vinesmod 0.4.5

data/lib/vines/stream/server/auth.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Auth < Client::Auth
+        def initialize(stream, success=FinalRestart)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/auth_restart.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class AuthRestart < Client::AuthRestart
+        def initialize(stream, success=Auth)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/final_restart.rb

@@ -0,0 +1,21 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class FinalRestart < State
+        def initialize(stream, success=Ready)
+          super
+        end
+
+        def node(node)
+          raise StreamErrors::NotAuthorized unless stream?(node)
+          stream.start(node)
+          stream.write('<stream:features/>')
+          stream.router << stream
+          advance
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/auth.rb

@@ -0,0 +1,31 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class Auth < State
+          NS = NAMESPACES[:sasl]
+
+          def initialize(stream, success=AuthResult)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless external?(node)
+            authzid = Base64.strict_encode64(stream.domain)
+            stream.write(%Q{<auth xmlns="#{NS}" mechanism="EXTERNAL">#{authzid}</auth>})
+            advance
+          end
+
+          private
+
+          def external?(node)
+            external = node.xpath("ns:mechanisms/ns:mechanism[text()='EXTERNAL']", 'ns' => NS).any?
+            node.name == 'features' && namespace(node) == NAMESPACES[:stream] && external
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/auth_restart.rb

@@ -0,0 +1,20 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class AuthRestart < State
+          def initialize(stream, success=Auth)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless stream?(node)
+            advance
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/auth_result.rb

@@ -0,0 +1,32 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class AuthResult < State
+          SUCCESS = 'success'.freeze
+          FAILURE = 'failure'.freeze
+
+          def initialize(stream, success=FinalRestart)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless namespace(node) == NAMESPACES[:sasl]
+            case node.name
+            when SUCCESS
+              stream.start(node)
+              stream.reset
+              advance
+            when FAILURE
+              stream.close_connection
+            else
+              raise StreamErrors::NotAuthorized
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/final_features.rb

@@ -0,0 +1,28 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class FinalFeatures < State
+          def initialize(stream, success=Server::Ready)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless empty_features?(node)
+            stream.router << stream
+            advance
+            stream.notify_connected
+          end
+
+          private
+
+          def empty_features?(node)
+            node.name == 'features' && namespace(node) == NAMESPACES[:stream] && node.elements.empty?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/final_restart.rb

@@ -0,0 +1,20 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class FinalRestart < State
+          def initialize(stream, success=FinalFeatures)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless stream?(node)
+            advance
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/start.rb

@@ -0,0 +1,20 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class Start < State
+          def initialize(stream, success=TLS)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless stream?(node)
+            advance
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/tls.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class TLS < State
+          NS = NAMESPACES[:tls]
+
+          def initialize(stream, success=TLSResult)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless tls?(node)
+            stream.write("<starttls xmlns='#{NS}'/>")
+            advance
+          end
+
+          private
+
+          def tls?(node)
+            tls = node.xpath('ns:starttls', 'ns' => NS).any?
+            node.name == 'features' && namespace(node) == NAMESPACES[:stream] && tls
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/outbound/tls_result.rb

@@ -0,0 +1,34 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Outbound
+        class TLSResult < State
+          NS      = NAMESPACES[:tls]
+          PROCEED = 'proceed'.freeze
+          FAILURE = 'failure'.freeze
+
+          def initialize(stream, success=AuthRestart)
+            super
+          end
+
+          def node(node)
+            raise StreamErrors::NotAuthorized unless namespace(node) == NS
+            case node.name
+            when PROCEED
+              stream.encrypt
+              stream.start(node)
+              stream.reset
+              advance
+            when FAILURE
+              stream.close_connection
+            else
+              raise StreamErrors::NotAuthorized
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/ready.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Ready < State
+        def node(node)
+          stanza = to_stanza(node)
+          raise StreamErrors::UnsupportedStanzaType unless stanza
+          to, from = stanza.validate_to, stanza.validate_from
+          raise StreamErrors::ImproperAddressing unless to && from
+          raise StreamErrors::InvalidFrom unless from.domain == stream.remote_domain
+          raise StreamErrors::HostUnknown unless to.domain == stream.domain
+          stream.user = User.new(jid: from)
+          if stanza.local? || stanza.to_pubsub_domain?
+            stanza.process
+          else
+            stanza.route
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/start.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class Start < Client::Start
+        def initialize(stream, success=TLS)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/server/tls.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+    class Server
+      class TLS < Client::TLS
+        def initialize(stream, success=AuthRestart)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/vines/stream/state.rb

