diaspora-vines 0.1.2

data/lib/vines/cluster.rb

@@ -0,0 +1,246 @@
+# encoding: UTF-8
+
+module Vines
+  # Server instances may be connected to one another in a cluster so they
+  # can host a single chat domain, or set of domains, across many servers,
+  # transparently to users. A redis database is used for the session routing
+  # table, mapping JIDs to their node's location. Redis pubsub channels are
+  # used to communicate amongst nodes.
+  #
+  # Using a shared in-memory cache, like redis, rather than synchronizing the
+  # cache to each node, allows us to add cluster nodes dynamically, without
+  # updating all other nodes' config files. It also greatly reduces the amount
+  # of memory required by the chat server processes.
+  class Cluster
+    include Vines::Log
+
+    attr_reader :id
+
+    %w[host port database password].each do |name|
+      define_method(name) do |*args|
+        if args.first
+          @connection.send("#{name}=", args.first)
+        else
+          @connection.send(name)
+        end
+      end
+    end
+
+    def initialize(config, &block)
+      @config, @id = config, Kit.uuid
+      @connection = Connection.new
+      @sessions = Sessions.new(self)
+      @publisher = Publisher.new(self)
+      @subscriber = Subscriber.new(self)
+      @pubsub = PubSub.new(self)
+      instance_eval(&block)
+    end
+
+    # Join this node to the cluster by broadcasting its state to the
+    # other nodes, subscribing to redis channels, and scheduling periodic
+    # heartbeat broadcasts. This method must be called after initialize
+    # or this node will not be a cluster member.
+    def start
+      @connection.connect
+      @publisher.broadcast(:online)
+      @subscriber.subscribe
+
+      EM.add_periodic_timer(1) { heartbeat }
+
+      at_exit do
+        @publisher.broadcast(:offline)
+        @sessions.delete_all(@id)
+      end
+    end
+
+    # Returns any streams hosted at remote nodes for these JIDs. The streams act
+    # like normal EM::Connections, but are actually proxies that route stanzas
+    # over redis pubsub channels to remote nodes.
+    def remote_sessions(*jids)
+      @sessions.find(*jids).map do |session|
+        StreamProxy.new(self, session)
+      end
+    end
+
+    # Persist the user's session to the shared redis cache so that other cluster
+    # nodes can locate the node hosting this user's connection and route messages
+    # to them.
+    def save_session(jid, attrs)
+      @sessions.save(jid, attrs)
+    end
+
+    # Remove this user from the cluster routing table so that no further stanzas
+    # may be routed to them. This must be called when the user's session is
+    # terminated, either by logout or stream disconnect.
+    def delete_session(jid)
+      @sessions.delete(jid)
+    end
+
+    # Remove all user sessions from the routing table associated with the
+    # given node ID. Cluster nodes call this themselves during normal shutdown.
+    # However, if a node dies without being properly shutdown, the other nodes
+    # will cleanup its sessions when they detect the node is offline.
+    def delete_sessions(node)
+      @sessions.delete_all(node)
+    end
+
+    # Notify the session store that this node is still alive. The node
+    # broadcasts its current time, so all cluster members' clocks don't
+    # necessarily need to be in sync.
+    def poke(node, time)
+      @sessions.poke(node, time)
+    end
+
+    # Send the stanza to the node hosting the user's session. The stanza is
+    # published to the channel to which the remote node is listening for
+    # messages.
+    def route(stanza, node)
+      @publisher.route(stanza, node)
+    end
+
+    # Notify the remote node that the user's roster has changed and it should
+    # reload the user from storage.
+    def update_user(jid, node)
+      @publisher.update_user(jid, node)
+    end
+
+    # Return the shared redis connection for most queries to use.
+    def connection
+      @connection.connect
+    end
+
+    # Create a new redis connection.
+    def connect
+      @connection.create
+    end
+
+    # Turn an asynchronous redis query into a blocking call by pausing the
+    # fiber in which this code is running. Return the result of the query
