Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MUC http auth #894

Merged
merged 14 commits into from
Aug 18, 2016
Merged

MUC http auth #894

merged 14 commits into from
Aug 18, 2016

Conversation

chrzaszcz
Copy link
Member

@chrzaszcz chrzaszcz commented Jul 28, 2016
edited
Loading

  • generic way of managing pools of outgoing http connections
  • an option to enable checking passwords for password-protected rooms by an external HTTP service

@chrzaszcz
Add mod_http_client: a manager of pools of outgoing HTTP connections
7682939 
Notes:
- the module has to be started before any modules using the connections
- ‘ejabberd_auth_http’ and ‘mod_http_notification’ modules will use
  this module in the future.

To enable the module, add the corresponding config to ejabberd.cfg, eg.

{mod_http_client, [{pools, [{pool1, [{host, “http://host.com”},
	                        {pool_size, 100}]
                   }]
}

This should be added before any module using the pool.
@chrzaszcz
Support password-protected MUC rooms using external HTTP auth service.
d086540 
To enable, set the following options in ejabberd.cfg

1. Enable ‘mod_http_client’, specifying a connection pool:

{mod_http_client, [{pools, [{muc_http_auth, [{host, "http://localhost:8080"},
                                             {path_prefix, "/muc/auth/"},
                                             {pool_size, 20}]}

The above config has to occur before the MUC config to provide the pool
when the MUC module starts.
For details, see the ‘mod_http_client’ module.

2. Use the pool in MUC config:

{mod_muc, [{host, "muc.@host@"},
           {access, muc},
           {access_create, muc_create},
           {http_auth_pool, muc_http_auth}]}

As a result, all rooms will:
- become password-protected by default
- call the external HTTP service instead of checking the configured
  password, whenever a new user enters the room

The external HTTP service has to respond with:
- code 200 and body ‘true’ when the password is accepted;
- code 200 and other body when the password is rejected - the body will
  be sent back to the entity in the XMPP error response in the <text>
  element
- other code when an error occurs, this will result in a
‘service-unavailable’ XMPP error
@chrzaszcz
Expect JSON in response for MUC authentication
6605007 
Also make overflow configurable and add tests for mod_http_client
@chrzaszcz
URL-encode the parameters for MUC http auth
8422d8a
@chrzaszcz
Simplify mod_http_client - replace gen_server with ets table
f938ddb
@chrzaszcz
Send parameters in the URL, not in the body
487de0f
@chrzaszcz
Use Cowboy instead of a homespun HTTP server
88b0cca 
Motivation:
* Tests using the same server configuration can be run in parallel,
* Adding basic features like parsing GET/POST requests
    was like reinventing the wheel.
@chrzaszcz
Create individual function for each HTTP method
8d409da
@chrzaszcz
Update http_client tests
934ed82
@chrzaszcz chrzaszcz closed this Aug 3, 2016
@chrzaszcz chrzaszcz reopened this Aug 3, 2016
michalwski
michalwski reviewed Aug 4, 2016
View reviewed changes
apps/ejabberd/src/mod_http_client_worker.erl
%% API

start_link([Host, Opts]) ->
fusco:start_link(Host, Opts).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use fusco directly and not through this short module? Or is there a plan to add more functionality to this module?

@chrzaszcz
Spawn a new process for http auth only if room is non-empty.
e41b3ab 
This prevents race condition when another user would step in
  while the owner is still authenticating.
@chrzaszcz
Make http_client an integral part of MongooseIM (not a pluggable mod.)
448fed1 
Motivation:
* In case of multiple hosts one pool per host is not efficient
* The module would need to be started first, complicating module deps
* Riak connectivity layer was not a module
* ejabberd.cfg is easier to understand without the extra module
@chrzaszcz
Document the http client and MUC http auth
441c06d
@chrzaszcz
Add http helper to big tests
6110a5d 
(copy from small tests, maybe improve it later)
@chrzaszcz chrzaszcz changed the title MUC http auth: WIP MUC http auth Aug 12, 2016
michalwski
michalwski reviewed Aug 17, 2016
View reviewed changes
apps/ejabberd/src/mongoose_http_client.erl
#pool{name = Name,
host = Host,
http_host = gen_mod:get_opt(host, Opts, "http://localhost"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the http(s):// prefix is required here. If so I'd rather call the option URL instead of host. For me host refers only to the part of URL after the prefix and before first /.

@michalwski michalwski merged commit 5352112 into master Aug 18, 2016
@michalwski michalwski deleted the muc_http_auth branch August 18, 2016 07:26
@michalwski michalwski mentioned this pull request Aug 18, 2016
Closed
@michalwski michalwski mentioned this pull request Aug 29, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chrzaszcz @michalwski