vines 0.4.5 → 0.4.6

data/conf/config.rb

@@ -8,6 +8,11 @@ Vines::Config.configure do
   # level logs all XML sent and received by the server.
   log :info
 
+  # Set the directory in which to look for virtual hosts' TLS certificates.
+  # This is optional and defaults to the conf/certs directory created during
+  # `vines init`.
+  certs 'conf/certs'
+
   # Each host element below is a virtual host domain name that this server will
   # service. Hosts can share storage configurations or use separate databases.
   # TLS encryption is mandatory so each host must have a <domain>.crt and
@@ -16,6 +21,10 @@ Vines::Config.configure do
   # command. Change the example, 'wonderland.lit', domain name to your actual
   # domain.
   #
+  # The vines gem is distributed with a single 'fs' filesystem storage backend.
+  # Additional database support is provided by the vines-sql, vines-redis,
+  # vines-couchdb, and vines-mongodb gems.
+  #
   # The private_storage attribute allows clients to store XML fragments
   # on the server, using the XEP-0049 Private XML Storage feature.
   #
@@ -125,45 +134,3 @@ Vines::Config.configure do
   #  password ''
   #end
 end
-
-# Available storage implementations:
-
-#storage 'fs' do
-#  dir 'data'
-#end
-
-#storage 'couchdb' do
-#  host 'localhost'
-#  port 6984
-#  database 'xmpp'
-#  tls true
-#  username ''
-#  password ''
-#end
-
-#storage 'mongodb' do
-#  host 'localhost', 27017
-#  host 'localhost', 27018 # optional, connects to replica set
-#  database 'xmpp'
-#  tls true
-#  username ''
-#  password ''
-#  pool 5
-#end
-
-#storage 'redis' do
-#  host 'localhost'
-#  port 6379
-#  database 0
-#  password ''
-#end
-
-#storage 'sql' do
-#  adapter 'postgresql'
-#  host 'localhost'
-#  port 5432
-#  database 'xmpp'
-#  username ''
-#  password ''
-#  pool 5
-#end

data/lib/vines.rb

@@ -55,25 +55,22 @@ module Vines
 end
 
 %w[
-  active_record
   base64
   bcrypt
   digest/sha1
-  em-http
   em-hiredis
   eventmachine
   fiber
   fileutils
   http/parser
+  json
   logger
-  mongo
   net/ldap
   nokogiri
   openssl
   resolv
   set
   socket
-  uri
   yaml
 
   vines/log
@@ -110,13 +107,9 @@ end
   vines/stanza/pubsub/unsubscribe
 
   vines/storage
-  vines/storage/couchdb
   vines/storage/ldap
   vines/storage/local
-  vines/storage/mongodb
   vines/storage/null
-  vines/storage/redis
-  vines/storage/sql
 
   vines/config
   vines/config/host

data/lib/vines/command/cert.rb

@@ -5,8 +5,8 @@ module Vines
     class Cert
       def run(opts)
         raise 'vines cert <domain>' unless opts[:args].size == 1
-        dir = File.expand_path('../certs', opts[:config])
-        create_cert(opts[:args].first, dir)
+        require opts[:config]
+        create_cert(opts[:args].first, Config.instance.certs)
       end
 
       def create_cert(domain, dir)
@@ -33,9 +33,9 @@ module Vines
 
         cert.sign(key, OpenSSL::Digest::SHA1.new)
 
-        {'key' => key, 'crt' => cert}.each_pair do |ext, o| 
+        {'key' => key, 'crt' => cert}.each_pair do |ext, o|
           name = File.join(dir, "#{domain}.#{ext}")
-          File.open(name, "w") {|f| f.write(o.to_pem) }
+          File.open(name, 'w:utf-8') {|f| f.write(o.to_pem) }
           File.chmod(0600, name) if ext == 'key'
         end
       end

data/lib/vines/command/init.rb

@@ -36,8 +36,8 @@ module Vines
 
       def update_config(domain, dir)
         config = File.expand_path('conf/config.rb', dir)
-        text = File.read(config)
-        File.open(config, 'w') do |f|
+        text = File.read(config, encoding: 'utf-8')
+        File.open(config, 'w:utf-8') do |f|
           f.write(text.gsub('wonderland.lit', domain))
         end
       end
@@ -65,4 +65,4 @@ module Vines
       end
     end
   end
-end
+end