+    # from this method, rather than passing it to a callback block.
+    def query(name, *args)
+      fiber, yielding = Fiber.current, true
+      req = connection.send(name, *args)
+      req.errback  { fiber.resume rescue yielding = false }
+      req.callback {|response| fiber.resume(response) }
+      Fiber.yield if yielding
+    end
+
+    # Return the connected streams for this user, without any proxy streams
+    # to remote cluster nodes (locally connected streams only).
+    def connected_resources(jid)
+      @config.router.connected_resources(jid, jid, false)
+    end
+
+    # Return the Storage implementation for this domain or nil if the
+    # domain is not hosted here.
+    def storage(domain)
+      @config.storage(domain)
+    end
+
+    # Create a pubsub topic (a.k.a. node), in the given domain, to which
+    # messages may be published. The domain argument will be one of the
+    # configured pubsub subdomains in conf/config.rb (e.g. games.wonderland.lit,
+    # topics.wonderland.lit, etc).
+    def add_pubsub_node(domain, node)
+      @pubsub.add_node(domain, node)
+    end
+
+    # Remove a pubsub topic so messages may no longer be broadcast to it.
+    def delete_pubsub_node(domain, node)
+      @pubsub.delete_node(domain, node)
+    end
+
+    # Subscribe the JID to the pubsub topic so it will receive any messages
+    # published to it.
+    def subscribe_pubsub(domain, node, jid)
+      @pubsub.subscribe(domain, node, jid)
+    end
+
+    # Unsubscribe the JID from the pubsub topic, deregistering its interest
+    # in receiving any messages published to it.
+    def unsubscribe_pubsub(domain, node, jid)
+      @pubsub.unsubscribe(domain, node, jid)
+    end
+
+    # Unsubscribe the JID from all pubsub topics. This is useful when the
+    # JID's session ends by logout or disconnect.
+    def unsubscribe_all_pubsub(domain, jid)
+      @pubsub.unsubscribe_all(domain, jid)
+    end
+
+    # Return true if the pubsub topic exists and messages may be published to it.
+    def pubsub_node?(domain, node)
+      @pubsub.node?(domain, node)
+    end
+
+    # Return true if the JID is a registered subscriber to the pubsub topic and
+    # messages published to it should be routed to the JID.
+    def pubsub_subscribed?(domain, node, jid)
+      @pubsub.subscribed?(domain, node, jid)
+    end
+
+    # Return a list of JIDs subscribed to the pubsub topic.
+    def pubsub_subscribers(domain, node)
+      @pubsub.subscribers(domain, node)
+    end
+
+    private
+
+    # Call this method once per second to broadcast this node's heartbeat and
+    # expire stale user sessions. This method must not raise exceptions or the
+    # timer will stop.
+    def heartbeat
+      @publisher.broadcast(:heartbeat)
+      @sessions.expire
+    rescue => e
+      log.error("Cluster session cleanup failed: #{e}")
+    end
+
+    # StreamProxy behaves like an EM::Connection so that stanzas may be sent to
+    # remote nodes just as they are to locally connected streams. The rest of the
+    # system doesn't know or care that these "streams" send their traffic over
+    # redis pubsub channels.
+    class StreamProxy
+      attr_reader :user
+
+      def initialize(cluster, session)
+        @cluster, @user = cluster, UserProxy.new(cluster, session)
+        @node, @available, @interested, @presence =
+          session.values_at('node', 'available', 'interested', 'presence')
+
+        unless @presence.nil? || @presence.empty?
+          @presence = Nokogiri::XML(@presence).root rescue nil
+        end
+      end
+
+      def available?
+        @available
+      end
+
+      def interested?
+        @interested
+      end
+
+      def last_broadcast_presence
+        @presence
+      end
+
+      def write(stanza)
+        @cluster.route(stanza, @node)
+      end
+    end
+
+    # Proxy User#update_from calls to remote cluster nodes over redis
+    # pubsub channels.
+    class UserProxy < User
+      def initialize(cluster, session)
+        super(jid: session['jid'])
+        @cluster, @node = cluster, session['node']
+      end
+
+      def update_from(user)
+        @cluster.update_user(@jid.bare, @node)
+      end
+    end
+  end
+end

