Mercurial > prosody-modules

changeset 486:b84493ef1d1d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_data_access: Implement PUT and POST.
author Kim Alvefur <zash@zash.se>
date Mon, 28 Nov 2011 18:14:22 +0100
parents f8cc2be7e16a
children 8bdab5489653
files mod_data_access/mod_data_access.lua
diffstat 1 files changed, 73 insertions(+), 32 deletions(-) [+]
line wrap: on
line diff
--- a/mod_data_access/mod_data_access.lua	Mon Nov 28 16:27:41 2011 +0000
+++ b/mod_data_access/mod_data_access.lua	Mon Nov 28 18:14:22 2011 +0100
@@ -1,26 +1,20 @@
 -- HTTP Access to datamanager
 -- By Kim Alvefur <zash@zash.se>
 
+local t_concat = table.concat;
 local jid_prep = require "util.jid".prep;
 local jid_split = require "util.jid".split;
 local um_test_pw = require "core.usermanager".test_password;
 local is_admin = require "core.usermanager".is_admin
 local dm_load = require "util.datamanager".load;
+local dm_store = require "util.datamanager".store;
 local dm_list_load = require "util.datamanager".list_load;
+local dm_list_store = require "util.datamanager".list_store;
+local dm_list_append = require "util.datamanager".list_append;
 local b64_decode = require "util.encodings".base64.decode;
---local urldecode = require "net.http".urldecode;
---[[local urlparams = --require "net.http".getQueryParams or whatever MattJ names it
-function(s)
-	if not s:match("=") then return urldecode(s); end
-	local r = {}
-	s:gsub("([^=&]*)=([^&]*)", function(k,v)
-		r[ urldecode(k) ] = urldecode(v);
-		return nil
-	end)
-	return r
-end;
---]]
-
+local http = require "net.http";
+local urldecode  = http.urldecode;
+local urlencode  = http.urlencode;
 local function http_response(code, message, extra_headers)
 	local response = {
 		status = code .. " " .. message;
@@ -33,15 +27,29 @@
 	lua = require "util.serialization".serialize,
 	json = require "util.json".encode
 };
+local decoders = {
+	lua = require "util.serialization".deserialize,
+	json = require "util.json".decode,
+};
+local content_type_map = {
+	["text/x-lua"] = "lua"; lua = "text/x-lua";
+	["application/json"] = "json"; json = "application/json";
+}
 --[[
 encoders.xml = function(data)
 	return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>";
 end --]]
 
+local allowed_methods = {
+	GET = true, "GET",
+	PUT = true, "PUT",
+	POST = true, "POST",
+}
+
 local function handle_request(method, body, request)
-	if request.method ~= "GET" then
-		return http_response(405, "Method Not Allowed", {["Allow"] = "GET"});
-	end -- TODO Maybe PUT?
+	if not allowed_methods[method] then
+		return http_response(405, "Method Not Allowed", {["Allow"] = t_concat(allowed_methods, ", ")});
+	end
 
 	if not request.headers["authorization"] then
 		return http_response(401, "Unauthorized",
@@ -78,29 +86,62 @@
 		return http_response(404, "Not Found");
 	end
 
+	local p_host, p_user, p_store, p_type = unpack(path);
+	
+	if not p_store or not p_store:match("^[%a_]+$") then
+		return http_response(404, "Not Found");
+	end
+
 	if user_host ~= path[1] or user_node ~= path[2] then
 		-- To only give admins acces to anything, move the inside of this block after authz
-		module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, path[2], path[1], path[3])
-		if not is_admin(user, path[1]) then
+		module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, p_user, p_host, p_store)
+		if not is_admin(user, p_host) then
 			return http_response(403, "Forbidden");
 		end
 	end
 
-	local data = dm_load(path[2], path[1], path[3]);
-	
-	data = data or dm_list_load(path[2], path[1], path[3]);
+	if method == "GET" then
+		local data = dm_load(p_user, p_host, p_store);
+
+		data = data or dm_load_list(p_user, p_host, p_store);
 
-	if data and encoders[path[4] or "json"] then 
-		return {
-			status = "200 OK",
-			body = encoders[path[4] or "json"](data) .. "\n",
-			headers = {["content-type"] = "text/plain; charset=utf-8"}
-			--headers = {["content-type"] = encoders[data[4] or "json"].mime .. "; charset=utf-8"}
-			-- FIXME a little nicer that the above
-			-- Also, would be cooler to use the Accept header, but parsing it ...
-		};
-	else
-		return http_response(404, "Not Found");
+		--TODO Use the Accept header
+		content_type = p_type or "json";
+		if data and encoders[content_type] then 
+			return {
+				status = "200 OK",
+				body = encoders[content_type](data) .. "\n",
+				headers = {["content-type"] = content_type_map[content_type].."; charset=utf-8"}
+			};
+		else
+			return http_response(404, "Not Found");
+		end
+	else -- POST or PUT
+		if not body then
+			return http_response(400, "Bad Request")
+		end
+		local content_type, content = request.headers["content-type"], body;
+		content_type = content_type and content_type_map[content_type]
+		module:log("debug", "%s: %s", content_type, tostring(content));
+		content = content_type and decoders[content_type] and decoders[content_type](content);
+		module:log("debug", "%s: %s", type(content), tostring(content));
+		if not content then
+			return http_response(400, "Bad Request")
+		end
+		local ok, err
+		if method == "PUT" then
+			ok, err = dm_store(p_user, p_host, p_store, content);
+		elseif method == "POST" then
+			ok, err = dm_list_append(p_user, p_host, p_store, content);
+		elseif method == "DELETE" then
+			dm_store(p_user, p_host, p_store, nil);
+			dm_list_store(p_user, p_host, p_store, nil);
+		end
+		if ok then
+			return http_response(201, "Created", { Location = t_concat({"/data",p_host,p_user,p_store}, "/") });
+		else
+			return { status = "500 Internal Server Error", body = err }
+		end
 	end
 end