lygneo-vines 0.1.1

data/lib/vines/stream/server.rb

@@ -0,0 +1,150 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    # Implements the XMPP protocol for server-to-server (s2s) streams. This
+    # serves connected streams using the jabber:server namespace. This handles
+    # both accepting incoming s2s streams and initiating outbound s2s streams
+    # to other servers.
+    class Server < Stream
+      MECHANISMS = %w[EXTERNAL].freeze
+
+      # Starts the connection to the remote server. When the stream is
+      # connected and ready to send stanzas it will yield to the callback
+      # block. The callback is run on the EventMachine reactor thread. The
+      # yielded stream will be nil if the remote connection failed. We need to
+      # use a background thread to avoid blocking the server on DNS SRV
+      # lookups.
+      def self.start(config, to, from, &callback)
+        op = proc do
+          Resolv::DNS.open do |dns|
+            dns.getresources("_xmpp-server._tcp.#{to}", Resolv::DNS::Resource::IN::SRV)
+          end.sort! {|a,b| a.priority == b.priority ? b.weight <=> a.weight : a.priority <=> b.priority }
+        end
+        cb = proc do |srv|
+          if srv.empty?
+            srv << {target: to, port: 5269}
+            class << srv.first
+              def method_missing(name); self[name]; end
+            end
+          end
+          Server.connect(config, to, from, srv, callback)
+        end
+        EM.defer(proc { op.call rescue [] }, cb)
+      end
+
+      def self.connect(config, to, from, srv, callback)
+        if srv.empty?
+          # fiber so storage calls work properly
+          Fiber.new { callback.call(nil) }.resume
+        else
+          begin
+            rr = srv.shift
+            opts = {to: to, from: from, srv: srv, callback: callback}
+            EM.connect(rr.target.to_s, rr.port, Server, config, opts)
+          rescue => e
+            connect(config, to, from, srv, callback)
+          end
+        end
+      end
+
+      attr_reader   :domain
+      attr_accessor :remote_domain
+
+      def initialize(config, options={})
+        super(config)
+        @connected = false
+        @remote_domain = options[:to]
+        @domain = options[:from]
+        @srv = options[:srv]
+        @callback = options[:callback]
+        @outbound = @remote_domain && @domain
+        start = @outbound ? Outbound::Start.new(self) : Start.new(self)
+        advance(start)
+      end
+
+      def post_init
+        super
+        send_stream_header if @outbound
+      end
+
+      def max_stanza_size
+        config[:server].max_stanza_size
+      end
+
+      def ssl_handshake_completed
+        close_connection unless cert_domain_matches?(@remote_domain)
+      end
+
+      # Return an array of allowed authentication mechanisms advertised as
+      # server stream features.
+      def authentication_mechanisms
+        MECHANISMS
+      end
+
+      def stream_type
+        :server
+      end
+
+      def unbind
+        super
+        if @outbound && !@connected
+          Server.connect(config, @remote_domain, @domain, @srv, @callback)
+        end
+      end
+
+      def vhost?(domain)
+        config.vhost?(domain)
+      end
+
+      def notify_connected
+        @connected = true
+        if @callback
+          @callback.call(self)
+          @callback = nil
+        end
+      end
+
+      def ready?
+        state.class == Server::Ready
+      end
+
+      def start(node)
+        if @outbound then send_stream_header; return end
+        to, from = %w[to from].map {|a| node[a] }
+        @domain, @remote_domain = to, from unless @domain
+        send_stream_header
+        raise StreamErrors::NotAuthorized if domain_change?(to, from)
+        raise StreamErrors::UnsupportedVersion unless node['version'] == '1.0'
+        raise StreamErrors::ImproperAddressing unless valid_address?(@domain) && valid_address?(@remote_domain)
+        raise StreamErrors::HostUnknown unless config.vhost?(@domain) || config.pubsub?(@domain) || config.component?(@domain)
+        raise StreamErrors::NotAuthorized unless config.s2s?(@remote_domain) && config.allowed?(@domain, @remote_domain)
+        raise StreamErrors::InvalidNamespace unless node.namespaces['xmlns'] == NAMESPACES[:server]
+        raise StreamErrors::InvalidNamespace unless node.namespaces['xmlns:stream'] == NAMESPACES[:stream]
+      end
+
+      private
+
+      # The +to+ and +from+ domain addresses set on the initial stream header
+      # must not change during stream restarts. This prevents a server from
+      # authenticating as one domain, then sending stanzas from users in a
+      # different domain.
+      def domain_change?(to, from)
+        to != @domain || from != @remote_domain
+      end
+
+      def send_stream_header
+        attrs = {
+          'xmlns' => NAMESPACES[:server],
+          'xmlns:stream' => NAMESPACES[:stream],
+          'xml:lang' => 'en',
+          'id' => Kit.uuid,
+          'from' => @domain,
+          'to' => @remote_domain,
+          'version' => '1.0'
+        }
+        write "<stream:stream %s>" % attrs.to_a.map{|k,v| "#{k}='#{v}'"}.join(' ')
+      end
+    end
+  end
+end