data/lib/vines/config.rb

@@ -21,11 +21,20 @@ module Vines
     end
 
     def initialize(&block)
+      @certs = File.expand_path('conf/certs')
       @vhosts, @ports, @cluster = {}, {}, nil
       @null = Storage::Null.new
       @router = Router.new(self)
       instance_eval(&block)
       raise "must define at least one virtual host" if @vhosts.empty?
+
+      unless @certs && File.directory?(@certs) && File.readable?(@certs)
+        raise 'Must provide a readable certs directory'
+      end
+    end
+
+    def certs(dir=nil)
+      dir ? @certs = File.expand_path(dir) : @certs
     end
 
     def host(*names, &block)

data/lib/vines/kit.rb

@@ -12,17 +12,12 @@ module Vines
     # Generates a random uuid per rfc 4122 that's useful for including in
     # stream, iq, and other xmpp stanzas.
     def self.uuid
-      hex = (0...16).map { "%02x" % rand(256) }.join
-      hex[12] = '4'
-      hex[16] = %w[8 9 a b][rand(4)]
-      hex.scan(/(\w{8})(\w{4})(\w{4})(\w{4})(\w{12})/).first.join('-')
+      SecureRandom.uuid
     end
 
     # Generates a random 128 character authentication token.
     def self.auth_token
-      hash = Digest::SHA512.new
-      1024.times { hash << rand.to_s }
-      hash.hexdigest
+      SecureRandom.hex(64)
     end
   end
 end

data/lib/vines/storage/local.rb

@@ -27,8 +27,8 @@ module Vines
 
       def find_user(jid)
         jid = JID.new(jid).bare.to_s
-        file = absolute_path("user/#{jid}") unless jid.empty?
-        record = YAML.load_file(file) rescue nil
+        file = "user/#{jid}" unless jid.empty?
+        record = YAML.load(read(file)) rescue nil
         return User.new(jid: jid).tap do |user|
           user.name, user.password = record.values_at('name', 'password')
           (record['roster'] || {}).each_pair do |jid, props|
@@ -47,43 +47,48 @@ module Vines
         user.roster.each do |contact|
           record['roster'][contact.jid.bare.to_s] = contact.to_h
         end
-        save("user/#{user.jid.bare}") do |f|
-          YAML.dump(record, f)
-        end
+        save("user/#{user.jid.bare}", YAML.dump(record))
       end
 
       def find_vcard(jid)
         jid = JID.new(jid).bare.to_s
         return if jid.empty?
-        file = absolute_path("vcard/#{jid}")
-        Nokogiri::XML(File.read(file)).root rescue nil
+        file = "vcard/#{jid}"
+        Nokogiri::XML(read(file)).root rescue nil
       end
 
       def save_vcard(jid, card)
         jid = JID.new(jid).bare.to_s
         return if jid.empty?
-        save("vcard/#{jid}") do |f|
-          f.write(card.to_xml)
-        end
+        save("vcard/#{jid}", card.to_xml)
       end
 
       def find_fragment(jid, node)
         jid = JID.new(jid).bare.to_s
         return if jid.empty?
-        file = absolute_path("fragment/#{fragment_id(jid, node)}")
-        Nokogiri::XML(File.read(file)).root rescue nil
+        file = 'fragment/%s' % fragment_id(jid, node)
+        Nokogiri::XML(read(file)).root rescue nil
       end
 
       def save_fragment(jid, node)
         jid = JID.new(jid).bare.to_s
         return if jid.empty?
-        save("fragment/#{fragment_id(jid, node)}") do |f|
-          f.write(node.to_xml)
-        end
+        file = 'fragment/%s' % fragment_id(jid, node)
+        save(file, node.to_xml)
       end
 
       private
 
+      # Resolves a relative file name into an absolute path inside the
+      # storage directory.
+      #
+      # file - A fully-qualified or relative file name String.
+      #
+      # Returns the fully-qualified file path String.
+      #
+      # Raises RuntimeError if the resolved path is outside of the storage
+      # directory. This prevents directory path traversals with maliciously
+      # crafted JIDs.
       def absolute_path(file)
         File.expand_path(file, @dir).tap do |absolute|
           parent = File.dirname(File.dirname(absolute))
@@ -91,12 +96,40 @@ module Vines
         end
       end
 
