mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-28 16:34:13 +01:00
parent
0fe1e40a9d
commit
e227940b85
@ -1,53 +0,0 @@
|
|||||||
|
|
||||||
-record(challenge, {
|
|
||||||
type = <<"http-01">> :: bitstring(),
|
|
||||||
status = pending :: pending | valid | invalid,
|
|
||||||
uri = "" :: url(),
|
|
||||||
token = <<"">> :: bitstring()
|
|
||||||
}).
|
|
||||||
|
|
||||||
-record(data_acc, {
|
|
||||||
id :: list(),
|
|
||||||
ca_url :: url(),
|
|
||||||
key :: jose_jwk:key()
|
|
||||||
}).
|
|
||||||
-type data_acc() :: #data_acc{}.
|
|
||||||
|
|
||||||
-record(data_cert, {
|
|
||||||
domain :: bitstring(),
|
|
||||||
pem :: pem(),
|
|
||||||
path :: string()
|
|
||||||
}).
|
|
||||||
-type data_cert() :: #data_cert{}.
|
|
||||||
|
|
||||||
%%
|
|
||||||
%% Types
|
|
||||||
%%
|
|
||||||
|
|
||||||
%% Acme configuration
|
|
||||||
-type acme_config() :: [{ca_url, url()} | {contact, bitstring()}].
|
|
||||||
|
|
||||||
%% The main data type that ejabberd_acme keeps
|
|
||||||
-type acme_data() :: proplist().
|
|
||||||
|
|
||||||
%% The list of certificates kept in data
|
|
||||||
-type data_certs() :: proplist(bitstring(), data_cert()).
|
|
||||||
|
|
||||||
%% The certificate saved in pem format
|
|
||||||
-type pem() :: bitstring().
|
|
||||||
|
|
||||||
-type nonce() :: string().
|
|
||||||
-type url() :: string().
|
|
||||||
-type proplist() :: [{_, _}].
|
|
||||||
-type proplist(X,Y) :: [{X,Y}].
|
|
||||||
-type dirs() :: #{string() => url()}.
|
|
||||||
-type jws() :: map().
|
|
||||||
-type handle_resp_fun() :: fun(({ok, proplist(), proplist()}) -> {ok, _, nonce()}).
|
|
||||||
|
|
||||||
-type acme_challenge() :: #challenge{}.
|
|
||||||
|
|
||||||
%% Options
|
|
||||||
-type account_opt() :: string().
|
|
||||||
-type verbose_opt() :: string().
|
|
||||||
-type domains_opt() :: string().
|
|
||||||
|
|
@ -29,10 +29,11 @@
|
|||||||
{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.0"}}},
|
{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.0"}}},
|
||||||
{jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
|
{jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
|
||||||
{p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.5"}}},
|
{p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.5"}}},
|
||||||
{pkix, ".*", {git, "https://github.com/processone/pkix", {tag, "1.0.3"}}},
|
{pkix, ".*", {git, "https://github.com/processone/pkix", "91636e7"}},
|
||||||
{jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
|
{jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
|
||||||
{eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.12"}}},
|
{eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.12"}}},
|
||||||
{mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.4"}}},
|
{mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.4"}}},
|
||||||
|
{acme, ".*", {git, "https://github.com/processone/acme.git", "7d5382265f"}},
|
||||||
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.29"}}}},
|
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.29"}}}},
|
||||||
{if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.30"}}}},
|
{if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.30"}}}},
|
||||||
{if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
|
{if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,407 +0,0 @@
|
|||||||
-module(ejabberd_acme_comm).
|
|
||||||
-export([%% Directory
|
|
||||||
directory/1,
|
|
||||||
%% Account
|
|
||||||
new_account/4,
|
|
||||||
update_account/4,
|
|
||||||
get_account/3,
|
|
||||||
delete_account/3,
|
|
||||||
%% Authorization
|
|
||||||
new_authz/4,
|
|
||||||
get_authz/1,
|
|
||||||
complete_challenge/4,
|
|
||||||
%% Authorization polling
|
|
||||||
get_authz_until_valid/1,
|
|
||||||
%% Certificate
|
|
||||||
new_cert/4,
|
|
||||||
get_cert/1,
|
|
||||||
revoke_cert/4,
|
|
||||||
get_issuer_cert/1
|
|
||||||
%% Not yet implemented
|
|
||||||
%% key_roll_over/5
|
|
||||||
%% delete_authz/3
|
|
||||||
]).
|
|
||||||
|
|
||||||
-include("logger.hrl").
|
|
||||||
-include("xmpp.hrl").
|
|
||||||
|
|
||||||
-include("ejabberd_acme.hrl").
|
|
||||||
-include_lib("public_key/include/public_key.hrl").
|
|
||||||
|
|
||||||
-define(REQUEST_TIMEOUT, 5000). % 5 seconds.
|
|
||||||
-define(MAX_POLL_REQUESTS, 20).
|
|
||||||
-define(POLL_WAIT_TIME, 500). % 500 ms.
|
|
||||||
|
|
||||||
%%%
|
|
||||||
%%% This module contains functions that implement all necessary http
|
|
||||||
%%% requests to the ACME Certificate Authority. Its purpose is to
|
|
||||||
%%% facilitate the acme client implementation by separating the
|
|
||||||
%%% handling/validating/parsing of all the needed http requests.
|
|
||||||
%%%
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Directory
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec directory(url()) -> {ok, dirs(), nonce()} | {error, _}.
|
|
||||||
directory(CAUrl) ->
|
|
||||||
Url = CAUrl ++ "/directory",
|
|
||||||
prepare_get_request(Url, fun get_dirs/1).
