jfinn
/
jitsi_corner8
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8780 Commits
3 Branches
Tree: 4075e5deb7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4075e5deb7'
${ noResults }
jitsi_corner8/resources/prosody-plugins/mod_external_services.lua

mod_external_services.lua 6.9KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 
  1. 

  2. local dt = require "util.datetime";

  3. local base64 = require "util.encodings".base64;

  4. local hashes = require "util.hashes";

  5. local st = require "util.stanza";

  6. local jid = require "util.jid";

  7. local array = require "util.array";

  8. 

  9. local default_host = module:get_option_string("external_service_host", module.host);

  10. local default_port = module:get_option_number("external_service_port");

  11. local default_secret = module:get_option_string("external_service_secret");

  12. local default_ttl = module:get_option_number("external_service_ttl", 86400);

  13. 

  14. local configured_services = module:get_option_array("external_services", {});

  15. 

  16. local access = module:get_option_set("external_service_access", {});

  17. 

  18. -- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00

  19. local function behave_turn_rest_credentials(srv, item, secret)

  20. 	local ttl = default_ttl;

  21. 	if type(item.ttl) == "number" then

  22. 		ttl = item.ttl;

  23. 	end

  24. 	local expires = srv.expires or os.time() + ttl;

  25. 	local username;

  26. 	if type(item.username) == "string" then

  27. 		username = string.format("%d:%s", expires, item.username);

  28. 	else

  29. 		username = string.format("%d", expires);

  30. 	end

  31. 	srv.username = username;

  32. 	srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username));

  33. end

  34. 

  35. local algorithms = {

  36. 	turn = behave_turn_rest_credentials;

  37. }

  38. 

  39. -- filter config into well-defined service records

  40. local function prepare(item)

  41. 	if type(item) ~= "table" then

  42. 		module:log("error", "Service definition is not a table: %q", item);

  43. 		return nil;

  44. 	end

  45. 

  46. 	local srv = {

  47. 		type = nil;

  48. 		transport = nil;

  49. 		host = default_host;

  50. 		port = default_port;

  51. 		username = nil;

  52. 		password = nil;

  53. 		restricted = nil;

  54. 		expires = nil;

  55. 	};

  56. 

  57. 	if type(item.type) == "string" then

  58. 		srv.type = item.type;

  59. 	else

  60. 		module:log("error", "Service missing mandatory 'type' field: %q", item);

  61. 		return nil;

  62. 	end

  63. 	if type(item.transport) == "string" then

  64. 		srv.transport = item.transport;

  65. 	end

  66. 	if type(item.host) == "string" then

  67. 		srv.host = item.host;

  68. 	end

  69. 	if type(item.port) == "number" then

  70. 		srv.port = item.port;

  71. 	end

  72. 	if type(item.username) == "string" then

  73. 		srv.username = item.username;

  74. 	end

  75. 	if type(item.password) == "string" then

  76. 		srv.password = item.password;

  77. 		srv.restricted = true;

  78. 	end

  79. 	if item.restricted == true then

  80. 		srv.restricted = true;

  81. 	end

  82. 	if type(item.expires) == "number" then

  83. 		srv.expires = item.expires;

  84. 	elseif type(item.ttl) == "number" then

  85. 		srv.expires = os.time() + item.ttl;

  86. 	end

  87. 	if (item.secret == true and default_secret) or type(item.secret) == "string" then

  88. 		local secret_cb = item.credentials_cb or algorithms[item.algorithm] or algorithms[srv.type];

  89. 		local secret = item.secret;

  90. 		if secret == true then

  91. 			secret = default_secret;

  92. 		end

  93. 		if secret_cb then

  94. 			secret_cb(srv, item, secret);

  95. 			srv.restricted = true;

  96. 		end

  97. 	end

  98. 	return srv;

  99. end

  100. 

  101. function module.load()

  102. 	-- Trigger errors on startup

  103. 	local services = configured_services / prepare;

  104. 	if #services == 0 then

  105. 		module:log("warn", "No services configured or all had errors");

  106. 	end

  107. end

  108. 

  109. -- Ensure only valid items are added in events

  110. local services_mt = {

  111. 	__index = getmetatable(array()).__index;

  112. 	__newindex = function (self, i, v)

  113. 		rawset(self, i, assert(prepare(v), "Invalid service entry added"));

  114. 	end;

  115. }

  116. 

  117. function get_services(requested_type, origin, stanza, reply)

  118. 	local extras = module:get_host_items("external_service");

  119. 	local services = ( configured_services + extras ) / prepare;

  120. 

  121. 	if requested_type then

  122. 		services:filter(function(item)

  123. 			return item.type == requested_type;

  124. 		end);

  125. 	end

  126. 

  127. 	setmetatable(services, services_mt);

  128. 

