ejabberd - Comments for "mod_rest"

mod_rest and system commands

nu3ga — Thu, 03 Sep 2009 12:26:35 +0000

Hi!

Since I have strange problems with ejabberd_xmlrpc after updating erlang to R13B01, I looked for another ways to reach desired result, and found, that mod_rest can supply needed functionality. Besides sending messages, README.txt declares:
This module can also be used as a frontend to execute ejabberd commands.
...
Instead of an XMPP stanza, you can provide an ejabberd command to execute:
registered_users localhost

At first, I tried message sending - it work greatly(on the contrary of mod_xmlrpc messages, sent to offline contacts, are always delivered), but when I tested ejabberd command, the result was negative:
ejabberd.log:

=INFO REPORT==== 2009-09-03 07:36:16 ===
D(<0.183.0>:ejabberd_http:129) : S: [{["re3st"],mod_rest}]
=INFO REPORT==== 2009-09-03 07:36:16 ===
I(<0.183.0>:ejabberd_http:131) : started: {gen_tcp,#Port<0.3389>}
=INFO REPORT==== 2009-09-03 07:36:17 ===
D(<0.279.0>:ejabberd_http:242) : (#Port<0.3389>) http query: 'POST' /re3st
=INFO REPORT==== 2009-09-03 07:36:17 ===
D(<0.279.0>:ejabberd_http:405) : client data: " --config /usr/home/jabber2/etc/ejabberd/ejabberd_c.cfg --ctl-config /usr/home/jabber2/etc/ejabberd/ejabberdctl_c.cfg --node c@localhost --logs /usr/home/jabber2/var/log/ejabberd/c --spool /usr/home/jabber2/var/lib/ejabberd/c registered_users company.loc"
=INFO REPORT==== 2009-09-03 07:36:17 ===
D(<0.279.0>:ejabberd_http:310) : ["re3st"] matches ["re3st"]
=INFO REPORT==== 2009-09-03 07:36:17 ===
I(<0.279.0>:mod_rest:88) : Data: " --config /usr/home/jabber2/etc/ejabberd/ejabberd_c.cfg --ctl-config /usr/home/jabber2/etc/ejabberd/ejabberdctl_c.cfg --node c@localhost --logs /usr/home/jabber2/var/log/ejabberd/c --spool /usr/home/jabber2/var/lib/ejabberd/c registered_users company.loc"

script output:

Warning: file_get_contents(http://127.0.0.1:5285/re3st): failed to open stream: HTTP request failed! HTTP/1.0 406 Not Acceptable

Command used
--config /usr/home/jabber2/etc/ejabberd/ejabberd_c.cfg --ctl-config /usr/home/jabber2/etc/ejabberd/ejabberdctl_c.cfg --node c@localhost --logs /usr/home/jabber2/var/log/ejabberd/c --spool /usr/home/jabber2/var/lib/ejabberd/c registered_users company.loc
is a full command, with which I operate with ejabberdctl, as I have specific server configuration(see http://www.ejabberd.im/node/3276).
Using simple registered_users company.loc gave the same result.

System info:

Version:

ejabberd 2.1.0-alpha
(by the way, I expected to get at least 2.1.0-beta1 from svn(https://svn.process-one.net/ejabberd))

SVN:

-ejabberd:2582
-ejabberd-modules:1020

ejabberd_c.cfg(cut):

{modules,
 [
...
    {mod_admin_extra, []},
    {mod_rest, [ {allowed_ips, [ {127,0,0,1} ]} ]},
...
 ]}.
{listen,
 [
...
    {5285, ejabberd_http, [
        {request_handlers, [
            {["re3st"], mod_rest}
        ]}
        ,
        {ip, {127,0,0,1}}
    ]}
...
 ]}.

script.php:

<?php
$request = "<message to=\"user01@company.loc\" from=\"robot@company.loc\"><body>World at ".date("r")."</body></message>";
$cmd = "/usr/home/jabber2/sbin/ejabberdctl";
$config = " --config /usr/home/jabber2/etc/ejabberd/ejabberd_c.cfg" .
        " --ctl-config /usr/home/jabber2/etc/ejabberd/ejabberdctl_c.cfg" .
        " --node c@localhost" .
        " --logs /usr/home/jabber2/var/log/ejabberd/c" .
        " --spool /usr/home/jabber2/var/lib/ejabberd/c";
$request = $config . " registered_users company.loc";
$context = stream_context_create(
        array('http' =>
                    array(
                            'method' => "POST",
                            'header' => "Content-Length: ".strlen($request),
                            'content' => $request
                    )
        )
);
$file = file_get_contents("http://127.0.0.1:5285/re3st", false, $context);
echo "file:[$file]\n";
?>

Modified version of

ejabberd_c.cfg</code:
<code>
...
{acl, bot, {user, "robot", "company.loc"}}.
{access, botctl, [{allow,bot}]}.
...
        {mod_rest, [
                {allowed_ips, [ {127,0,0,1} ]}
                ,{access_commands, [ {botctl, all, []} ]}
        ]},

and script.php:

<?php
...
$request = "--auth robot company.loc robot registered_users 
company.loc";
...
?>

didn't change anything.