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Account Handling
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec new_account(dirs(), jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, {url(), proplist()}, nonce()} | {error, _}.
|
|
||||||
new_account(Dirs, PrivateKey, Req, Nonce) ->
|
|
||||||
#{"new-reg" := Url} = Dirs,
|
|
||||||
EJson = {[{ <<"resource">>, <<"new-reg">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_tos/1).
|
|
||||||
|
|
||||||
-spec update_account({url(), string()}, jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, proplist(), nonce()} | {error, _}.
|
|
||||||
update_account({CAUrl, AccId}, PrivateKey, Req, Nonce) ->
|
|
||||||
Url = CAUrl ++ "/acme/reg/" ++ AccId,
|
|
||||||
EJson = {[{ <<"resource">>, <<"reg">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
|
|
||||||
|
|
||||||
-spec get_account({url(), string()}, jose_jwk:key(), nonce()) ->
|
|
||||||
{ok, {url(), proplist()}, nonce()} | {error, _}.
|
|
||||||
get_account({CAUrl, AccId}, PrivateKey, Nonce) ->
|
|
||||||
Url = CAUrl ++ "/acme/reg/" ++ AccId,
|
|
||||||
EJson = {[{<<"resource">>, <<"reg">>}]},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_tos/1).
|
|
||||||
|
|
||||||
-spec delete_account({url(), string()}, jose_jwk:key(), nonce()) ->
|
|
||||||
{ok, proplist(), nonce()} | {error, _}.
|
|
||||||
delete_account({CAUrl, AccId}, PrivateKey, Nonce) ->
|
|
||||||
Url = CAUrl ++ "/acme/reg/" ++ AccId,
|
|
||||||
EJson =
|
|
||||||
{[{<<"resource">>, <<"reg">>},
|
|
||||||
{<<"status">>, <<"deactivated">>}]},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
|
|
||||||
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Authorization Handling
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec new_authz(dirs(), jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, {url(), proplist()}, nonce()} | {error, _}.
|
|
||||||
new_authz(Dirs, PrivateKey, Req, Nonce) ->
|
|
||||||
#{"new-authz" := Url} = Dirs,
|
|
||||||
EJson = {[{<<"resource">>, <<"new-authz">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_location/1).
|
|
||||||
|
|
||||||
-spec get_authz({url(), string()}) -> {ok, proplist(), nonce()} | {error, _}.
|
|
||||||
get_authz({CAUrl, AuthzId}) ->
|
|
||||||
Url = CAUrl ++ "/acme/authz/" ++ AuthzId,
|
|
||||||
prepare_get_request(Url, fun get_response/1).
|
|
||||||
|
|
||||||
-spec complete_challenge({url(), string(), string()}, jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, proplist(), nonce()} | {error, _}.
|
|
||||||
complete_challenge({CAUrl, AuthzId, ChallId}, PrivateKey, Req, Nonce) ->
|
|
||||||
Url = CAUrl ++ "/acme/challenge/" ++ AuthzId ++ "/" ++ ChallId,
|
|
||||||
EJson = {[{<<"resource">>, <<"challenge">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
|
|
||||||
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Certificate Handling
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec new_cert(dirs(), jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, {url(), list()}, nonce()} | {error, _}.
|
|
||||||
new_cert(Dirs, PrivateKey, Req, Nonce) ->
|
|
||||||
#{"new-cert" := Url} = Dirs,
|
|
||||||
EJson = {[{<<"resource">>, <<"new-cert">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_link_up/1,
|
|
||||||
"application/pkix-cert").
|
|
||||||
|
|
||||||
-spec get_cert({url(), string()}) -> {ok, list(), nonce()} | {error, _}.
|
|
||||||
get_cert({CAUrl, CertId}) ->
|
|
||||||
Url = CAUrl ++ "/acme/cert/" ++ CertId,
|
|
||||||
prepare_get_request(Url, fun get_response/1, "application/pkix-cert").
|
|
||||||
|
|
||||||
-spec revoke_cert(dirs(), jose_jwk:key(), proplist(), nonce()) ->
|
|
||||||
{ok, _, nonce()} | {error, _}.
|
|
||||||
revoke_cert(Dirs, PrivateKey, Req, Nonce) ->
|
|
||||||
#{"revoke-cert" := Url} = Dirs,
|
|
||||||
EJson = {[{<<"resource">>, <<"revoke-cert">>}] ++ Req},
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1,
|
|
||||||
"application/pkix-cert").
|
|
||||||
|
|
||||||
-spec get_issuer_cert(url()) -> {ok, list(), nonce()} | {error, _}.
|
|
||||||
get_issuer_cert(IssuerCertUrl) ->
|
|
||||||
prepare_get_request(IssuerCertUrl, fun get_response/1, "application/pkix-cert").
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Handle Response Functions
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec get_dirs({ok, proplist(), proplist()}) -> {ok, map(), nonce()}.
|
|
||||||
get_dirs({ok, Head, Return}) ->
|
|
||||||
NewNonce = get_nonce(Head),
|
|
||||||
StrDirectories = [{bitstring_to_list(X), bitstring_to_list(Y)} ||
|
|
||||||
{X, Y} <- Return, is_bitstring(X) andalso is_bitstring(Y)],
|
|
||||||
NewDirs = maps:from_list(StrDirectories),
|
|
||||||
{ok, NewDirs, NewNonce}.
|
|
||||||
|
|
||||||
-spec get_response({ok, proplist(), proplist()}) -> {ok, proplist(), nonce()}.
|
|
||||||
get_response({ok, Head, Return}) ->
|
|
||||||
NewNonce = get_nonce(Head),
|
|
||||||
{ok, Return, NewNonce}.
|
|
||||||
|
|
||||||
-spec get_response_tos({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
|
|
||||||
get_response_tos({ok, Head, Return}) ->
|
|
||||||
TOSUrl = get_tos(Head),
|
|
||||||
NewNonce = get_nonce(Head),
|
|
||||||
{ok, {TOSUrl, Return}, NewNonce}.
|
|
||||||
|
|
||||||
-spec get_response_location({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
|
|
||||||
get_response_location({ok, Head, Return}) ->
|
|
||||||
Location = get_location(Head),
|
|
||||||
NewNonce = get_nonce(Head),
|
|
||||||
{ok, {Location, Return}, NewNonce}.
|
|
||||||
|
|
||||||
-spec get_response_link_up({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
|
|
||||||
get_response_link_up({ok, Head, Return}) ->
|
|
||||||
LinkUp = get_link_up(Head),
|
|
||||||
NewNonce = get_nonce(Head),
|
|
||||||
{ok, {LinkUp, Return}, NewNonce}.
