort_m(a,b) return a.n > b.n end

-- Time zone hack?
local t_diff = os_time(os_date("*t")) - os_time(os_date("!*t"));
local function time(t)
	return os_time(t) + t_diff;
end
local function date_floor(t)
	return t - t % 86400;
end

-- Fetch one item
local function find_once(room, query, retval)
	if query then query.limit = 1; else query = { limit = 1 }; end
	local iter, err = archive:find(room, query);
	if not iter then return iter, err; end
	if retval then
		return select(retval, iter());
	end
	return iter();
end

local lazy = module:get_option_boolean(module.name .. "_lazy_calendar", true);

local presence_logged = module:get_option_boolean("muc_log_presences", false);

local function hide_presence(request)
	if not presence_logged then
		return false;
	end
	if request.url.query then
		local data = httplib.formdecode(request.url.query);
		if data then
			return data.p == "h"
		end
	end
	return false;
end

local function get_dates(room) --> { integer, ... }
	local date_list = archive.dates and archive:dates(room);
	if date_list then
		for i = 1, #date_list do
			date_list[i] = datetime.parse(date_list[i].."T00:00:00Z");
		end
		return date_list;
	end

	if lazy then
		-- Lazy with many false positives
		date_list = {};
		local first_day = find_once(room, nil, 3);
		local last_day = find_once(room, { reverse = true }, 3);
		if first_day and last_day then
			first_day = date_floor(first_day);
			last_day = date_floor(last_day);
			for when = first_day, last_day, 86400 do
				table.insert(date_list, when);
			end
		else
			return; -- 404
		end
		return date_list;
	end

	-- Collect date the hard way
	module:log("debug", "Find all dates with messages");
	date_list = {};
	local next_day;
	repeat
		local when = find_once(room, { start = next_day; }, 3);
		if not when then break; end
		table.insert(date_list, when);
		next_day = date_floor(when) + 86400;
	until not next_day;
	return date_list;
end

function render_funcs.calendarize(date_list)
	-- convert array of timestamps to a year / month / day tree
	local dates = mt.new();
	for _, when in ipairs(date_list) do
		local t = os_date("!*t", when);
		dates:set(t.year, t.month, t.day, when);
	end
	-- Wrangle Y/m/d tree into year / month / week / day tree for calendar view
	local years = {};
	for current_year, months_t in pairs(dates.data) do
		local t = { year = current_year, month = 1, day = 1 };
		local months = { };
		local year = { year = current_year, months = months };
		years[#years+1] = year;
		for current_month, days_t in pairs(months_t) do
			t.day = 1;
			t.month = current_month;
			local tmp = os_date("!*t", time(t));
			local days = {};
			local week = { days = days }
			local weeks = { week };
			local month = { year = year.year, month = os_date("!%B", time(t)), n = current_month, weeks = weeks };
			months[#months+1] = month;
			local current_day = 1;
			for _=1, (tmp.wday+5)%7 do
				days[current_day], current_day = {}, current_day+1;
			end
			for i = 1, 31 do
				t.day = i;
				tmp = os_date("!*t", time(t));
				if tmp.month ~= current_month then break end
				if i > 1 and tmp.wday == 2 then
					days = {};
					weeks[#weeks+1] = { days = days };
					current_day = 1;
				end
				days[current_day] = {
					wday = tmp.wday, day = i, href = days_t[i] and datetime.date(days_t[i])
				};
				current_day = current_day+1;
			end
		end
		table.sort(months, sort_m);
	end
	table.sort(years, sort_Y);
	return years;
end

-- Produce the calendar view
local function years_page(event, path)
	local request, response = event.request, event.response;

	local room = nodeprep(path:match("^(.*)/$"));
	local is_open = open_room(room);
	if is_open == nil then
		return -- implicit 404
	elseif is_open == false then
		return 403;
	end

	local date_list = get_dates(room);
	if not date_list then
		return; -- 404
	end

	-- Phew, all wrangled, all that's left is rendering it with the template

	response.headers.content_type = "text/html; charset=utf-8";
	local room_obj = get_room(room);
	return render(template, {
		static = "../@static";
		room = room_obj._data;
		jid = room_obj.jid;
		jid_node = jid_split(room_obj.jid);
		hide_presence = hide_presence(request);
		presence_available = presence_logged;
		dates = date_list;
		links = {
			{ href = "../", rel = "up", text = "Room list" },
			{ href = "latest", rel = "last", text = "Latest" },
		};
	});
end