The question is obvious :-)))) What do I do wrong?
Thanks.

Only trunk SVN. Workaround for 2.0.x branch

mfoss — Tue, 31 Mar 2009 19:24:24 +0000

spoonmanp wrote:

What does allowed_destinations control? Should that be JIDs?

Yes, JID of destinations. Check the README.txt

spoonmanp wrote:

Is that code in the 2.0.x branch?

No, all the options are only implemented in mod_rest trunk, which requires ejabberd trunk. The reason is that only ejabberd trunk reports the Host in ejabberd_http requests, and that is required to know where to read the configured options.

If you don't want to use ejabberd trunk SVN, here is a workaround: Copy mod_rest.erl from trunk to the 2.0.x branch. Then apply this patch:

--- mod_rest.erl        (revisión: 931)
+++ mod_rest.erl        (copia de trabajo)
@@ -63,10 +63,9 @@

 process([], #request{method = 'POST',
                     data = Data,
-                    host = Host,
                     ip = ClientIp
                    }) ->
-    maybe_post_request(Data, Host, ClientIp);
+    maybe_post_request(Data, "example.com", ClientIp);
 process(_Path, _Request) ->
     ?DEBUG("Got request to ~p: ~p", [_Path, _Request]),
     {200, [], "Try POSTing a stanza."}.

You need to explicitly indicate the ejabberd vhost in the code. Now you can configure the options in mod_rest.

I didn't try, but I imagine this will work.

Awesome, thanks! Is that

spoonmanp — Tue, 31 Mar 2009 19:11:11 +0000

Awesome, thanks! Is that code in the 2.0.x branch? What does allowed_destinations control? Should that be JIDs?

New options allowed_destinations and allowed_stanza_types

mfoss — Tue, 31 Mar 2009 19:06:55 +0000

spoonmanp wrote:

an allowed_stanzas option would be great.

I've added options allowed_destinations and allowed_stanza_types. You could betatest the new code.

That's exactly what I had in

spoonmanp — Tue, 31 Mar 2009 17:56:41 +0000

That's exactly what I had in mind, I simply changed it to accept a wildcard instead of a message stanza, but an allowed_stanzas option would be great.

Maybe just a simple restriction

mfoss — Tue, 31 Mar 2009 17:21:40 +0000

spoonmanp wrote:

Just curious why mod_rest is only setup to accept stanzas?

I guess because the original author only needed 'message' stanzas, and he wanted to restrict the service.

spoonmanp wrote:

Is there any problems that I should be aware of?

Looking at the code, I don't see any reason why there could be problems with other types of stanzas. You can try it, and report if you find some problem.

spoonmanp wrote:

I modified it so it will accept other types of stanzas, for example, so a server can post something to a pubsub node on behalf of a user.

I guess it would be even better if that would be configurable as a mod_rest option: {allowed_stanzas, [message, presence, iq]}, or only some of them.

why does it only accept stanzas

spoonmanp — Tue, 31 Mar 2009 17:03:46 +0000

Just curious why mod_rest is only setup to accept stanzas? I modified it so it will accept other types of stanzas, for example, so a server can post something to a pubsub node on behalf of a user. Is there any problems that I should be aware of?

Dave

Use firewall. In trunk there is configurable option

mfoss — Tue, 31 Mar 2009 15:15:58 +0000

spoonmanp wrote:

Would it be easy to modify it so only requests from a defined IP address will be handled by mod_rest?

You can filter by IP address in your network firewall, instead of in ejabberd. Just configure the ejabberd listener for mod_rest in a custom, specific IP port number, so you can add a rule in your firewall to restrict access to that port number.

If you are running ejabberd trunk from SVN and mod_rest trunk SVN, then you can try a new configurable option in mod_rest that I added today: allowed_ips.

accept request from a specific ip only

spoonmanp — Wed, 25 Mar 2009 21:26:38 +0000

Would it be easy to modify it so only requests from a defined IP address will be handled by mod_rest?

Excellent

PaulKinlan — Tue, 03 Mar 2009 15:44:09 +0000

It works a charm now.

Many Many Thanks.

Paul

Excellent

PaulKinlan — Tue, 03 Mar 2009 14:19:32 +0000

Will try it now... Thanks for the reply and the fix... Will let you know how it goes on.

Try the new mod_rest branch ejabberd-2.0.x

mfoss — Mon, 02 Mar 2009 11:33:00 +0000

PaulKinlan wrote:

I am not too sure what version of ejabbered I am using (but I installed it via apt-get today).

Probably you have ejabberd 2.0.1 or 2.0.3.

PaulKinlan wrote:

mod_rest is the lastet version via SVN,

That is the problem: mod_rest trunk SVN is only compatible with ejabberd trunk SVN, but its README.txt didn't explain this requirement.

Now I've added mod_rest/branches/ejabberd-2.0.x to SVN, which works with ejabberd 2.0.1 and 2.0.3, and documented the requirements.

PaulKinlan wrote:

I have followed the instructions.
...
I am using Fiddler on windows to construct the request to ejabberd on my ubuntu box.

By the way, I added to mod_rest's README.txt some examples to send POST calls using Wget and Lynx.