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Authorization Polling
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec get_authz_until_valid({url(), string()}) -> {ok, proplist(), nonce()} | {error, _}.
|
|
||||||
get_authz_until_valid({CAUrl, AuthzId}) ->
|
|
||||||
get_authz_until_valid({CAUrl, AuthzId}, ?MAX_POLL_REQUESTS).
|
|
||||||
|
|
||||||
-spec get_authz_until_valid({url(), string()}, non_neg_integer()) ->
|
|
||||||
{ok, proplist(), nonce()} | {error, _}.
|
|
||||||
get_authz_until_valid({_CAUrl, _AuthzId}, 0) ->
|
|
||||||
?ERROR_MSG("Maximum request limit waiting for validation reached", []),
|
|
||||||
{error, max_request_limit};
|
|
||||||
get_authz_until_valid({CAUrl, AuthzId}, N) ->
|
|
||||||
case get_authz({CAUrl, AuthzId}) of
|
|
||||||
{ok, Resp, Nonce} ->
|
|
||||||
case is_authz_valid(Resp) of
|
|
||||||
true ->
|
|
||||||
{ok, Resp, Nonce};
|
|
||||||
false ->
|
|
||||||
timer:sleep(?POLL_WAIT_TIME),
|
|
||||||
get_authz_until_valid({CAUrl, AuthzId}, N-1)
|
|
||||||
end;
|
|
||||||
{error, _} = Err ->
|
|
||||||
Err
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec is_authz_valid(proplist()) -> boolean().
|
|
||||||
is_authz_valid(Authz) ->
|
|
||||||
case proplists:lookup(<<"status">>, Authz) of
|
|
||||||
{<<"status">>, <<"valid">>} ->
|
|
||||||
true;
|
|
||||||
_ ->
|
|
||||||
false
|
|
||||||
end.
|
|
||||||
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Request Functions
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
%% TODO: Fix the duplicated code at the below 4 functions
|
|
||||||
-spec make_post_request(url(), bitstring(), string()) ->
|
|
||||||
{ok, proplist(), proplist()} | {error, _}.
|
|
||||||
make_post_request(Url, ReqBody, ResponseType) ->
|
|
||||||
Options = [],
|
|
||||||
HttpOptions = [{timeout, ?REQUEST_TIMEOUT}],
|
|
||||||
case httpc:request(post,
|
|
||||||
{Url, [], "application/jose+json", ReqBody}, HttpOptions, Options) of
|
|
||||||
{ok, {{_, Code, _}, Head, Body}} when Code >= 200, Code =< 299 ->
|
|
||||||
decode_response(Head, Body, ResponseType);
|
|
||||||
Error ->
|
|
||||||
failed_http_request(Error, Url)
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec make_get_request(url(), string()) ->
|
|
||||||
{ok, proplist(), proplist()} | {error, _}.
|
|
||||||
make_get_request(Url, ResponseType) ->
|
|
||||||
Options = [],
|
|
||||||
HttpOptions = [{timeout, ?REQUEST_TIMEOUT}],
|
|
||||||
case httpc:request(get, {Url, []}, HttpOptions, Options) of
|
|
||||||
{ok, {{_, Code, _}, Head, Body}} when Code >= 200, Code =< 299 ->
|
|
||||||
decode_response(Head, Body, ResponseType);
|
|
||||||
Error ->
|
|
||||||
failed_http_request(Error, Url)
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec prepare_post_request(url(), jose_jwk:key(), jiffy:json_value(),
|
|
||||||
nonce(), handle_resp_fun()) -> {ok, _, nonce()} | {error, _}.
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun) ->
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun, "application/jose+json").
|
|
||||||
|
|
||||||
-spec prepare_post_request(url(), jose_jwk:key(), jiffy:json_value(),
|
|
||||||
nonce(), handle_resp_fun(), string()) -> {ok, _, nonce()} | {error, _}.
|
|
||||||
prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun, ResponseType) ->
|
|
||||||
case encode(EJson) of
|
|
||||||
{ok, ReqBody} ->
|
|
||||||
FinalBody = sign_encode_json_jose(PrivateKey, ReqBody, Nonce),
|
|
||||||
case make_post_request(Url, FinalBody, ResponseType) of
|
|
||||||
{ok, Head, Return} ->
|
|
||||||
HandleRespFun({ok, Head, Return});
|
|
||||||
Error ->
|
|
||||||
Error
|
|
||||||
end;
|
|
||||||
{error, Reason} ->
|
|
||||||
?ERROR_MSG("Error: ~p when encoding: ~p", [Reason, EJson]),
|
|
||||||
{error, Reason}
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec prepare_get_request(url(), handle_resp_fun()) ->
|
|
||||||
{ok, _, nonce()} | {error, _}.
|
|
||||||
prepare_get_request(Url, HandleRespFun) ->
|
|
||||||
prepare_get_request(Url, HandleRespFun, "application/jose+json").
|
|
||||||
|
|
||||||
-spec prepare_get_request(url(), handle_resp_fun(), string()) ->
|
|
||||||
{ok, _, nonce()} | {error, _}.
|
|
||||||
prepare_get_request(Url, HandleRespFun, ResponseType) ->
|
|
||||||
case make_get_request(Url, ResponseType) of
|
|
||||||
{ok, Head, Return} ->
|
|
||||||
HandleRespFun({ok, Head, Return});
|
|
||||||
Error ->
|
|
||||||
Error
|
|
||||||
end.
|
|
||||||
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Jose Json Functions
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec sign_json_jose(jose_jwk:key(), bitstring(), nonce()) -> {_, jws()}.
|
|
||||||
sign_json_jose(Key, Json, Nonce) ->
|
|
||||||
PubKey = ejabberd_acme:to_public(Key),
|
|
||||||
{_, BinaryPubKey} = jose_jwk:to_binary(PubKey),
|
|
||||||
PubKeyJson = jiffy:decode(BinaryPubKey),
|
|
||||||
%% TODO: Ensure this works for all cases
|
|
||||||
AlgMap = jose_jwk:signer(Key),
|
|
||||||
JwsMap =
|
|
||||||
#{ <<"jwk">> => PubKeyJson,
|
|
||||||
%% <<"b64">> => true,
|
|
||||||
<<"nonce">> => list_to_bitstring(Nonce)
|
|
||||||
},
|
|
||||||
JwsObj0 = maps:merge(JwsMap, AlgMap),
|
|
||||||
JwsObj = jose_jws:from(JwsObj0),
|
|
||||||
jose_jws:sign(Key, Json, JwsObj).
|
|
||||||
|
|
||||||
-spec sign_encode_json_jose(jose_jwk:key(), bitstring(), nonce()) -> bitstring().
|
|
||||||
sign_encode_json_jose(Key, Json, Nonce) ->
|
|
||||||
{_, Signed} = sign_json_jose(Key, Json, Nonce),
|
|
||||||
%% This depends on jose library, so we can consider it safe
|
|
||||||
jiffy:encode(Signed).