  129. 	if origin and stanza and reply then

  130. 		module:fire_event("external_service/services", {

  131. 			origin = origin;

  132. 			stanza = stanza;

  133. 			reply = reply;

  134. 			requested_type = requested_type;

  135. 			services = services;

  136. 		});

  137. 	end

  138. 

  139. 	local res_services = {};

  140. 	for _, srv in ipairs(services) do

  141. 		table.insert(res_services, {

  142. 			type = srv.type;

  143. 			transport = srv.transport;

  144. 			host = srv.host;

  145. 			port = srv.port and string.format("%d", srv.port) or nil;

  146. 			username = srv.username;

  147. 			password = srv.password;

  148. 			expires = srv.expires and dt.datetime(srv.expires) or nil;

  149. 			restricted = srv.restricted and "1" or nil;

  150. 		})

  151. 	end

  152. 

  153. 	return res_services;

  154. end

  155. 

  156. local function handle_services(event)

  157. 	local origin, stanza = event.origin, event.stanza;

  158. 	local action = stanza.tags[1];

  159. 

  160. 	local user_bare = jid.bare(stanza.attr.from);

  161. 	local user_host = jid.host(user_bare);

  162. 	if not ((access:empty() and origin.type == "c2s") or access:contains(user_bare) or access:contains(user_host)) then

  163. 		origin.send(st.error_reply(stanza, "auth", "forbidden"));

  164. 		return true;

  165. 	end

  166. 

  167. 	local reply = st.reply(stanza):tag("services", { xmlns = action.attr.xmlns });

  168. 

  169. 	for _, srv in ipairs(get_services(action.attr.type, origin, stanza, reply)) do

  170. 		reply:tag("service", srv):up();

  171. 	end

  172. 

  173. 	origin.send(reply);

  174. 	return true;

  175. end

  176. 

  177. local function handle_credentials(event)

  178. 	local origin, stanza = event.origin, event.stanza;

  179. 	local action = stanza.tags[1];

  180. 

  181. 	if origin.type ~= "c2s" then

  182. 		origin.send(st.error_reply(stanza, "auth", "forbidden"));

  183. 		return true;

  184. 	end

  185. 

  186. 	local reply = st.reply(stanza):tag("credentials", { xmlns = action.attr.xmlns });

  187. 	local extras = module:get_host_items("external_service");

  188. 	local services = ( configured_services + extras ) / prepare;

  189. 	services:filter(function (item)

  190. 		return item.restricted;

  191. 	end)

  192. 

  193. 	local requested_credentials = {};

  194. 	for service in action:childtags("service") do

  195. 		table.insert(requested_credentials, {

  196. 				type = service.attr.type;

  197. 				host = service.attr.host;

  198. 				port = tonumber(service.attr.port);

  199. 			});

  200. 	end

  201. 

  202. 	setmetatable(services, services_mt);

  203. 	setmetatable(requested_credentials, services_mt);

  204. 

  205. 	module:fire_event("external_service/credentials", {

  206. 			origin = origin;

  207. 			stanza = stanza;

  208. 			reply = reply;

  209. 			requested_credentials = requested_credentials;

  210. 			services = services;

  211. 		});

  212. 

  213. 	for req_srv in action:childtags("service") do

  214. 		for _, srv in ipairs(services) do

  215. 			if srv.type == req_srv.attr.type and srv.host == req_srv.attr.host

  216. 				and not req_srv.attr.port or srv.port == tonumber(req_srv.attr.port) then

  217. 				reply:tag("service", {

  218. 						type = srv.type;

  219. 						transport = srv.transport;

  220. 						host = srv.host;

  221. 						port = srv.port and string.format("%d", srv.port) or nil;

  222. 						username = srv.username;

  223. 						password = srv.password;

  224. 						expires = srv.expires and dt.datetime(srv.expires) or nil;

  225. 						restricted = srv.restricted and "1" or nil;

  226. 					}):up();

  227. 			end

  228. 		end

  229. 	end

  230. 

  231. 	origin.send(reply);

  232. 	return true;

  233. end

  234. 

  235. -- XEP-0215 v0.7

  236. module:add_feature("urn:xmpp:extdisco:2");

  237. module:hook("iq-get/host/urn:xmpp:extdisco:2:services", handle_services);

  238. module:hook("iq-get/host/urn:xmpp:extdisco:2:credentials", handle_credentials);

  239. 

  240. -- COMPAT XEP-0215 v0.6

  241. -- Those still on the old version gets to deal with undefined attributes until they upgrade.

  242. module:add_feature("urn:xmpp:extdisco:1");

  243. module:hook("iq-get/host/urn:xmpp:extdisco:1:services", handle_services);

  244. module:hook("iq-get/host/urn:xmpp:extdisco:1:credentials", handle_credentials);