-      def save(file)
+      # Read the file from the filesystem and return its contents as a String.
+      # All files are assumed to be encoded as UTF-8.
+      #
+      # file - A fully-qualified or relative file name String.
+      #
+      # Returns the file content as a UTF-8 encoded String.
+      def read(file)
+        file = absolute_path(file)
+        File.read(file, encoding: 'utf-8')
+      end
+
+      # Write the content to the file. Make sure to consistently encode files
+      # we read and write as UTF-8.
+      #
+      # file    - A fully-qualified or relative file name String.
+      # content - The String to write.
+      #
+      # Returns nothing.
+      def save(file, content)
         file = absolute_path(file)
-        File.open(file, 'w') {|f| yield f }
+        File.open(file, 'w:utf-8') {|f| f.write(content) }
         File.chmod(0600, file)
       end
 
+      # Generates a unique file id for the user's private XML fragment.
+      #
+      # Private XML fragment storage needs to uniquely identify fragment files
+      # on disk. We combine the user's JID with a SHA-1 hash of the element's
+      # name and namespace to avoid special characters in the file name.
+      #
+      # jid  - A bare JID identifying the user who owns this fragment.
+      # node - A Nokogiri::XML::Node for the XML to be stored.
+      #
+      # Returns an id String suitable for use in a file name.
       def fragment_id(jid, node)
         id = Digest::SHA1.hexdigest("#{node.name}:#{node.namespace.href}")
         "#{jid}-#{id}"

data/lib/vines/store.rb

@@ -43,10 +43,12 @@ module Vines
       unless @@sources
         pattern = /-{5}BEGIN CERTIFICATE-{5}\n.*?-{5}END CERTIFICATE-{5}\n/m
         pairs = Dir[File.join(@dir, '*.crt')].map do |name|
-          pems = File.read(name).scan(pattern)
-          certs = pems.map {|pem| OpenSSL::X509::Certificate.new(pem) }
-          certs.reject! {|cert| cert.not_after < Time.now }
-          [name, certs]
+          File.open(name, "r:UTF-8") do |f|
+            pems = f.read.scan(pattern)
+            certs = pems.map {|pem| OpenSSL::X509::Certificate.new(pem) }
+            certs.reject! {|cert| cert.not_after < Time.now }
+            [name, certs]
+          end
         end
         @@sources = Hash[pairs]
       end

data/lib/vines/stream.rb

@@ -21,7 +21,7 @@ module Vines
       @remote_addr, @local_addr = addresses
       @user, @closed, @stanza_size = nil, false, 0
       @bucket = TokenBucket.new(100, 10)
-      @store = Store.new(File.join(VINES_ROOT, 'conf', 'certs'))
+      @store = Store.new(@config.certs)
       @nodes = EM::Queue.new
       process_node_queue
       create_parser

data/lib/vines/stream/parser.rb

@@ -66,12 +66,13 @@ module Vines
       def node(name, attrs=[], prefix=nil, uri=nil, ns=[])
         ignore = stream?(name, uri) ? [] : IGNORE
         doc = @node ? @node.document : Document.new
-        doc.create_element(name) do |node|
+        node = doc.create_element(name) do |node|
           attrs.each {|attr| node[attr.localname] = attr.value }
           ns.each {|prefix, uri| node.add_namespace(prefix, uri) unless ignore.include?(uri) }
-          node.namespace = node.add_namespace(prefix, uri) unless ignore.include?(uri)
           doc << node unless @node
         end
+        node.namespace = node.add_namespace(prefix, uri) unless ignore.include?(uri)
+        node
       end
     end
   end

data/lib/vines/token_bucket.rb

@@ -9,8 +9,12 @@ module Vines
   # of operations.
   class TokenBucket
 
-    # Create a full bucket with capacity number of tokens to be filled
+    # Create a full bucket with `capacity` number of tokens to be filled
     # at the given rate of tokens/second.
+    #
+    # capacity - The Fixnum maximum number of tokens the bucket can hold.
+    # rate     - The Fixnum number of tokens per second at which the bucket is
+    #            refilled.
     def initialize(capacity, rate)
       raise ArgumentError.new('capacity must be > 0') unless capacity > 0
       raise ArgumentError.new('rate must be > 0') unless rate > 0
@@ -20,24 +24,29 @@ module Vines
       @timestamp = Time.new
     end
 
