Mercurial > prosody-modules
annotate mod_compliance_2021/mod_compliance_2021.lua @ 5298:12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
This can be more privacy-friendly than logging full IP addresses, and also
more informative to a user - IP addresses don't mean much to the average
person, however if they see activity from outside their expected country, they
can immediately identify suspicious activity.
As with IPs, this field is configurable for deployments that would like to
disable it. Location is also not logged when the geoip library is not
available.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 01 Apr 2023 13:11:53 +0100 |
| parents | 3a42789d7235 |
| children |
| rev | line source |
|---|---|
|
4411
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Copyright (c) 2021 Kim Alvefur |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- This module is MIT licensed. |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local hostmanager = require "core.hostmanager"; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local array = require "util.array"; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local set = require "util.set"; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local modules_enabled = module:get_option_inherited_set("modules_enabled"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 for host in pairs(hostmanager.get_children(module.host)) do |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local component = module:context(host):get_option_string("component_module"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 if component then |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 modules_enabled:add(component); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 modules_enabled:include(module:context(host):get_option_set("modules_enabled", {})); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local function check(suggested, alternate, ...) |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 if set.intersection(modules_enabled, set.new({suggested; alternate; ...})):empty() then return suggested; end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 return false; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 local compliance = { |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 array {"Core Server"; check("tls"); check("disco")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 array {"Advanced Server"; check("pep", "pep_simple")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 array {"Core Web"; check("bosh"); check("websocket")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 -- No Server requirements for Advanced Web |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 array {"Core IM"; check("vcard_legacy", "vcard"); check("carbons"); check("http_file_share", "http_upload")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 array { |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 "Advanced IM"; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 check("vcard_legacy", "vcard"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 check("blocklist"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 check("muc"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 check("private"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 check("smacks"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 check("mam"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 check("bookmarks"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 }; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 array {"Core Mobile"; check("smacks"); check("csi_simple", "csi_battery_saver")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 array {"Advanced Mobile"; check("cloud_notify")}; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
|
4603
3a42789d7235
mod_compliance_2021: Add mod_turn_external as satisfying A/V category
Kim Alvefur <zash@zash.se>
parents:
4411
diff
changeset
|
51 array {"Core A/V Calling"; check("turn_external", "external_services", "turncredentials", "extdisco")}; |
|
4411
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 }; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 function check_compliance() |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 local compliant = true; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 for _, suite in ipairs(compliance) do |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 local section = suite:pop(1); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 if module:get_option_boolean("compliance_" .. section:lower():gsub("%A", "_"), true) then |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 local missing = set.new(suite:filter(function(m) return type(m) == "string" end):map(function(m) return "mod_" .. m end)); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 if suite[1] then |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 if compliant then |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 compliant = false; |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 module:log("warn", "Missing some modules for XMPP Compliance 2021"); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 module:log("info", "%s Compliance: %s", section, missing); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 if compliant then module:log("info", "XMPP Compliance 2021: Compliant ✔️"); end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 if prosody.start_time then |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 check_compliance() |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 else |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 module:hook_global("server-started", check_compliance); |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 end |
|
c3d21182ebf3
mod_compliance_2021: XEP-0443: XMPP Compliance Suites 2021 self-test
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |