Commit 06d664a66225db4a633080d7b0c1f694d65f5623
1 parent
abdf6fab
Exists in
staging
and in
42 other branches
Documenting setup to enable HTTPS support
- New file INSTALL.https.md with instructions to setup Noosfero over HTTPS - Cosmetic changes in INSTALL.varnish.md file - Ejabberd configurations moved out of INSTALL.chat.md file - Fixing a small bug with the Noosfero chat client
Showing
8 changed files
with
344 additions
and
156 deletions
Show diff stats
INSTALL.chat.md
1 | -XMPP/Chat Client Setup | |
2 | -====================== | |
1 | +XMPP/Chat Setup | |
2 | +=============== | |
3 | 3 | |
4 | -To configure XMPP/BOSH in Noosfero you need: | |
4 | +The samples of config file to configure a XMPP/BOSH server with ejabberd, | |
5 | +postgresql and apache2 can be found at util/chat directory. | |
5 | 6 | |
6 | -* REST Client - http://github.com/archiloque/rest-client | |
7 | -* SystemTimer - http://ph7spot.com/musings/system-timer | |
8 | -* Pidgin data files - http://www.pidgin.im/ | |
7 | +This setup supposes that you are using Noosfero installed via Debian package | |
8 | +in a production environment. | |
9 | 9 | |
10 | -If you use Debian 6.0 (squeeze): | |
11 | - | |
12 | - # apt-get install librestclient-ruby pidgin-data ruby1.8-dev | |
13 | - # gem install SystemTimer | |
14 | - | |
15 | -The samples of config file to configure a XMPP/BOSH server with ejabberd, postgresql and apache2 can be found at util/chat directory. | |
16 | - | |
17 | -XMPP/Chat Server Setup | |
18 | -====================== | |
10 | +Steps | |
11 | +===== | |
19 | 12 | |
20 | 13 | This is a step-by-step guide to get a XMPP service working, in a Debian system. |
21 | 14 | |
22 | 15 | ## 1. Install the required packages |
23 | 16 | |
24 | - # apt-get install ejabberd odbc-postgresql | |
17 | + # apt-get install ejabberd odbc-postgresql librestclient-ruby pidgin-data ruby1.8-dev | |
18 | + # gem install SystemTimer | |
25 | 19 | |
26 | 20 | ## 2. Ejabberd configuration |
27 | 21 | |
28 | -All the following changes must be done in config file: `/etc/ejabberd/ejabberd.cfg` | |
29 | - | |
30 | -### 2.1. Set the default admin user | |
31 | - | |
32 | - { acl, admin, { user, "john", "www.example.com" } }. | |
33 | - { acl, admin, { user, "bart", "www.example.com" } }. | |
34 | - | |
35 | -### 2.2. Set the default host | |
36 | - | |
37 | - { hosts, [ "www.example.com" ] }. | |
38 | - | |
39 | -### 2.3. Http-Bind activation | |
40 | - | |
41 | - { 5280, ejabberd_http, [ | |
42 | - http_bind, | |
43 | - web_admin | |
44 | - ] | |
45 | - } | |
46 | - | |
47 | - (...) | |
48 | - | |
49 | - { modules, [ | |
50 | - {mod_http_bind, []}, | |
51 | - ... | |
52 | - ] }. | |
53 | - | |
54 | -Ejabberd creates semi-anonymous rooms by default, but Noosfero's Jabber client needs non-anonymous room, then we need to change default params of creation rooms in ejabberd to create non-anonymous rooms. | |
55 | - | |
56 | -In non-anonymous rooms the jabber service sends the new occupant's full JID to all occupants in the room [[1]]. | |
22 | + # cp /usr/share/noosfero/util/chat/ejabberd.cfg /etc/ejabberd/ | |
57 | 23 | |