@@ -0,0 +1,60 @@
+# encoding: UTF-8
+
+module Vines
+  class Stream
+
+    # The base class of Stream state machines. States know how to process XML
+    # nodes and advance to their next valid state or fail the stream.
+    class State
+      include Nokogiri::XML
+      include Vines::Log
+
+      attr_accessor :stream
+
+      BODY   = 'body'.freeze
+      STREAM = 'stream'.freeze
+
+      def initialize(stream, success=nil)
+        @stream, @success = stream, success
+      end
+
+      def node(node)
+        raise 'subclass must implement'
+      end
+
+      def ==(state)
+        self.class == state.class
+      end
+
+      def eql?(state)
+        state.is_a?(State) && self == state
+      end
+
+      def hash
+        self.class.hash
+      end
+
+      private
+
+      def advance
+        stream.advance(@success.new(stream))
+      end
+
+      def stream?(node)
+        node.name == STREAM && namespace(node) == NAMESPACES[:stream]
+      end
+
+      def body?(node)
+        node.name == BODY && namespace(node) == NAMESPACES[:http_bind]
+      end
+
+      def namespace(node)
+        node.namespace ? node.namespace.href : nil
+      end
+
+      def to_stanza(node)
+        Stanza.from_node(node, stream)
+      end
+    end
+  end
+end

data/lib/vines/token_bucket.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+
+module Vines
+
+  # The token bucket algorithm is useful for rate limiting.
+  # Before an operation can be completed, a token is taken from
+  # the bucket.  If no tokens are available, the operation fails.
+  # The bucket is refilled with tokens at the maximum allowed rate
+  # of operations.
+  class TokenBucket
+
+    # Create a full bucket with `capacity` number of tokens to be filled
+    # at the given rate of tokens/second.
+    #
+    # capacity - The Fixnum maximum number of tokens the bucket can hold.
+    # rate     - The Fixnum number of tokens per second at which the bucket is
+    #            refilled.
+    def initialize(capacity, rate)
+      raise ArgumentError.new('capacity must be > 0') unless capacity > 0
+      raise ArgumentError.new('rate must be > 0') unless rate > 0
+      @capacity = capacity
+      @tokens = capacity
+      @rate = rate
+      @timestamp = Time.new
+    end
+
+    # Remove tokens from the bucket if it's full enough. There's no way, or
+    # need, to add tokens to the bucket. It refills over time.
+    #
+    # tokens - The Fixnum number of tokens to attempt to take from the bucket.
+    #
+    # Returns true if the bucket contains enough tokens to take, false if the
+    # bucket isn't full enough to satisy the request.
+    def take(tokens)
+      raise ArgumentError.new('tokens must be > 0') unless tokens > 0
+      tokens <= fill ? @tokens -= tokens : false
+    end
+
+    private
+
+    # Add tokens to the bucket at the `rate` provided in the constructor. This
+    # fills the bucket slowly over time.
+    #
+    # Returns the Fixnum number of tokens left in the bucket.
+    def fill
+      if @tokens < @capacity
+        now = Time.new
+        @tokens += (@rate * (now - @timestamp)).round
+        @tokens = @capacity if @tokens > @capacity
+        @timestamp = now
+      end
+      @tokens
+    end
+  end
+end