diaspora-vines 0.1.2

data/lib/vines/stanza/presence.rb

@@ -0,0 +1,141 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class Presence < Stanza
+      register "/presence"
+
+      VALID_TYPES = %w[subscribe subscribed unsubscribe unsubscribed unavailable probe error].freeze
+
+      VALID_TYPES.each do |type|
+        define_method "#{type}?" do
+          self['type'] == type
+        end
+      end
+
+      def process
+        stream.last_broadcast_presence = @node.clone unless validate_to
+        unless self['type'].nil?
+          raise StanzaErrors::BadRequest.new(self, 'modify')
+        end
+        dir = outbound? ? 'outbound' : 'inbound'
+        method("#{dir}_broadcast_presence").call
+      end
+
+      def outbound?
+        !inbound?
+      end
+
+      def inbound?
+        stream.class == Vines::Stream::Server ||
+        stream.class == Vines::Stream::Component
+      end
+
+      def outbound_broadcast_presence
+        self['from'] = stream.user.jid.to_s
+        to = validate_to
+        type = (self['type'] || '').strip
+        initial = to.nil? && type.empty? && !stream.available?
+
+        recipients = if to.nil?
+          stream.available_subscribers
+        else
+          stream.user.subscribed_from?(to) ? stream.available_resources(to) : []
+        end
+
+        broadcast(recipients)
+        broadcast(stream.available_resources(stream.user.jid))
+
+        if initial
+          stream.available_subscribed_to_resources.each do |recipient|
+            if recipient.last_broadcast_presence
+              el = recipient.last_broadcast_presence.clone
+              el['to'] = stream.user.jid.to_s
+              el['from'] = recipient.user.jid.to_s
+              stream.write(el)
+            end
+          end
+          stream.remote_subscribed_to_contacts.each do |contact|
+            send_probe(contact.jid.bare)
+          end
+          stream.available!
+        end
+
+        stream.remote_subscribers(to).each do |contact|
+          node = @node.clone
+          node['to'] = contact.jid.bare.to_s
+          router.route(node) rescue nil # ignore RemoteServerNotFound
+        end
+      end
+
+      def inbound_broadcast_presence
+        broadcast(stream.available_resources(validate_to))
+      end
+
+      private
+
+      def send_probe(to)
+        to = JID.new(to)
+        doc = Document.new
+        probe = doc.create_element('presence',
+          'from' => stream.user.jid.bare.to_s,
+          'id'   => Kit.uuid,
+          'to'   => to.bare.to_s,
+          'type' => 'probe')
+        router.route(probe) rescue nil # ignore RemoteServerNotFound
+      end
+
+      def auto_reply_to_subscription_request(from, type)
+        doc = Document.new
+        node = doc.create_element('presence') do |el|
+          el['from'] = from.to_s
+          el['id'] = self['id'] if self['id']
+          el['to'] = stream.user.jid.bare.to_s
+          el['type'] = type
+        end
+        stream.write(node)
+      end
+
+      # Send the contact's roster item to the current user's interested streams.
+      # Roster pushes are required, following presence subscription updates, to
+      # notify the user's clients of the contact's current state.
+      def send_roster_push(to)
+        contact = stream.user.contact(to)
+        stream.interested_resources(stream.user.jid).each do |recipient|
+          contact.send_roster_push(recipient)
+        end
+      end
+
+      # Notify the current user's interested streams of a contact's subscription
+      # state change as a result of receiving a subscribed, unsubscribe, or
+      # unsubscribed presence stanza.
+      def broadcast_subscription_change(contact)
+        stamp_from
+        stream.interested_resources(stamp_to).each do |recipient|
+          @node['to'] = recipient.user.jid.to_s
+          recipient.write(@node)
+          contact.send_roster_push(recipient)
+        end
+      end
+
+      # Validate that the incoming stanza has a 'to' attribute and strip any
+      # resource part from it so it's a bare jid. Return the bare JID object
+      # that was stamped.
+      def stamp_to
+        to = validate_to
+        raise StanzaErrors::BadRequest.new(self, 'modify') unless to
+        to.bare.tap do |bare|
+          self['to'] = bare.to_s
+        end
+      end
+
+      # Presence subscription stanzas must be addressed from the user's bare
+      # JID. Return the user's bare JID object that was stamped.
+      def stamp_from
+        stream.user.jid.bare.tap do |bare|
+          self['from'] = bare.to_s
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub/create.rb

