Mercurial > prosody-modules
comparison mod_data_access/mod_data_access.lua @ 486:b84493ef1d1d
mod_data_access: Implement PUT and POST.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 28 Nov 2011 18:14:22 +0100 |
| parents | bbea8081c865 |
| children | dd7d30c175d4 |
comparison
equal
deleted
inserted
replaced
| 485:f8cc2be7e16a | 486:b84493ef1d1d |
|---|---|
| 1 -- HTTP Access to datamanager | 1 -- HTTP Access to datamanager |
| 2 -- By Kim Alvefur <zash@zash.se> | 2 -- By Kim Alvefur <zash@zash.se> |
| 3 | 3 |
| 4 local t_concat = table.concat; | |
| 4 local jid_prep = require "util.jid".prep; | 5 local jid_prep = require "util.jid".prep; |
| 5 local jid_split = require "util.jid".split; | 6 local jid_split = require "util.jid".split; |
| 6 local um_test_pw = require "core.usermanager".test_password; | 7 local um_test_pw = require "core.usermanager".test_password; |
| 7 local is_admin = require "core.usermanager".is_admin | 8 local is_admin = require "core.usermanager".is_admin |
| 8 local dm_load = require "util.datamanager".load; | 9 local dm_load = require "util.datamanager".load; |
| 10 local dm_store = require "util.datamanager".store; | |
| 9 local dm_list_load = require "util.datamanager".list_load; | 11 local dm_list_load = require "util.datamanager".list_load; |
| 12 local dm_list_store = require "util.datamanager".list_store; | |
| 13 local dm_list_append = require "util.datamanager".list_append; | |
| 10 local b64_decode = require "util.encodings".base64.decode; | 14 local b64_decode = require "util.encodings".base64.decode; |
| 11 --local urldecode = require "net.http".urldecode; | 15 local http = require "net.http"; |
| 12 --[[local urlparams = --require "net.http".getQueryParams or whatever MattJ names it | 16 local urldecode = http.urldecode; |
| 13 function(s) | 17 local urlencode = http.urlencode; |
| 14 if not s:match("=") then return urldecode(s); end | |
| 15 local r = {} | |
| 16 s:gsub("([^=&]*)=([^&]*)", function(k,v) | |
| 17 r[ urldecode(k) ] = urldecode(v); | |
| 18 return nil | |
| 19 end) | |
| 20 return r | |
| 21 end; | |
| 22 --]] | |
| 23 | |
| 24 local function http_response(code, message, extra_headers) | 18 local function http_response(code, message, extra_headers) |
| 25 local response = { | 19 local response = { |
| 26 status = code .. " " .. message; | 20 status = code .. " " .. message; |
| 27 body = message .. "\n"; } | 21 body = message .. "\n"; } |
| 28 if extra_headers then response.headers = extra_headers; end | 22 if extra_headers then response.headers = extra_headers; end |
| 31 | 25 |
| 32 local encoders = { | 26 local encoders = { |
| 33 lua = require "util.serialization".serialize, | 27 lua = require "util.serialization".serialize, |
| 34 json = require "util.json".encode | 28 json = require "util.json".encode |
| 35 }; | 29 }; |
| 30 local decoders = { | |
| 31 lua = require "util.serialization".deserialize, | |
| 32 json = require "util.json".decode, | |
| 33 }; | |
| 34 local content_type_map = { | |
| 35 ["text/x-lua"] = "lua"; lua = "text/x-lua"; | |
| 36 ["application/json"] = "json"; json = "application/json"; | |
| 37 } | |
| 36 --[[ | 38 --[[ |
| 37 encoders.xml = function(data) | 39 encoders.xml = function(data) |
| 38 return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>"; | 40 return "<?xml version='1.0' encoding='utf-8'?><todo:write-this-serializer/>"; |
| 39 end --]] | 41 end --]] |
| 40 | 42 |
| 43 local allowed_methods = { | |
| 44 GET = true, "GET", | |
| 45 PUT = true, "PUT", | |
| 46 POST = true, "POST", | |
| 47 } | |
| 48 | |
| 41 local function handle_request(method, body, request) | 49 local function handle_request(method, body, request) |
| 42 if request.method ~= "GET" then | 50 if not allowed_methods[method] then |
| 43 return http_response(405, "Method Not Allowed", {["Allow"] = "GET"}); | 51 return http_response(405, "Method Not Allowed", {["Allow"] = t_concat(allowed_methods, ", ")}); |
| 44 end -- TODO Maybe PUT? | 52 end |
| 45 | 53 |
| 46 if not request.headers["authorization"] then | 54 if not request.headers["authorization"] then |
