Add support for HTTP Upload headers

Some services use Authorization header [0] to pass upload credential
data. This avoids the token being exposed in server logs and is allowed
by XEP-0363 since version 0.5.0.

This change adds support for headers allowed in XEP-0363: Authorization,
Expires and Cookie.

[0]: https://xmpp.org/extensions/xep-0363.html#request

1 files changed, 11 insertions, 0 deletions

diff --git a/xmpp-vala/src/module/xep/0363_http_file_upload.vala b/xmpp-vala/src/module/xep/0363_http_file_upload.vala
index 8829ad15..ae7169e1 100644
--- a/xmpp-vala/src/module/xep/0363_http_file_upload.vala
+++ b/xmpp-vala/src/module/xep/0363_http_file_upload.vala
@@ -1,5 +1,6 @@
 using Xmpp;
 using Xmpp.Xep;
+using Gee;
 
 namespace Xmpp.Xep.HttpFileUpload {
 
@@ -21,6 +22,7 @@ public class Module : XmppStreamModule {
     public struct SlotResult {
         public string url_get { get; set; }
         public string url_put { get; set; }
+        public HashMap<string, string> headers { get; set; }
     }
     public async SlotResult request_slot(XmppStream stream, string filename, int64 file_size, string? content_type) throws HttpFileTransferError {
         Flag? flag = stream.get_flag(Flag.IDENTITY);
@@ -71,6 +73,15 @@ public class Module : XmppStreamModule {
                 return;
             }
 
+            slot_result.headers = new HashMap<string, string>();
+
+            foreach (StanzaNode node in iq.stanza.get_deep_subnodes(flag.ns_ver + ":slot", flag.ns_ver + ":put", flag.ns_ver + ":header")) {
+                string header_name = node.get_attribute("name");
+                if (header_name == "Authorization" || header_name == "Cookie" || header_name == "Expires") {
+                    slot_result.headers[header_name] = node.get_string_content();
+                }
+            }
+
             slot_result.url_get = url_get;
             slot_result.url_put = url_put;