@@ -0,0 +1,39 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub
+      class Create < PubSub
+        NS = NAMESPACES[:pubsub]
+
+        register "/iq[@id and @type='set']/ns:pubsub/ns:create", 'ns' => NS
+
+        def process
+          return if route_iq || !allowed?
+          validate_to_address
+
+          node = self.xpath('ns:pubsub/ns:create', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') if node.size != 1
+          node = node.first
+
+          id = (node['node'] || '').strip
+          id = Kit.uuid if id.empty?
+          raise StanzaErrors::Conflict.new(self, 'cancel') if pubsub.node?(id)
+          pubsub.add_node(id)
+          send_result_iq(id)
+        end
+
+        private
+
+        def send_result_iq(id)
+          el = to_result
+          el << el.document.create_element('pubsub') do |node|
+            node.default_namespace = NS
+            node << el.document.create_element('create', 'node' => id)
+          end
+          stream.write(el)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub/delete.rb

@@ -0,0 +1,41 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub
+      class Delete < PubSub
+        NS = NAMESPACES[:pubsub]
+
+        register "/iq[@id and @type='set']/ns:pubsub/ns:delete", 'ns' => NS
+
+        def process
+          return if route_iq || !allowed?
+          validate_to_address
+
+          node = self.xpath('ns:pubsub/ns:delete', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') if node.size != 1
+          node = node.first
+
+          id = node['node']
+          raise StanzaErrors::ItemNotFound.new(self, 'cancel') unless pubsub.node?(id)
+
+          pubsub.publish(id, message(id))
+          pubsub.delete_node(id)
+          stream.write(to_result)
+        end
+
+        private
+
+        def message(id)
+          doc = Document.new
+          doc.create_element('message') do |node|
+            node << node.document.create_element('event') do |event|
+              event.default_namespace = NAMESPACES[:pubsub_event]
+              event << node.document.create_element('delete', 'node' => id)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub/publish.rb

@@ -0,0 +1,66 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub
+      class Publish < PubSub
+        NS = NAMESPACES[:pubsub]
+
+        register "/iq[@id and @type='set']/ns:pubsub/ns:publish", 'ns' => NS
+
+        def process
+          return if route_iq || !allowed?
+          validate_to_address
+
+          node = self.xpath('ns:pubsub/ns:publish', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') if node.size != 1
+          node = node.first
+          id = node['node']
+
+          raise StanzaErrors::ItemNotFound.new(self, 'cancel') unless pubsub.node?(id)
+
+          item = node.xpath('ns:item', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') unless item.size == 1
+          item = item.first
+          unless item['id']
+            item['id'] = Kit.uuid
+            include_item = true
+          end
+
+          raise StanzaErrors::BadRequest.new(self, 'modify') unless item.elements.size == 1
+          pubsub.publish(id, message(id, item))
+          send_result_iq(id, include_item ? item : nil)
+        end
+
+        private
+
+        def message(node, item)
+          doc = Document.new
+          doc.create_element('message') do |message|
+            message << doc.create_element('event') do |event|
+              event.default_namespace = NAMESPACES[:pubsub_event]
+              event << doc.create_element('items', 'node' => node) do |items|
+                items << doc.create_element('item', 'id' => item['id'], 'publisher' => stream.user.jid.to_s) do |el|
+                  el << item.elements.first
+                end
+              end
+            end
+          end
+        end
+
+        def send_result_iq(node, item)
+          result = to_result
+          if item
+            result << result.document.create_element('pubsub') do |pubsub|
+              pubsub.default_namespace = NS
+              pubsub << result.document.create_element('publish', 'node' => node) do |publish|
+                publish << result.document.create_element('item', 'id' => item['id'])
+              end
+            end
+          end
+          stream.write(result)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub/subscribe.rb