data/lib/vines/stream/state.rb

@@ -0,0 +1,60 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+
+    # The base class of Stream state machines. States know how to process XML
+    # nodes and advance to their next valid state or fail the stream.
+    class State
+      include Nokogiri::XML
+      include Vines::Log
+
+      attr_accessor :stream
+
+      BODY   = 'body'.freeze
+      STREAM = 'stream'.freeze
+
+      def initialize(stream, success=nil)
+        @stream, @success = stream, success
+      end
+
+      def node(node)
+        raise 'subclass must implement'
+      end
+
+      def ==(state)
+        self.class == state.class
+      end
+
+      def eql?(state)
+        state.is_a?(State) && self == state
+      end
+
+      def hash
+        self.class.hash
+      end
+
+      private
+
+      def advance
+        stream.advance(@success.new(stream))
+      end
+
+      def stream?(node)
+        node.name == STREAM && namespace(node) == NAMESPACES[:stream]
+      end
+
+      def body?(node)
+        node.name == BODY && namespace(node) == NAMESPACES[:http_bind]
+      end
+
+      def namespace(node)
+        node.namespace ? node.namespace.href : nil
+      end
+
+      def to_stanza(node)
+        Stanza.from_node(node, stream)
+      end
+    end
+  end
+end

data/lib/vines/stream.rb

@@ -0,0 +1,247 @@
+# encoding: UTF-8
+
+module Vines
+  # The base class for various XMPP streams (c2s, s2s, component, http),
+  # containing behavior common to all streams like rate limiting, stanza
+  # parsing, and stream error handling.
+  class Stream < EventMachine::Connection
+    include Vines::Log
+
+    ERROR = 'error'.freeze
+    PAD   = 20
+
+    attr_reader   :config, :domain
+    attr_accessor :user
+
+    def initialize(config)
+      @config = config
+    end
+
+    def post_init
+      @remote_addr, @local_addr = addresses
+      @user, @closed, @stanza_size = nil, false, 0
+      @bucket = TokenBucket.new(100, 10)
+      @store = Store.new(@config.certs)
+      @nodes = EM::Queue.new
+      process_node_queue
+      create_parser
+      log.info { "%s %21s -> %s" %
+        ['Stream connected:'.ljust(PAD), @remote_addr, @local_addr] }
+    end
+
+    # Initialize a new XML parser for this connection. This is called when the
+    # stream is first connected as well as for stream restarts during
+    # negotiation. Subclasses can override this method to provide a different
+    # type of parser (e.g. HTTP).
+    def create_parser
+      @parser = Parser.new.tap do |p|
+        p.stream_open {|node| @nodes.push(node) }
+        p.stream_close { close_connection }
+        p.stanza {|node| @nodes.push(node) }
+      end
+    end
+
+    # Advance the state machine into the +Closed+ state so any remaining queued
+    # nodes are not processed while we're waiting for EM to actually close the
+    # connection.
+    def close_connection(after_writing=false)
+      super
+      @closed = true
+      advance(Client::Closed.new(self))
+    end
+
+    def receive_data(data)
+      return if @closed
+      @stanza_size += data.bytesize
+      if @stanza_size < max_stanza_size
+        @parser << data rescue error(StreamErrors::NotWellFormed.new)
+      else
+        error(StreamErrors::PolicyViolation.new('max stanza size reached'))
+      end
+    end
+
+    # Reset the connection's XML parser when a new <stream:stream> header
+    # is received.
+    def reset
+      create_parser
+    end
+
+    # Returns the storage system for the domain. If no domain is given,
+    # the stream's storage mechanism is returned.
+    def storage(domain=nil)
+      @config.storage(domain || self.domain)
+    end
+
+    # Returns the Vines::Config::Host virtual host for the stream's domain.
+    def vhost
+      @config.vhost(domain)
+    end
+
+    # Reload the user's information into their active connections. Call this
+    # after storage.save_user() to sync the new user state with their other
+    # connections.
+    def update_user_streams(user)
+      connected_resources(user.jid.bare).each do |stream|
+        stream.user.update_from(user)
+      end
+    end
+
+    def connected_resources(jid)
+      router.connected_resources(jid, user.jid)
+    end
+
+    def available_resources(*jid)
+      router.available_resources(*jid, user.jid)
+    end
+
+    def interested_resources(*jid)
+      router.interested_resources(*jid, user.jid)
