vinesmod 0.4.5

data/lib/vines/stream/component/handshake.rb

@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Component
+      class Handshake < State
+        def initialize(stream, success=Ready)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless handshake?(node)
+          stream.write('<handshake/>')
+          stream.router << stream
+          advance
+        end
+
+        private
+
+        def handshake?(node)
+          node.name == 'handshake' && node.text == stream.secret
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/component/ready.rb

@@ -0,0 +1,23 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Component
+      class Ready < State
+        def node(node)
+          stanza = to_stanza(node)
+          raise StreamErrors::UnsupportedStanzaType unless stanza
+          to, from = stanza.validate_to, stanza.validate_from
+          raise StreamErrors::ImproperAddressing unless to && from
+          raise StreamErrors::InvalidFrom unless from.domain == stream.remote_domain
+          stream.user = User.new(jid: from)
+          if stanza.local? || stanza.to_pubsub_domain?
+            stanza.process
+          else
+            stanza.route
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/component/start.rb

@@ -0,0 +1,19 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Component
+      class Start < State
+        def initialize(stream, success=Handshake)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless stream?(node)
+          stream.start(node)
+          advance
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/http.rb

@@ -0,0 +1,157 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http < Client
+      attr_accessor :session
+
+      def initialize(config)
+        super
+        @session = Http::Session.new(self)
+      end
+
+      # Override +Stream#create_parser+ to provide an HTTP parser rather than
+      # a Nokogiri XML parser.
+      def create_parser
+        @parser = ::Http::Parser.new.tap do |p|
+          body = ''
+          p.on_body = proc {|data| body << data }
+          p.on_message_complete = proc {
+            process_request(Request.new(self, @parser, body))
+            body = ''
+          }
+        end
+      end
+
+      # If the session ID is valid, switch this stream's session to the new
+      # ID and return true. Some clients, like Google Chrome, reuse one stream
+      # for multiple sessions.
+      def valid_session?(sid)
+        if session = Sessions[sid]
+          @session = session
+        end
+        !!session
+      end
+
+      %w[max_stanza_size max_resources_per_account bind root].each do |name|
+        define_method name do |*args|
+          config[:http].send(name, *args)
+        end
+      end
+
+      def process_request(request)
+        if request.path == self.bind && request.options?
+          request.reply_to_options
+        elsif request.path == self.bind
+          body = Nokogiri::XML(request.body).root
+          if session = Sessions[body['sid']]
+            @session = session
+          else
+            @session = Http::Session.new(self)
+          end
+          @session.request(request)
+          @nodes.push(body)
+        else
+          request.reply_with_file(self.root)
+        end
+      end
+
+      # Alias the Stream#write method before overriding it so we can call
+      # it later from a Session instance.
+      alias :stream_write :write
+
+      # Override Stream#write to queue stanzas rather than immediately writing
+      # to the stream. Stanza responses must be paired with a queued request.
+      def write(data)
+        @session.write(data)
+      end
+
+      # Return an array of Node objects inside the body element.
+      # TODO This parses the XML again just to strip namespaces. Figure out
+      # Nokogiri namespace handling instead.
+      def parse_body(body)
+        body.namespace = nil
+        body.elements.map do |node|
+          Nokogiri::XML(node.to_s.sub(' xmlns="jabber:client"', '')).root
+        end
+      end
+
+      def start(node)
+        domain, type, hold, wait, rid = %w[to content hold wait rid].map {|a| (node[a] || '').strip }
+        version = node.attribute_with_ns('version', NAMESPACES[:bosh]).value rescue nil
+
+        @session.inactivity = 20
+        @session.domain = domain
+        @session.content_type = type unless type.empty?
+        @session.hold = hold.to_i unless hold.empty?
+        @session.wait = wait.to_i unless wait.empty?
+
+        raise StreamErrors::UndefinedCondition.new('rid required') if rid.empty?
+        raise StreamErrors::UnsupportedVersion unless version == '1.0'
+        raise StreamErrors::ImproperAddressing unless valid_address?(domain)
+        raise StreamErrors::HostUnknown unless config.vhost?(domain)
+        raise StreamErrors::InvalidNamespace unless node.namespaces['xmlns'] == NAMESPACES[:http_bind]
+
+        Sessions[@session.id] = @session
+        send_stream_header
+      end
+
+      def terminate
+        doc = Nokogiri::XML::Document.new
+        node = doc.create_element('body',
+          'type'  => 'terminate',
+          'xmlns' => NAMESPACES[:http_bind])
+        @session.reply(node)
+        close_stream
+      end
+
+      private
+
+      def send_stream_header
+        doc = Nokogiri::XML::Document.new
+        node = doc.create_element('body',
+          'charsets'     => 'UTF-8',
+          'from'         => @session.domain,
+          'hold'         => @session.hold,
+          'inactivity'   => @session.inactivity,
+          'polling'      => '5',
+          'requests'     => '2',
+          'sid'          => @session.id,
+          'ver'          => '1.6',
+          'wait'         => @session.wait,
+          'xmpp:version' => '1.0',
+          'xmlns'        => NAMESPACES[:http_bind],
+          'xmlns:xmpp'   => NAMESPACES[:bosh],
+          'xmlns:stream' => NAMESPACES[:stream])
+
+        node << doc.create_element('stream:features') do |el|
+          el << doc.create_element('mechanisms') do |mechanisms|
+            mechanisms.default_namespace = NAMESPACES[:sasl]
+            mechanisms << doc.create_element('mechanism', 'PLAIN')
+          end
+        end
+        @session.reply(node)
+      end
+
+      # Override +Stream#send_stream_error+ to wrap the error XML in a BOSH
+      # terminate body tag.
+      def send_stream_error(e)
+        doc = Nokogiri::XML::Document.new
+        node = doc.create_element('body',
+          'condition'    => 'remote-stream-error',
+          'type'         => 'terminate',
+          'xmlns'        => NAMESPACES[:http_bind],
+          'xmlns:stream' => NAMESPACES[:stream])
+        node.inner_html = e.to_xml
+        @session.reply(node)
+      end
+
+      # Override +Stream#close_stream+ to simply close the connection without
+      # writing a closing stream tag.
+      def close_stream
+        close_connection_after_writing
+        @session.close
+      end
+    end
+  end
+end

