Provide an HTTP anthentification over XMPP (XEP-0070).

chteufleur ea4f78e23b Modification because of un-golang fix names in lib go-xmpp. 1 month ago
http a06062e714 Make the transaction ID mandatory again (for security issue). 10 months ago
packaging ce6a3a26af Oups! Forgot to add the lang file and explained it has to be added next to the configuration file. 7 months ago
scripts bed3e755f7 Add packaging instructions and script 7 months ago
xmpp ea4f78e23b Modification because of un-golang fix names in lib go-xmpp. 1 month ago
.gitignore d4996aaea3 initial commit 1 year ago
LICENSE 8bbeed1464 Modification License file 1 year ago
README.md 5fa7fe5235 Add default lang into README. 7 months ago
httpAuth.conf 88f7537bbd Add the XDG specification for configuration file location. 9 months ago
main.go a85f476600 Send multiple bodies with support of xml:lang. 7 months ago
messages.lang a330e7df29 Fix FR message that missed a part of the message. 7 months ago

README.md

HTTPAuthenticationOverXMPP

Provide an HTTP authentication over XMPP. Implementation of XEP-0070.

Can be run as a XMPP client or XMPP component.

Dependencies

  • go-xmpp for the XMPP part.
  • cfg for the configuration file.

Build and run

You must first install go environment on your system. Then, go into your $GOPATH directory and go get the source code.

go get git.kingpenguin.tk/chteufleur/HTTPAuthentificationOverXMPP.git

First, you need to go into directory $GOPATH/src/chteufleur/HTTPAuthentificationOverXMPP.git. Then, you can run the project directly by using command go run main.go. Or, in order to build the project you can run the command go build main.go. It will generate a binary that you can run as any binary file.

Configure

Configure the gateway by editing the httpAuth.conf file in order to give all XMPP and HTTP server informations. This configuration file has to be placed following the XDG specification (example /etc/xdg/http-auth/httpAuth.conf). An example of the config file can be found in the repos.

XMPP

  • xmpp_server_address : Component server address connection (default: 127.0.0.1)
  • xmpp_server_port : Component server port connection (default: 5347)
  • xmpp_jid : Account JID
  • xmpp_secret : Account password
  • xmpp_debug : Enable debug log at true (default: false)
  • xmpp_verify_cert_validity : Enable certificate verification (default: true)
  • xmpp_default_lang : Message default languages

HTTP

  • http_port : HTTP port to bind (default: -1, desactive: -1)
  • https_port : HTTPS port to bind (default: -1, desactive: -1)
  • https_cert_path : Path to the certificate file (default: ./cert.pem)
  • https_key_path : Path to the key file (default: ./key.pem)
  • http_timeout_sec : Define a timeout if user did not give an answer to the request (default: 60)
  • http_bind_address_ipv4 : Bind address on IPv4 (default: 127.0.0.1)
  • http_bind_address_ipv6 : Bind address on IPv6 (default: [::1])

Bold config are mandatory.

If http_bind_address_ipv4 is set to 0.0.0.0, it will bind all address on IPv4 AND IPv6.

The lang messages file must be placed into the same directory than the configuration file. An example of this file can be found in the repos

Usage

To ask authorization, just send an HTTP request to the path /auth with parameters:

  • jid : JID of the user (user@host/resource or user@host)
  • domain : Domain you want to access
  • method : Method you access the domain
  • transaction_id : Transaction identifier (auto generated if not provide)
  • timeout : Timeout of the request in second (default : 60, max : 300)

Bold parameters are mandatory.

Example:

GET /auth?jid=user%40host%2fresource;domain=example.org;method=POST;transaction_id=WhatEverYouWant;timeout=120 HTTP/1.1

This will send a request to the given JID, then return HTTP code depending on what appended.

  • 200 : User accept the request
  • 400 : One or more mandatory parameter(s) is missing
  • 401 : User deny the request or timeout
  • 520 : Unknown error append
  • 523 : Server is unreachable

If the provided JID contain a resource, it will try to send an iq stanza. If the answer to this iq is a feature-not-implemented or service-unavailable error, it will automatically send a message stanza. Unfortunately, if a message stanza is used, their is probably no way to get the error if the JID does not exist or is unreachable.

A demo version can be found at auth.xmpp.kingpenguin.tk for test purpose only.

Help

To get any help, please visit the XMPP conference room at httpauth@muc.kingpenguin.tk with your prefered client, or with your browser.