An XMPP BOSH & WebSocket server (connection manager) written using node.js in Javascript
Project Home Page: https://github.com/dhruvbird/node-xmpp-bosh
-
If you are using node-xmpp-bosh v0.2.2 or earlier, please immediately update to v0.2.3 since it fixes the Billion Laughs (XML Entity Expansion) vulnerability.
-
Some of the configuration variable names will change in v0.3.0. Please update your configuration files to reflect these changes. See issue #15 for more details.
-
The public-API has changed since the 0.4.x series. Please update your code if you are embedding node-xmpp-bosh.
- To run, type:
$ bosh-server
The BOSH is now available at: http://localhost:5280/http-bind/
- For options, type:
$ bosh-server --help
-
For running from within a node application, type:
$ node > var nxb = require("node-xmpp-bosh"); > var server = nxb.start_bosh(); > > // To stop, type: > // server.stop(); >
-
For a more complex setup, see the file main.js
- Multiple Streams
- Stream restarts
- Request & Response Acknowledgements
- Chunked responses (due to node.js)
- STARTTLS support for connecting to the backend XMPP server (tested with google talk & jabber.org)
- Custom stream attributes on stream restart requests
- Custom attributes supported during session creation (passed on to handlers)
- A client may request a custom inactivity period from the server by setting the 'inactivity' attribute in the session creation request
- HTTP POST & GET (for older browsers) are suported (see README.TXT for details)
- A websocket server on the same port as the BOSH server
- Benchmarks: http://code.google.com/p/node-xmpp-bosh/wiki/Benchmarks
- Monitor the BOSH server http://localhost:5280/ (available only if you have node-xmpp-bosh running on your system)
- gzip support for communicating with the backend XMPP server
The following parameters can be set in the configuration file (see the file bosh.conf.example.js for an example). The limits mentioned below are all HARD limits. Soft limits are set internally, but can never exceed the HARD limits. You can run node-xmpp-bosh with a config file as:
$ bosh-server --config=PATH_TO_CONFIG
-
path: The path to listen on (default: /http-bind/)
-
port: The port to listen on (default: 5280)
-
host: The host to listen on (default: 0.0.0.0)
-
max_data_held: The maximum allowable number of bytes that a POST request body may contain. Any request exceeding this value will be dropped (default: 100000)
-
max_xmpp_buffer_size: The maximum size of an incoming XMPP buffer in bytes. If the buffer exceeds this size, then the stream is terminated (default: 500000)
-
max_bosh_connections: The maximum number of simultaneous connections that the BOSH server will entertain for any open BOSH session (default: 2)
-
window_size: The size of the window when entertaining out of order requests (default: 2)
-
default_inactivity: The default (or minimum) inactivity value (in second) that the BOSH server will set for the session inactivity timeout (default: 70)
-
max_inactivity: The maximum inactivity value (in second) that the BOSH server will set for the session inactivity timeout (default: 160)
-
http_headers: A JSON (object) containing HTTP headers to pass on along with the response (default: { })
-
no_tls_domains: A list of Domains for which TLS should NOT be used if the XMPP server supports STARTTLS but does NOT require it (default: [ ])
-
pidgin_compatible: Set to 'true' if you want to be able to use pidgin (any any other libpurple based client) with node-xmpp-bosh. If you set this to 'true', then you lose the ability to create multiple streams on a session (default: false)
The project itself is divided into 4 main components as of now.
-
A BOSH front end (bosh.js). This starts and HTTP server and manages the BOSH sessions and XMPP streams on those sessions. Multiple Streams, message acks, etc... and handled by this component. This is an EventPipe.
-
An XMPP (Jabber) Proxy that is responsible for making single client connections to an XMPP server (xmpp-proxy.js). STARTTLS and any other XMPP specific features are handled by this component. This can be replaced with any other proxy component (such as 0MQ) that connects to the backend server using any custom protocol. You could in theory write a Yahoo! Proxy that presents XMPP compliant XML stanzas to its users but makes HTTP REST calls to communicate with the Yahoo! chat servers. This is an EventEmitter.
-
An endpoint lookup service (lookup-service.js) that implements rules for XMPP service endpoint discovery. This currently encodes various rules to try in order for discovering the service endpoint.
-
An XMPP Proxy Connection (the glue) that connects the BOSH service to the XMPP Proxy (xmpp-proxy-connector.js). Using this abstraction, you can connect different (or event multiple proxies) to the BOSH service at the same time.
You can add more components such as a mailing service that sends emails to clients at their email addresses if the BOSH server is not able to send them certain messages (see the no-client event below).