58 | -Add option "`{default_room_options, [{anonymous, false}]}`" to `/etc/ejabberd/ejabberd.cfg` in mod_muc session. See below: | |
24 | +Edit the /etc/ejabberd/ejabberd.cfg file and set your domain on the first 2 lines. | |
59 | 25 | |
60 | - { mod_muc, [ | |
61 | - %%{host, "conference.@HOST@"}, | |
62 | - {access, muc}, | |
63 | - {access_create, muc}, | |
64 | - {access_persistent, muc}, | |
65 | - {access_admin, muc_admin}, | |
66 | - {max_users, 500}, | |
67 | - {default_room_options, [{anonymous, false}]} | |
68 | - ]}, | |
69 | - | |
70 | -[1]: http://xmpp.org/extensions/xep-0045.html#enter-nonanon | |
71 | - | |
72 | - | |
73 | -### 2.4. Authentication method | |
74 | - | |
75 | -To use Postgresql through ODBC, the following modifications must be done: | |
76 | - | |
77 | - * Disable the default method: | |
78 | - `{auth_method, internal}.` | |
79 | - | |
80 | - * Enable autheticantion through ODBC: | |
81 | - `{auth_method, odbc}.` | |
26 | +## 3. Configuring Postgresql | |
82 | 27 | |
83 | - * Set database server name | |
84 | - `{odbc_server, "DSN=PostgreSQLEjabberdNoosfero"}.` | |
28 | +Give permission to noosfero user create new roles, login as | |
29 | +postgres user and execute: | |
85 | 30 | |
31 | + $ psql | |
32 | + postgres=# GRANT CREATE ON DATABASE noosfero TO noosfero; | |
86 | 33 | |
87 | -### 2.5. Increase the shaper traffic limit | |
34 | +Change the postgresql authentication method to md5 instead of ident, | |
35 | +add the following line to the file /etc/postgresql/8.4/main/pg_hba.conf: | |
88 | 36 | |
89 | - { shaper, normal, { maxrate, 10000000 } }. | |
37 | + # Noosfero user | |
38 | + local noosfero noosfero md5 | |
90 | 39 | |
40 | +(add this line before the following line) | |
91 | 41 | |
92 | -### 2.6. Disable unused modules | |
42 | + # "local" is for Unix domain socket connections only | |
43 | + local all all ident | |
93 | 44 | |
94 | -Unused modules can be disabled, for example: | |
45 | +Restart postgresql server: | |
95 | 46 | |
96 | - * s2s | |
97 | - * web_admin | |
98 | - * mod_pubsub | |
99 | - * mod_irc | |
100 | - * mod_offline | |
101 | - * mod_admin_extra | |
102 | - * mod_register | |
47 | + # service postgresql restart | |
103 | 48 | |
49 | +Login as noosfero user, and execute: | |
104 | 50 | |
105 | -### 2.7. Enable ODBC modules | |
51 | + $ psql -U noosfero -W noosfero < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql | |
106 | 52 | |
107 | - * mod_privacy -> mod_privacy_odbc | |
108 | - * mod_private -> mod_private_odbc | |
109 | - * mod_roster -> mod_roster_odbc | |
53 | +(see database password in the /etc/noosfero/database.yml file) | |
110 | 54 | |
111 | -## 3. Configuring Postgresql | |
55 | +This will create a new schema inside the noosfero database, called `ejabberd`. | |
112 | 56 | |
113 | -Login as noosfero user, and execute: | |
57 | +Note that there should be at least one domain with `is_default = true` in | |
58 | +`domains` table, otherwise people won't be able to see their friends online. | |
114 | 59 | |
115 | - $ psql noosfero < /path/to/noosfero/util/chat/postgresql/ejabberd.sql | |
60 | +## 4. ODBC configuration | |
116 | 61 | |
117 | -Where `noosfero` may need to be replace by the name of the database used for Noosfero. | |
62 | +Create the following files: | |
118 | 63 | |
119 | -This will create a new schema inside the noosfero database, called `ejabberd`. | |
64 | + # cp /usr/share/noosfero/util/chat/odbc.ini /etc/ | |
65 | + # cp /usr/share/noosfero/util/chat/odbcinst.ini /etc/ | |
120 | 66 | |
121 | -Note `noosfero` user should have permission to create Postgresql schemas. Also, there should be at least one domain with `is_default = true` in `domains` table, otherwise people won't be able to see their friends online. | |
67 | +Edit the odbc.ini file and set the password for the database user, see | |
68 | +the file /etc/noosfero/database.yml to get the password. | |
122 | 69 | |
123 | -## 4. ODBC configuration | |
70 | +Adjust premissions: | |
124 | 71 | |
125 | -The following files must be created: | |
126 | - | |
127 | -`/etc/odbc.ini`: | |
128 | - | |
129 | - [PostgreSQLEjabberdNoosfero] | |
130 | - Description = PostgreSQL Noosfero ejabberd database | |
131 | - Driver = PostgreSQL Unicode | |
132 | - Trace = No | |
133 | - TraceFile = /tmp/psqlodbc.log | |
134 | - Database = noosfero | |
135 | - Servername = localhost | |
136 | - UserName = <DBUSER> | |
137 | - Password = <DBPASS> | |
138 | - Port = | |
139 | - ReadOnly = No | |
140 | - RowVersioning = No | |
141 | - ShowSystemTables = No | |
142 | - ShowOidColumn = No | |
143 | - FakeOidIndex = No | |
144 | - ConnSettings = SET search_path TO ejabberd | |
145 | - | |
146 | -`/etc/odbcinst.ini`: | |
147 | - | |
148 | - [PostgreSQL Unicode] | |
149 | - Description = PostgreSQL ODBC driver (Unicode version) | |
150 | - Driver = /usr/lib/odbc/psqlodbcw.so | |
151 | - Setup = /usr/lib/odbc/libodbcpsqlS.so | |
152 | - Debug = 0 | |
153 | - CommLog = 1 | |
154 | - UsageCount = 3 | |
72 | + # chmod 640 /etc/odbc.ini | |
73 | + # chown ejabberd /etc/odbc.ini | |
155 | 74 | |
156 | 75 | ## 4.1 testing all: |
157 | 76 | |
... | ... | @@ -159,7 +78,6 @@ The following files must be created: |
159 | 78 | |
160 | 79 | If the configuration was done right, the message "Connected!" will be displayed. |
161 | 80 | |
162 | - | |
163 | 81 | ## 5. Enabling kernel polling and SMP in `/etc/default/ejabberd` |
164 | 82 | |
165 | 83 | POLL=true |
... | ... | @@ -205,32 +123,45 @@ Note: module proxy_http must be enabled: |
205 | 123 | |
206 | 124 | # a2enmod proxy_http |
207 | 125 | |
208 | -## 8. DNS configuration | |
126 | +Restart services: | |
209 | 127 | |
210 | -For this point, we assume you are using BIND as your DNS server. You need to add the following entries to the DNS zone file corresponding to the domain of your noosfero site: | |
128 | + # service ejabberd restart | |
129 | + # service noosfero restart | |
130 | + # service apache2 restart | |
211 | 131 | |
212 | - _xmpp-client._tcp SRV 5 100 5222 master | |
213 | - conference CNAME master | |
214 | - _xmpp-client._tcp.conference SRV 5 100 5222 master | |
132 | +## 8. Test Apache Configuration | |
215 | 133 | |
