Add experimental XMPP chat stuff.

1 files changed, 236 insertions, 27 deletions

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 317d079..4f91fae 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -140,6 +140,9 @@ extern char **environ;
 #include "lib/fcgi_SC.h"
 #include "lib/handlekeys.h"
 
+#include "lib/json.h"
+#include "lib/json-builder.h"
+
 // Both my_config.h and fcgi_config.h define the same PACKAGE* variables, which we don't use anyway, 
 // I deal with that by using a sed invokation when building fcgi2.
 
@@ -518,7 +521,7 @@ static void showSesh(qgrow_t *reply, sesh *shs)
 }
 
 
-char toybuf[4096];
+//char toybuf[4096];
 lua_State *L;
 qhashtbl_t *configs;
 MYSQL *database, *dbconn;
@@ -548,6 +551,7 @@ int  startPort = 8002;
 char *backupIARsim = "Sandbox";
 char *rSync = "";
 int  rSyncPort = 0;
+char *webHost = "localhost";
 char *webRoot = "/var/www/html";
 char *webSocket = "sledjchisl.socket";
 char *ToS = "Be good.";
@@ -808,6 +812,87 @@ char *myHMACkey(char *key, char *in, boolean b64)
 }
 
 
+static void print_depth_shift(int depth)
+{
+        int j;
+        for (j=0; j < depth; j++) {
+                printf(" ");
+        }
+}
+static void process_value(json_value* value, int depth);
+static void process_object(json_value* value, int depth)
+{
+        int length, x;
+        if (value == NULL) {
+                return;
+        }
+        length = value->u.object.length;
+        for (x = 0; x < length; x++) {
+                print_depth_shift(depth);
+                printf("object[%d].name = %s\n", x, value->u.object.values[x].name);
+                process_value(value->u.object.values[x].value, depth+1);
+        }
+}
+static void process_array(json_value* value, int depth)
+{
+        int length, x;
+        if (value == NULL) {
+                return;
+        }
+        length = value->u.array.length;
+        printf("array\n");
+        for (x = 0; x < length; x++) {
+                process_value(value->u.array.values[x], depth);
+        }
+}
+static void process_value(json_value* value, int depth)
+{
+        if (value == NULL) {
+                return;
+        }
+        if (value->type != json_object) {
+                print_depth_shift(depth);
+        }
+        switch (value->type) {
+                case json_none:
+                        printf("none\n");
+                        break;
+                case json_null:
+                        printf("null\n");
+                        break;
+                case json_object:
+                        process_object(value, depth+1);
+                        break;
+                case json_array:
+                        process_array(value, depth+1);
+                        break;
+                case json_integer:
+                        printf("int: %10ld\n", (long)value->u.integer);
+                        break;
+                case json_double:
+                        printf("double: %f\n", value->u.dbl);
+                        break;
+                case json_string:
+                        printf("string: %s\n", value->u.string.ptr);
+                        break;
+                case json_boolean:
+                        printf("bool: %d\n", value->u.boolean);
+                        break;
+        }
+}
+void PrintJSON(json_char* json)
+{
+  json_value* value = json_parse(json, strlen((char *) json));
+
+  if (value == NULL)
+  {
+    E("Unable to parse data! - %s", (char *) json);
+    return;
+  }
+  process_value(value, 0);
+  json_value_free(value);
+}
+
 // In Lua 5.0 reference manual is a table traversal example at page 29.
 void PrintTable(lua_State *L)
 {
@@ -4626,8 +4711,17 @@ static void HTMLheader(qgrow_t *reply, char *title)
     "  <head>\n"
     "    <title>%s</title>\n"
     "    <meta charset=\"UTF-8\">\n"
+    "    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n"
+    "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=0.5\" />\n"
+//    "    <meta name=\"description\" content=\"Converse XMPP/Jabber Chat\"/>\n"
+//    "    <meta name=\"author\" content=\"JC Brand\" />\n"
+    "    <link rel=\"manifest\" href=\"/converse.js/manifest.json\">\n"
+    "    <link type='text/css' rel='stylesheet' href='/converse.js/dist/converse.min.css' media='screen' />\n"
+    "    <script src='/converse.js/3rdparty/libsignal-protocol.min.js'></script>\n"
+    "    <script src='/converse.js/dist/converse.min.js'></script>\n"
     "    <link rel=\"shortcut icon\" href=\"/SledjHamrIconSmall.png\">\n"
     "    <link type='text/css' rel='stylesheet' href='/SledjChisl.css' media='all' />\n"
+
     , title);
 
   if (DEBUG)
@@ -4635,7 +4729,7 @@ static void HTMLheader(qgrow_t *reply, char *title)
 
   reply->addstrf(reply,
     "  </head>\n"
-    "  <body bgcolor='black' text='white' link='aqua' vlink='fuchsia' alink='red'>\n"
+    "  <body bgcolor='black' text='white' link='aqua' vlink='fuchsia' alink='red' id='page-top' data-spy='scroll' class='converse-website'>\n"
     "  <font face='sans-serif'>\n"
     );
   reply->addstrf(reply, "    <div class='top-left'>\n");
@@ -4979,10 +5073,10 @@ void HTMLfill(reqData *Rd, enum fragmentType type, char *text, int length)
   }
 }
 
