# HG changeset patch # User Kim Alvefur # Date 1322500462 -3600 # Node ID b84493ef1d1d26e9152968dd3258319c9c3b0c66 # Parent f8cc2be7e16a26a8b30d5d8c6d08c79a74639d66 mod_data_access: Implement PUT and POST. diff -r f8cc2be7e16a -r b84493ef1d1d mod_data_access/mod_data_access.lua --- a/mod_data_access/mod_data_access.lua Mon Nov 28 16:27:41 2011 +0000 +++ b/mod_data_access/mod_data_access.lua Mon Nov 28 18:14:22 2011 +0100 @@ -1,26 +1,20 @@ -- HTTP Access to datamanager -- By Kim Alvefur +local t_concat = table.concat; local jid_prep = require "util.jid".prep; local jid_split = require "util.jid".split; local um_test_pw = require "core.usermanager".test_password; local is_admin = require "core.usermanager".is_admin local dm_load = require "util.datamanager".load; +local dm_store = require "util.datamanager".store; local dm_list_load = require "util.datamanager".list_load; +local dm_list_store = require "util.datamanager".list_store; +local dm_list_append = require "util.datamanager".list_append; local b64_decode = require "util.encodings".base64.decode; ---local urldecode = require "net.http".urldecode; ---[[local urlparams = --require "net.http".getQueryParams or whatever MattJ names it -function(s) - if not s:match("=") then return urldecode(s); end - local r = {} - s:gsub("([^=&]*)=([^&]*)", function(k,v) - r[ urldecode(k) ] = urldecode(v); - return nil - end) - return r -end; ---]] - +local http = require "net.http"; +local urldecode = http.urldecode; +local urlencode = http.urlencode; local function http_response(code, message, extra_headers) local response = { status = code .. " " .. message; @@ -33,15 +27,29 @@ lua = require "util.serialization".serialize, json = require "util.json".encode }; +local decoders = { + lua = require "util.serialization".deserialize, + json = require "util.json".decode, +}; +local content_type_map = { + ["text/x-lua"] = "lua"; lua = "text/x-lua"; + ["application/json"] = "json"; json = "application/json"; +} --[[ encoders.xml = function(data) return ""; end --]] +local allowed_methods = { + GET = true, "GET", + PUT = true, "PUT", + POST = true, "POST", +} + local function handle_request(method, body, request) - if request.method ~= "GET" then - return http_response(405, "Method Not Allowed", {["Allow"] = "GET"}); - end -- TODO Maybe PUT? + if not allowed_methods[method] then + return http_response(405, "Method Not Allowed", {["Allow"] = t_concat(allowed_methods, ", ")}); + end if not request.headers["authorization"] then return http_response(401, "Unauthorized", @@ -78,29 +86,62 @@ return http_response(404, "Not Found"); end + local p_host, p_user, p_store, p_type = unpack(path); + + if not p_store or not p_store:match("^[%a_]+$") then + return http_response(404, "Not Found"); + end + if user_host ~= path[1] or user_node ~= path[2] then -- To only give admins acces to anything, move the inside of this block after authz - module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, path[2], path[1], path[3]) - if not is_admin(user, path[1]) then + module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, p_user, p_host, p_store) + if not is_admin(user, p_host) then return http_response(403, "Forbidden"); end end - local data = dm_load(path[2], path[1], path[3]); - - data = data or dm_list_load(path[2], path[1], path[3]); + if method == "GET" then + local data = dm_load(p_user, p_host, p_store); + + data = data or dm_load_list(p_user, p_host, p_store); - if data and encoders[path[4] or "json"] then - return { - status = "200 OK", - body = encoders[path[4] or "json"](data) .. "\n", - headers = {["content-type"] = "text/plain; charset=utf-8"} - --headers = {["content-type"] = encoders[data[4] or "json"].mime .. "; charset=utf-8"} - -- FIXME a little nicer that the above - -- Also, would be cooler to use the Accept header, but parsing it ... - }; - else - return http_response(404, "Not Found"); + --TODO Use the Accept header + content_type = p_type or "json"; + if data and encoders[content_type] then + return { + status = "200 OK", + body = encoders[content_type](data) .. "\n", + headers = {["content-type"] = content_type_map[content_type].."; charset=utf-8"} + }; + else + return http_response(404, "Not Found"); + end + else -- POST or PUT + if not body then + return http_response(400, "Bad Request") + end + local content_type, content = request.headers["content-type"], body; + content_type = content_type and content_type_map[content_type] + module:log("debug", "%s: %s", content_type, tostring(content)); + content = content_type and decoders[content_type] and decoders[content_type](content); + module:log("debug", "%s: %s", type(content), tostring(content)); + if not content then + return http_response(400, "Bad Request") + end + local ok, err + if method == "PUT" then + ok, err = dm_store(p_user, p_host, p_store, content); + elseif method == "POST" then + ok, err = dm_list_append(p_user, p_host, p_store, content); + elseif method == "DELETE" then + dm_store(p_user, p_host, p_store, nil); + dm_list_store(p_user, p_host, p_store, nil); + end + if ok then + return http_response(201, "Created", { Location = t_concat({"/data",p_host,p_user,p_store}, "/") }); + else + return { status = "500 Internal Server Error", body = err } + end end end