-    # Returns true if tokens can be taken from the bucket.
+    # Remove tokens from the bucket if it's full enough. There's no way, or
+    # need, to add tokens to the bucket. It refills over time.
+    #
+    # tokens - The Fixnum number of tokens to attempt to take from the bucket.
+    #
+    # Returns true if the bucket contains enough tokens to take, false if the
+    # bucket isn't full enough to satisy the request.
     def take(tokens)
       raise ArgumentError.new('tokens must be > 0') unless tokens > 0
-      if tokens <= fill
-        @tokens -= tokens
-        true
-      else
-        false
-      end
+      tokens <= fill ? @tokens -= tokens : false
     end
 
     private
 
+    # Add tokens to the bucket at the `rate` provided in the constructor. This
+    # fills the bucket slowly over time.
+    #
+    # Returns the Fixnum number of tokens left in the bucket.
     def fill
       if @tokens < @capacity
         now = Time.new
-        delta = (@rate * (now - @timestamp)).round
-        @tokens = [@capacity, @tokens + delta].min
+        @tokens += (@rate * (now - @timestamp)).round
+        @tokens = @capacity if @tokens > @capacity
         @timestamp = now
       end
       @tokens

data/lib/vines/version.rb

@@ -1,5 +1,5 @@
 # encoding: UTF-8
 
 module Vines
-  VERSION = '0.4.5'
+  VERSION = '0.4.6'
 end

data/test/cluster/publisher_test.rb

@@ -1,45 +1,57 @@
 # encoding: UTF-8
 
-require 'vines'
-require 'minitest/autorun'
-
-class ClusterPublisherTest < MiniTest::Unit::TestCase
-  def setup
-    @connection = MiniTest::Mock.new
-    @cluster = MiniTest::Mock.new
-    @cluster.expect(:id, 'abc')
-    @cluster.expect(:connection, @connection)
-  end
+require 'test_helper'
+
+describe Vines::Cluster::Publisher do
+  subject          { Vines::Cluster::Publisher.new(cluster) }
+  let(:connection) { MiniTest::Mock.new }
+  let(:cluster)    { MiniTest::Mock.new }
 
-  def test_broadcast
-    msg = {from: 'abc', type: 'online', time: Time.now.to_i}.to_json
-    @connection.expect(:publish, nil, ["cluster:nodes:all", msg])
+  before do
+    cluster.expect :id, 'abc'
+    cluster.expect :connection, connection
+  end
 
-    publisher = Vines::Cluster::Publisher.new(@cluster)
-    publisher.broadcast(:online)
-    assert @connection.verify
-    assert @cluster.verify
+  describe '#broadcast' do
+    before do
+      msg = {from: 'abc', type: 'online', time: Time.now.to_i}.to_json
+      connection.expect :publish, nil, ["cluster:nodes:all", msg]
+    end
+
+    it 'publishes the message to every cluster node' do
+      subject.broadcast(:online)
+      connection.verify
+      cluster.verify
+    end
   end
 
-  def test_route
-    stanza = "<message>hello</message>"
-    msg = {from: 'abc', type: 'stanza', stanza: stanza}.to_json
-    @connection.expect(:publish, nil, ["cluster:nodes:node-42", msg])
+  describe '#route' do
+    let(:stanza) { "<message>hello</message>" }
 
-    publisher = Vines::Cluster::Publisher.new(@cluster)
-    publisher.route(stanza, "node-42")
-    assert @connection.verify
-    assert @cluster.verify
+    before do
+      msg = {from: 'abc', type: 'stanza', stanza: stanza}.to_json
+      connection.expect :publish, nil, ["cluster:nodes:node-42", msg]
+    end
+
+    it 'publishes the message to just one cluster node' do
+      subject.route(stanza, "node-42")
+      connection.verify
+      cluster.verify
+    end
   end
 
-  def test_update_user
-    jid = Vines::JID.new('alice@wonderland.lit')
-    msg = {from: 'abc', type: 'user', jid: jid.to_s}.to_json
-    @connection.expect(:publish, nil, ["cluster:nodes:node-42", msg])
+  describe '#update_user' do
+    let(:jid) { Vines::JID.new('alice@wonderland.lit') }
+
+    before do
+      msg = {from: 'abc', type: 'user', jid: jid.to_s}.to_json
+      connection.expect :publish, nil, ["cluster:nodes:node-42", msg]
+    end
 
-    publisher = Vines::Cluster::Publisher.new(@cluster)
-    publisher.update_user(jid, "node-42")
-    assert @connection.verify
-    assert @cluster.verify
+    it 'publishes the new user to just one cluster node' do
+      subject.update_user(jid, "node-42")
+      connection.verify
+      cluster.verify
+    end
   end
 end