-static void HTMLfooter(qgrow_t *reply)
+static void HTMLfooter(reqData *Rd)
 {
-  reply->addstrf(reply, "    </div>\n");
-  reply->addstr(reply,
+  Rd->reply->addstrf(Rd->reply, "    </div>\n");
+  Rd->reply->addstr(Rd->reply,
     "    <div class='top-right'>\n"
     "      <h1>Experimental account manager</h1>\n"
     "      <p>This account manager system is currently experimental, and under heavy development. &nbsp; "
@@ -4994,16 +5088,48 @@ static void HTMLfooter(qgrow_t *reply)
     "      <p>You will then be logged off. &nbsp; Now you have to wait for an admin to approve your new account. &nbsp; "
     "        They should check with the person you listed as vouching for you first. &nbsp; They will tell you after they approve your account.</p>"
     "      <p>Missing bits that are still being written - editing accounts, listing accounts, deleting accounts.</p>\n"
+    "      <h1>Experimental chat thingy</h1>\n"
+    "      <p>In the bottom right corner is an experimental chat thingy, based on Jabber / XMPP.</p>\n"
+    "      <p>Click on the 'Toggle chat' button to pop it up, then use your grid user name for the 'XMPP Address:' field. &nbsp; "
+    "         Your user name has to be in the format 'first.last', two words with a dot in the middle. &nbsp; "
+    "         Then put your grid account password in the 'Password' field and click the 'Log in' button. &nbsp; "
+    "         Ignore the 'Don't have a chat account? Create an account' bit.</p>\n"
+    "      <p>Note that the chat windows can be resized by dragging their top or left edges, which I suggest you do, coz the default size is too small.</p>\n"
+    "      <p>You can also use any other Jabber / XMPP client as well.</p>\n"
+    "      <p>Remember this is <b>EXPERIMENTAL</b>, I'll be changing things. &nbsp; Next I'll make it so you don't have to log in to both this chat thingy and the account page separataly.<p>"
+    "      <p>P.S. &nbsp; Yes, I hate the default theme to. &nbsp; lol</p>\n"
     "    </div>\n");
-//  reply->addstr(reply, "    <div class='centre'>\n    </div>\n");
-  reply->addstr(reply,
-//    "    <div class='bottom-left'>\n"
-//    "    </div>\n"
-    "    <div class='bottom-right'>\n"
+//  Rd->reply->addstr(Rd->reply, "    <div class='centre'>\n    </div>\n");
+  Rd->reply->addstrf(Rd->reply,
+    "    <div class='bottom-left'>\n"
     "      <iframe src='stats.html' style='border:none;height:100%;width:100%;'></iframe>\n"
     "    </div>\n"
+    "    <div class='bottom-right'>\n"
+    "    </div>\n"
     "  </font>\n"
-    "</body>\n</html>\n");
+    "</body>\n"
+
+    "<script>\n"
+    "    converse.initialize({\n"
+    "        assets_path: '/converse.js/dist/',\n"
+    "        bosh_service_url: 'https://%s:5281/http-bind/',\n"
+    "        view_mode: 'overlayed',\n"
+    "        default_domain: '%s',\n"
+    "        muc_clear_messages_on_leave: false,\n"
+    "        muc_domain: 'chat.%s',\n"
+    "        muc_history_max_stanzas: 0,\n"
+    "        muc_send_probes: true,\n"
+    "        notify_all_room_messages: true,\n"
+    "        notification_delay:500000,\n"
+    "        play_sounds: true,\n"
+    "        registration_domain: '%s',\n"
+    "        show_chat_state_notifications: true,\n"
+    "        show_message_avatar: false,\n"
+    "        theme: 'dracula',\n"
+    "        time_format: 'dddd YYYY-MMM-DD HH:mm:ss'\n"
+    "    });\n"
+    "</script>\n"
+    "</html>\n", webHost, webHost, webHost, webHost);
 }
 