data/lib/vines/command/bcrypt.rb

@@ -0,0 +1,12 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Bcrypt
+      def run(opts)
+        raise 'vines bcrypt <clear text>' unless opts[:args].size == 1
+        puts BCrypt::Password.create(opts[:args].first)
+      end
+    end
+  end
+end

data/lib/vines/command/cert.rb

@@ -0,0 +1,50 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Cert
+      def run(opts)
+        raise 'vines cert <domain>' unless opts[:args].size == 1
+        require opts[:config]
+        create_cert(opts[:args].first, Config.instance.certs)
+      end
+
+      def create_cert(domain, dir)
+        domain = domain.downcase
+        key = OpenSSL::PKey::RSA.generate(2048)
+        ca = OpenSSL::X509::Name.parse("/C=US/ST=Colorado/L=Denver/O=Vines XMPP Server/CN=#{domain}")
+        cert = OpenSSL::X509::Certificate.new
+        cert.version = 2
+        cert.subject = ca
+        cert.issuer = ca
+        cert.serial = Time.now.to_i
+        cert.public_key = key.public_key
+        cert.not_before = Time.now - (24 * 60 * 60)
+        cert.not_after = Time.now + (365 * 24 * 60 * 60)
+
+        factory = OpenSSL::X509::ExtensionFactory.new
+        factory.subject_certificate = cert
+        factory.issuer_certificate = cert
+        cert.extensions = [
+          %w[basicConstraints CA:TRUE],
+          %w[subjectKeyIdentifier hash],
+          %w[subjectAltName] << [domain, hostname].map {|n| "DNS:#{n}" }.join(',')
+        ].map {|k, v| factory.create_ext(k, v) }
+
+        cert.sign(key, OpenSSL::Digest::SHA1.new)
+
+        {'key' => key, 'crt' => cert}.each_pair do |ext, o|
+          name = File.join(dir, "#{domain}.#{ext}")
+          File.open(name, 'w:utf-8') {|f| f.write(o.to_pem) }
+          File.chmod(0600, name) if ext == 'key'
+        end
+      end
+
+      private
+
+      def hostname
+        Socket.gethostbyname(Socket.gethostname).first.downcase
+      end
+    end
+  end
+end

data/lib/vines/command/init.rb

@@ -0,0 +1,68 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Init
+      def run(opts)
+        raise 'vines init <domain>' unless opts[:args].size == 1
+        domain = opts[:args].first.downcase
+        dir = File.expand_path(domain)
+        raise "Directory already initialized: #{domain}" if File.exists?(dir)
+        Dir.mkdir(dir)
+
+        create_directories(dir)
+        create_users(domain, dir)
+        update_config(domain, dir)
+        Command::Cert.new.create_cert(domain, File.join(dir, 'conf/certs'))
+
+        puts "Initialized server directory: #{domain}"
+        puts "Run 'cd #{domain} && vines start' to begin"
+      end
+
+      private
+
+      # Limit file system database directory access so the server is the only
+      # process managing the data. The config.rb file contains component and
+      # database passwords, so restrict access to just the server user as well.
+      def create_directories(dir)
+        %w[conf web].each do |sub|
+          FileUtils.cp_r(File.expand_path("../../../../#{sub}", __FILE__), dir)
+        end
+        %w[data log pid].each do |sub|
+          Dir.mkdir(File.join(dir, sub), 0700)
+        end
+        File.chmod(0600, File.join(dir, 'conf/config.rb'))
+      end
+
+      def update_config(domain, dir)
+        config = File.expand_path('conf/config.rb', dir)
+        text = File.read(config, encoding: 'utf-8')
+        File.open(config, 'w:utf-8') do |f|
+          f.write(text.gsub('wonderland.lit', domain))
+        end
+      end
+
+      def create_users(domain, dir)
+        password = 'secr3t'
+        alice, arthur = %w[alice arthur].map do |jid|
+          User.new(jid: [jid, domain].join('@'),
+            password: BCrypt::Password.create(password).to_s)
+        end
+
+        [[alice, arthur], [arthur, alice]].each do |user, contact|
+          user.roster << Contact.new(
+            jid: contact.jid,
+            name: contact.jid.node.capitalize,
+            subscription: 'both',
+            groups: %w[Buddies])
+        end
+
+        storage = Storage::Local.new { dir(File.join(dir, 'data')) }
+        [alice, arthur].each do |user|
+          storage.save_user(user)
+          puts "Created example user #{user.jid} with password #{password}"
+        end
+      end
+    end
+  end
+end

