--- Prosody IM v0.3
+-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
--
local pcall = pcall;
local unpack = unpack;
local tostring = tostring;
+local is_admin = require "core.usermanager".is_admin;
+local jid_split = require "util.jid".split;
+local jid_bare = require "util.jid".bare;
+local b64_decode = require "util.encodings".base64.decode;
+local get_method = require "core.objectmanager".get_object;
+local validate_credentials = require "core.usermanager".validate_credentials;
local translate_request = require "util.xmlrpc".translate_request;
local create_response = require "util.xmlrpc".create_response;
return stanza.tags[1];
end
-local function get_method(method)
- return function(...)
- return {method = method; args = {...}};
+local function handle_xmlrpc_request(jid, method, args)
+ local is_secure_call = (method:sub(1,7) == "secure/");
+ if not is_admin(jid) and not is_secure_call then
+ return create_error_response(401, "not authorized");
end
-end
-
-local function handle_xmlrpc_request(method, args)
method = get_method(method);
if not method then return create_error_response(404, "method not found"); end
args = args or {};
+ if is_secure_call then table.insert(args, 1, jid); end
local success, result = pcall(method, unpack(args));
if success then
success, result = pcall(create_response, result or "nil");
end
return create_error_response(500, "Error in creating response: "..result);
end
- return create_error_response(0, result or "nil");
+ return create_error_response(0, tostring(result):gsub("^[^:]+:%d+: ", ""));
end
local function handle_xmpp_request(origin, stanza)
if #query.tags == 1 then
local success, method, args = pcall(translate_request, query.tags[1]);
if success then
- local result = handle_xmlrpc_request(method, args);
+ local result = handle_xmlrpc_request(jid_bare(stanza.attr.from), method, args);
origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result));
else
origin.send(st.error_reply(stanza, "modify", "bad-request", method));
end
- else
- origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request"));
- end
- else
- origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
- end
+ else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end
+ else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end
end
module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request);
module:add_feature("jabber:iq:rpc");
+-- TODO add <identity category='automation' type='rpc'/> to disco replies
+local default_headers = { ['Content-Type'] = 'text/xml' };
+local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "<html><body>Authentication required</body></html>"; };
local function handle_http_request(method, body, request)
+ -- authenticate user
+ local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth
+ local node, host = jid_split(username);
+ if not validate_credentials(host, node, password) then
+ return unauthorized_response;
+ end
+ -- parse request
local stanza = body and parse_xml(body);
if (not stanza) or request.method ~= "POST" then
return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>";
end
+ -- execute request
local success, method, args = pcall(translate_request, stanza);
if success then
- return tostring(handle_xmlrpc_request(method, args));
+ return { headers = default_headers; body = tostring(handle_xmlrpc_request(node.."@"..host, method, args)) };
end
- return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>";
+ return "<html><body>Error parsing XML-RPC request: "..tostring(method).."</body></html>";
end
httpserver.new{ port = 9000, base = "xmlrpc", handler = handle_http_request }