 
@@ -6995,7 +7121,7 @@ static void accountWebFooter(reqData *Rd, inputForm *oF)
   if (0 != Rd->errors->size(Rd->errors))
     HTMLlist(Rd->reply, "errors -", Rd->errors);
   HTMLformEnd(Rd->reply);
-  HTMLfooter(Rd->reply);
+  HTMLfooter(Rd);
 }
 
 static void accountAddWeb(reqData *Rd, inputForm *oF, inputValue *oV)
@@ -7176,6 +7302,8 @@ static int accountRead(reqData *Rd, char *uuid, char *firstName, char *lastName)
 d("accountRead() single name |%s|  |%s|", first, last);
       if (NULL == t)
         t = strchr(first, '+');
+      if (NULL == t)
+        t = strchr(first, '.');
       if (NULL != t)
       {
         *t++ = '\0';
@@ -8344,6 +8472,47 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
   C("Ending dynamic page  %s  %s", Rd->RUri, form);
 }
 
+// TODO - This is arse about, I get JSON, but send plain text.  Need to set content type ehaders in the mod_auth_custom_http, and maybe send json back as well.
+void prosody_mod_auth_custom_http_json(char *file, reqData *Rd, HTMLfile *thisFile)
+{
+  char *user = getStrH(Rd->body, "username"), *password = getStrH(Rd->body, "password");
+  int c = accountRead(Rd, NULL, user, NULL);
+
+  C("Starting dynamic page %s  [ %s ]", Rd->RUri, user);
+// TODO - check it's HTTPS, and check it came from the same server.  Same as account,html does, except no external iFrame allowed this time maybe.
+//              On the other hand, prosody can't handle 301 redirections?
+
+  if (1 != c)
+    bitch(Rd, "Cannot validate account.", "Account doesn't exist.");
+  else
+  {
+    char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash");
+
+    c = 0;
+    if ((NULL == password) || ('\0' == password[0]))
+      bitch(Rd, "Cannot validate account.", "No password supplied.");
+    else if (('\0' != salt[0]) && ('\0' != hash[0]))
+    {
+      D("Comparing passwords. %s  %s  %s", password, salt, hash);
+      char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
+
+      if (NULL == h)
+        bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
+      else
+      {
+        I("Authenticated XMPP user %s@%s", user, Rd->Host);
+        c = 1;
+        free(h);
+      }
+    }
+    else
+      bitch(Rd, "Cannot validate account.", "No salted hash.");
+  }
+
+  Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");
+  C("Ending dynamic page  %s", Rd->RUri);
+}
+
 
 void forEachMember(char *verb, simFunction func, simFunction not)
 {
@@ -8550,6 +8719,7 @@ int scanForConfigs(char **cPaths)
       if ((tmp = configs->getstr(configs, "backupIARsim",         false))       != NULL)  {backupIARsim         = tmp;                          D("Setting backupIARsim = %s", backupIARsim);}
       if ((tmp = configs->getstr(configs, "rsync",                false))       != NULL)  {rSync                = tmp;                          D("Setting rsync = %s", rSync);}
       if ((vd  = configs->getstr(configs, "rsyncPort",            false))       != NULL)  {rSyncPort            = (int) *((float *) vd);        D("Setting rsyncPort = %d", rSyncPort);}
+      if ((tmp = configs->getstr(configs, "webHost",              false))       != NULL)  {webHost              = tmp;                          D("Setting webHost = %s", webHost);}
       if ((tmp = configs->getstr(configs, "webRoot",              false))       != NULL)  {webRoot              = tmp;                          D("Setting webRoot = %s", webRoot);}
       if ((tmp = configs->getstr(configs, "webSocket",            false))       != NULL)  {webSocket            = tmp;                          D("Setting webSocket = %s", webSocket);}
       if ((vd  = configs->get   (configs, "seshRenew",      NULL, false))       != NULL)  {seshRenew            = (int) *((float *) vd);        D("Setting seshRenew = %d", seshRenew);}
@@ -9362,11 +9532,12 @@ V("Doing %s for %s  '%s'  %s %s", modeStrings[currentMode], FLAG(m) ? "member" :
 // Start of web wrangling section.
 ////////////////////////////////////////////////////////////////////////////////////////////////////
     char **initialEnv = environ;
-    char *tmp0, *tmp1;
+    char *tmp0, *tmp1, *type;
     int count = 0, entries, bytes;
 
     dynPages = qhashtbl(0, 0);
     newDynPage("account.html", (pageFunction) account_html);
+    newDynPage("prosody_mod_auth_custom_http.json", (pageFunction) prosody_mod_auth_custom_http_json);
 