+    end
+
+    def ssl_verify_peer(pem)
+      # EM is supposed to close the connection when this returns false,
+      # but it only does that for inbound connections, not when we
+      # make a connection to another server.
+      @store.trusted?(pem).tap do |trusted|
+        close_connection unless trusted
+      end
+    end
+
+    def cert_domain_matches?(domain)
+      @store.domain?(get_peer_cert, domain)
+    end
+
+    # Send the data over the wire to this client.
+    def write(data)
+      log_node(data, :out)
+      if data.respond_to?(:to_xml)
+        data = data.to_xml(:indent => 0)
+      end
+      send_data(data)
+    end
+
+    def encrypt
+      cert, key = @store.files_for_domain(domain)
+      start_tls(cert_chain_file: cert, private_key_file: key, verify_peer: true)
+    end
+
+    # Returns true if the TLS certificate and private key files for this domain
+    # exist and can be used to encrypt this stream.
+    def encrypt?
+      !@store.files_for_domain(domain).nil?
+    end
+
+    def unbind
+      router.delete(self)
+      log.info { "%s %21s -> %s" %
+        ['Stream disconnected:'.ljust(PAD), @remote_addr, @local_addr] }
+      log.info { "Streams connected: #{router.size}" }
+    end
+
+    # Advance the stream's state machine to the new state. XML nodes received
+    # by the stream will be passed to this state's +node+ method.
+    def advance(state)
+      @state = state
+    end
+
+    # Stream level errors close the stream while stanza and SASL errors are
+    # written to the client and leave the stream open. All exceptions should
+    # pass through this method for consistent handling.
+    def error(e)
+      case e
+      when SaslError, StanzaError
+        write(e.to_xml)
+      when StreamError
+        send_stream_error(e)
+        close_stream
+      else
+        log.error(e)
+        send_stream_error(StreamErrors::InternalServerError.new)
+        close_stream
+      end
+    end
+
+    def router
+      @config.router
+    end
+
+    private
+
+    # Return the remote and local socket addresses used by this connection.
+    def addresses
+      [get_peername, get_sockname].map do |addr|
+        addr ? Socket.unpack_sockaddr_in(addr)[0, 2].reverse.join(':') : 'unknown'
+      end
+    end
+
+    # Write the StreamError's xml to the stream. Subclasses can override
+    # this method with custom error writing behavior.
+    def send_stream_error(e)
+      write(e.to_xml)
+    end
+
+    # Write a closing stream tag to the stream then close the stream. Subclasses
+    # can override this method for custom close behavior.
+    def close_stream
+      write('</stream:stream>')
+      close_connection_after_writing
+    end
+
+    def error?(node)
+      ns = node.namespace ? node.namespace.href : nil
+      node.name == ERROR && ns == NAMESPACES[:stream]
+    end
+
+    # Schedule a queue pop on the EM thread to handle the next element. This
+    # guarantees all stanzas received on this stream are processed in order.
+    # http://tools.ietf.org/html/rfc6120#section-10.1
+    def process_node_queue
+      @nodes.pop do |node|
+        Fiber.new do
+          process_node(node)
+          process_node_queue
+        end.resume unless @closed
+      end
+    end
+
+    def process_node(node)
+      log_node(node, :in)
+      @stanza_size = 0
+      enforce_rate_limit
+      if error?(node)
+        close_stream
+      else
+        state.node(node)
+      end
+    rescue => e
+      error(e)
+    end
+
+    def enforce_rate_limit
+      unless @bucket.take(1)
+        raise StreamErrors::PolicyViolation.new('rate limit exceeded')
+      end
+    end
+
+    def log_node(node, direction)
+      return unless log.debug?
+      from, to = @remote_addr, @local_addr
+      from, to = to, from if direction == :out
+      label = (direction == :out) ? 'Sent' : 'Received'
+      log.debug("%s %21s -> %s\n%s\n" %
+        ["#{label} stanza:".ljust(PAD), from, to, node])
+    end
+
+    # Returns the current +State+ of the stream's state machine. Provided as a
+    # method so subclasses can override the behavior.
+    def state
+      @state
+    end
+
+    # Return +true+ if this is a valid domain-only JID that can be used in
+    # stream initiation stanza headers.
+    def valid_address?(jid)
+      JID.new(jid).domain? rescue false
+    end
+  end
+end

