MUC http auth #894
Merged
MUC http auth #894
Commits on Aug 3, 2016
-
Add mod_http_client: a manager of pools of outgoing HTTP connections
Notes: - the module has to be started before any modules using the connections - ‘ejabberd_auth_http’ and ‘mod_http_notification’ modules will use this module in the future. To enable the module, add the corresponding config to ejabberd.cfg, eg. {mod_http_client, [{pools, [{pool1, [{host, “http://host.com”}, {pool_size, 100}] }] } This should be added before any module using the pool. -
Support password-protected MUC rooms using external HTTP auth service.
To enable, set the following options in ejabberd.cfg 1. Enable ‘mod_http_client’, specifying a connection pool: {mod_http_client, [{pools, [{muc_http_auth, [{host, "http://localhost:8080"}, {path_prefix, "/muc/auth/"}, {pool_size, 20}]} The above config has to occur before the MUC config to provide the pool when the MUC module starts. For details, see the ‘mod_http_client’ module. 2. Use the pool in MUC config: {mod_muc, [{host, "muc.@host@"}, {access, muc}, {access_create, muc_create}, {http_auth_pool, muc_http_auth}]} As a result, all rooms will: - become password-protected by default - call the external HTTP service instead of checking the configured password, whenever a new user enters the room The external HTTP service has to respond with: - code 200 and body ‘true’ when the password is accepted; - code 200 and other body when the password is rejected - the body will be sent back to the entity in the XMPP error response in the <text> element - other code when an error occurs, this will result in a ‘service-unavailable’ XMPP error -
Expect JSON in response for MUC authentication
Also make overflow configurable and add tests for mod_http_client
-
-
-
Use Cowboy instead of a homespun HTTP server
Motivation: * Tests using the same server configuration can be run in parallel, * Adding basic features like parsing GET/POST requests was like reinventing the wheel. -
-
Commits on Aug 4, 2016
-
Spawn a new process for http auth only if room is non-empty.
This prevents race condition when another user would step in while the owner is still authenticating.
Commits on Aug 5, 2016
-
Make http_client an integral part of MongooseIM (not a pluggable mod.)
Motivation: * In case of multiple hosts one pool per host is not efficient * The module would need to be started first, complicating module deps * Riak connectivity layer was not a module * ejabberd.cfg is easier to understand without the extra module
Commits on Aug 17, 2016
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.