216 | -If you are running a DNS server other than BIND, you will have to figure out how to create equivalente rules for your zone file. Patches to this documentation are welcome. | |
134 | +Open in your browser the address: | |
217 | 135 | |
218 | -## 9. Testing this Setup | |
136 | + http://<yout domain>/http-bind | |
219 | 137 | |
220 | -Adjust shell limits to proceed with some benchmarks and load tests: | |
138 | +You should see a page with a message like that: | |
221 | 139 | |
222 | - # ulimit −s 256 | |
223 | - # ulimit −n 8192 | |
224 | - # echo 10 > /proc/sys/net/ipv4/tcp_syn_retries | |
140 | + ejabberd mod_http_bind | |
141 | + An implementation of XMPP over BOSH (XEP-0206) | |
142 | + This web page is only informative. To use HTTP-Bind you need a Jabber/XMPP | |
143 | + client that supports it. | |
225 | 144 | |
226 | -To measure the bandwidth between server and client: | |
145 | +## 9. Test chat session | |
227 | 146 | |
228 | - * at server side: | |
229 | - `# iperf −s` | |
147 | +Open Noosfero console and execute: | |
230 | 148 | |
231 | - * at client side: | |
232 | - `# iperf −c server_ip` | |
149 | +>> environment = Environment.default | |
150 | +>> user = Person['guest'] | |
151 | +>> password = user.user.crypted_password | |
152 | +>> login = user.jid | |
153 | +>> RubyBOSH.initialize_session(login, password, "http://#{environment.default_hostname}/http-bind", :wait => 30, :hold => 1, :window => 5 | |
233 | 154 | |
234 | -For heavy load tests, clone and use this software: | |
155 | +If you have luck, should see something like that: | |
235 | 156 | |
236 | - $ git clone http://git.holoscopio.com/git/metal/tester.git | |
157 | +Ruby-BOSH - SEND | |
158 | +<body window="5" rid="60265" xmlns="http://jabber.org/protocol/httpbind" xmlns:xmpp="urn:xmpp:xbosh" to="vagrant-debian-squeeze.vagrantup.com" wait="30" xmpp:version="1.0" hold="1"/> | |
159 | +Ruby-BOSH - SEND | |
160 | +<body rid="60266" xmlns="http://jabber.org/protocol/httpbind" sid="24cdfc43646a2af1059a7060b677c2e11b26f34f" xmlns:xmpp="urn:xmpp:xbosh" xmpp:version="1.0"><auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Z3Vlc3RAdmFncmFudC1kZWJpYW4tc3F1ZWV6ZS52YWdyYW50dXAuY29tAGd1ZXN0ADEzZTFhYWVlYjRhYjZlMTA0MmRkNWI1YWY0MzM4MjA1OGJiOWZmNzk=</auth></body> | |
161 | +Ruby-BOSH - SEND | |
162 | +<body xmpp:restart="true" rid="60267" xmlns="http://jabber.org/protocol/httpbind" sid="24cdfc43646a2af1059a7060b677c2e11b26f34f" xmlns:xmpp="urn:xmpp:xbosh" xmpp:version="1.0"/> | |
163 | +Ruby-BOSH - SEND | |
164 | +<body rid="60268" xmlns="http://jabber.org/protocol/httpbind" sid="24cdfc43646a2af1059a7060b677c2e11b26f34f" xmlns:xmpp="urn:xmpp:xbosh" xmpp:version="1.0"><iq type="set" xmlns="jabber:client" id="bind_29330"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>bosh_9631</resource></bind></iq></body> | |
165 | +Ruby-BOSH - SEND | |
166 | +<body rid="60269" xmlns="http://jabber.org/protocol/httpbind" sid="24cdfc43646a2af1059a7060b677c2e11b26f34f" xmlns:xmpp="urn:xmpp:xbosh" xmpp:version="1.0"><iq type="set" xmlns="jabber:client" id="sess_21557"><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></iq></body> | |