data/lib/vines/token_bucket.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+
+module Vines
+
+  # The token bucket algorithm is useful for rate limiting.
+  # Before an operation can be completed, a token is taken from
+  # the bucket.  If no tokens are available, the operation fails.
+  # The bucket is refilled with tokens at the maximum allowed rate
+  # of operations.
+  class TokenBucket
+
+    # Create a full bucket with `capacity` number of tokens to be filled
+    # at the given rate of tokens/second.
+    #
+    # capacity - The Fixnum maximum number of tokens the bucket can hold.
+    # rate     - The Fixnum number of tokens per second at which the bucket is
+    #            refilled.
+    def initialize(capacity, rate)
+      raise ArgumentError.new('capacity must be > 0') unless capacity > 0
+      raise ArgumentError.new('rate must be > 0') unless rate > 0
+      @capacity = capacity
+      @tokens = capacity
+      @rate = rate
+      @timestamp = Time.new
+    end
+
+    # Remove tokens from the bucket if it's full enough. There's no way, or
+    # need, to add tokens to the bucket. It refills over time.
+    #
+    # tokens - The Fixnum number of tokens to attempt to take from the bucket.
+    #
+    # Returns true if the bucket contains enough tokens to take, false if the
+    # bucket isn't full enough to satisy the request.
+    def take(tokens)
+      raise ArgumentError.new('tokens must be > 0') unless tokens > 0
+      tokens <= fill ? @tokens -= tokens : false
+    end
+
+    private
+
+    # Add tokens to the bucket at the `rate` provided in the constructor. This
+    # fills the bucket slowly over time.
+    #
+    # Returns the Fixnum number of tokens left in the bucket.
+    def fill
+      if @tokens < @capacity
+        now = Time.new
+        @tokens += (@rate * (now - @timestamp)).round
+        @tokens = @capacity if @tokens > @capacity
+        @timestamp = now
+      end
+      @tokens
+    end
+  end
+end