data/lib/vines/stream/http/auth.rb

@@ -0,0 +1,22 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http
+      class Auth < Client::Auth
+        def initialize(stream, success=BindRestart)
+          super
+        end
+
+        def node(node)
+          unless stream.valid_session?(node['sid']) && body?(node) && node['rid']
+            raise StreamErrors::NotAuthorized
+          end
+          nodes = stream.parse_body(node)
+          raise StreamErrors::NotAuthorized unless nodes.size == 1
+          super(nodes.first)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/http/bind.rb

@@ -0,0 +1,32 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http
+      class Bind < Client::Bind
+        FEATURES = %Q{<stream:features xmlns:stream="#{NAMESPACES[:stream]}"/>}.freeze
+
+        def initialize(stream, success=Ready)
+          super
+        end
+
+        def node(node)
+          unless stream.valid_session?(node['sid']) && body?(node) && node['rid']
+            raise StreamErrors::NotAuthorized
+          end
+          nodes = stream.parse_body(node)
+          raise StreamErrors::NotAuthorized unless nodes.size == 1
+          super(nodes.first)
+        end
+
+        private
+
+        # Override Client::Bind#send_empty_features to properly namespace the
+        # empty features element.
+        def send_empty_features
+          stream.write(FEATURES)
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/http/bind_restart.rb

@@ -0,0 +1,37 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http
+      class BindRestart < State
+        def initialize(stream, success=Bind)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless restart?(node)
+
+          doc = Document.new
+          body = doc.create_element('body') do |el|
+            el.add_namespace(nil, NAMESPACES[:http_bind])
+            el.add_namespace('stream', NAMESPACES[:stream])
+            el << doc.create_element('stream:features') do |features|
+              features << doc.create_element('bind', 'xmlns' => NAMESPACES[:bind])
+            end
+          end
+          stream.reply(body)
+          advance
+        end
+
+        private
+
+        def restart?(node)
+          session = stream.valid_session?(node['sid'])
+          restart = node.attribute_with_ns('restart', NAMESPACES[:bosh]).value rescue nil
+          domain  = node['to'] == stream.domain
+          session && body?(node) && domain && restart == 'true' && node['rid']
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/http/ready.rb

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http
+      class Ready < Client::Ready
+        RID, SID, TYPE, TERMINATE = %w[rid sid type terminate].map {|s| s.freeze }
+
+        def node(node)
+          unless stream.valid_session?(node[SID]) && body?(node) && node[RID]
+            raise StreamErrors::NotAuthorized
+          end
+          stream.parse_body(node).each do |child|
+            begin
+              super(child)
+            rescue StanzaError => e
+              stream.error(e)
+            end
+          end
+          stream.terminate if terminate?(node)
+        end
+
+        def terminate?(node)
+          node[TYPE] == TERMINATE
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/http/request.rb