167 | +=> ["guest@vagrant-debian-squeeze.vagrantup.com", "24cdfc43646a2af1059a7060b677c2e11b26f34f", 60270] | ... | ... |
... | ... | @@ -0,0 +1,115 @@ |
1 | +Setup Noosfero to use HTTPS | |
2 | +=========================== | |
3 | + | |
4 | +This document assumes that you have a fully and clean Noosfero | |
5 | +installation as explained at the `INSTALL.md` file. | |
6 | + | |
7 | +SSL certificate | |
8 | ++++++++++++++++ | |
9 | + | |
10 | +You should get a valid SSL certificate, but if you want to test | |
11 | +your setup before, you could generate a self-signed certificate | |
12 | +as below: | |
13 | + | |
14 | + # mkdir /etc/noosfero/ssl | |
15 | + # cd /etc/noosfero/ssl | |
16 | + # openssl genrsa 1024 > noosfero.key | |
17 | + # openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert | |
18 | + # cat noosfero.key noosfero.cert > noosfero.pem | |
19 | + | |
20 | +There are two ways of using SSL with Noosfero: 1) If you are not using | |
21 | +Varnish; and 2) If you are using Varnish. | |
22 | + | |
23 | +1) If you are are not using Varnish | |
24 | ++++++++++++++++++++++++++++++++++++ | |
25 | + | |
26 | +Simply do a redirect in apache to force all connections with SSL: | |
27 | + | |
28 | + <VirtualHost *:8080> | |
29 | + ServerName test.stoa.usp.br | |
30 | + | |
31 | + Redirect / https://example.com/ | |
32 | + </VirtualHost> | |
33 | + | |
34 | +And set a vhost to receive then: | |
35 | + | |
36 | + <VirtualHost *:443> | |
37 | + ServerName example.com | |
38 | + | |
39 | + SSLEngine On | |
40 | + SSLCertificateFile /etc/ssl/certs/cert.pem | |
41 | + SSLCertificateKeyFile /etc/ssl/private/cert.key | |
42 | + | |
43 | + Include /etc/noosfero/apache/virtualhost.conf | |
44 | + </VirtualHost> | |
45 | + | |
46 | +Be aware that if you had configured varnish, the requests won't reach | |
47 | +it with this configuration. | |
48 | + | |
49 | +2) If you are using Varnish | |
50 | ++++++++++++++++++++++++++++ | |
51 | + | |
52 | +Varnish isn't able to communicate with the SSL protocol, so we will | |
53 | +need some one who do this and Pound[1] can do the job. In order to | |
54 | +install it in Debian based systems: | |
55 | + | |
56 | + $ sudo apt-get install pound | |
57 | + | |
58 | +Set Varnish to listen in other port than 80: | |
59 | + | |
60 | +/etc/defaults/varnish | |
61 | +--------------------- | |
62 | + | |
63 | + DAEMON_OPTS="-a localhost:6081 \ | |
64 | + -T localhost:6082 \ | |
65 | + -f /etc/varnish/default.vcl \ | |
66 | + -S /etc/varnish/secret \ | |
67 | + -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G" | |
68 | + | |
69 | +Configure Pound: | |
70 | + | |
71 | + # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/ | |
72 | + | |
73 | +Edit /etc/pound.cfg and set the IP and domain of your server. | |
74 | + | |
75 | +Configure Pound to start at system initialization: | |
76 | + | |
77 | +/etc/default/pound | |
78 | +------------------ | |
79 | + | |
80 | + startup=1 | |
81 | + | |
82 | +Set Apache to only listen to localhost: | |
83 | + | |
84 | +/etc/apache2/ports.conf | |
85 | +----------------------- | |
86 | + | |
87 | + Listen 127.0.0.1:8080 | |