@@ -0,0 +1,44 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub
+      class Subscribe < PubSub
+        NS = NAMESPACES[:pubsub]
+
+        register "/iq[@id and @type='set']/ns:pubsub/ns:subscribe", 'ns' => NS
+
+        def process
+          return if route_iq || !allowed?
+          validate_to_address
+
+          node = self.xpath('ns:pubsub/ns:subscribe', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') if node.size != 1
+          node = node.first
+          id, jid = node['node'], JID.new(node['jid'])
+
+          raise StanzaErrors::BadRequest.new(self, 'modify') unless stream.user.jid.bare == jid.bare
+          raise StanzaErrors::ItemNotFound.new(self, 'cancel') unless pubsub.node?(id)
+          raise StanzaErrors::PolicyViolation.new(self, 'wait') if pubsub.subscribed?(id, jid)
+
+          pubsub.subscribe(id, jid)
+          send_result_iq(id, jid)
+        end
+
+        private
+
+        def send_result_iq(id, jid)
+          result = to_result
+          result << result.document.create_element('pubsub') do |node|
+            node.default_namespace = NS
+            node << result.document.create_element('subscription',
+              'node' => id,
+              'jid' => jid.to_s,
+              'subscription' => 'subscribed')
+          end
+          stream.write(result)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub/unsubscribe.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub
+      class Unsubscribe < PubSub
+        NS = NAMESPACES[:pubsub]
+
+        register "/iq[@id and @type='set']/ns:pubsub/ns:unsubscribe", 'ns' => NS
+
+        def process
+          return if route_iq || !allowed?
+          validate_to_address
+
+          node = self.xpath('ns:pubsub/ns:unsubscribe', 'ns' => NS)
+          raise StanzaErrors::BadRequest.new(self, 'modify') if node.size != 1
+          node = node.first
+          id, jid = node['node'], JID.new(node['jid'])
+
+          raise StanzaErrors::Forbidden.new(self, 'auth') unless stream.user.jid.bare == jid.bare
+          raise StanzaErrors::ItemNotFound.new(self, 'cancel') unless pubsub.node?(id)
+          raise StanzaErrors::UnexpectedRequest.new(self, 'cancel') unless pubsub.subscribed?(id, jid)
+
+          pubsub.unsubscribe(id, jid)
+          stream.write(to_result)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stanza/pubsub.rb

@@ -0,0 +1,22 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    class PubSub < Iq
+
+      private
+
+      # Return the Config::PubSub system for the domain to which this stanza is
+      # addressed or nil if it's not to a pubsub subdomain.
+      def pubsub
+        stream.config.pubsub(validate_to)
+      end
+
+      # Raise feature-not-implemented if this stanza is addressed to the chat
+      # server itself, rather than a pubsub subdomain.
+      def validate_to_address
+        raise StanzaErrors::FeatureNotImplemented.new(self, 'cancel') unless pubsub
+      end
+    end
+  end
+end