|
|
||||||
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Useful funs
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec get_nonce(proplist()) -> nonce() | 'none'.
|
|
||||||
get_nonce(Head) ->
|
|
||||||
case proplists:lookup("replay-nonce", Head) of
|
|
||||||
{"replay-nonce", Nonce} -> Nonce;
|
|
||||||
none -> none
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec get_location(proplist()) -> url() | 'none'.
|
|
||||||
get_location(Head) ->
|
|
||||||
case proplists:lookup("location", Head) of
|
|
||||||
{"location", Location} -> Location;
|
|
||||||
none -> none
|
|
||||||
end.
|
|
||||||
|
|
||||||
-spec get_tos(proplist()) -> url() | 'none'.
|
|
||||||
get_tos(Head) ->
|
|
||||||
get_header_link(Head, "\"terms-of-service\"").
|
|
||||||
|
|
||||||
-spec get_link_up(proplist()) -> url() | 'none'.
|
|
||||||
get_link_up(Head) ->
|
|
||||||
get_header_link(Head, "rel=\"up\"").
|
|
||||||
|
|
||||||
%% TODO: Find a more reliable way to extract this
|
|
||||||
-spec get_header_link(proplist(), string()) -> url() | 'none'.
|
|
||||||
get_header_link(Head, Suffix) ->
|
|
||||||
try
|
|
||||||
[{_, Link}] = [{K, V} || {K, V} <- Head,
|
|
||||||
K =:= "link" andalso
|
|
||||||
lists:suffix(Suffix, V)],
|
|
||||||
[Link1, _] = string:tokens(Link, ";"),
|
|
||||||
Link2 = string:strip(Link1, left, $<),
|
|
||||||
string:strip(Link2, right, $>)
|
|
||||||
catch
|
|
||||||
_:_ ->
|
|
||||||
none
|
|
||||||
end.
|
|
||||||
|
|
||||||
decode_response(Head, Body, "application/pkix-cert") ->
|
|
||||||
{ok, Head, Body};
|
|
||||||
decode_response(Head, Body, "application/jose+json") ->
|
|
||||||
case decode(Body) of
|
|
||||||
{ok, Return} ->
|
|
||||||
{ok, Head, Return};
|
|
||||||
{error, Reason} ->
|
|
||||||
?ERROR_MSG("Problem decoding: ~s", [Body]),
|
|
||||||
{error, Reason}
|
|
||||||
end.
|
|
||||||
|
|
||||||
encode(EJson) ->
|
|
||||||
try
|
|
||||||
{ok, jiffy:encode(EJson)}
|
|
||||||
catch
|
|
||||||
_:Reason ->
|
|
||||||
{error, Reason}
|
|
||||||
end.
|
|
||||||
|
|
||||||
decode(Json) ->
|
|
||||||
try
|
|
||||||
{Result} = jiffy:decode(Json),
|
|
||||||
{ok, Result}
|
|
||||||
catch
|
|
||||||
_:Reason ->
|
|
||||||
{error, Reason}
|
|
||||||
end.
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Handle Failed HTTP Requests
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
-spec failed_http_request({ok, _} | {error, _}, url()) -> {error, _}.
|
|
||||||
failed_http_request({ok, {{_, Code, Reason}, _Head, Body}}, Url) ->
|
|
||||||
?ERROR_MSG("Unexpected status code from <~s>: ~B, Body: ~s",
|
|
||||||
[Url, Code, Body]),
|
|
||||||
throw({error, {unexpected_code, Code, Reason}});
|
|
||||||
failed_http_request({error, Reason}, Url) ->
|
|
||||||
?ERROR_MSG("Error making a request to <~s>: ~p",
|
|
||||||
[Url, Reason]),
|
|
||||||
throw({error, Reason}).
|
|
@ -99,6 +99,25 @@ transform(_Host, certfiles, CertFiles1, Acc) ->
|
|||||||
CertFiles2 = maps:get(certfiles, Acc, []),
|
CertFiles2 = maps:get(certfiles, Acc, []),
|
||||||
Acc1 = maps:put(certfiles, CertFiles1 ++ CertFiles2, Acc),
|
Acc1 = maps:put(certfiles, CertFiles1 ++ CertFiles2, Acc),
|
||||||
{true, Acc1};
|
{true, Acc1};
|
||||||
|
transform(_Host, acme, ACME, Acc) ->
|
||||||
|
ACME1 = lists:map(
|
||||||
|
fun({ca_url, URL} = Opt) ->
|
||||||
|
case http_uri:parse(binary_to_list(URL)) of
|
||||||
|
{ok, {_, _, "acme-v01.api.letsencrypt.org", _, _, _}} ->
|
||||||
|
NewURL = ejabberd_acme:default_directory_url(),
|
||||||
|
?WARNING_MSG("ACME directory URL ~s defined in "
|
||||||
|
"option acme->ca_url is deprecated "
|
||||||
|
"and was automatically replaced "
|
||||||
|
"with ~s. ~s",
|
||||||
|
[URL, NewURL, adjust_hint()]),
|
||||||
|
{ca_url, NewURL};
|
||||||
|
_ ->
|
||||||
|
Opt
|
||||||
|
end;
|
||||||
|
(Opt) ->
|
||||||
|
Opt
|
||||||
|
end, ACME),
|
||||||
|
{{true, {acme, ACME1}}, Acc};
|
||||||
transform(Host, s2s_use_starttls, required_trusted, Acc) ->
|
transform(Host, s2s_use_starttls, required_trusted, Acc) ->
|
||||||
?WARNING_MSG("The value 'required_trusted' of option "
|
?WARNING_MSG("The value 'required_trusted' of option "
|
||||||
"'s2s_use_starttls' is deprecated and was "
|
"'s2s_use_starttls' is deprecated and was "
|
||||||
@ -550,6 +569,10 @@ validator() ->
|
|||||||
default_db => econf:atom(),
|
default_db => econf:atom(),
|
||||||
default_ram_db => econf:atom(),
|
default_ram_db => econf:atom(),
|
||||||
auth_method => econf:list_or_single(econf:atom()),
|
auth_method => econf:list_or_single(econf:atom()),
|
||||||
|
acme => econf:options(
|
||||||
|
#{ca_url => econf:binary(),
|
||||||
|
'_' => econf:any()},
|
||||||
|
[unique]),
|
||||||
listen =>
|
listen =>
|
||||||
econf:list(
|
econf:list(
|
||||||
econf:options(
|
econf:options(
|
||||||
|
@ -170,7 +170,7 @@ acl() ->
|
|||||||
acl(Host) ->
|
acl(Host) ->
|
||||||
ejabberd_config:get_option({acl, Host}).