     // FCGI_LISTENSOCK_FILENO is the socket to the web server.
     // STDOUT and STDERR go to the web servers error log, or at least it does in Apache 2 mod_fcgid.
@@ -9492,6 +9663,14 @@ t("ignoring QUERY");
           Rd->RUri = xmprintf("%s%s", Rd->Script, Rd->Path);
         }
 t("BODY");
+
+// TODO - is there any sort of content type on the incoming request headers I could maybe use here?
+        memset(toybuf, 0, sizeof(toybuf));
+        snprintf(toybuf, sizeof(toybuf), "%s%s%s", scRoot, webRoot, Rd->Path);
+        tmp0 = qfile_get_ext(toybuf);
+        type = mimeTypes->getstr(mimeTypes, tmp0, false);
+        free(tmp0);
+
         char *Body      = NULL;
         if (Length != NULL)
         {
@@ -9499,16 +9678,51 @@ t("BODY");
           Body = xmalloc(len + 1);
           int c = FCGI_fread(Body, 1, len, FCGI_stdin);
           if (c != len)
-          {
             E("Tried to read %d of the body, only got %d!", len, c);
-          }
           Body[len] = '\0';
         }
         else
-        Length = "0";
-        Rd->body = toknize(Body,   "=&");
+        {
+          Length = "0";
+          Body = xmalloc(1);
+          Body[0] = '\0';
+        }
+        if (strcmp("application/json", type) == 0)
+        {
+          json_char *json = (json_char*) Body;
+          json_value* value = json_parse(json, strtol(Length, NULL, 10));
+
+          Rd->body = qhashtbl(0, 0);
+          if (value == NULL)
+            E("Unable to parse NULL data!");
+          else
+          {
+//          PrintJSON(json);
+            if (value->type == json_object)
+            {
+              int length = value->u.object.length, x;
+
+              for (x = 0; x < length; x++)
+              {
+                char *name = value->u.object.values[x].name;
+
+                if (value->u.object.values[x].value->type == json_string)
+                {
+                  D("%s = %s", name, value->u.object.values[x].value->u.string.ptr);
+                  Rd->body->putstr(Rd->body, name, value->u.object.values[x].value->u.string.ptr);
+                }
+                
+              }
+            }
+          }
+          json_value_free(value);
+        }
+        else
+        {
+          Rd->body = toknize(Body,   "=&");
+          santize(Rd->body);
+        }
         free(Body);
-        santize(Rd->body);
 
         D("%s %s://%s%s -> %s%s%s", Rd->Method, Rd->Scheme, Rd->Host, Rd->RUri, scRoot, webRoot, Rd->Path);
         D("Started FCGI web request ROLE = %s, body is %s bytes, pid %d.", Role, Length, getpid());
@@ -9555,10 +9769,10 @@ t("BODY");
         // Content-Security-Policy can get complex, and I first wrote that when it was very simple.  lol
         if ('\0' != webIframers[0])
           Rd->Rheaders->putstrf(Rd->Rheaders, "Content-Security-Policy", 
-            "default-src 'self'; script-src 'none'; form-action 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' %s", webIframers);
+            "default-src 'self'; script-src 'self' 'unsafe-inline'; form-action 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' %s; connect-src 'self' %s:5281/http-bind/;", webIframers, webHost);
         else
         {
-          Rd->Rheaders->putstr(Rd->Rheaders, "Content-Security-Policy", "default-src 'self'; script-src 'none'; form-action 'self'; style-src 'self' 'unsafe-inline'");
+          Rd->Rheaders->putstrf(Rd->Rheaders, "Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; form-action 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' %s:5281/http-bind/;", webHost);
           Rd->Rheaders->putstr(Rd->Rheaders, "X-Frame-Options", "SAMEORIGIN");  // This is deprecated, and is an all or nothing thing.
         }
         Rd->Rheaders->putstr(Rd->Rheaders, "X-XSS-Protection", "1;mode=block");
@@ -9573,8 +9787,6 @@ t("BODY");
           goto sendReply;
         }
 
-        memset(toybuf, 0, sizeof(toybuf));
-        snprintf(toybuf, sizeof(toybuf), "%s%s%s", scRoot, webRoot, Rd->Path);
         HTMLfile *thisFile = checkHTMLcache(toybuf);
         if (NULL == thisFile)
         {
@@ -9597,12 +9809,9 @@ t("BODY");
 goto sendReply;
         }
 
-        tmp0 = qfile_get_ext(toybuf);
-        tmp1 = mimeTypes->getstr(mimeTypes, tmp0, false);
-        free(tmp0);
-        if (NULL != tmp1)
+        if (NULL != type)
         {
-          if (strncmp("text/", tmp1, 5) != 0)
+          if (strncmp("text/", type, 5) != 0)
           {
             E("Only text formats are supported - %s", toybuf);
             Rd->Rheaders->putstr(Rd->Rheaders, "Status", "415 Unsupported Media Type");