data/lib/vines/command/ldap.rb

@@ -0,0 +1,38 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Ldap
+      def run(opts)
+        raise 'vines ldap <domain>' unless opts[:args].size == 1
+        require opts[:config]
+        domain = opts[:args].first
+        unless storage = Config.instance.vhost(domain).storage rescue nil
+          raise "#{domain} virtual host not found in conf/config.rb"
+        end
+        unless storage.ldap?
+          raise "LDAP connector not configured for #{domain} virtual host"
+        end
+        $stdout.write('JID: ')
+        jid = $stdin.gets.chomp
+        jid = [jid, domain].join('@') unless jid.include?('@')
+        $stdout.write('Password: ')
+        `stty -echo`
+        password = $stdin.gets.chomp
+        `stty echo`
+        puts
+
+        begin
+          user = storage.ldap.authenticate(jid, password)
+        rescue => e
+          raise "LDAP connection failed: #{e.message}"
+        end
+
+        filter = storage.ldap.filter(jid)
+        raise "User not found with filter:\n  #{filter}" unless user
+        name = user.name.empty? ? '<name missing>' : user.name
+        puts "Found user #{name} with filter:\n  #{filter}"
+      end
+    end
+  end
+end

data/lib/vines/command/restart.rb

@@ -0,0 +1,12 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Restart
+      def run(opts)
+        Stop.new.run(opts)
+        Start.new.run(opts)
+      end
+    end
+  end
+end

data/lib/vines/command/schema.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Schema
+      def run(opts)
+        raise 'vines schema <domain>' unless opts[:args].size == 1
+        require opts[:config]
+        domain = opts[:args].first
+        unless storage = Config.instance.vhost(domain).storage rescue nil
+          raise "#{domain} virtual host not found in conf/config.rb"
+        end
+        unless storage.respond_to?(:create_schema)
+          raise "SQL storage not configured for #{domain} virtual host"
+        end
+        begin
+          storage.create_schema
+        rescue => e
+          raise "Schema creation failed: #{e.message}"
+        end
+      end
+    end
+  end
+end

data/lib/vines/command/start.rb

@@ -0,0 +1,28 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Start
+      def run(opts)
+        raise 'vines [--pid FILE] start' unless opts[:args].size == 0
+        require opts[:config]
+        server = XmppServer.new(Config.instance)
+        daemonize(opts) if opts[:daemonize]
+        server.start
+      end
+
+      private
+
+      def daemonize(opts)
+        daemon = Daemon.new(:pid => opts[:pid], :stdout => opts[:log],
+          :stderr => opts[:log])
+        if daemon.running?
+          raise "Vines is running as process #{daemon.pid}"
+        else
+          puts "Vines has started"
+          daemon.start
+        end
+      end
+    end
+  end
+end

data/lib/vines/command/stop.rb

@@ -0,0 +1,18 @@
+# encoding: UTF-8
+
+module Vines
+  module Command
+    class Stop
+      def run(opts)
+        raise 'vines [--pid FILE] stop' unless opts[:args].size == 0
+        daemon = Daemon.new(:pid => opts[:pid])
+        if daemon.running?
+          daemon.stop
+          puts 'Vines has been shutdown'
+        else
+          puts 'Vines is not running'
+        end
+      end
+    end
+  end
+end