|
ejabberd_config:get_option({acl, Host}).
|
||||||
|
|
||||||
-spec acme() -> #{'ca_url'=>binary(), 'contact'=>binary()}.
|
-spec acme() -> #{'auto'=>boolean(), 'ca_url'=>binary(), 'cert_type'=>'ec' | 'rsa', 'contact'=>[binary()]}.
|
||||||
acme() ->
|
acme() ->
|
||||||
ejabberd_config:get_option({acme, global}).
|
ejabberd_config:get_option({acme, global}).
|
||||||
|
|
||||||
|
@ -40,7 +40,9 @@ opt_type(acl) ->
|
|||||||
opt_type(acme) ->
|
opt_type(acme) ->
|
||||||
econf:options(
|
econf:options(
|
||||||
#{ca_url => econf:url(),
|
#{ca_url => econf:url(),
|
||||||
contact => econf:binary("^[a-zA-Z]+:[^:]+$")},
|
contact => econf:list_or_single(econf:binary("^[a-zA-Z]+:[^:]+$")),
|
||||||
|
auto => econf:bool(),
|
||||||
|
cert_type => econf:enum([ec, rsa])},
|
||||||
[unique, {return, map}]);
|
[unique, {return, map}]);
|
||||||
opt_type(allow_contrib_modules) ->
|
opt_type(allow_contrib_modules) ->
|
||||||
econf:bool();
|
econf:bool();
|
||||||
|
@ -26,9 +26,12 @@
|
|||||||
%% API
|
%% API
|
||||||
-export([start_link/0]).
|
-export([start_link/0]).
|
||||||
-export([certs_dir/0]).
|
-export([certs_dir/0]).
|
||||||
-export([add_certfile/1, try_certfile/1, get_certfile/0, get_certfile/1]).
|
-export([add_certfile/1, del_certfile/1, commit/0]).
|
||||||
|
-export([notify_expired/1]).
|
||||||
|
-export([try_certfile/1, get_certfile/0, get_certfile/1]).
|
||||||
|
-export([get_certfile_no_default/1]).
|
||||||
%% Hooks
|
%% Hooks
|
||||||
-export([ejabberd_started/0, config_reloaded/0]).
|
-export([ejabberd_started/0, config_reloaded/0, cert_expired/2]).
|
||||||
%% gen_server callbacks
|
%% gen_server callbacks
|
||||||
-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
|
-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
|
||||||
terminate/2, code_change/3, format_status/2]).
|
terminate/2, code_change/3, format_status/2]).
|
||||||
@ -59,6 +62,14 @@ add_certfile(Path0) ->
|
|||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
-spec del_certfile(file:filename_all()) -> ok.
|
||||||
|
del_certfile(Path0) ->
|
||||||
|
Path = prep_path(Path0),
|
||||||
|
try gen_server:call(?MODULE, {del_certfile, Path}, ?CALL_TIMEOUT)
|
||||||
|
catch exit:{noproc, _} ->
|
||||||
|
pkix:del_file(Path)
|
||||||
|
end.
|
||||||
|
|
||||||
-spec try_certfile(file:filename_all()) -> filename().
|
-spec try_certfile(file:filename_all()) -> filename().
|
||||||
try_certfile(Path0) ->
|
try_certfile(Path0) ->
|
||||||
Path = prep_path(Path0),
|
Path = prep_path(Path0),
|
||||||
@ -103,6 +114,10 @@ certs_dir() ->
|
|||||||
MnesiaDir = mnesia:system_info(directory),
|
MnesiaDir = mnesia:system_info(directory),
|
||||||
filename:join(MnesiaDir, "certs").
|
filename:join(MnesiaDir, "certs").
|
||||||
|
|
||||||
|
-spec commit() -> ok.
|
||||||
|
commit() ->
|
||||||
|
gen_server:call(?MODULE, commit, ?CALL_TIMEOUT).
|
||||||
|
|
||||||
-spec ejabberd_started() -> ok.
|
-spec ejabberd_started() -> ok.
|
||||||
ejabberd_started() ->
|
ejabberd_started() ->
|
||||||
gen_server:call(?MODULE, ejabberd_started, ?CALL_TIMEOUT).
|
gen_server:call(?MODULE, ejabberd_started, ?CALL_TIMEOUT).
|
||||||
@ -111,21 +126,38 @@ ejabberd_started() ->
|
|||||||
config_reloaded() ->
|
config_reloaded() ->
|
||||||
gen_server:call(?MODULE, config_reloaded, ?CALL_TIMEOUT).
|
gen_server:call(?MODULE, config_reloaded, ?CALL_TIMEOUT).
|
||||||
|
|
||||||
|
-spec notify_expired(pkix:notify_event()) -> ok.
|
||||||
|
notify_expired(Event) ->
|
||||||
|
gen_server:cast(?MODULE, Event).
|
||||||
|
|
||||||
|
-spec cert_expired(_, pkix:cert_info()) -> ok.
|
||||||
|
cert_expired(_Cert, #{domains := Domains,
|
||||||
|
expiry := Expiry,
|
||||||
|
files := [{Path, Line}|_]}) ->
|
||||||
|
?WARNING_MSG("Certificate in ~s (at line: ~B)~s ~s",
|
||||||
|
[Path, Line,
|
||||||
|
case Domains of
|
||||||
|
[] -> "";
|
||||||
|
_ -> " for " ++ misc:format_hosts_list(Domains)
|
||||||
|
end,
|
||||||
|
format_expiration_date(Expiry)]).
|
||||||
|
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
%%% gen_server callbacks
|
%%% gen_server callbacks
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
-spec init([]) -> {ok, state()}.
|
-spec init([]) -> {ok, state()}.
