XMPP For The Web/Win ::: XMPP-FTW (1.16.8)

XEP-0070 Verifying HTTP requests using XMPP

For more information on the process of verifying HTTP requests it is suggested that you look at the documentation for XEP-0070: Verifying HTTP requests via XMPP.

Receive a HTTP verification request

Requests are received as follows:

        socket.on(
            'xmpp.http.verify',
            function(data) { console.log(data) }
        )

Requests can come in the form of <iq/> or <message/> there are some minor differences to how the data is received and how a response is sent. These will be noted as required.

An example payload is as follows:

        {
            from: { domain: 'media.evilprofessor.co.uk' }  /* ...JID object... */
            id: 'abc-123',
            type: 'message',
            description: 'Did you request this file?',
            request: {
              method: 'GET',
              url: 'https://media.evilprofessor.co.uk/secret.txt',
              id: 'request-1'
            }
        }

Notes:

The value of type can be either iq or message depending on the original request
description is specific to a message type request, and is a human readable string
In the case of an iq type the id is the stanza ID. In the case of a message type the id value is from a <thread/> element, is optionally sent by the server but should be included in any response

Verifying a request

        socket.send(
            'xmpp.http.confirm',
            {
                "to": "media.evilprofessor.co.uk",
                "id": "abc-123",
                "type": "iq",
                "request": {
                    "url": "https://media.evilprofessor.co.uk/secret.txt",
                    "method": "GET",
                    "id": "request-1"
                }

            },
            function(error, data) { console.log(error, data) }
        )

Notes:

type is REQUIRED and must be either iq or message
id is REQUIRED for type iq and SHOULD be provided for type message if sent in the original request
For type iq then providing request details in the response isn't required, but it is REQUIRED for responding to type message
The callback function will be ignored for type message but will be used for type iq. In the case of type iq on success data will be true. Errors otherwise will be sent using the xmpp.error.client event

Denying a request

        socket.send(
            'xmpp.http.deny',
            {
                "to": "media.evilprofessor.co.uk",
                "id": "abc-123",
                "type": "iq",
                "request": {
                    "url": "https://media.evilprofessor.co.uk/secret.txt",
                    "method": "GET",
                    "id": "request-1"
                }

            },
            function(error, data) { console.log(error, data) }
        )

Notes:

type is REQUIRED and must be either iq or message
id is REQUIRED for type iq and SHOULD be provided for type message if sent in the original request
For type iq then providing request details in the response isn't required, but it is REQUIRED for responding to type message
The callback function will be ignored for type message but will be used for type iq. In the case of type iq on success data will be true. Errors otherwise will be sent using the xmpp.error.client event

Pages

Fork me on GitHub