-- Produce the chat log view
local function logs_page(event, path)
	local request, response = event.request, event.response;

	local room, date = path:match("^([^/]+)/([^/]*)/?$");
	if not room then
		response.headers.location = url.build({ path = path .. "/" });
		return 303;
	end
	room = nodeprep(room);
	if not room then
		return 400;
	elseif date == "" then
		return years_page(event, path);
	end
	local is_open = open_room(room);
	if is_open == nil then
		return -- implicit 404
	elseif is_open == false then
		return 403;
	end
	if date == "latest" then
		local last_day = find_once(room, { reverse = true }, 3);
		response.headers.location = url.build({ path = datetime.date(last_day), query = request.url.query });
		return 303;
	end
	local day_start = datetime.parse(date.."T00:00:00Z");
	if not day_start then
		module:log("debug", "Invalid date format: %q", date);
		return 400;
	end

	local logs, i = {}, 1;
	local iter, err = archive:find(room, {
		["start"] = day_start;
		["end"]   = day_start + 86399;
		["with"]  = hide_presence(request) and "message<groupchat" or nil;
	});
	if not iter then
		module:log("warn", "Could not search archive: %s", err or "no error");
		return 500;
	end

	local first, last;
	for archive_id, item, when in iter do
		local body_tag = item:get_child("body");
		local body = body_tag and body_tag:get_text();
		local subject = item:get_child_text("subject");
		local verb = nil;
		local lang = body_tag and body_tag.attr["xml:lang"] or item.attr["xml:lang"];

		-- XEP-0359: Unique and Stable Stanza IDs
		local message_id = item:find("{urn:xmpp:sid:0}origin-id@id") or item.attr.id;

		if subject then
			verb, body = "set the topic to", subject;
		elseif body and body:sub(1,4) == "/me " then
			verb, body = body:sub(5), nil;
		elseif item.name == "presence" then
			-- TODO Distinguish between join and presence update
			verb = item.attr.type == "unavailable" and "has left" or "has joined";
			lang = "en";
		end

		local nick = select(3, jid_split(item.attr.from));
		local occupant_id = item:find("{urn:xmpp:occupant-id:0}occupant-id@id") or nick;

		-- XEP-0066: Out of Band Data
		local oob = use_oob and item:get_child("x", "jabber:x:oob");

		-- XEP-0425: Message Moderation
		local moderated = item:get_child("moderated", "urn:xmpp:message-moderate:0");
		if moderated then
			local actor = moderated.attr.by;
			if actor then actor = select(3, jid_split(actor)); end
			verb = "removed by " .. (actor or "moderator");
			body = moderated:get_child_text("reason") or "";
		end

		local moderation = item:find("{urn:xmpp:fasten:0}apply-to/{urn:xmpp:message-moderate:0}moderated");
		if moderation then
			nick = nick or "a moderator";
			verb = "removed a message";
			body = moderation:get_child_text("reason") or "";
		end

		-- XEP-0308: Last Message Correction
		local edit = item:find("{urn:xmpp:message-correct:0}replace/@id");
		if edit then
			local found = false;
			for n = i-1, 1, -1 do
				if logs[n].message_id == edit and occupant_id == logs[n].occupant_id then
					found = true;
					logs[n].edited = archive_id;
					edit = logs[n].archive_id;
					break;
				end
			end
			if not found then
				-- Ignore unresolved edit.
				edit = nil;
			end
		end

		-- XEP-0444: Message Reactions
		local reactions = item:get_child("reactions", "urn:xmpp:reactions:0");
		if reactions then
			-- COMPAT Movim uses an @to attribute instead of the correct @id
			local target_id = reactions.attr.id or reactions.attr.to;
			for n = i - 1, 1, -1 do
				if logs[n].archive_id == target_id then
					local react_map = logs[n].reactions; -- { string : integer }
					if not react_map then
						react_map = {};
						logs[n].reactions = react_map;
					end
					for reaction_tag in reactions:childtags("reaction") do
						-- FIXME This doesn't replace previous reactions by the same user
						-- on the same message.
						local reaction_text = reaction_tag:get_text() or "�";
						react_map[reaction_text] = (react_map[reaction_text] or 0) + 1;
					end
					break
				end
			end
		end