| 47 return http_response(401, "Unauthorized", | 55 return http_response(401, "Unauthorized", |
| 48 {["WWW-Authenticate"]='Basic realm="WallyWorld"'}) | 56 {["WWW-Authenticate"]='Basic realm="WallyWorld"'}) |
| 49 end | 57 end |
| 76 | 84 |
| 77 if #path < 3 then | 85 if #path < 3 then |
| 78 return http_response(404, "Not Found"); | 86 return http_response(404, "Not Found"); |
| 79 end | 87 end |
| 80 | 88 |
| 89 local p_host, p_user, p_store, p_type = unpack(path); | |
| 90 | |
| 91 if not p_store or not p_store:match("^[%a_]+$") then | |
| 92 return http_response(404, "Not Found"); | |
| 93 end | |
| 94 | |
| 81 if user_host ~= path[1] or user_node ~= path[2] then | 95 if user_host ~= path[1] or user_node ~= path[2] then |
| 82 -- To only give admins acces to anything, move the inside of this block after authz | 96 -- To only give admins acces to anything, move the inside of this block after authz |
| 83 module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, path[2], path[1], path[3]) | 97 module:log("debug", "%s wants access to %s@%s[%s], is admin?", user, p_user, p_host, p_store) |
| 84 if not is_admin(user, path[1]) then | 98 if not is_admin(user, p_host) then |
| 85 return http_response(403, "Forbidden"); | 99 return http_response(403, "Forbidden"); |
| 86 end | 100 end |
| 87 end | 101 end |
| 88 | 102 |
| 89 local data = dm_load(path[2], path[1], path[3]); | 103 if method == "GET" then |
| 90 | 104 local data = dm_load(p_user, p_host, p_store); |
| 91 data = data or dm_list_load(path[2], path[1], path[3]); | |
| 92 | 105 |
| 93 if data and encoders[path[4] or "json"] then | 106 data = data or dm_load_list(p_user, p_host, p_store); |
| 94 return { | 107 |
| 95 status = "200 OK", | 108 --TODO Use the Accept header |
| 96 body = encoders[path[4] or "json"](data) .. "\n", | 109 content_type = p_type or "json"; |
| 97 headers = {["content-type"] = "text/plain; charset=utf-8"} | 110 if data and encoders[content_type] then |
| 98 --headers = {["content-type"] = encoders[data[4] or "json"].mime .. "; charset=utf-8"} | 111 return { |
| 99 -- FIXME a little nicer that the above | 112 status = "200 OK", |
| 100 -- Also, would be cooler to use the Accept header, but parsing it ... | 113 body = encoders[content_type](data) .. "\n", |
| 101 }; | 114 headers = {["content-type"] = content_type_map[content_type].."; charset=utf-8"} |
| 102 else | 115 }; |
| 103 return http_response(404, "Not Found"); | 116 else |
| 117 return http_response(404, "Not Found"); | |
| 118 end | |
| 119 else -- POST or PUT | |
| 120 if not body then | |
| 121 return http_response(400, "Bad Request") | |
| 122 end | |
| 123 local content_type, content = request.headers["content-type"], body; | |
| 124 content_type = content_type and content_type_map[content_type] | |
| 125 module:log("debug", "%s: %s", content_type, tostring(content)); | |
| 126 content = content_type and decoders[content_type] and decoders[content_type](content); | |
| 127 module:log("debug", "%s: %s", type(content), tostring(content)); | |
| 128 if not content then | |
| 129 return http_response(400, "Bad Request") | |
| 130 end | |
| 131 local ok, err | |
| 132 if method == "PUT" then | |
| 133 ok, err = dm_store(p_user, p_host, p_store, content); | |
| 134 elseif method == "POST" then | |
| 135 ok, err = dm_list_append(p_user, p_host, p_store, content); | |
| 136 elseif method == "DELETE" then | |
| 137 dm_store(p_user, p_host, p_store, nil); | |
| 138 dm_list_store(p_user, p_host, p_store, nil); | |
| 139 end | |
| 140 if ok then | |
| 141 return http_response(201, "Created", { Location = t_concat({"/data",p_host,p_user,p_store}, "/") }); | |
| 142 else | |
| 143 return { status = "500 Internal Server Error", body = err } | |
| 144 end | |
| 104 end | 145 end |
| 105 end | 146 end |
| 106 | 147 |
| 107 local function setup() | 148 local function setup() |
| 108 local ports = module:get_option("data_access_ports") or { 5280 }; | 149 local ports = module:get_option("data_access_ports") or { 5280 }; |
