author | Kim Alvefur <zash@zash.se> |
Sun, 18 Jun 2023 15:28:13 +0200 | |
changeset 5559 | 34b63d0144c3 |
parent 5159 | 18ed655c755d |
permissions | -rw-r--r-- |
5159
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5158
diff
changeset
|
1 |
local unified_push_secret = module:get_option_string("unified_push_secret"); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
local push_registration_ttl = module:get_option_number("unified_push_registration_ttl", 86400); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
local base64 = require "util.encodings".base64; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
local datetime = require "util.datetime"; |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
6 |
local id = require "util.id"; |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
7 |
local jid = require "util.jid"; |
5143
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5140
diff
changeset
|
8 |
local jwt = require "util.jwt"; |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
local st = require "util.stanza"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
local urlencode = require "util.http".urlencode; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
local xmlns_up = "http://gultsch.de/xmpp/drafts/unified-push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
module:depends("http"); |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
15 |
module:depends("disco"); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
16 |
|
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
17 |
module:add_feature(xmlns_up); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
|
5151
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
19 |
local acl = module:get_option_set("unified_push_acl", { |
5155
514c8a0e9aa1
mod_unified_push: Fix default ACL in component mode
Matthew Wild <mwild1@gmail.com>
parents:
5154
diff
changeset
|
20 |
module:get_host_type() == "local" and module.host or module.host:match("^[^%.]+%.(.+)$") |
5151
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
21 |
}); |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
22 |
|
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
23 |
local function is_jid_permitted(user_jid) |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
24 |
for acl_entry in acl do |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
25 |
if jid.compare(user_jid, acl_entry) then |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
26 |
return true; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
27 |
end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
28 |
end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
29 |
return false; |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
30 |
end |
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
31 |
|
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
local function check_sha256(s) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
if not s then return nil, "no value provided"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
local d = base64.decode(s); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
if not d then return nil, "invalid base64"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
if #d ~= 32 then return nil, "incorrect decoded length, expected 32"; end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
return s; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
|
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
40 |
local push_store = module:open_store(); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
41 |
|
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
42 |
local backends = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
43 |
jwt = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
44 |
sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
45 |
return jwt.sign(unified_push_secret, data); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
46 |
end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
47 |
|
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
48 |
verify = function (token) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
49 |
local ok, result = jwt.verify(unified_push_secret, token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
50 |
|
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
51 |
if not ok then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
52 |
return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
53 |
end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
54 |
if result.exp and result.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
55 |
return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
56 |
end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
57 |
return ok, result; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
58 |
end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
59 |
}; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
60 |
|
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
61 |
storage = { |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
62 |
sign = function (data) |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
63 |
local reg_id = id.long(); |
5156
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5155
diff
changeset
|
64 |
local ok, err = push_store:set(reg_id, data); |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5155
diff
changeset
|
65 |
if not ok then |
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5155
diff
changeset
|
66 |
return nil, err; |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
67 |
end |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
68 |
return reg_id; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
69 |
end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
70 |
verify = function (token) |
5154
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
71 |
if token == "_private" then return nil, "invalid-token"; end |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
72 |
local data = push_store:get(token); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
73 |
if not data then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
74 |
return nil, "item-not-found"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
75 |
elseif data.exp and data.exp < os.time() then |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
76 |
push_store:set(token, nil); |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
77 |
return nil, "token-expired"; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
78 |
end |
5156
342baedbd1c8
mod_unified_push: Fix storage backend error behaviours and return values
Matthew Wild <mwild1@gmail.com>
parents:
5155
diff
changeset
|
79 |
return true, data; |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
80 |
end; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
81 |
}; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
82 |
}; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
83 |
|
5154
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
84 |
if pcall(require, "util.paseto") and require "util.paseto".v3_local then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
85 |
local paseto = require "util.paseto".v3_local; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
86 |
local state = push_store:get("_private"); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
87 |
local key = state and state.paseto_v3_local_key; |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
88 |
if not key then |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
89 |
key = paseto.new_key(); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
90 |
push_store:set("_private", { paseto_v3_local_key = key }); |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
91 |
end |
2b6c543c4d3a
mod_unified_push: Fixes for paseto backend initialization
Matthew Wild <mwild1@gmail.com>
parents:
5153
diff
changeset
|
92 |
local sign, verify = paseto.init(key); |
5157
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
93 |
backends.paseto = { |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
94 |
sign = sign; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
95 |
verify = function (token) |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
96 |
local payload, err = verify(token); |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
97 |
if not payload then |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
98 |
return nil, err; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
99 |
end |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
100 |
return true, payload; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
101 |
end; |
d69cc9a23fad
mod_unified_push: fix return values for paseto backend
Matthew Wild <mwild1@gmail.com>
parents:
5156
diff
changeset
|
102 |
}; |
5143
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5140
diff
changeset
|
103 |
end |
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5140
diff
changeset
|
104 |
|
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
105 |
local backend = module:get_option_string("unified_push_backend", backends.paseto and "paseto" or "storage"); |
5143
449e4ca4de32
mod_unified_push: Remove dependency on trunk util.jwt (0.12 compat)
Matthew Wild <mwild1@gmail.com>
parents:
5140
diff
changeset
|
106 |
|
5159
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5158
diff
changeset
|
107 |
assert(backend ~= "jwt" or unified_push_secret, "required option missing: unified_push_secret"); |
18ed655c755d