@@ -0,0 +1,172 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Http
+      class Request
+        BUF_SIZE      = 1024
+        MODIFIED      = '%a, %d %b %Y %H:%M:%S GMT'.freeze
+        MOVED         = 'Moved Permanently'.freeze
+        NOT_FOUND     = 'Not Found'.freeze
+        NOT_MODIFIED  = 'Not Modified'.freeze
+        IF_MODIFIED   = 'If-Modified-Since'.freeze
+        TEXT_PLAIN    = 'text/plain'.freeze
+        OPTIONS       = 'OPTIONS'.freeze
+        CONTENT_TYPES = {
+          'html'     => 'text/html; charset="utf-8"',
+          'js'       => 'application/javascript; charset="utf-8"',
+          'css'      => 'text/css',
+          'png'      => 'image/png',
+          'jpg'      => 'image/jpeg',
+          'jpeg'     => 'image/jpeg',
+          'gif'      => 'image/gif',
+          'manifest' => 'text/cache-manifest'
+        }.freeze
+
+        attr_reader :stream, :body, :headers, :method, :path, :url, :query
+
+        def initialize(stream, parser, body)
+          @stream, @body = stream, body
+          @headers  = parser.headers
+          @method   = parser.http_method
+          @path     = parser.request_path
+          @url      = parser.request_url
+          @query    = parser.query_string
+          @received = Time.now
+        end
+
+        # Return the number of seconds since this request was received.
+        def age
+          Time.now - @received
+        end
+
+        # Write the requested file to the client out of the given document root
+        # directory. Take care to prevent directory traversal attacks with paths
+        # like ../../../etc/passwd. Use the If-Modified-Since request header
+        # to implement caching.
+        def reply_with_file(dir)
+          path = File.expand_path(File.join(dir, @path))
+
+          # redirect requests missing a slash so relative links work
+          if File.directory?(path) && !@path.end_with?('/')
+            send_status(301, MOVED, "Location: #{redirect_uri}")
+            return
+          end
+
+          path = File.join(path, 'index.html') if File.directory?(path)
+
+          if path.start_with?(dir) && File.exist?(path)
+            modified?(path) ? send_file(path) : send_status(304, NOT_MODIFIED)
+          else
+            missing = File.join(dir, '404.html')
+            if File.exist?(missing)
+              send_file(missing, 404, NOT_FOUND)
+            else
+              send_status(404, NOT_FOUND)
+            end
+          end
+        end
+
+        # Send an HTTP 200 OK response wrapping the XMPP node content back
+        # to the client.
+        def reply(node, content_type)
+          body = node.to_s
+          header = [
+            "HTTP/1.1 200 OK",
+            "Access-Control-Allow-Origin: *",
+            "Content-Type: #{content_type}",
+            "Content-Length: #{body.bytesize}",
+            vroute_cookie
+          ].compact.join("\r\n")
+          @stream.stream_write([header, body].join("\r\n\r\n"))
+        end
+
+        # Return true if the request method is OPTIONS, signaling a
+        # CORS preflight check.
+        def options?
+          @method == OPTIONS
+        end
+
+        # Send a 200 OK response, allowing any origin domain to connect to the
+        # server, in response to CORS preflight OPTIONS requests. This allows
+        # any web application using strophe.js to connect to our BOSH port.
+        def reply_to_options
+          allow = @headers['Access-Control-Request-Headers']
+          headers = [
+            "Access-Control-Allow-Origin: *",
+            "Access-Control-Allow-Methods: POST, GET, OPTIONS",
+            "Access-Control-Allow-Headers: #{allow}",
+            "Access-Control-Max-Age: #{60 * 60 * 24 * 30}"
+          ]
+          send_status(200, 'OK', headers)
+        end
+
+        private
+
+        # Attempt to rebuild the full request URI from the Host header. If it
+        # wasn't sent by the client, just return the relative path that
+        # was requested. The Location response header must contain the fully
+        # qualified URI, but most browsers will accept relative paths as well.
+        def redirect_uri
+          host = headers['Host']
+          uri = "#{path}/"
+          uri = "#{uri}?#{query}" unless (query || '').empty?
+          uri = "http://#{host}#{uri}" if host
+          uri
+        end
+
+        # Return true if the file has been modified since the client last
+        # requested it with the If-Modified-Since header.
+        def modified?(path)
+          @headers[IF_MODIFIED] != mtime(path)
+        end
+
+        def mtime(path)
+          File.mtime(path).utc.strftime(MODIFIED)
+        end
+
+        def send_status(status, message, *headers)
+          header = [
+            "HTTP/1.1 #{status} #{message}",
+            "Content-Length: 0",
+            *headers
+          ].join("\r\n")
+          @stream.stream_write("#{header}\r\n\r\n")
+        end
+
+        # Stream the contents of the file to the client in a 200 OK response.
+        # Send a Last-Modified response header so clients can send us an
+        # If-Modified-Since request header for caching.
+        def send_file(path, status=200, message='OK')
+          header = [
+            "HTTP/1.1 #{status} #{message}",
+            "Content-Type: #{content_type(path)}",
+            "Content-Length: #{File.size(path)}",
+            "Last-Modified: #{mtime(path)}"
+          ].join("\r\n")
+          @stream.stream_write("#{header}\r\n\r\n")
+
+          File.open(path) do |file|
+            while (buf = file.read(BUF_SIZE)) != nil
+              @stream.stream_write(buf)
+            end
+          end
+        end
+
+        def content_type(path)
+          ext = File.extname(path).sub('.', '')
+          CONTENT_TYPES[ext] || TEXT_PLAIN
+        end
+
+        # Provide a vroute cookie in each response that uniquely identifies this
+        # HTTP server. Reverse proxy servers (nginx/apache) can use this cookie
+        # to implement sticky sessions. Return nil if vroute was not set in
+        # config.rb and no cookie should be sent.
+        def vroute_cookie
+          route = @stream.config[:http].vroute
+          route ? "Set-Cookie: vroute=#{route}; path=/; HttpOnly" : nil
+        end
+      end
+    end
+  end
+end