|
||||||
init([]) ->
|
init([]) ->
|
||||||
process_flag(trap_exit, true),
|
process_flag(trap_exit, true),
|
||||||
|
ejabberd_hooks:add(cert_expired, ?MODULE, cert_expired, 50),
|
||||||
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 100),
|
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 100),
|
||||||
ejabberd_hooks:add(ejabberd_started, ?MODULE, ejabberd_started, 30),
|
ejabberd_hooks:add(ejabberd_started, ?MODULE, ejabberd_started, 30),
|
||||||
case add_files() of
|
case add_files() of
|
||||||
{Files, []} ->
|
{_Files, []} ->
|
||||||
{ok, #state{files = Files}};
|
{ok, #state{}};
|
||||||
{Files, [_|_]} ->
|
{Files, [_|_]} ->
|
||||||
case ejabberd:is_loaded() of
|
case ejabberd:is_loaded() of
|
||||||
true ->
|
true ->
|
||||||
{ok, #state{files = Files}};
|
{ok, #state{}};
|
||||||
false ->
|
false ->
|
||||||
del_files(Files),
|
del_files(Files),
|
||||||
stop_ejabberd()
|
stop_ejabberd()
|
||||||
@ -137,13 +169,15 @@ init([]) ->
|
|||||||
handle_call({add_certfile, Path}, _From, State) ->
|
handle_call({add_certfile, Path}, _From, State) ->
|
||||||
case add_file(Path) of
|
case add_file(Path) of
|
||||||
ok ->
|
ok ->
|
||||||
Files = sets:add_element(Path, State#state.files),
|
{reply, {ok, Path}, State};
|
||||||
{reply, {ok, Path}, State#state{files = Files}};
|
|
||||||
{error, _} = Err ->
|
{error, _} = Err ->
|
||||||
{reply, Err, State}
|
{reply, Err, State}
|
||||||
end;
|
end;
|
||||||
|
handle_call({del_certfile, Path}, _From, State) ->
|
||||||
|
pkix:del_file(Path),
|
||||||
|
{reply, ok, State};
|
||||||
handle_call(ejabberd_started, _From, State) ->
|
handle_call(ejabberd_started, _From, State) ->
|
||||||
case commit() of
|
case do_commit() of
|
||||||
{ok, []} ->
|
{ok, []} ->
|
||||||
check_domain_certfiles(),
|
check_domain_certfiles(),
|
||||||
{reply, ok, State};
|
{reply, ok, State};
|
||||||
@ -151,22 +185,25 @@ handle_call(ejabberd_started, _From, State) ->
|
|||||||
stop_ejabberd()
|
stop_ejabberd()
|
||||||
end;
|
end;
|
||||||
handle_call(config_reloaded, _From, State) ->
|
handle_call(config_reloaded, _From, State) ->
|
||||||
Old = State#state.files,
|
Files = get_certfiles_from_config_options(),
|
||||||
New = get_certfiles_from_config_options(),
|
_ = add_files(Files),
|
||||||
del_files(sets:subtract(Old, New)),
|
case do_commit() of
|
||||||
_ = add_files(New),
|
|
||||||
case commit() of
|
|
||||||
{ok, _} ->
|
{ok, _} ->
|
||||||
check_domain_certfiles(),
|
check_domain_certfiles(),
|
||||||
{reply, ok, State#state{files = New}};
|
{reply, ok, State};
|
||||||
error ->
|
error ->
|
||||||
{reply, ok, State}
|
{reply, ok, State}
|
||||||
end;
|
end;
|
||||||
|
handle_call(commit, From, State) ->
|
||||||
|
handle_call(config_reloaded, From, State);
|
||||||
handle_call(Request, _From, State) ->
|
handle_call(Request, _From, State) ->
|
||||||
?WARNING_MSG("Unexpected call: ~p", [Request]),
|
?WARNING_MSG("Unexpected call: ~p", [Request]),
|
||||||
{noreply, State}.
|
{noreply, State}.
|
||||||
|
|
||||||
-spec handle_cast(term(), state()) -> {noreply, state()}.
|
-spec handle_cast(term(), state()) -> {noreply, state()}.
|
||||||
|
handle_cast({cert_expired, Cert, CertInfo}, State) ->
|
||||||
|
ejabberd_hooks:run(cert_expired, [Cert, CertInfo]),
|
||||||
|
{noreply, State};
|
||||||
handle_cast(Request, State) ->
|
handle_cast(Request, State) ->
|
||||||
?WARNING_MSG("Unexpected cast: ~p", [Request]),
|
?WARNING_MSG("Unexpected cast: ~p", [Request]),
|
||||||
{noreply, State}.
|
{noreply, State}.
|
||||||
@ -179,6 +216,7 @@ handle_info(Info, State) ->
|
|||||||
-spec terminate(normal | shutdown | {shutdown, term()} | term(),
|
-spec terminate(normal | shutdown | {shutdown, term()} | term(),
|
||||||
state()) -> any().
|
state()) -> any().
|
||||||
terminate(_Reason, State) ->
|
terminate(_Reason, State) ->
|
||||||
|
ejabberd_hooks:delete(cert_expired, ?MODULE, cert_expired, 50),
|
||||||
ejabberd_hooks:delete(ejabberd_started, ?MODULE, ejabberd_started, 30),
|
ejabberd_hooks:delete(ejabberd_started, ?MODULE, ejabberd_started, 30),
|
||||||
ejabberd_hooks:delete(config_reloaded, ?MODULE, config_reloaded, 100),
|
ejabberd_hooks:delete(config_reloaded, ?MODULE, config_reloaded, 100),
|
||||||
del_files(State#state.files).
|
del_files(State#state.files).
|
||||||
@ -233,11 +271,16 @@ add_file(File) ->
|
|||||||
del_files(Files) ->
|
del_files(Files) ->
|
||||||
lists:foreach(fun pkix:del_file/1, sets:to_list(Files)).
|
lists:foreach(fun pkix:del_file/1, sets:to_list(Files)).
|
||||||
|
|
||||||
-spec commit() -> {ok, [{filename(), pkix:error_reason()}]} | error.
|
-spec do_commit() -> {ok, [{filename(), pkix:error_reason()}]} | error.