		-- XEP-0461: Message Replies
		local reply = item:find("{urn:xmpp:reply:0}reply@id");

		if body or verb or oob then
			local line = {
				message_id = message_id;
				archive_id = archive_id;
				occupant_id = occupant_id;
				datetime = datetime.datetime(when);
				time = datetime.time(when);
				verb = verb;
				body = body;
				lang = lang;
				nick = nick;
				st_name = item.name;
				st_type = item.attr.type;
				edit = edit;
				reply = reply;
				-- COMPAT
				key = archive_id;
			};
			if oob then
				line.oob = {
					url = oob:get_child_text("url");
					desc = oob:get_child_text("desc");
				}
			end
			logs[i], i = line, i + 1;
		end

		first = first or archive_id;
		last = archive_id;
	end
	if i == 1 and not lazy then return end -- No items

	local next_when, prev_when = "", "";
	local date_list = archive.dates and archive:dates(room);
	if date_list then
		for j = 1, #date_list do
			if date_list[j] == date then
				next_when = date_list[j+1] or "";
				prev_when = date_list[j-1] or "";
				break;
			end
		end
	elseif lazy then
		next_when = datetime.date(day_start + 86400);
		prev_when = datetime.date(day_start - 86400);
	elseif first and last then

		module:log("debug", "Find next date with messages");
		next_when = find_once(room, { after = last }, 3);
		if next_when then
			next_when = datetime.date(next_when);
			module:log("debug", "Next message: %s", next_when);
		end

		module:log("debug", "Find prev date with messages");
		prev_when = find_once(room, { before = first, reverse = true }, 3);
		if prev_when then
			prev_when = datetime.date(prev_when);
			module:log("debug", "Previous message: %s", prev_when);
		end
	end

	local links = {
		{ href = "../", rel = "up", text = "Room list" },
		{ href = "./", rel = "up", text = "Calendar" },
	};
	if prev_when ~= "" then
		table.insert(links, { href = prev_when, rel = "prev", text = prev_when});
	end
	if next_when ~= "" then
		table.insert(links, { href = next_when, rel = "next", text = next_when});
	end

	response.headers.content_type = "text/html; charset=utf-8";
	local room_obj = get_room(room);
	return render(template, {
		static = "../@static";
		date = date;
		room = room_obj._data;
		jid = room_obj.jid;
		jid_node = jid_split(room_obj.jid);
		hide_presence = hide_presence(request);
		presence_available = presence_logged;
		lang = room_obj.get_language and room_obj:get_language();
		lines = logs;
		links = links;
		dates = {}; -- COMPAT util.interpolation {nil|func#...} bug
	});
end

local room_weights = setmetatable(module:get_option_array(module.name.."_list_order", {}):reverse(), nil);
for i = #room_weights, 1, -1 do
	local room_jid = room_weights[i];
	room_weights[i] = nil;
	room_weights[room_jid] = i;
end

local function list_rooms(event)
	local request, response = event.request, event.response;
	local room_list, i = {}, 1;
	for room in each_room() do
		if not (room.get_hidden or room.is_hidden)(room) then
			local localpart = jid_split(room.jid);
			room_list[i], i = {
				jid = room.jid;
				localpart = localpart;
				href = get_link(localpart, default_view);
				name = room:get_name() or localpart;
				lang = room.get_language and room:get_language();
				description = room:get_description();
				priority = room_weights[ room.jid ] or 0;
			}, i + 1;
		end
	end

	table.sort(room_list, function (a, b)
		if a.priority ~= b.priority then return a.priority > b.priority; end
		if a.description ~= nil and b.description == nil then
			return true;
		elseif a.description == nil and b.description ~= nil then
			return false;
		end
		return a.jid < b.jid;
	end);

	response.headers.content_type = "text/html; charset=utf-8";
	return render(template, {
		static = "./@static";
		title = module:get_option_string("name", "Prosody Chatrooms");
		jid = module.host;
		hide_presence = hide_presence(request);
		presence_available = presence_logged;
		rooms = room_list;
		dates = {}; -- COMPAT util.interpolation {nil|func#...} bug
	});
end

local serve_static
do
	if prosody.process_type == "prosody" then
		-- Prosody >= 0.12
		local http_files = require "net.http.files";
		serve = http_files.serve;
	else
		-- Prosody <= 0.11
		serve = module:depends "http_files".serve;
	end
	local mime_map = module:shared("/*/http_files/mime").types or { css = "text/css"; js = "application/javascript" };
	serve_static = serve({ path = resources; mime_map = mime_map });
end

module:provides("http", {
	title = module:get_option_string("name", "Chatroom logs");
	route = {
		["GET /"] = list_rooms;
		["GET /*"] = logs_page;
		-- mod_http only supports one wildcard so logs_page will dispatch to years_page if the path contains no date
		-- thus:
		-- GET /room --> years_page (via logs_page)
		-- GET /room/yyyy-mm-dd --> logs_page (for real)

		["GET /@static/*"] = serve_static;
		-- There are not many ASCII characters that are safe to use in URLs but not
		-- valid in JID localparts, '@' seemed the only option.
	};
});