First commit

.eslintrc.json

@@ -0,0 +1,19 @@
+{
+    "env": {
+        "commonjs": true,
+        "es6": true,
+        "node": true
+    },
+    "extends": [
+        "standard"
+    ],
+    "globals": {
+        "Atomics": "readonly",
+        "SharedArrayBuffer": "readonly"
+    },
+    "parserOptions": {
+        "ecmaVersion": 2018
+    },
+    "rules": {
+    }
+}

.gitignore

@@ -0,0 +1,3 @@
+/node_modules/
+/config.json
+/*.log

.travis.yml

@@ -0,0 +1,10 @@
+dist: xenial
+
+language: node_js
+
+node_js:
+  - node
+  - lts/*
+
+before_script:
+  - cp test/config.json config.json

README.md

@@ -0,0 +1,156 @@
+# XMPP Bot
+
+[![license: AGPLv3](https://img.shields.io/badge/license-AGPLv3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
+[![GitHub release](https://img.shields.io/github/release/nioc/xmpp-bot.svg)](https://github.com/nioc/xmpp-bot/releases/latest)
+[![Build Status](https://travis-ci.org/nioc/xmpp-bot.svg?branch=master)](https://travis-ci.org/nioc/xmpp-bot)
+
+XMPP Bot is a tiny little bot making the link between XMPP conversations and webhooks.
+
+User ⇄ XMPP client ⇄ XMPP Server ⇄ **XMPP Bot** ⇄ REST API
+
+## Key features
+
+-   Call outgoing webhook on XMPP incoming messages from user chat or group chat (Multi-user chat "MUC"),
+
+-   Send message templates (with values to apply to variables in that template) to user or room (MUC) on incoming authorized (basic or bearer) webhook.
+
+## Installation
+
+-   Install [Node.js](https://nodejs.org/):
+    ```shell
+    curl -sL https://deb.nodesource.com/setup_10.x | bash -
+    apt-get install -y nodejs
+    ```
+
+-   Install npm:
+    ```shell
+    npm install npm@latest -g
+    ```
+
+-   Clone repository:
+    ```shell
+    git clone https://github.com/nioc/xmpp-bot.git /usr/local/bin/xmpp-bot/
+    ```
+
+-   Install dependency:
+    ```shell
+    cd /usr/local/bin/xmpp-bot/ && npm install --production
+    ```
+
+-   Create run user (optionnal):
+    ```
+    useradd -r -s /bin/false xmpp-bot
+    chown xmpp-bot:xmpp-bot /usr/local/bin/xmpp-bot -R
+    ```
+
+-   Set [configuration](#configuration) in `config.json` (you can copy `config.json.dist`)
+
+-   Add systemd service from [model](/docs/xmpp-bot.service):
+    ```shell
+    cp docs/xmpp-bot.service /etc/systemd/system/xmpp-bot.service
+    ```
+
+-   Update systemd:
+    ```shell
+    systemctl daemon-reload
+    ```
+
+-   Start service:
+    ```shell
+    systemctl start xmpp-bot
+    ```
+
+-   Start service at boot:
+    ```shell
+    systemctl enable xmpp-bot
+    ```
+
+-   Add fail2ban filter from [model](/docs/xmpp-bot.conf) (optionnal):
+    ```shell
+    cp docs/xmpp-bot.conf /etc/fail2ban/filter.d/xmpp-bot.conf
+    ```
+    Add the jail (`/etc/fail2ban/jail.local`):
+    ```properties
+    [xmpp-bot]
+    enabled  = true
+    port     = http,https
+    filter   = xmpp-bot
+    logpath  = /var/log/xmpp-bot/webhook.log
+    maxretry = 3
+    bantime  = 21600 ; 6 hours
+    ```
+
+## Configuration
+
+### Logger
+
+-    `level` log4js level (all < trace < debug < info < warn < error < fatal < mark < off)
+
+-    `file`, `console` and `stdout` define log appenders (see [log4js doc](https://log4js-node.github.io/log4js-node/appenders.html))
+
+### Webhooks listener
+
+-    `path` and `port` define the listening endpoint
+
+-    `ssl` define key and certificat location and port used for exposing in https, make sure that user of the process is allowed to read cert
+
+-    `users` is an array of user/password for basic authentication
+
+-    `accessLog` define the listener logger
+
+### XMPP Server
+
+-    `host` and `port` define XMPP server
+-    `jid` and `password` define XMPP "bot" user credentials
+-    `rooms` list rooms (and optionnal password) where bot will listen
+
+### Incoming webhooks (list)
+
+-    `path` is the webhook key:a POST request on this path will trigger corresponding `action`
+
+-    `action` among enumeration:
+     -    `send_xmpp_message` will send message (`message` in request body) to `destination` (from request body) ; if `destination` is found in `config.xmppServer.rooms` array, message will send as a groupchat). Request exemple:
+
+            ```http
+            POST /webhooks/w1 HTTP/1.1
+            Host: domain.ltd:8000
+            Content-Type: application/json
+            Authorization: Basic dXNlcjE6cGFzczE=
+            Content-Length: 70
+
+            {
+                "destination":"[email protected]",
+                "message":"Hi, there something wrong."
+            }
+            ```
+
+     -    `send_xmpp_template` will send template with merged variables (using JMESPath) to `destination` (user or room if `sendToGroup` set to true)
+
+### XMPP hooks (list)
+
+-    `room` is the XMPP hook key: an incoming groupchat (or chat) from this room (or this user) will trigger corresponding `action`
+
+-    `action` among enumeration:
+     -    `outgoing_webhook` will execute a request to corresponding webhook with `args` as webhook code
+
+## Credits
+
+-   **[Nioc](https://github.com/nioc/)** - _Initial work_
+
+See also the list of [contributors](https://github.com/nioc/xmpp-bot/contributors) to this project.
+
+This project is powered by the following components:
+
+-   [node-simple-xmpp](https://github.com/simple-xmpp/node-simple-xmpp) (MIT)
+-   [express](https://github.com/expressjs/express) (MIT)
+-   [body-parser](https://github.com/expressjs/body-parser) (MIT)
+-   [express-basic-auth](https://github.com/LionC/express-basic-auth) (MIT)
+-   [morgan](https://github.com/expressjs/morgan) (MIT)
+-   [jmespath.js](https://github.com/jmespath/jmespath.js) (Apache-2.0)
+-   [request](https://github.com/request/request) (Apache-2.0)
+-   [node-cleanup](https://github.com/jtlapp/node-cleanup) (MIT)
+-   [log4js-node](https://github.com/log4js-node/log4js-node) (Apache-2.0)
+
+## License
+
+This project is licensed under the GNU Affero General Public License v3.0 - see the [LICENSE](LICENSE.md) file for details

