annotate mod_muc_access_control/mod_muc_access_control.lua @ 5513:0005d4201030

mod_http_oauth2: Reject duplicate form-urlencoded parameters Per RFC 6749 section 3.1 > Request and response parameters MUST NOT be included more than once. Thanks to OAuch for pointing out Also cleans up some of the icky behavior of formdecode(), like returning a string if no '=' is included.
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 11:03:57 +0200
parents f54c80404ad3
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local st = require "util.stanza";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local jid = require "util.jid";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local nodeprep = require "util.encodings".stringprep.nodeprep;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local unprepped_access_lists = module:get_option("muc_access_lists", {});
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local access_lists = {};
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 -- Make sure all input is prepped
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 for unprepped_room_name, unprepped_list in pairs(unprepped_access_lists) do
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local prepped_room_name = nodeprep(unprepped_room_name);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 if not prepped_room_name then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 module:log("error", "Invalid room name: %s", unprepped_room_name);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 else
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local prepped_list = {};
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 for _, unprepped_jid in ipairs(unprepped_list) do
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
16 local prepped_jid = jid.prep(unprepped_jid);
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 if not prepped_jid then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 module:log("error", "Invalid JID: %s", unprepped_jid);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 else
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
20 prepped_list[prepped_jid] = true;
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 end
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
23 access_lists[prepped_room_name] = prepped_list;
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function is_restricted(room, who)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 local allowed = access_lists[room];
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 if allowed == nil or allowed[who] or allowed[select(2, jid.split(who))] then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 return nil;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 return "forbidden";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 module:hook("presence/full", function(event)
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
38 local stanza = event.stanza;
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
40 if stanza.name == "presence" and stanza.attr.type == "unavailable" then -- Leaving events get discarded
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
41 return;
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
42 end
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 -- Get the room
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 local room = jid.split(stanza.attr.to);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 if not room then return; end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 -- Get who has tried to join it
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 local who = jid.bare(stanza.attr.from)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 -- Checking whether room is restricted
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 local check_restricted = is_restricted(room, who)
3024
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
53 if check_restricted ~= nil then
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
54 event.allowed = false;
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
55 event.stanza.attr.type = 'error';
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
56 return event.origin.send(st.error_reply(event.stanza, "cancel", "forbidden", "You're not allowed to enter this room: " .. check_restricted));
f54c80404ad3 mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents: 1954
diff changeset
57 end
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 end, 10);