mod_unified_push: Make unified_push_secret only required for jwt backend
Matthew Wild <mwild1@gmail.com>
parents:
5158
diff
changeset
|
108 |
|
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
109 |
local function register_route(params) |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
110 |
local expiry = os.time() + push_registration_ttl; |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
111 |
local token, err = backends[backend].sign({ |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
112 |
instance = params.instance; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
113 |
application = params.application; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
114 |
sub = params.jid; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
115 |
exp = expiry; |
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
116 |
}); |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
117 |
if not token then return nil, err; end |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
118 |
return { |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
119 |
url = module:http_url("push").."/"..urlencode(token); |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
120 |
expiry = expiry; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
121 |
}; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
122 |
end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
123 |
|
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
-- Handle incoming registration from XMPP client |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
function handle_register(event) |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
126 |
module:log("debug", "Push registration request received"); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 |
local origin, stanza = event.origin, event.stanza; |
5151
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
128 |
if not is_jid_permitted(stanza.attr.from) then |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
129 |
module:log("debug", "Sender <%s> not permitted to register on this UnifiedPush service", stanza.attr.from); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
130 |
return origin.send(st.error_reply(stanza, "auth", "forbidden")); |
5151
658658ea9323
mod_unified_push: Add ACL option to restrict access
Matthew Wild <mwild1@gmail.com>
parents:
5150
diff
changeset
|
131 |
end |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 |
if not instance then |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
134 |
return origin.send(st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err)); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 |
local application, application_err = check_sha256(stanza.tags[1].attr.application); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 |
if not application then |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
138 |
return origin.send(st.error_reply(stanza, "modify", "bad-request", "application: "..application_err)); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
end |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
140 |
|
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
141 |
local route, register_err = register_route({ |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 |
instance = instance; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 |
application = application; |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
144 |
jid = stanza.attr.from; |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
145 |
}); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
146 |
|
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
147 |
if not route then |
5158
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
148 |
module:log("warn", "Failed to create registration using %s backend: %s", backend, register_err); |
48ca519cd66a
mod_unified_push: Improved error handling and reporting
Matthew Wild <mwild1@gmail.com>
parents:
5157
diff
changeset
|
149 |
return origin.send(st.error_reply(stanza, "wait", "internal-server-error")); |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
150 |
end |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
151 |
|
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 |
module:log("debug", "New push registration successful"); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 |
return origin.send(st.reply(stanza):tag("registered", { |
5152
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
154 |
expiration = datetime.datetime(route.expiry); |
bf42f1401f1c
mod_unified_push: Refactor in anticipation of other registration backends
Matthew Wild <mwild1@gmail.com>
parents:
5151
diff
changeset
|
155 |
endpoint = route.url; |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 |
xmlns = xmlns_up; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 |
})); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 |
module:hook("iq-set/host/"..xmlns_up..":register", handle_register); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
-- Handle incoming POST |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 |
function handle_push(event, subpath) |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
164 |
module:log("debug", "Incoming push received!"); |
5153
fa56ed2bacab
mod_unified_push: Add support for multiple token backends, including stoage
Matthew Wild <mwild1@gmail.com>
parents:
5152
diff
changeset
|
165 |
local ok, data = backends[backend].verify(subpath); |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
166 |
if not ok then |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
167 |
module:log("debug", "Received push to unacceptable token (%s)", data); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 |
return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 |
local payload = event.request.body; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 |
if not payload or payload == "" then |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
172 |
module:log("warn", "Missing or empty push payload"); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 |
return 400; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 |
elseif #payload > 4096 then |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
175 |
module:log("warn", "Push payload too large"); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 |
return 413; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 |
end |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
178 |
local push_id = event.request.id or id.short(); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
179 |
module:log("debug", "Push notification received [%s], relaying to device...", push_id); |
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
180 |
local push_iq = st.iq({ type = "set", to = data.sub, from = module.host, id = push_id }) |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 |
:text_tag("push", base64.encode(payload), { instance = data.instance, application = data.application, xmlns = xmlns_up }); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 |
return module:send_iq(push_iq):next(function () |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
183 |
module:log("debug", "Push notification delivered [%s]", push_id); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 |
return 201; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 |
end, function (error_event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 |
local e_type, e_cond, e_text = error_event.stanza:get_error(); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 |
if e_cond == "item-not-found" or e_cond == "feature-not-implemented" then |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
188 |
module:log("debug", "Push rejected [%s]", push_id); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 |
return 404; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 |
elseif e_cond == "service-unavailable" or e_cond == "recipient-unavailable" then |
5140
67b2c982bea2
mod_unified_push: Various fixes, now working with Conversations
Matthew Wild <mwild1@gmail.com>
parents:
5132
diff
changeset
|
191 |
module:log("debug", "Recipient temporarily unavailable [%s]", push_id); |
5132
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 |
return 503; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 |
module:log("warn", "Unexpected push error response: %s/%s/%s", e_type, e_cond, e_text); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 |
return 500; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 |
end); |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 |
end |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 |
|
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 |
module:provides("http", { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 |
name = "push"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 |
route = { |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 |
["GET /*"] = function (event) |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 |
event.response.headers.content_type = "application/json"; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 |
return [[{"unifiedpush":{"version":1}}]]; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 |
end; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 |
["POST /*"] = handle_push; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 |
}; |
7cc0f68b8715
mod_unified_push: Experimenal Unified Push provider
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 |
}); |