vinesmod 0.4.5

data/lib/vines/stream/client/auth_restart.rb

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class AuthRestart < State
+        def initialize(stream, success=Auth)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless stream?(node)
+          stream.start(node)
+          doc = Document.new
+          features = doc.create_element('stream:features') do |el|
+            el << doc.create_element('mechanisms') do |parent|
+              parent.default_namespace = NAMESPACES[:sasl]
+              stream.authentication_mechanisms.each do |name|
+                parent << doc.create_element('mechanism', name)
+              end
+            end
+          end
+          stream.write(features)
+          advance
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/bind.rb

@@ -0,0 +1,72 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class Bind < State
+        NS = NAMESPACES[:bind]
+        MAX_ATTEMPTS = 5
+
+        def initialize(stream, success=Ready)
+          super
+          @attempts = 0
+        end
+
+        def node(node)
+          @attempts += 1
+          raise StreamErrors::NotAuthorized unless bind?(node)
+          raise StreamErrors::PolicyViolation.new('max bind attempts reached') if @attempts > MAX_ATTEMPTS
+          raise StanzaErrors::ResourceConstraint.new(node, 'wait') if resource_limit_reached?
+
+          stream.bind!(resource(node))
+          doc = Document.new
+          result = doc.create_element('iq', 'id' => node['id'], 'type' => 'result') do |el|
+            el << doc.create_element('bind') do |bind|
+              bind.default_namespace = NS
+              bind << doc.create_element('jid', stream.user.jid.to_s)
+            end
+          end
+          stream.write(result)
+          send_empty_features
+          advance
+        end
+
+        private
+
+        # Write the final <stream:features/> element to the stream, indicating
+        # stream negotiation is complete and the client is cleared to send
+        # stanzas.
+        def send_empty_features
+          stream.write('<stream:features/>')
+        end
+
+        def bind?(node)
+          node.name == 'iq' && node['type'] == 'set' && node.xpath('ns:bind', 'ns' => NS).any?
+        end
+
+        def resource(node)
+          el = node.xpath('ns:bind/ns:resource', 'ns' => NS).first
+          resource = el ? el.text.strip : ''
+          generate = resource.empty? || !resource_valid?(resource) || resource_used?(resource)
+          generate ? Kit.uuid : resource
+        end
+
+        def resource_limit_reached?
+          used = stream.connected_resources(stream.user.jid.bare).size
+          used >= stream.max_resources_per_account
+        end
+
+        def resource_used?(resource)
+          stream.available_resources(stream.user.jid).any? do |c|
+            c.user.jid.resource == resource
+          end
+        end
+
+        def resource_valid?(resource)
+          jid = stream.user.jid
+          JID.new(jid.node, jid.domain, resource) rescue false
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/bind_restart.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class BindRestart < State
+        def initialize(stream, success=Bind)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless stream?(node)
+          stream.start(node)
+          doc = Document.new
+          features = doc.create_element('stream:features') do |el|
+            el << doc.create_element('bind', 'xmlns' => NAMESPACES[:bind])
+          end
+          stream.write(features)
+          advance
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/closed.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class Closed < State
+        def node(node)
+          # ignore data received after close_connection
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/ready.rb

@@ -0,0 +1,17 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class Ready < State
+        def node(node)
+          stanza = to_stanza(node)
+          raise StreamErrors::UnsupportedStanzaType unless stanza
+          stanza.validate_to
+          stanza.validate_from
+          stanza.process
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/session.rb