88 | + | |
89 | +Restart the services: | |
90 | + | |
91 | + $ sudo service apache2 restart | |
92 | + $ sudo service varnish restart | |
93 | + | |
94 | +Start pound: | |
95 | + | |
96 | + $ sudo service pound start | |
97 | + | |
98 | +[1] http://www.apsis.ch/pound | |
99 | + | |
100 | +Noosfero XMPP chat | |
101 | +++++++++++++++++++ | |
102 | + | |
103 | +If you want to use chat over HTTPS, then you should add the domain | |
104 | +and IP of your server in the /etc/hosts file, example: | |
105 | + | |
106 | +/etc/hosts | |
107 | +---------- | |
108 | + | |
109 | + 192.168.1.86 mydomain.example.com | |
110 | + | |
111 | +Also, it's recomended that you remove lines above from the file | |
112 | +`/etc/apache2/sites-enabled/noosfero`: | |
113 | + | |
114 | + RewriteEngine On | |
115 | + Include /usr/share/noosfero/util/chat/apache/xmpp.conf | ... | ... |
INSTALL.varnish.md
... | ... | @@ -24,10 +24,6 @@ Install the RPAF apache module (or skip this step if not using apache): |
24 | 24 | |
25 | 25 | 3b) Edit `/etc/apache2/sites-enabled/*`, and change `<VirtualHost *:80>` to `<VirtualHost *:8080>` |
26 | 26 | |
27 | -3c) Restart apache | |
28 | - | |
29 | - # invoke-rc.d apache2 restart | |
30 | - | |
31 | 27 | 4) Varnish configuration |
32 | 28 | |
33 | 29 | 4a) Edit `/etc/default/varnish` |
... | ... | @@ -44,10 +40,6 @@ On manual installations, change `/etc/noosfero/*` to `{Rails.root}/etc/noosfero/ |
44 | 40 | |
45 | 41 | **NOTE**: it is very important that the `*.vcl` files are included in that order, i.e. *first* include `varnish-noosfero.vcl`, and *after* `noosfero-accept-language.cvl`. |
46 | 42 | |
47 | -4c) Restart Varnish | |
48 | - | |
49 | - # invoke-rc.d varnish restart | |
50 | - | |
51 | 43 | 5) Enable varnish logging: |
52 | 44 | |
53 | 45 | 5a) Edit `/etc/default/varnishncsa` and uncomment the line that contains: |
... | ... | @@ -56,8 +48,10 @@ On manual installations, change `/etc/noosfero/*` to `{Rails.root}/etc/noosfero/ |
56 | 48 | |
57 | 49 | The varnish log will be written to `/var/log/varnish/varnishncsa.log` in an apache-compatible format. You should change your statistics generation software (e.g. awstats) to use that instead of apache logs. |
58 | 50 | |
59 | -5b) Restart Varnish Logging service | |
51 | +Thanks to Cosimo Streppone for varnish-accept-language. See http://github.com/cosimo/varnish-accept-language for more information. | |
60 | 52 | |
61 | - # invoke-rc.d varnishncsa restart | |
53 | +6) Restart services | |
62 | 54 | |
63 | -Thanks to Cosimo Streppone for varnish-accept-language. See http://github.com/cosimo/varnish-accept-language for more information. | |
55 | + # service apache2 restart | |
56 | + # service varnish restart | |
57 | + # service varnishncsa restart | ... | ... |
... | ... | @@ -0,0 +1,44 @@ |
1 | +LogLevel 1 | |
2 | +Alive 10 | |
3 | +Client 120 | |
4 | +TimeOut 300 | |
5 | +Control "/var/run/pound/poundctl.socket" | |
6 | + | |
7 | +ListenHTTP | |
8 | + Address 192.168.1.86 | |
9 | + Port 80 | |
10 | + xHTTP 1 | |
11 | + # uncomment code above if you are using chat | |
12 | + #Service | |