-
stream-add: Emitted when a new stream is requested by a client
-
stream-terminate: Emitted when a client requests stream termination
-
stream-restart: Emitted when a client requests a stream restart
-
nodes: Emitted when the client wants to send one or more XML stanzas to the backend server
-
no-client: Emitted when a packet to be delivered to the client timed out because the client was unavailable for more than a certain amount of time.
-
error: Emitted when there is an irrecoverable error. You should typically restart the service when this is emitted.
-
response-acknowledged: Emitted when a certain response was acknowledged by the client (i.e. Client sent an ACK for a certain response that was sent to it).
-
response: Emitted (typically by the Connector) when the backend server wants to send the client some XML stanza.
-
terminate: Emitted when the backend server wants to terminate the client's connection (stream).
-
stream-added: Emitted when the backend server starts a new XMPP stream for the client.
-
If a session creation request has the 'ua' attribute, it shall be included in all events that involve that session. This is useful when embedding this library.
-
If a stream restart request has the 'stream_attrs' attribute set, then the value of that attribute is assumed to be a stringified JSON object which is subsequently parsed and every key/value pair is added as an attribute of the stream <stream:stream> tag during this stream restart. If you provide attributes such as 'xmlns' that the BOSH proxy would have added by default, the defaults are ignored and the user set attribute values are preferred.
-
The 'from' attribute (if sent by the client) is echoed back to the client by the server as the 'to' attribute in the session (or stream) creation response.
The URL for the GET handler is the same as that for the post handler. However, instead of passing in the data in the request body, it is passed in via the data= GET query parameter. JSONP is also supported if the callback= GET query parameter is supplied.
-
Example with the request passed in as a GET parameter
http://localhost:5280/http-bind/?data=<body/>
Response:
<body condition="item-not-found" message="Invalid session ID" type="terminate"/>
-
Example with the request and callback passed in as a GET parameter
http://localhost:5280/http-bind/?data=<body/>&callback=res341
Response:
res341({"reply":"<body xmlns="http://jabber.org/protocol/httpbind" condition="item-not-found" message="Invalid session ID" type="terminate"/>"});
- http://xmpp.org/extensions/xep-0124.html
- http://xmpp.org/extensions/xep-0206.html
- http://tools.ietf.org/html/draft-moffitt-xmpp-over-websocket-00
- [Node.js] (http://nodejs.org/)
- [node-expat] (https://github.com/astro/node-expat)
- [ltx] (https://github.com/astro/ltx)
- node-uuid
- tav
- [underscore.js] (https://github.com/documentcloud/underscore)
- [eventpipe] (https://github.com/dhruvbird/eventpipe)
- [dns-srv] (https://github.com/dhruvbird/dns-srv)
- [semver] (https://github.com/isaacs/node-semver)
- [websocket-server] (https://github.com/miksago/node-websocket-server)
- [log4js] (http://log4js.berlios.de/)
- [jsdom] (https://github.com/tmpvar/jsdom) for tests
- [jslint] (https://github.com/reid/node-jslint) for running lintit.sh
-
Servers:
- ejabberd hosted at jappix.com
- M-Link hosted at jabber.org
- Google Talk hosted at gmail.com
- Facebook hosted at chat.facebook.com
- Pappu hosted at talk.to
- Prosody hosted at dukgo.com
- Openfire hosted at ChatMe.im
-
Clients:
- [strophe.js] (http://github.com/metajack/strophejs)
- [JSJaC] (https://github.com/sstrigler/JSJaC) used at jappix.org
- [dojox.xmpp] (http://dojoapi-mirror.devs.nu/jsdoc/dojox/1.2/dojox.xmpp) (modified since node-xmpp-bosh doesn't support the authid attribute)
- libpurple (pidgin as a client)
- [strophe.js websocket client] (https://github.com/superfeedr/strophejs/)
- [strophe.js] (http://github.com/metajack/strophejs)
$ cd tests
$ node basic.js [params] # To check basic working
$ node send_recv.js [params] # To check message sending/stress testing
$ node stress.js [params] # To stress test node-xmpp-bosh
-
node-xmpp-bosh allows you to set custom HTTP headers in the response to every valid request. You can use this in combination with the nginx-sticky-module to load-blance requests across multiple running BOSH server instances.
-
You can also load balance based on the HTTP PATH requested by the client. You may set up node-xmpp-bosh to accept requests as long as they begin with /PREFIX/ and set up nginx to route requests to /PREFIX/A/ to one instance and requests to /PREFIX/B/ to another instance and so on.
- List on xmpp.org
- Punjab - Python & Twisted
- Chirkut - Python & Twisted
- JabberHTTPBind - Java
- Araneo - Python & Twisted
- rhb - Ruby
- Ejabberd websocket module
You can find a list here