@@ -0,0 +1,210 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      # A Session tracks the state of a client stream over its lifetime from
+      # negotiation to processing stanzas to shutdown. By disconnecting the
+      # stream's state from the stream, we can allow multiple TCP connections
+      # to access one logical session (e.g. HTTP streams).
+      class Session
+        include Comparable
+
+        attr_accessor :domain, :user
+        attr_reader   :id, :last_broadcast_presence, :state
+
+        def initialize(stream)
+          @stream = stream
+          @id = Kit.uuid
+          @config = stream.config
+          @state = Client::Start.new(stream)
+          @available = false
+          @domain = nil
+          @last_broadcast_presence = nil
+          @requested_roster = false
+          @unbound = false
+          @user = nil
+        end
+
+        def <=>(session)
+          session.is_a?(Session) ? self.id <=> session.id : nil
+        end
+
+        alias :eql? :==
+
+        def hash
+          @id.hash
+        end
+
+        def advance(state)
+          @state = state
+        end
+
+        # Returns true if this client has properly authenticated with
+        # the server.
+        def authenticated?
+          !@user.nil?
+        end
+
+        # Notify the session that the client has sent an initial presence
+        # broadcast and is now considered to be an "available" resource.
+        # Available resources are sent presence subscription stanzas.
+        def available!
+          @available = true
+          save_to_cluster
+        end
+
+        # An available resource has sent initial presence and can
+        # receive presence subscription requests.
+        def available?
+          @available && connected?
+        end
+
+        # Complete resource binding with the given resource name, provided by the
+        # client or generated by the server. Once resource binding is completed,
+        # the stream is considered to be "connected" and ready for traffic.
+        def bind!(resource)
+          @user.jid.resource = resource
+          router << self
+          save_to_cluster
+        end
+
+        # A connected resource has authenticated and bound a resource
+        # identifier.
+        def connected?
+          !@unbound && authenticated? && !@user.jid.bare?
+        end
+
+        # An interested resource has requested its roster and can
+        # receive roster pushes.
+        def interested?
+          @requested_roster && connected?
+        end
+
+        def last_broadcast_presence=(node)
+          @last_broadcast_presence = node
+          save_to_cluster
+        end
+
+        def ready?
+          @state.class == Client::Ready
+        end
+
+        # Notify the session that the client has requested its roster and is now
+        # considered to be an "interested" resource. Interested resources are sent
+        # roster pushes when changes are made to their contacts.
+        def requested_roster!
+          @requested_roster = true
+          save_to_cluster
+        end
+
+        def stream_type
+          :client
+        end
+
+        def write(data)
+          @stream.write(data)
+        end
+
+        # Called by the stream when it's disconnected from the client. The stream
+        # passes itself to this method in case multiple streams are accessing this
+        # session (e.g. BOSH/HTTP).
+        def unbind!(stream)
+          router.delete(self)
+          delete_from_cluster
+          unsubscribe_pubsub
+          @unbound = true
+          @available = false
+          broadcast_unavailable
+        end
+
+        # Returns streams for available resources to which this user
+        # has successfully subscribed.
+        def available_subscribed_to_resources
+          subscribed = @user.subscribed_to_contacts.map {|c| c.jid }
+          router.available_resources(subscribed, @user.jid)
+        end
+
+        # Returns streams for available resources that are subscribed
+        # to this user's presence updates.
+        def available_subscribers
+          subscribed = @user.subscribed_from_contacts.map {|c| c.jid }
+          router.available_resources(subscribed, @user.jid)
+        end
+
+        # Returns contacts hosted at remote servers to which this user has
+        # successfully subscribed.
+        def remote_subscribed_to_contacts
+          @user.subscribed_to_contacts.reject do |c|
+            @config.local_jid?(c.jid)
+          end
+        end
+
+        # Returns contacts hosted at remote servers that are subscribed
+        # to this user's presence updates.
+        def remote_subscribers(to=nil)
+          jid = (to.nil? || to.empty?) ? nil : JID.new(to).bare
+          @user.subscribed_from_contacts.reject do |c|
+            @config.local_jid?(c.jid) || (jid && c.jid.bare != jid)
+          end
+        end
+
+        private
+
+        def broadcast_unavailable
+          return unless authenticated?
+          Fiber.new do
+            broadcast(unavailable, available_subscribers)
+            broadcast(unavailable, router.available_resources(@user.jid, @user.jid))
+            remote_subscribers.each do |contact|
+              node = unavailable
+              node['to'] = contact.jid.bare.to_s
+              router.route(node) rescue nil # ignore RemoteServerNotFound
+            end
+          end.resume
+        end
+
+        def unavailable
+          doc = Nokogiri::XML::Document.new
+          doc.create_element('presence',
+            'from' => @user.jid.to_s,
+            'type' => 'unavailable')
+        end
+
+        def broadcast(stanza, recipients)
+          recipients.each do |recipient|
+            stanza['to'] = recipient.user.jid.to_s
+            recipient.write(stanza)
+          end
+        end
+
+        def router
+          @config.router
+        end
+
+        def save_to_cluster
+          if @config.cluster?
+            @config.cluster.save_session(@user.jid, to_hash)
+          end
+        end
+
+        def delete_from_cluster
+          if connected? && @config.cluster?
+            @config.cluster.delete_session(@user.jid)
+          end
+        end
+
+        def unsubscribe_pubsub
+          if connected?
+            @config.vhost(@user.jid.domain).unsubscribe_pubsub(@user.jid)
+          end
+        end
+
+        def to_hash
+          presence = @last_broadcast_presence ? @last_broadcast_presence.to_s : nil
+          {available: @available, interested: @requested_roster, presence: presence.to_s}
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/start.rb