13 | + # URL "/http-bind.*" | |
14 | + # Backend | |
15 | + # Address 127.0.0.1 | |
16 | + # Port 5280 | |
17 | + # End | |
18 | + #End | |
19 | + Service | |
20 | + Redirect "https://mydomain.example.com" | |
21 | + End | |
22 | +End | |
23 | + | |
24 | +ListenHTTPS | |
25 | + Address 192.168.1.86 | |
26 | + Port 443 | |
27 | + Cert "/etc/noosfero/ssl/noosfero.pem" | |
28 | + Ciphers "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" | |
29 | + xHTTP 1 | |
30 | + # uncomment code above if you are using chat | |
31 | + #Service | |
32 | + # URL "/http-bind.*" | |
33 | + # Backend | |
34 | + # Address 127.0.0.1 | |
35 | + # Port 5280 | |
36 | + # End | |
37 | + #End | |
38 | + Service | |
39 | + BackEnd | |
40 | + Address 127.0.0.1 | |
41 | + Port 6081 | |
42 | + End | |
43 | + End | |
44 | +End | ... | ... |
public/javascripts/chat.js
... | ... | @@ -99,7 +99,7 @@ jQuery(function($) { |
99 | 99 | }, |
100 | 100 | |
101 | 101 | render_body_message: function(body) { |
102 | - body = body.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/\r?\n/g, '<br>'); | |
102 | + body = body.replace(/\r?\n/g, '<br>'); | |
103 | 103 | body = $().emoticon(body); |
104 | 104 | body = linkify(body, { |
105 | 105 | callback: function(text, href) { |
... | ... | @@ -320,7 +320,7 @@ jQuery(function($) { |
320 | 320 | var jid_id = Jabber.jid_to_id(jid); |
321 | 321 | var name = Jabber.name_of(jid_id); |
322 | 322 | create_conversation_tab(name, jid_id); |
323 | - Jabber.show_message(jid, name, message.body, 'other', Strophe.getNodeFromJid(jid)); | |
323 | + Jabber.show_message(jid, name, escape_html(message.body), 'other', Strophe.getNodeFromJid(jid)); | |
324 | 324 | $.sound.play('/sounds/receive.wav'); |
325 | 325 | return true; |
326 | 326 | }, |
... | ... | @@ -336,7 +336,7 @@ jQuery(function($) { |
336 | 336 | // is a message from another user, not mine |
337 | 337 | else if ($own_name != name) { |
338 | 338 | var jid = Jabber.rooms[Jabber.jid_to_id(message.from)][name]; |
339 | - Jabber.show_message(message.from, name, message.body, name, Strophe.getNodeFromJid(jid)); | |
339 | + Jabber.show_message(message.from, name, escape_html(message.body), name, Strophe.getNodeFromJid(jid)); | |
340 | 340 | $.sound.play('/sounds/receive.wav'); |
341 | 341 | } |
342 | 342 | return true; |
... | ... | @@ -432,7 +432,7 @@ jQuery(function($) { |
432 | 432 | .c('body').t(body).up() |
433 | 433 | .c('active', {xmlns: Strophe.NS.CHAT_STATES}); |
434 | 434 | Jabber.connection.send(message); |
435 | - Jabber.show_message(jid, $own_name, body, 'self', Strophe.getNodeFromJid(Jabber.connection.jid)); | |
435 | + Jabber.show_message(jid, $own_name, escape_html(body), 'self', Strophe.getNodeFromJid(Jabber.connection.jid)); | |
436 | 436 | }, |
437 | 437 | |
438 | 438 | is_a_room: function(jid_id) { |
... | ... | @@ -632,6 +632,13 @@ jQuery(function($) { |
632 | 632 | } |
633 | 633 | } |
634 | 634 | |
635 | + function escape_html(body) { | |
636 | + return body | |
637 | + .replace(/&/g, '&') | |
638 | + .replace(/</g, '<') | |
639 | + .replace(/>/g, '>'); | |
640 | + } | |
641 | + | |
635 | 642 | }); |
636 | 643 | |
