diff options
author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2019-11-06 13:10:32 +0100 |
---|---|---|
committer | fiaxh <fiaxh@users.noreply.github.com> | 2019-11-19 21:24:28 +0100 |
commit | 687ec1a15969a88e00f84b6f45f751c99cc91d92 (patch) | |
tree | f48e2fca3be2723abb89e97000ece96e04a565b4 | |
parent | e6918b35b382c3365b220582a32c97ec25037cc8 (diff) | |
download | dino-687ec1a15969a88e00f84b6f45f751c99cc91d92.tar.gz dino-687ec1a15969a88e00f84b6f45f751c99cc91d92.zip |
Add support for HTTP Upload headers
Some services use Authorization header [0] to pass upload credential
data. This avoids the token being exposed in server logs and is allowed
by XEP-0363 since version 0.5.0.
This change adds support for headers allowed in XEP-0363: Authorization,
Expires and Cookie.
[0]: https://xmpp.org/extensions/xep-0363.html#request
-rw-r--r-- | libdino/src/service/file_manager.vala | 1 | ||||
-rw-r--r-- | plugins/http-files/src/file_sender.vala | 4 | ||||
-rw-r--r-- | xmpp-vala/src/module/xep/0363_http_file_upload.vala | 11 |
3 files changed, 16 insertions, 0 deletions
diff --git a/libdino/src/service/file_manager.vala b/libdino/src/service/file_manager.vala index 841a6b53..a7d7b94a 100644 --- a/libdino/src/service/file_manager.vala +++ b/libdino/src/service/file_manager.vala @@ -358,6 +358,7 @@ public class FileSendData { } public class HttpFileSendData : FileSendData { public string url_down { get; set; } public string url_up { get; set; } + public HashMap<string, string> headers { get; set; } public bool encrypt_message { get; set; default=true; } } diff --git a/plugins/http-files/src/file_sender.vala b/plugins/http-files/src/file_sender.vala index 41829dd9..3d250c1f 100644 --- a/plugins/http-files/src/file_sender.vala +++ b/plugins/http-files/src/file_sender.vala @@ -28,6 +28,7 @@ public class HttpFileSender : FileSender, Object { var slot_result = yield stream_interactor.module_manager.get_module(file_transfer.account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).request_slot(stream, file_transfer.server_file_name, file_meta.size, file_meta.mime_type); send_data.url_down = slot_result.url_get; send_data.url_up = slot_result.url_put; + send_data.headers = slot_result.headers; } catch (Xep.HttpFileUpload.HttpFileTransferError e) { throw new FileSendError.UPLOAD_FAILED("Http file upload XMPP error: %s".printf(e.message)); } @@ -96,6 +97,9 @@ public class HttpFileSender : FileSender, Object { Soup.Message message = new Soup.Message("PUT", file_send_data.url_up); message.request_headers.set_content_type(file_meta.mime_type, null); message.request_headers.set_content_length(file_meta.size); + foreach (var entry in file_send_data.headers.entries) { + message.request_headers.append(entry.key, entry.value); + } message.request_body.set_accumulate(false); message.wrote_headers.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body)); message.wrote_chunk.connect(() => transfer_more_bytes(file_transfer.input_stream, message.request_body)); diff --git a/xmpp-vala/src/module/xep/0363_http_file_upload.vala b/xmpp-vala/src/module/xep/0363_http_file_upload.vala index 8829ad15..ae7169e1 100644 --- a/xmpp-vala/src/module/xep/0363_http_file_upload.vala +++ b/xmpp-vala/src/module/xep/0363_http_file_upload.vala @@ -1,5 +1,6 @@ using Xmpp; using Xmpp.Xep; +using Gee; namespace Xmpp.Xep.HttpFileUpload { @@ -21,6 +22,7 @@ public class Module : XmppStreamModule { public struct SlotResult { public string url_get { get; set; } public string url_put { get; set; } + public HashMap<string, string> headers { get; set; } } public async SlotResult request_slot(XmppStream stream, string filename, int64 file_size, string? content_type) throws HttpFileTransferError { Flag? flag = stream.get_flag(Flag.IDENTITY); @@ -71,6 +73,15 @@ public class Module : XmppStreamModule { return; } + slot_result.headers = new HashMap<string, string>(); + + foreach (StanzaNode node in iq.stanza.get_deep_subnodes(flag.ns_ver + ":slot", flag.ns_ver + ":put", flag.ns_ver + ":header")) { + string header_name = node.get_attribute("name"); + if (header_name == "Authorization" || header_name == "Cookie" || header_name == "Expires") { + slot_result.headers[header_name] = node.get_string_content(); + } + } + slot_result.url_get = url_get; slot_result.url_put = url_put; |