Add support for HTTP Upload headers

Some services use Authorization header [0] to pass upload credential
data. This avoids the token being exposed in server logs and is allowed
by XEP-0363 since version 0.5.0.

This change adds support for headers allowed in XEP-0363: Authorization,
Expires and Cookie.

[0]: https://xmpp.org/extensions/xep-0363.html#request
This commit is contained in:
Wiktor Kwapisiewicz 2019-11-06 13:10:32 +01:00 committed by fiaxh
parent e6918b35b3
commit 687ec1a159
3 changed files with 16 additions and 0 deletions

View file

@ -358,6 +358,7 @@ public class FileSendData { }
public class HttpFileSendData : FileSendData { public class HttpFileSendData : FileSendData {
public string url_down { get; set; } public string url_down { get; set; }
public string url_up { get; set; } public string url_up { get; set; }
public HashMap<string, string> headers { get; set; }
public bool encrypt_message { get; set; default=true; } public bool encrypt_message { get; set; default=true; }
} }

View file

@ -28,6 +28,7 @@ public class HttpFileSender : FileSender, Object {
var slot_result = yield stream_interactor.module_manager.get_module(file_transfer.account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).request_slot(stream, file_transfer.server_file_name, file_meta.size, file_meta.mime_type); var slot_result = yield stream_interactor.module_manager.get_module(file_transfer.account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).request_slot(stream, file_transfer.server_file_name, file_meta.size, file_meta.mime_type);
send_data.url_down = slot_result.url_get; send_data.url_down = slot_result.url_get;
send_data.url_up = slot_result.url_put; send_data.url_up = slot_result.url_put;
send_data.headers = slot_result.headers;
} catch (Xep.HttpFileUpload.HttpFileTransferError e) { } catch (Xep.HttpFileUpload.HttpFileTransferError e) {
throw new FileSendError.UPLOAD_FAILED("Http file upload XMPP error: %s".printf(e.message)); throw new FileSendError.UPLOAD_FAILED("Http file upload XMPP error: %s".printf(e.message));
} }
@ -96,6 +97,9 @@ public class HttpFileSender : FileSender, Object {
Soup.Message message = new Soup.Message("PUT", file_send_data.url_up); Soup.Message message = new Soup.Message("PUT", file_send_data.url_up);
message.request_headers.set_content_type(file_meta.mime_type, null); message.request_headers.set_content_type(file_meta.mime_type, null);
message.request_headers.set_content_length(file_meta.size); message.request_headers.set_content_length(file_meta.size);
foreach (var entry in file_send_data.headers.entries) {
message.request_headers.append(entry.key, entry.value);
}
message.request_body.set_accumulate(false); message.request_body.set_accumulate(false);
message.wrote_headers.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body)); message.wrote_headers.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body));
message.wrote_chunk.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body)); message.wrote_chunk.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body));

View file

@ -1,5 +1,6 @@
using Xmpp; using Xmpp;
using Xmpp.Xep; using Xmpp.Xep;
using Gee;
namespace Xmpp.Xep.HttpFileUpload { namespace Xmpp.Xep.HttpFileUpload {
@ -21,6 +22,7 @@ public class Module : XmppStreamModule {
public struct SlotResult { public struct SlotResult {
public string url_get { get; set; } public string url_get { get; set; }
public string url_put { get; set; } public string url_put { get; set; }
public HashMap<string, string> headers { get; set; }
} }
public async SlotResult request_slot(XmppStream stream, string filename, int64 file_size, string? content_type) throws HttpFileTransferError { public async SlotResult request_slot(XmppStream stream, string filename, int64 file_size, string? content_type) throws HttpFileTransferError {
Flag? flag = stream.get_flag(Flag.IDENTITY); Flag? flag = stream.get_flag(Flag.IDENTITY);
@ -71,6 +73,15 @@ public class Module : XmppStreamModule {
return; return;
} }
slot_result.headers = new HashMap<string, string>();
foreach (StanzaNode node in iq.stanza.get_deep_subnodes(flag.ns_ver + ":slot", flag.ns_ver + ":put", flag.ns_ver + ":header")) {
string header_name = node.get_attribute("name");
if (header_name == "Authorization" || header_name == "Cookie" || header_name == "Expires") {
slot_result.headers[header_name] = node.get_string_content();
}
}
slot_result.url_get = url_get; slot_result.url_get = url_get;
slot_result.url_put = url_put; slot_result.url_put = url_put;