Mercurial > prosody-modules
comparison mod_register_json/mod_register_json.lua @ 361:146496a3be78
mod_register_json: Failed at JSON successful decode check, fixed with a code refactor.
| author | Marco Cirillo <maranda@lightwitch.org> |
|---|---|
| date | Tue, 12 Apr 2011 20:41:57 +0000 |
| parents | 81528ffa0b76 |
| children | bd0a8c032163 |
comparison
equal
deleted
inserted
replaced
| 360:81528ffa0b76 | 361:146496a3be78 |
|---|---|
| 2 -- via JSON. | 2 -- via JSON. |
| 3 -- | 3 -- |
| 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur | 4 -- A Good chunk of the code is from mod_data_access.lua by Kim Alvefur |
| 5 -- aka Zash. | 5 -- aka Zash. |
| 6 | 6 |
| 7 local jid_prep = require "util.jid".prep; | |
| 8 local jid_split = require "util.jid".split; | |
| 7 local usermanager = require "core.usermanager"; | 9 local usermanager = require "core.usermanager"; |
| 8 local b64_decode = require "util.encodings".base64.decode; | 10 local b64_decode = require "util.encodings".base64.decode; |
| 9 local json_decode = require "util.json".decode; | 11 local json_decode = require "util.json".decode; |
| 10 | 12 |
| 11 module.host = "*" -- HTTP/BOSH Servlets need to be global. | 13 module.host = "*" -- HTTP/BOSH Servlets need to be global. |
| 51 if not usermanager.test_password(user_node, user_host, password) then | 53 if not usermanager.test_password(user_node, user_host, password) then |
| 52 module:log("warn", "%s failed authentication", user) | 54 module:log("warn", "%s failed authentication", user) |
| 53 return http_response(401, "Who the hell are you?! Guards!"); | 55 return http_response(401, "Who the hell are you?! Guards!"); |
| 54 end | 56 end |
| 55 | 57 |
| 56 local req_body; pcall(function() req_body = json.decode(body) end); | 58 local req_body; |
| 57 -- Check if user is an admin of said host | 59 -- We check that what we have is valid JSON wise else we throw an error... |
| 58 if not usermanager.is_admin(user, req_body["host"]) then | 60 if not pcall(function() req_body = json_decode(body) end) then |
| 59 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) | 61 module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); |
| 60 return http_response(401, "I obey only to my masters... Have a nice day."); | 62 return http_response(400, "JSON Decoding failed."); |
| 61 else | 63 else |
| 62 -- Various sanity checks. | 64 -- Check if user is an admin of said host |
| 63 if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end | 65 if not usermanager.is_admin(user, req_body["host"]) then |
| 64 | 66 module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]); |
| 65 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) | 67 return http_response(401, "I obey only to my masters... Have a nice day."); |
| 66 if blacklist[req_body["ip"]] then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end | 68 else |
| 67 if throttle_time and not whitelist[req_body["ip"]] then | 69 -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) |
| 68 if not recent_ips[req_body["ip"]] then | 70 if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end |
| 69 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; | 71 if throttle_time and not whitelist[req_body["ip"]] then |
| 72 if not recent_ips[req_body["ip"]] then | |
| 73 recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; | |
| 74 else | |
| 75 local ip = recent_ips[req_body["ip"]]; | |
| 76 ip.count = ip.count + 1; | |
| 77 | |
| 78 if os_time() - ip.time < throttle_time then | |
| 79 ip.time = os_time(); | |
| 80 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); | |
| 81 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); | |
| 82 end | |
| 83 ip.time = os_time(); | |
| 84 end | |
| 85 end | |
| 86 | |
| 87 -- We first check if the supplied username for registration is already there. | |
| 88 if not usermanager.user_exists(req_body["username"], req_body["host"]) then | |
| 89 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); | |
| 90 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); | |
| 91 return http_response(200, "Done."); | |
| 70 else | 92 else |
| 71 local ip = recent_ips[req_body["ip"]]; | 93 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); |
| 72 ip.count = ip.count + 1; | 94 return http_response(409, "User already exists."); |
| 73 | |
| 74 if os_time() - ip.time < throttle_time then | |
| 75 ip.time = os_time(); | |
| 76 module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); | |
| 77 return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); | |
| 78 end | |
| 79 ip.time = os_time(); | |
| 80 end | 95 end |
| 81 end | |
| 82 | |
| 83 -- We first check if the supplied username for registration is already there. | |
| 84 if not usermanager.user_exists(req_body["username"], req_body["host"]) then | |
| 85 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); | |
| 86 module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); | |
| 87 return http_response(200, "Done."); | |
| 88 else | |
| 89 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["user"]); | |
| 90 return http_response(409, "User already exists."); | |
| 91 end | 96 end |
| 92 end | 97 end |
| 93 end | 98 end |
| 94 | 99 |
| 95 -- Set it up! | 100 -- Set it up! |