data/lib/vines/user.rb

@@ -0,0 +1,123 @@
+# encoding: UTF-8
+
+module Vines
+  class User
+    include Comparable
+
+    attr_accessor :name, :password, :roster
+    attr_reader :jid
+
+    def initialize(args={})
+      @jid = JID.new(args[:jid])
+      raise ArgumentError, 'invalid jid' if @jid.empty?
+
+      @name = args[:name]
+      @password = args[:password]
+      @roster = args[:roster] || []
+    end
+
+    def <=>(user)
+      user.is_a?(User) ? self.jid.to_s <=> user.jid.to_s : nil
+    end
+
+    alias :eql? :==
+
+    def hash
+      jid.to_s.hash
+    end
+
+    # Update this user's information from the given user object.
+    def update_from(user)
+      @name = user.name
+      @password = user.password
+      @roster = user.roster.map {|c| c.clone }
+    end
+
+    # Return true if the jid is on this user's roster.
+    def follower?(jid)
+      !follower(jid).nil?
+    end
+
+    # Returns the follower with this jid or nil if not found.
+    def follower(jid)
+      bare = JID.new(jid).bare
+      @roster.find {|c| c.jid.bare == bare }
+    end
+
+    # Returns true if the user is subscribed to this follower's
+    # presence updates.
+    def subscribed_to?(jid)
+      follower = follower(jid)
+      follower && follower.subscribed_to?
+    end
+
+    # Returns true if the user has a presence subscription from this follower.
+    # The follower is subscribed to this user's presence.
+    def subscribed_from?(jid)
+      follower = follower(jid)
+      follower && follower.subscribed_from?
+    end
+
+    # Removes the follower with this jid from the user's roster.
+    def remove_follower(jid)
+      bare = JID.new(jid).bare
+      @roster.reject! {|c| c.jid.bare == bare }
+    end
+
+    # Returns a list of the followers to which this user has
+    # successfully subscribed.
+    def subscribed_to_followers
+      @roster.select {|c| c.subscribed_to? }
+    end
+
+    # Returns a list of the followers that are subscribed to this user's
+    # presence updates.
+    def subscribed_from_followers
+      @roster.select {|c| c.subscribed_from? }
+    end
+
+    # Update the follower's jid on this user's roster to signal that this user
+    # has requested the follower's permission to receive their presence updates.
+    def request_subscription(jid)
+      unless follower = follower(jid)
+        follower = Follower.new(:jid => jid)
+        @roster << follower
+      end
+      follower.ask = 'subscribe' if %w[none from].include?(follower.subscription)
+    end
+
+    # Add the user's jid to this follower's roster with a subscription state of
+    # 'from.' This signals that this follower has approved a user's subscription.
+    def add_subscription_from(jid)
+      unless follower = follower(jid)
+        follower = Follower.new(:jid => jid)
+        @roster << follower
+      end
+      follower.subscribe_from
+    end
+
+    def remove_subscription_to(jid)
+      if follower = follower(jid)
+        follower.unsubscribe_to
+      end
+    end
+
+    def remove_subscription_from(jid)
+      if follower = follower(jid)
+        follower.unsubscribe_from
+      end
+    end
+
+    # Returns this user's roster followers as an iq query element.
+    def to_roster_xml(id)
+      doc = Nokogiri::XML::Document.new
+      doc.create_element('iq', 'id' => id, 'type' => 'result') do |el|
+        el << doc.create_element('query', 'xmlns' => 'jabber:iq:roster') do |query|
+          @roster.sort!.each do |follower|
+            query << follower.to_roster_xml
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/version.rb

@@ -0,0 +1,6 @@
+# encoding: UTF-8
+
+module Vines
+  # vines forked version 0.4.9
+  VERSION = '0.1.1'
+end

data/lib/vines/xmpp_server.rb

@@ -0,0 +1,25 @@
+# encoding: UTF-8
+
+module Vines
+
+  # The main starting point for the XMPP server process. Starts the
+  # EventMachine processing loop and registers the XMPP protocol handler
+  # with the ports defined in the server configuration file.
+  class XmppServer
+    include Vines::Log
+
+    def initialize(config)
+      @config = config
+    end
+
+    def start
+      log.info('XMPP server started')
+      at_exit { log.fatal('XMPP server stopped') }
+      EM.epoll
+      EM.kqueue
+      EM.run do
+        @config.ports.each {|port| port.start }
+      end
+    end
+  end
+end