# HG changeset patch # User Marco Cirillo # Date 1302621937 0 # Node ID a5da789b2e7d114dddb477bf5b535bd1456a996f # Parent f24998ec7f8d8989760f1b60b3a5370793f9f39b mod_register_json: First commit (needs tests). diff -r f24998ec7f8d -r a5da789b2e7d mod_register_json/mod_register_json.lua --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_register_json/mod_register_json.lua Tue Apr 12 15:25:37 2011 +0000 @@ -0,0 +1,75 @@ +-- Expose a simple servlet to handle user registrations from web pages +-- via JSON. +-- +-- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur +-- aka Zash. + +local usermanager = require "core.usermanager"; +local b64_decode = require "util.encodings".base64.decode; +local json_decode = require "util.json".decode; + +module.host = "*" -- HTTP/BOSH Servlets need to be loaded globally. + +local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; + +local function http_response(code, message, extra_headers) + local response = { + status = code .. " " .. message; + body = message .. "\n"; } + if extra_headers then response.headers = extra_headers; end + return response +end + +local function handle_req(method, body, request) + if request.method ~= "POST" then + return http_response(405, "Bad method...", {["Allow"] = "POST"}); + end + if not request.headers["authorization"] then + return http_response(401, "No... No...", + {["WWW-Authenticate"]='Basic realm="'.. set_realm_name ..'"'}) + end + + local user, password = b64_decode(request.headers.authorization + :match("[^ ]*$") or ""):match("([^:]*):(.*)"); + user = jid_prep(user); + if not user or not password then return http_response(400, "What's this..?"); end + local user_node, user_host = jid_split(user) + if not hosts[user_host] then return http_response(401, "Negative."); end + + module:log("debug", "%s is authing to submit a new user registration data", user) + if not usermanager.test_password(user_node, user_host, password) then + module:log("debug", "%s failed authentication", user) + return http_response(401, "Who the hell are you?! Guards!"); + end + + local req_body; pcall(function() req_body = json.decode(body) end); + -- Check if user is an admin of said host + if not usermanager.is_admin(user, req_body["host"]) then + module:log("debug", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) + return http_response(401, "I obey only to my masters... Have a nice day."); + else + -- Various sanity checks. + if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end + if req_body["password"]:match("%s") then module:log("debug", "Password submitted for user registration by %s contained spaces.", user); return http_response(400, "Supplied user passwords can't contain spaces."); end + -- We first check if the supplied username for registration is already there. + if not usermanager.user_exists(req_body["username"], req_body["host"]) then + usermanager.create_user(req_body["username"], req_body["password"], req_body["host]); + module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); + return http_response(200, "Done."); + else + module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); + return http_response(409, "User already exists."); + end + end +end + +local function setup() + local ports = module:get_option("reg_servlet_port") or { 5280 }; + local base_name = module:get_option("reg_servlet_base") or "register_account"; + require "net.httpserver".new_from_config(ports, handle_req, { base = base_name }); +end +if prosody.start_time then -- already started + setup(); +else + prosody.events.add_handler("server-started", setup); +end