Z-XMPP

XMPP client/library written in Javascript


What does it do?

It's an XMPP (also known as Jabber) client. It's written in Javascript and it's able to serialize (most of) its state. This is done so that making use of the latest innovations in HTML5 such as sessionStorage is not only possible, but is recommended. By serializing the state using sessionStorage and restoring it upon page load, Z-XMPP can persist the XMPP stream between page switches. This is similar to what Facebook Chat seems like to users of Facebook: clicking on a link does not restart the chat session, and to other people, the user does not appear to be logging in and out. At the same time, web developer is not required to create the entire web site using AJAX; backing web site can be written in any way desired, as long as Z-XMPP code is included.

So the biggest specialty of this client compared to its older brethren is its ability to persist the connection between page switches.

Most of the client is the communications code, as well as maintaining relevant state. This is intentionally separated from the (currently extremely rudimentary and poorly written) UI. This means you can either use it as a client, or as a library, or even both.

How to get it? How to contribute?

Client is currently hosted on http://bitbucket.org/ivucica/zxmpp/. See instructions on BitBucket to see how to get the code using Mercurial, or just download an archive of the current snapshot of the code from BitBucket's web interface.

To contribute to the development effort:

Urgently wanted! Someone needs to rewrite the bar interface ASAP. JQuery ninjas are especially welcome to contribute (although anything decently written will be accepted). You don't need to worry about networking; as long as you provide me with a nice&simple API to: 1. add users to roster, 2. remove users to roster, 3. update users in roster, 4. update user's status in roster, 5. display a message from a user, 6. register a callback to send a message... well, that's it! The UI should be bar-based, since that is most useful for most people; otherwise, the field is yours!

How was it implemented?

This client is written in pure Javascript. It communicates with the server using two XMLHTTPRequest-based connections, in accordance to the BOSH specifications: XEP-0124 and XEP-0206. In short, you need a BOSH connection manager (either specialized such as Punjab or built in, such as those in Prosody or ejabberd), which exposes a HTTP-based interface, to which BOSH-based clients such as Z-XMPP can communicate to.

User interface is separately implemented, and it needs to be explicitly linked to Z-XMPP when Z-XMPP and Z-XMPP UI are instantiated. Same with serialization: you need to explicitly serialize and deserialize Z-XMPP on page unload and page load. This allows you to develop your own UI, to intercept <message> stanzas, et cetera. Currently, a low number of callbacks is exposed, but if there is sufficient interest or if it proves fun enough, there are plans to develop Prosody-like plugin API allowing you to register callback to an arbitrary tree node.

Take a look at demo.php in the repository in order to see how to:

To get Facebook Chat-like functionality (that is, automatically log user in when he visits your web site) you should use a bit of your own ingenuity. For my current setup, keywords are: ejabberd, external authentication, one-shot authentication key (to avoid echo-ing plaintext password in HTML sent to the user).

Security Issues

Before you implement Z-XMPP on your latest cool web project, stop. Please note that Z-XMPP is by no means designed to be super-secure. Here is a short list of the current major issues if you're not super careful.

Basic setup

Instead of writing a detailed setup guide, I'll give you just a few tips:

Browser compatibility

To do

My personal want-to-do minilist, in order of necessity:

Licensing

Currently a custom license is used, although a switch to AGPL will probably occur soon. See the LICENSE file in the repository.

Author & contact

Ivan Vučica
zxmpp@vucica.net
http://ivan.vucica.net/
http://blog.vucica.net/
http://twitter.com/ivucica

© 2010 Ivan Vučica