data/lib/vines/stanza.rb

@@ -0,0 +1,175 @@
+# encoding: UTF-8
+
+module Vines
+  class Stanza
+    include Nokogiri::XML
+
+    attr_reader :stream
+
+    EMPTY = ''.freeze
+    FROM, MESSAGE, TO = %w[from message to].map {|s| s.freeze }
+    ROUTABLE_STANZAS  = %w[message iq presence].freeze
+
+    @@types = {}
+
+    def self.register(xpath, ns={})
+      @@types[[xpath, ns]] = self
+    end
+
+    def self.from_node(node, stream)
+      # optimize common case
+      return Message.new(node, stream) if node.name == MESSAGE
+      found = @@types.select {|pair, v| node.xpath(*pair).any? }
+        .sort {|a, b| b[0][0].length - a[0][0].length }.first
+      found ? found[1].new(node, stream) : nil
+    end
+
+    def initialize(node, stream)
+      @node, @stream = node, stream
+    end
+
+    # Send the stanza to all recipients, stamping it with from and
+    # to addresses first.
+    def broadcast(recipients)
+      @node[FROM] = stream.user.jid.to_s
+      recipients.each do |recipient|
+        @node[TO] = recipient.user.jid.to_s
+        recipient.write(@node)
+      end
+    end
+
+    # Returns true if this stanza should be processed locally. Returns false
+    # if it's destined for a remote domain or external component.
+    def local?
+      return true unless ROUTABLE_STANZAS.include?(@node.name)
+      to = JID.new(@node[TO])
+      to.empty? || local_jid?(to)
+    end
+
+    def local_jid?(*jids)
+      stream.config.local_jid?(*jids)
+    end
+
+    # Return true if this stanza is addressed to a pubsub subdomain hosted
+    # at this server. This helps differentiate between IQ stanzas addressed
+    # to the server and stanzas addressed to pubsub domains, both of which must
+    # be handled locally and not routed.
+    def to_pubsub_domain?
+      stream.config.pubsub?(validate_to)
+    end
+
+    def route
+      stream.router.route(@node)
+    end
+
+    def router
+      stream.router
+    end
+
+    def storage(domain=stream.domain)
+      stream.storage(domain)
+    end
+
+    def process
+      raise 'subclass must implement'
+    end
+
+    # Broadcast unavailable presence from the user's available resources to the
+    # recipient's available resources. Route the stanza to a remote server if
+    # the recipient isn't hosted locally.
+    def send_unavailable(from, to)
+      available = router.available_resources(from, to)
+      stanzas = available.map {|stream| unavailable(stream.user.jid) }
+      broadcast_to_available_resources(stanzas, to)
+    end
+
+    # Return an unavailable presence stanza addressed from the given JID.
+    def unavailable(from)
+      doc = Document.new
+      doc.create_element('presence',
+        'from' => from.to_s,
+        'id'   => Kit.uuid,
+        'type' => 'unavailable')
+    end
+
+    # Return nil if this stanza has no 'to' attribute. Return a Vines::JID
+    # if it contains a valid 'to' attribute.  Raise a JidMalformed error if
+    # the JID is invalid.
+    def validate_to
+      validate_address(TO)
+    end
+
+    # Return nil if this stanza has no 'from' attribute. Return a Vines::JID
+    # if it contains a valid 'from' attribute.  Raise a JidMalformed error if
+    # the JID is invalid.
+    def validate_from
+      validate_address(FROM)
+    end
+
+    def method_missing(method, *args, &block)
+      @node.send(method, *args, &block)
+    end
+
+    private
+
+    # Send the stanzas to the destination JID, routing to a s2s stream
+    # if the address is remote. This method properly stamps the to address
+    # on each stanza before it's sent. The caller must set the from address.
+    def broadcast_to_available_resources(stanzas, to)
+      return if send_to_remote(stanzas, to)
+      send_to_recipients(stanzas, stream.available_resources(to))
+    end
+
+    # Send the stanzas to the destination JID, routing to a s2s stream
+    # if the address is remote. This method properly stamps the to address
+    # on each stanza before it's sent. The caller must set the from address.
+    def broadcast_to_interested_resources(stanzas, to)
+      return if send_to_remote(stanzas, to)
+      send_to_recipients(stanzas, stream.interested_resources(to))
+    end
+
+    # Route the stanzas to a remote server, stamping a bare JID as the
+    # to address. Bare JIDs are required for presence subscription stanzas
+    # sent to the remote contact's server. Return true if the stanzas were
+    # routed, false if they must be delivered locally.
+    def send_to_remote(stanzas, to)
+      return false if local_jid?(to)
+      to = JID.new(to)
+      stanzas.each do |el|
+        el[TO] = to.bare.to_s
+        router.route(el)
+      end
+      true
+    end
+
+    # Send the stanzas to the local recipient streams, stamping a full JID as
+    # the to address. It's important to use full JIDs, even when sending to
+    # local clients, because the stanzas may be routed to other cluster nodes
+    # for delivery. We need the receiving cluster node to send the stanza just
+    # to this full JID, not to lookup all JIDs for this user.
+    def send_to_recipients(stanzas, recipients)
+      recipients.each do |recipient|
+        stanzas.each do |el|
+          el[TO] = recipient.user.jid.to_s
+          recipient.write(el)
+        end
+      end
+    end
+
+    # Return true if the to and from JIDs are allowed to communicate with one
+    # another based on the cross_domain_messages setting in conf/config.rb. If
+    # a domain's users are isolated to sending messages only within their own
+    # domain, pubsub stanzas must not be processed from remote JIDs.
+    def allowed?
+      stream.config.allowed?(validate_to || stream.domain, stream.user.jid)
+    end
+
+    def validate_address(attr)
+      jid = (self[attr] || EMPTY)
+      return if jid.empty?
+      JID.new(jid)
+    rescue
+      raise StanzaErrors::JidMalformed.new(self, 'modify')
+    end
+  end
+end