637 | 644 | function checkTime(i) { | ... | ... |
... | ... | @@ -0,0 +1,74 @@ |
1 | +%%% | |
2 | +%%% Noosfero ejabberd configuration file | |
3 | +%%% This config must be in UTF-8 encoding | |
4 | +%%% | |
5 | + | |
6 | +{acl, admin, {user, "admin", "mydomain.example.com"}}. | |
7 | +{hosts, ["mydomain.example.com"]}. | |
8 | + | |
9 | +{loglevel, 4}. | |
10 | +{listen, | |
11 | + [ | |
12 | + {5222, ejabberd_c2s, [ | |
13 | + {access, c2s}, | |
14 | + {shaper, c2s_shaper}, | |
15 | + {max_stanza_size, 65536}, | |
16 | + starttls, {certfile, "/etc/ejabberd/ejabberd.pem"} | |
17 | + ]}, | |
18 | + {5280, ejabberd_http, [ | |
19 | + http_bind, | |
20 | + http_poll | |
21 | + ]} | |
22 | + ]}. | |
23 | +{max_fsm_queue, 1000}. | |
24 | +{auth_method, odbc}. | |
25 | +{odbc_server, "DSN=PostgreSQLEjabberdNoosfero"}. | |
26 | +{shaper, normal, {maxrate, 10000000}}. | |
27 | +{shaper, fast, {maxrate, 50000}}. | |
28 | +{acl, local, {user_regexp, ""}}. | |
29 | +{access, max_user_sessions, [{10, all}]}. | |
30 | +{access, local, [{allow, local}]}. | |
31 | +{access, c2s, [{deny, blocked}, | |
32 | + {allow, all}]}. | |
33 | +{access, c2s_shaper, [{none, admin}, | |
34 | + {normal, all}]}. | |
35 | +{access, announce, [{allow, admin}]}. | |
36 | +{access, configure, [{allow, admin}]}. | |
37 | +{access, muc_admin, [{allow, admin}]}. | |
38 | +{access, muc, [{allow, all}]}. | |
39 | +{access, pubsub_createnode, [{allow, all}]}. | |
40 | +{language, "pt"}. | |
41 | +{modules, | |
42 | + [ | |
43 | + {mod_adhoc, []}, | |
44 | + {mod_announce, [{access, announce}]}, % requires mod_adhoc | |
45 | + {mod_caps, []}, | |
46 | + {mod_configure,[]}, % requires mod_adhoc | |
47 | + {mod_disco, []}, | |
48 | + {mod_last, []}, | |
49 | + {mod_muc, [ | |
50 | + {access, muc}, | |
51 | + {access_create, muc}, | |
52 | + {access_persistent, muc}, | |
53 | + {access_admin, muc_admin}, | |
54 | + {max_users, 500}, | |
55 | + {default_room_options, [{anonymous, false}]} | |
56 | + ]}, | |
57 | + {mod_privacy_odbc, []}, | |
58 | + {mod_private_odbc, []}, | |
59 | + {mod_proxy65, [ | |
60 | + {access, local}, | |
61 | + {shaper, c2s_shaper} | |
62 | + ]}, | |
63 | + {mod_roster_odbc, []}, | |
64 | + {mod_stats, []}, | |
65 | + {mod_time, []}, | |
66 | + {mod_vcard, []}, | |
67 | + {mod_http_bind, []}, | |
68 | + {mod_version, []} | |
69 | + ]}. | |
70 | + | |
71 | +%%% Local Variables: | |
72 | +%%% mode: erlang | |
73 | +%%% End: | |
74 | +%%% vim: set filetype=erlang tabstop=8: | ... | ... |
... | ... | @@ -0,0 +1,16 @@ |
1 | +[PostgreSQLEjabberdNoosfero] | |
2 | +Description = PostgreSQL Noosfero ejabberd database | |
3 | +Driver = PostgreSQL Unicode | |
4 | +Trace = No | |
5 | +TraceFile = /tmp/psqlodbc.log | |
6 | +Database = noosfero | |
7 | +Servername = localhost | |
8 | +UserName = noosfero | |
9 | +Password = <copy the password present in the database.yml file> | |
10 | +Port = | |
11 | +ReadOnly = No | |
12 | +RowVersioning = No | |
13 | +ShowSystemTables = No | |
14 | +ShowOidColumn = No | |
15 | +FakeOidIndex = No | |
16 | +ConnSettings = SET search_path TO ejabberd | ... | ... |