data/lib/vines/config/host.rb

@@ -0,0 +1,125 @@
+# encoding: UTF-8
+
+module Vines
+  class Config
+
+    # Provides the DSL methods for the virtual host definitions in the
+    # conf/config.rb file. Host instances can be accessed at runtime through
+    # the +Config#vhosts+ method.
+    class Host
+      attr_reader :pubsubs
+
+      def initialize(config, name, &block)
+        @config, @name = config, name.downcase
+        @storage, @ldap = nil, nil
+        @cross_domain_messages = false
+        @private_storage = false
+        @components, @pubsubs = {}, {}
+        validate_domain(@name)
+        instance_eval(&block)
+        raise "storage required for #{@name}" unless @storage
+      end
+
+      def storage(name=nil, &block)
+        if name
+          raise "one storage mechanism per host allowed" if @storage
+          @storage = Storage.from_name(name, &block)
+          @storage.ldap = @ldap
+        else
+          @storage
+        end
+      end
+
+      def ldap(host='localhost', port=636, &block)
+        @ldap = Storage::Ldap.new(host, port, &block)
+        @storage.ldap = @ldap if @storage
+      end
+
+      def cross_domain_messages(enabled)
+        @cross_domain_messages = !!enabled
+      end
+
+      def cross_domain_messages?
+        @cross_domain_messages
+      end
+
+      def components(options=nil)
+        return @components unless options
+
+        names = options.keys.map {|domain| "#{domain}.#{@name}".downcase }
+        raise "duplicate component domains not allowed" if dupes?(names, @components.keys)
+        raise "pubsub domains overlap component domains" if dupes?(names, @pubsubs.keys)
+
+        options.each do |domain, password|
+          raise 'component domain required' if (domain || '').to_s.strip.empty?
+          raise 'component password required' if (password || '').strip.empty?
+          name = "#{domain}.#{@name}".downcase
+          raise "components must be one level below their host: #{name}" if domain.to_s.include?('.')
+          validate_domain(name)
+          @components[name] = password
+        end
+      end
+
+      def component?(domain)
+        !!@components[domain.to_s]
+      end
+
+      def password(domain)
+        @components[domain.to_s]
+      end
+
+      def pubsub(*domains)
+        domains.flatten!
+        raise 'define at least one pubsub domain' if domains.empty?
+        names = domains.map {|domain| "#{domain}.#{@name}".downcase }
+        raise "duplicate pubsub domains not allowed" if dupes?(names, @pubsubs.keys)
+        raise "pubsub domains overlap component domains" if dupes?(names, @components.keys)
+        domains.each do |domain|
+          raise 'pubsub domain required' if (domain || '').to_s.strip.empty?
+          name = "#{domain}.#{@name}".downcase
+          raise "pubsub domains must be one level below their host: #{name}" if domain.to_s.include?('.')
+          validate_domain(name)
+          @pubsubs[name] = PubSub.new(@config, name)
+        end
+      end
+
+      def pubsub?(domain)
+        @pubsubs.key?(domain.to_s)
+      end
+
+      # Unsubscribe this JID from all pubsub topics hosted at this virtual host.
+      # This should be called when the user's session ends via logout or
+      # disconnect.
+      def unsubscribe_pubsub(jid)
+        @pubsubs.values.each do |pubsub|
+          pubsub.unsubscribe_all(jid)
+        end
+      end
+
+      def disco_items
+        [@components.keys, @pubsubs.keys].flatten.sort
+      end
+
+      def private_storage(enabled)
+        @private_storage = !!enabled
+      end
+
+      def private_storage?
+        @private_storage
+      end
+
+      private
+
+      # Return true if the arrays contain any duplicate items.
+      def dupes?(a, b)
+        a.uniq.size != a.size || b.uniq.size != b.size || (a & b).any?
+      end
+
+      # Prevent domains in config files that won't form valid JIDs.
+      def validate_domain(name)
+        jid = JID.new(name)
+        raise "incorrect domain: #{name}" if jid.node || jid.resource
+      end
+    end
+  end
+end