data/lib/vines/storage/ldap.rb

@@ -0,0 +1,71 @@
+# encoding: UTF-8
+
+module Vines
+  class Storage
+
+    # Authenticates usernames and passwords against an LDAP directory. This can
+    # provide authentication logic for the other, full-featured Storage
+    # implementations while they store and retrieve the rest of the user
+    # information.
+    class Ldap
+      @@required = [:host, :port]
+      %w[tls dn password basedn object_class user_attr name_attr groupdn].each do |name|
+        @@required << name.to_sym unless name == 'groupdn'
+        define_method name do |*args|
+          @config[name.to_sym] = args.first
+        end
+      end
+
+      def initialize(host='localhost', port=636, &block)
+        @config = {host: host, port: port}
+        instance_eval(&block)
+        @@required.each {|key| raise "Must provide #{key}" if @config[key].nil? }
+      end
+
+      # Validates a username and password by binding to the LDAP instance with
+      # those credentials. If the bind succeeds, the user's attributes are
+      # retrieved.
+      def authenticate(username, password)
+        username = JID.new(username).to_s rescue nil
+        return if [username, password].any? {|arg| (arg || '').strip.empty? }
+
+        ldap = connect(@config[:dn], @config[:password])
+        entries = ldap.search(
+          attributes: [@config[:name_attr], 'mail'],
+          filter: filter(username))
+        return unless entries && entries.size == 1
+
+        user = if connect(entries.first.dn, password).bind
+          name = entries.first[@config[:name_attr]].first
+          User.new(jid: username, name: name.to_s, roster: [])
+        end
+        user
+      end
+
+      # Return an LDAP search filter for a user optionally belonging to the
+      # group defined by the groupdn config attribute.
+      def filter(username)
+        clas = Net::LDAP::Filter.eq('objectClass', @config[:object_class])
+        uid = Net::LDAP::Filter.eq(@config[:user_attr], username)
+        filter = clas & uid
+        if group = @config[:groupdn]
+          memberOf = Net::LDAP::Filter.eq('memberOf', group)
+          isMemberOf = Net::LDAP::Filter.eq('isMemberOf', group)
+          filter = filter & (memberOf | isMemberOf)
+        end
+        filter
+      end
+
+      private
+
+      def connect(dn, password)
+        options = [:host, :port, :base].zip(
+          @config.values_at(:host, :port, :basedn))
+        Net::LDAP.new(Hash[options]).tap do |ldap|
+          ldap.encryption(:simple_tls) if @config[:tls]
+          ldap.auth(dn, password)
+        end
+      end
+    end
+  end
+end