config.js

@@ -0,0 +1,50 @@
+/**
+ * Configuration
+ *
+ * Handle configuration file
+ *
+ * @file   This files defines the configuration
+ * @author nioc
+ * @since  1.0.0
+ * @license AGPL-3.0+
+ */
+
+module.exports = function Configuration (logger) {
+  let config
+  try {
+    let data = require('fs').readFileSync('./config.json')
+    config = JSON.parse(data)
+  } catch (error) {
+    logger.fatal(`Invalid configuration file: ${error.message}`)
+    process.exit(99)
+  }
+  return {
+    listener: {
+      path: config.webhooksListener.path,
+      port: config.webhooksListener.port,
+      ssl: config.webhooksListener.ssl,
+      log: config.webhooksListener.accessLog,
+      users: config.webhooksListener.users.reduce((acc, user) => {
+        acc[user.login] = user.password
+        return acc
+      }, {})
+    },
+    xmpp: config.xmppServer,
+    logger: config.logger,
+    getWebhookAction: (path) => {
+      return config.incomingWebhooks.find((webhook) => {
+        return (webhook.path === path)
+      })
+    },
+    getOutgoingWebhook: (code) => {
+      return config.outgoingWebhooks.find((webhook) => {
+        return (webhook.code === code)
+      })
+    },
+    getXmppHookAction: (room) => {
+      return config.xmppHooks.find((xmppHook) => {
+        return (xmppHook.room === room)
+      })
+    }
+  }
+}