|
||||||
commit() ->
|
do_commit() ->
|
||||||
CAFile = ejabberd_option:ca_file(),
|
CAFile = ejabberd_option:ca_file(),
|
||||||
?DEBUG("Using CA root certificates from: ~s", [CAFile]),
|
?DEBUG("Using CA root certificates from: ~s", [CAFile]),
|
||||||
Opts = [{cafile, CAFile}],
|
Opts = [{cafile, CAFile},
|
||||||
|
{notify_before, [7*24*60*60, % 1 week
|
||||||
|
24*60*60, % 1 day
|
||||||
|
60*60, % 1 hour
|
||||||
|
0]},
|
||||||
|
{notify_fun, fun ?MODULE:notify_expired/1}],
|
||||||
case pkix:commit(certs_dir(), Opts) of
|
case pkix:commit(certs_dir(), Opts) of
|
||||||
{ok, Errors, Warnings, CAError} ->
|
{ok, Errors, Warnings, CAError} ->
|
||||||
log_errors(Errors),
|
log_errors(Errors),
|
||||||
@ -267,12 +310,7 @@ check_domain_certfiles(Hosts) ->
|
|||||||
case get_certfile_no_default(Host) of
|
case get_certfile_no_default(Host) of
|
||||||
error ->
|
error ->
|
||||||
?WARNING_MSG(
|
?WARNING_MSG(
|
||||||
"No certificate found matching '~s': strictly "
|
"No certificate found matching ~s",
|
||||||
"configured clients or servers will reject "
|
|
||||||
"connections with this host; obtain "
|
|
||||||
"a certificate for this (sub)domain from any "
|
|
||||||
"trusted CA such as Let's Encrypt "
|
|
||||||
"(www.letsencrypt.org)",
|
|
||||||
[Host]);
|
[Host]);
|
||||||
_ ->
|
_ ->
|
||||||
ok
|
ok
|
||||||
@ -371,3 +409,29 @@ log_cafile_error({File, Reason}) ->
|
|||||||
[File, pkix:format_error(Reason)]);
|
[File, pkix:format_error(Reason)]);
|
||||||
log_cafile_error(_) ->
|
log_cafile_error(_) ->
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
|
-spec time_before_expiration(calendar:datetime()) -> {non_neg_integer(), string()}.
|
||||||
|
time_before_expiration(Expiry) ->
|
||||||
|
T1 = calendar:datetime_to_gregorian_seconds(Expiry),
|
||||||
|
T2 = calendar:datetime_to_gregorian_seconds(
|
||||||
|
calendar:now_to_datetime(erlang:timestamp())),
|
||||||
|
Secs = max(0, T1 - T2),
|
||||||
|
if Secs == {0, ""};
|
||||||
|
Secs >= 220752000 -> {ceil(Secs/220752000), "year"};
|
||||||
|
Secs >= 2592000 -> {ceil(Secs/2592000), "month"};
|
||||||
|
Secs >= 604800 -> {ceil(Secs/604800), "week"};
|
||||||
|
Secs >= 86400 -> {ceil(Secs/86400), "day"};
|
||||||
|
Secs >= 3600 -> {ceil(Secs/3600), "hour"};
|
||||||
|
Secs >= 60 -> {ceil(Secs/60), "minute"};
|
||||||
|
true -> {Secs, "second"}
|
||||||
|
end.
|
||||||
|
|
||||||
|
-spec format_expiration_date(calendar:datetime()) -> string().
|
||||||
|
format_expiration_date(DateTime) ->
|
||||||
|
case time_before_expiration(DateTime) of
|
||||||
|
{0, _} -> "is expired";
|
||||||
|
{1, Unit} -> "will expire in less than a " ++ Unit;
|
||||||
|
{Int, Unit} ->
|
||||||
|
"will expire in less than " ++ integer_to_list(Int)
|
||||||
|
++ " " ++ Unit ++ "s"
|
||||||
|
end.
|
||||||
|
@ -46,7 +46,6 @@ init([]) ->
|
|||||||
worker(ejabberd_admin),
|
worker(ejabberd_admin),
|
||||||
supervisor(ejabberd_listener),
|
supervisor(ejabberd_listener),
|
||||||
worker(ejabberd_pkix),
|
worker(ejabberd_pkix),
|
||||||
worker(ejabberd_acme),
|
|
||||||
worker(acl),
|
worker(acl),
|
||||||
worker(ejabberd_shaper),
|
worker(ejabberd_shaper),
|
||||||
supervisor(ejabberd_db_sup),
|
supervisor(ejabberd_db_sup),
|
||||||
@ -64,6 +63,7 @@ init([]) ->
|
|||||||
worker(ejabberd_captcha),
|
worker(ejabberd_captcha),
|
||||||
worker(ext_mod),
|
worker(ext_mod),
|
||||||
supervisor(ejabberd_gen_mod_sup, gen_mod),
|
supervisor(ejabberd_gen_mod_sup, gen_mod),
|
||||||
|
worker(ejabberd_acme),
|
||||||
worker(ejabberd_auth),
|
worker(ejabberd_auth),
|
||||||
worker(ejabberd_oauth)]}}.
|
worker(ejabberd_oauth)]}}.
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ stop_child(Proc) ->
|
|||||||
-spec start_modules() -> any().
|
-spec start_modules() -> any().
|
||||||
start_modules() ->
|
start_modules() ->
|
||||||
Hosts = ejabberd_option:hosts(),
|
Hosts = ejabberd_option:hosts(),
|
||||||
?INFO_MSG("Loading modules for ~s", [format_hosts_list(Hosts)]),
|
?INFO_MSG("Loading modules for ~s", [misc:format_hosts_list(Hosts)]),
|
||||||
lists:foreach(fun start_modules/1, Hosts).
|
lists:foreach(fun start_modules/1, Hosts).
|
||||||
|
|
||||||
-spec start_modules(binary()) -> ok.
|
-spec start_modules(binary()) -> ok.
|
||||||
@ -446,25 +446,6 @@ format_module_error(Module, Fun, Arity, Opts, Class, Reason, St) ->
|
|||||||
misc:format_exception(2, Class, Reason, St)])
|
misc:format_exception(2, Class, Reason, St)])
|
||||||
end.
|
end.
|
||||||
|
|
||||||
-spec format_hosts_list([binary()]) -> iolist().
|
|
||||||
format_hosts_list([Host]) ->
|
|
||||||
Host;
|
|
||||||
format_hosts_list([H1, H2]) ->
|
|
||||||
[H1, " and ", H2];
|
|
||||||
format_hosts_list([H1, H2, H3]) ->
|
|
||||||
[H1, ", ", H2, " and ", H3];
|
|
||||||
format_hosts_list([H1, H2|Hs]) ->
|
|
||||||
io_lib:format("~s, ~s and ~B more hosts",
|
|
||||||
[H1, H2, length(Hs)]).
|
|
||||||
|
|
||||||
-spec format_cycle([atom()]) -> iolist().