@@ -0,0 +1,27 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class Start < State
+        def initialize(stream, success=TLS)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless stream?(node)
+          stream.start(node)
+          doc = Document.new
+          features = doc.create_element('stream:features') do |el|
+            el << doc.create_element('starttls') do |tls|
+              tls.default_namespace = NAMESPACES[:tls]
+              tls << doc.create_element('required')
+            end
+          end
+          stream.write(features)
+          advance
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/client/tls.rb

@@ -0,0 +1,38 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Client
+      class TLS < State
+        NS = NAMESPACES[:tls]
+        PROCEED  = %Q{<proceed xmlns="#{NS}"/>}.freeze
+        FAILURE  = %Q{<failure xmlns="#{NS}"/>}.freeze
+        STARTTLS = 'starttls'.freeze
+
+        def initialize(stream, success=AuthRestart)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless starttls?(node)
+          if stream.encrypt?
+            stream.write(PROCEED)
+            stream.encrypt
+            stream.reset
+            advance
+          else
+            stream.write(FAILURE)
+            stream.write('</stream:stream>')
+            stream.close_connection_after_writing
+          end
+        end
+
+        private
+
+        def starttls?(node)
+          node.name == STARTTLS && namespace(node) == NS
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/component.rb

@@ -0,0 +1,58 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+
+    # Implements the XMPP protocol for trusted, external component (XEP-0114)
+    # streams. This serves connected streams using the jabber:component:accept
+    # namespace.
+    class Component < Stream
+      attr_reader :remote_domain
+
+      def initialize(config)
+        super
+        @remote_domain = nil
+        @stream_id = Kit.uuid
+        advance(Start.new(self))
+      end
+
+      def max_stanza_size
+        config[:component].max_stanza_size
+      end
+
+      def ready?
+        state.class == Component::Ready
+      end
+
+      def stream_type
+        :component
+      end
+
+      def start(node)
+        @remote_domain = node['to']
+        send_stream_header
+        raise StreamErrors::ImproperAddressing unless valid_address?(@remote_domain)
+        raise StreamErrors::HostUnknown unless config.component?(@remote_domain)
+        raise StreamErrors::InvalidNamespace unless node.namespaces['xmlns'] == NAMESPACES[:component]
+        raise StreamErrors::InvalidNamespace unless node.namespaces['xmlns:stream'] == NAMESPACES[:stream]
+      end
+
+      def secret
+        password = config.component_password(@remote_domain)
+        Digest::SHA1.hexdigest(@stream_id + password)
+      end
+
+      private
+
+      def send_stream_header
+        attrs = {
+          'xmlns' => NAMESPACES[:component],
+          'xmlns:stream' => NAMESPACES[:stream],
+          'id' => @stream_id,
+          'from' => @remote_domain
+        }
+        write "<stream:stream %s>" % attrs.to_a.map{|k,v| "#{k}='#{v}'"}.join(' ')
+      end
+    end
+  end
+end