config.json.dist

@@ -0,0 +1,94 @@
+{
+    "logger": {
+        "level": "debug",
+        "file": {
+            "active": false,
+            "pattern": "%d %p %m",
+            "path": "/var/log/xmpp-bot/",
+            "filename": "xmpp-bot.log"
+        },
+        "console": {
+            "active": false,
+            "coloured": true
+        },
+        "stdout": {
+            "active": true,
+            "pattern": "%p %m"
+        }
+    },
+    "webhooksListener": {
+        "path": "/webhooks",
+        "port": 8000,
+        "ssl": {
+            "port": 8001,
+            "certPath": "/etc/ssl/certs/ssl-cert-snakeoil.pem",
+            "keyPath": "/etc/ssl/private/ssl-cert-snakeoil.key"
+        },
+        "users": [
+            {
+                "login": "login1",
+                "password": "1pass"
+            },
+            {
+                "login": "login2",
+                "password": "2pass"
+            }
+        ],
+        "accessLog": {
+            "active": true,
+            "path": "/var/log/xmpp-bot/",
+            "filename": "webhook.log"
+        }
+    },
+    "xmppServer": {
+        "host": "domain-xmpp.ltd",
+        "port": 5222,
+        "jid": "[email protected]",
+        "password": "botPass",
+        "rooms": [
+            {
+                "id": "[email protected]",
+                "password": null
+            }
+        ]
+    },
+    "incomingWebhooks": [
+        {
+            "path": "/webhooks/w1",
+            "action": "send_xmpp_message"
+        },
+        {
+            "path": "/webhooks/grafana",
+            "action": "send_xmpp_template",
+            "args": {
+                "destination": "[email protected]",
+                "sendToGroup": true
+            },
+            "template": "${title}\r\n${message}\r\n${evalMatches[].metric}: ${evalMatches[].value}\r\n${imageUrl}"
+        }
+    ],
+    "xmppHooks": [
+        {
+            "room": "bot",
+            "action": "outgoing_webhook",
+            "args": ["w1"]
+        },
+        {
+            "room": "[email protected]",
+            "action": "outgoing_webhook",
+            "args": ["w1"]
+        }
+    ],
+    "outgoingWebhooks": [
+        {
+            "code": "w1",
+            "url": "https://domain.ltd:port/path/resource?parameter1=value1",
+            "strictSSL": true,
+            "contentType": "application/json",
+            "authMethod": "basic",
+            "user": "user3",
+            "password": "3pass",
+            "bearer": null
+        }
+    ]
+}

docs/xmpp-bot.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file for webhook log
+
+# Option:  failregex
+# Notes.:  regex to match the Unauthorized log entrys in webhook log (defined in config.json: webhooksListener.accessLog).
+# Values:  TEXT
+#
+[Definition]
+failregex=^<HOST> - .* ".*" 401 \d* ".*" ".*"$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

docs/xmpp-bot.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=XMPP Bot
+Documentation=https://github.com/nioc/xmpp-bot
+After=network.target
+
+[Service]
+User=xmpp-bot
+WorkingDirectory=/usr/local/bin/xmpp-bot/
+ExecStart=/usr/bin/node /usr/local/bin/xmpp-bot/server.js
+Restart=on-failure
+RestartSec=1000ms
+Environment=NODE_ENV=production
+SyslogIdentifier=xmpp-bot
+
+[Install]
+WantedBy=multi-user.target

error.js

@@ -0,0 +1,24 @@
+/**
+ * Close handler
+ *
+ * Disconnect bot from XMPP server before app closes
+ *
+ * @file   This files defines the closing handler
+ * @author nioc
+ * @since  1.0.0
+ * @license AGPL-3.0+
+ */
+
+module.exports = (logger, xmpp) => {
+  let nodeCleanup = require('node-cleanup')
+  nodeCleanup(function (exitCode, signal) {
+    logger.warn(`Received ${exitCode}/${signal} (application is closing), disconnect from XMPP server`)
+    try {
+      xmpp.disconnect()
+    } catch (error) {
+      logger.error('Error during XMPP disconnection: ' + error.message)
+    }
+    logger.debug('Synchronize logs file')
+    logger.shutdown()
+  })
+}