|
|
||||||
format_cycle([M1]) ->
|
|
||||||
atom_to_list(M1);
|
|
||||||
format_cycle([M1, M2]) ->
|
|
||||||
[atom_to_list(M1), " and ", atom_to_list(M2)];
|
|
||||||
format_cycle([M|Ms]) ->
|
|
||||||
atom_to_list(M) ++ ", " ++ format_cycle(Ms).
|
|
||||||
|
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
%%% Validation
|
%%% Validation
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
@ -602,4 +583,4 @@ warn_cyclic_dep(Path) ->
|
|||||||
"This is either a bug, or the modules are not "
|
"This is either a bug, or the modules are not "
|
||||||
"supposed to work together in this configuration. "
|
"supposed to work together in this configuration. "
|
||||||
"The modules will still be loaded though",
|
"The modules will still be loaded though",
|
||||||
[format_cycle(Path)]).
|
[misc:format_cycle(Path)]).
|
||||||
|
40
src/misc.erl
40
src/misc.erl
@ -40,7 +40,8 @@
|
|||||||
read_css/1, read_img/1, read_js/1, read_lua/1, try_url/1,
|
read_css/1, read_img/1, read_js/1, read_lua/1, try_url/1,
|
||||||
intersection/2, format_val/1, cancel_timer/1, unique_timestamp/0,
|
intersection/2, format_val/1, cancel_timer/1, unique_timestamp/0,
|
||||||
is_mucsub_message/1, best_match/2, pmap/2, peach/2, format_exception/4,
|
is_mucsub_message/1, best_match/2, pmap/2, peach/2, format_exception/4,
|
||||||
parse_ip_mask/1, match_ip_mask/3]).
|
parse_ip_mask/1, match_ip_mask/3, format_hosts_list/1, format_cycle/1,
|
||||||
|
delete_dir/1]).
|
||||||
|
|
||||||
%% Deprecated functions
|
%% Deprecated functions
|
||||||
-export([decode_base64/1, encode_base64/1]).
|
-export([decode_base64/1, encode_base64/1]).
|
||||||
@ -546,6 +547,43 @@ match_ip_mask({0, 0, 0, 0, 0, 16#FFFF, _, _} = IP,
|
|||||||
match_ip_mask(_, _, _) ->
|
match_ip_mask(_, _, _) ->
|
||||||
false.
|
false.
|
||||||
|
|
||||||
|
-spec format_hosts_list([binary(), ...]) -> iolist().
|
||||||
|
format_hosts_list([Host]) ->
|
||||||
|
Host;
|
||||||
|
format_hosts_list([H1, H2]) ->
|
||||||
|
[H1, " and ", H2];
|
||||||
|
format_hosts_list([H1, H2, H3]) ->
|
||||||
|
[H1, ", ", H2, " and ", H3];
|
||||||
|
format_hosts_list([H1, H2|Hs]) ->
|
||||||
|
io_lib:format("~s, ~s and ~B more hosts",
|
||||||
|
[H1, H2, length(Hs)]).
|
||||||
|
|
||||||
|
-spec format_cycle([atom(), ...]) -> iolist().
|
||||||
|
format_cycle([M1]) ->
|
||||||
|
atom_to_list(M1);
|
||||||
|
format_cycle([M1, M2]) ->
|
||||||
|
[atom_to_list(M1), " and ", atom_to_list(M2)];
|
||||||
|
format_cycle([M|Ms]) ->
|
||||||
|
atom_to_list(M) ++ ", " ++ format_cycle(Ms).
|
||||||
|
|
||||||
|
-spec delete_dir(file:filename_all()) -> ok | {error, file:posix()}.
|
||||||
|
delete_dir(Dir) ->
|
||||||
|
try
|
||||||
|
{ok, Entries} = file:list_dir(Dir),
|
||||||
|
lists:foreach(fun(Path) ->
|
||||||
|
case filelib:is_dir(Path) of
|
||||||
|
true ->
|
||||||
|
ok = delete_dir(Path);
|
||||||
|
false ->
|
||||||
|
ok = file:delete(Path)
|
||||||
|
end
|
||||||
|
end, [filename:join(Dir, Entry) || Entry <- Entries]),
|
||||||
|
ok = file:del_dir(Dir)
|
||||||
|
catch
|
||||||
|
_:{badmatch, {error, Error}} ->
|
||||||
|
{error, Error}
|
||||||
|
end.
|
||||||
|
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
%%% Internal functions
|
%%% Internal functions
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
|
@ -1004,7 +1004,7 @@ remove_user(User, Server) ->
|
|||||||
DocRoot1 = expand_host(expand_home(DocRoot), ServerHost),
|
DocRoot1 = expand_host(expand_home(DocRoot), ServerHost),
|
||||||
UserStr = make_user_string(jid:make(User, Server), JIDinURL),
|
UserStr = make_user_string(jid:make(User, Server), JIDinURL),
|
||||||
UserDir = str:join([DocRoot1, UserStr], <<$/>>),
|
UserDir = str:join([DocRoot1, UserStr], <<$/>>),
|
||||||
case del_tree(UserDir) of
|
case misc:delete_dir(UserDir) of
|
||||||
ok ->
|
ok ->
|
||||||
?INFO_MSG("Removed HTTP upload directory of ~s@~s", [User, Server]);
|
?INFO_MSG("Removed HTTP upload directory of ~s@~s", [User, Server]);
|
||||||
{error, enoent} ->
|
{error, enoent} ->
|
||||||
@ -1014,21 +1014,3 @@ remove_user(User, Server) ->
|
|||||||
[User, Server, format_error(Error)])
|
[User, Server, format_error(Error)])
|
||||||
end,
|
end,
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
-spec del_tree(file:filename_all()) -> ok | {error, file:posix()}.
|
|
||||||
del_tree(Dir) ->
|
|
||||||
try
|
|
||||||
{ok, Entries} = file:list_dir(Dir),
|
|
||||||
lists:foreach(fun(Path) ->
|
|
||||||
case filelib:is_dir(Path) of
|
|
||||||
true ->
|
|
||||||
ok = del_tree(Path);
|
|
||||||
false ->
|
|
||||||
ok = file:delete(Path)
|
|
||||||
end
|
|
||||||
end, [filename:join(Dir, Entry) || Entry <- Entries]),
|
|
||||||
ok = file:del_dir(Dir)
|
|
||||||
catch
|
|
||||||
_:{badmatch, {error, Error}} ->
|
|
||||||
{error, Error}
|
|
||||||
end.
|
|
||||||
|
Loading…
Reference in New Issue
Block a user