@@ -1,5 +1,6 @@ helpers do # verify subscribers callback + # TODO: use it in /hub/subscribe def do_verify(url, data) return false unless url and data begin @@ -40,7 +41,8 @@ post '/hub/publish' do if topic.first topic.update(:updated => Time.now) else - DB[:channels] << { :name => id, :created => Time.now, :type => 'pubsubhubbub' } + DB[:channels] << { :name => id, :created => Time.now, + :type => 'pubsubhubbub', :secret => 'change_me' } end rescue Exception => e puts e.to_s @@ -55,46 +57,32 @@ end # return hub.challenge get '/hub/callback' do id = [params['hub.topic']].pack("m*").strip - topic = DB[:channels].filter(:name => id) - respond "404 Not Found", 404 unless topic.first + topic = DB[:channels].filter(:name => id).first + unless topic + status 404 + return "404 Not Found" + end if request.post? postman(id, atom_parse(request.body.string)).to_json {:status => 'OK'}.to_json else - rec_all = DB[:users].filter(:name => 'all', :service => 'channels').first - respond "404 Not Found", 404 unless rec_all - # secret per channel - rec = DB[:users].filter(:name => "#{id}", :service => 'channels').first - rec = rec_all unless rec - respond "404 Not Found", 404 unless request['hub.verify_token'] == rec[:password] + unless request['hub.verify_token'] == topic[:secret] + status 404 + return "404 Not Found" + end request['hub.challenge'] end end -get '/hub/verify' do - topic, secret = params[:topic], params[:secret] - unless topic and secret - status 400 - return "400 Bad request: need url and secret parameters" - end - data = { :mode => 'subscribe', :verify => 'sync', :vtoken => secret, :url => topic } - unless do_verify("http://localhost:4567/hub/callback", data) - status 409 - return "409 Subscription verification failed" - end - status 204 - "204 No Content" -end # Check ownership - response body is the superfeedr secret token get '/superfeedr' do - begin - rec = DB[:channels].filter(:type => 'superfeedr').order(:created).last - raise "'superfeedr' type topic does not exists" unless rec[:id] - rec[:name] - rescue Exception => e - {:status => e.to_s}.to_json - end + rec = DB[:channels].filter(:type => 'superfeedr').order(:created).last + unless rec + status 404 + return "404 Not Found" + end + rec[:name] end post '/superfeedr' do hubbub.rb @@ -2,18 +2,32 @@ require 'rubygems' require 'rest_client' require 'json' -# Need a test user created -# DB[:users] << { :name => 'test', :password => 'test', :service => 'self' } puts "creating channel..." -resp = RestClient.post 'http://test:test@localhost:4567/channels', :data => '' +resp = RestClient.post 'http://admin:change_me@localhost:4567/channels', :data => '' id = JSON.parse(resp)["id"] puts "adding subscribers to channel #{id}" resp = RestClient.post 'http://localhost:4567/subscribe', :data => { :channel => id, :url => 'http://localhost:8080/test-handler' }.to_json puts resp + resp = RestClient.post 'http://localhost:4567/subscribe', :data => { :channel => id, :url => 'http://localhost:8080/slow-handler' }.to_json puts resp puts "posting message to #{id}" resp = RestClient.post 'http://localhost:4567/publish', :payload => { :channel => id, :message => 'HAYYYY' }.to_json puts resp + +# protected channels +puts "creating protected channel..." +resp = RestClient.post 'http://admin:change_me@localhost:4567/channels', :data => {:secret => 'secret123'}.to_json +id = JSON.parse(resp)["id"] + +# will fail +puts "adding subscribers to channel #{id}" +resp = RestClient.post 'http://localhost:4567/subscribe', :data => { :channel => id, :url => 'http://localhost:8080/test-handler' }.to_json +puts resp + +# will success +puts "adding subscribers to protected channel #{id}" +resp = RestClient.post 'http://localhost:4567/subscribe', :data => { :channel => id, :url => 'http://localhost:8080/test-handler', :secret => 'secret123' }.to_json +puts resp tools/example.rb @@ -22,14 +22,18 @@ configure do varchar :name, :size => 128 # channel types: 'github', 'pingfm', 'superfeedr' etc. varchar :type, :size => 32, :default => 'seq' + # protected channels + varchar :secret, :size => 32 time :created time :updated index [:updated] index [:name], :unique => true end # system channels - DB[:channels] << { :name => '__pingfm__', :created => Time.now, :type => 'pingfm' } - DB[:channels] << { :name => '__github__', :created => Time.now, :type => 'github' } + DB[:channels] << { :name => '__pingfm__', :created => Time.now, + :type => 'pingfm', :secret => 'change_me' } + DB[:channels] << { :name => '__github__', :created => Time.now, + :type => 'github', :secret => 'change_me' } end unless DB.table_exists? "subscribers" @@ -60,8 +64,6 @@ configure do DB[:users] << { :name => 'all', :password => 'change_me', :service => 'hooks' } # secret per hook # DB[:users] << { :name => 'ff', :password => 'change_me_too', :service => 'hooks' } - # channel protection - for PubSubHubbub subscribers - DB[:users] << { :name => 'all', :password => 'change_me', :service => 'channels' } end end @@ -163,11 +165,14 @@ post '/channels' do # superfeedr api key id = data['id'] if data['id'] && (data['type'] == 'superfeedr') type = data['type'] || 'seq' - rescue + secret = data['secret'] + rescue Exception => e + puts e.to_s type = 'seq' - end + end unless DB[:channels].filter(:name => id).first - DB[:channels] << { :name => id, :created => Time.now, :type => type } + DB[:channels] << { :name => id, :created => Time.now, + :type => type, :secret => secret } end { :id => id.to_s }.to_json end @@ -180,7 +185,11 @@ post '/subscribe' do type = data['type'] || 'debug' ['url', 'channel', 'type'].each { |d| data.delete(d) } rec = DB[:channels].filter(:name => channel_name).first - raise "channel #{channel_name} does not exists" unless rec[:id] + raise "channel #{channel_name} does not exists" unless rec[:id] + if rec[:secret] + raise "not authorized" unless rec[:secret] == data['secret'] + data.delete('secret') + end unless DB[:subscribers].filter(:channel_id => rec[:id], :url => url).first raise "DB insert failed" unless DB[:subscribers] << { :channel_id => rec[:id], watercoolr.rb c8cebb048238c39f3e8c43d174a4966c625f521e Stoyan Zhekov zh@zhware.net http://github.com/zh/watercoolr/commit/d041e64c29bb31375d58fb309eff85a7f8afa26c d041e64c29bb31375d58fb309eff85a7f8afa26c 2009-07-10T02:37:33-07:00 2009-07-10T02:37:33-07:00 support for protected channels 47515a64c12b4c7117e6d9e019468e3aec9cfbbf Stoyan Zhekov zh@zhware.net