annotate mod_muc_occupant_id/mod_muc_occupant_id.lua @ 5298:12f7d8b901e0

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.
author Matthew Wild <mwild1@gmail.com>
date Sat, 01 Apr 2023 13:11:53 +0100
parents ae27f3359df8
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
1
3631
d6164ae6179c mod_muc_occupant_id: Update links to the XEP inbox.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3630
diff changeset
2 -- Implementation of https://xmpp.org/extensions/inbox/occupant-id.html
3654
7b02b8de6d27 mod_muc_occupant_id: Update XEP number (XEP-0421)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3632
diff changeset
3 -- XEP-0421: Anonymous unique occupant identifiers for MUCs
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
4
3632
83a68f5fde1d mod_muc_occupant_id: depend on muc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3631
diff changeset
5 module:depends("muc");
83a68f5fde1d mod_muc_occupant_id: depend on muc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3631
diff changeset
6
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
7 local uuid = require "util.uuid";
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
8 local hmac_sha256 = require "util.hashes".hmac_sha256;
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
9 local b64encode = require "util.encodings".base64.encode;
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
10
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
11 local xmlns_occupant_id = "urn:xmpp:occupant-id:0";
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
12
3829
f20a5d28910f mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents: 3775
diff changeset
13 local function generate_id(occupant, room)
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
14 local bare = occupant.bare_jid;
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
15
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
16 if room._data.occupant_id_salt == nil then
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
17 room._data.occupant_id_salt = uuid.generate();
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
18 end
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
19
4010
ae27f3359df8 mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3945
diff changeset
20 -- XXX: Temporary not-so-important migration measure. Remove this next time
ae27f3359df8 mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3945
diff changeset
21 -- somebody looks at it. This module used to store every participant's
ae27f3359df8 mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3945
diff changeset
22 -- occupant-id all the time forever.
ae27f3359df8 mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3945
diff changeset
23 room._data.occupant_ids = nil;
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
24
4010
ae27f3359df8 mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3945
diff changeset
25 return b64encode(hmac_sha256(bare, room._data.occupant_id_salt));
3829
f20a5d28910f mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents: 3775
diff changeset
26 end
f20a5d28910f mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents: 3775
diff changeset
27
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
28 local function update_occupant(event)
3916
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
29 local stanza, room, occupant, dest_occupant = event.stanza, event.room, event.occupant, event.dest_occupant;
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
30
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
31 -- "muc-occupant-pre-change" provides "dest_occupant" but not "occupant".
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
32 if dest_occupant ~= nil then
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
33 occupant = dest_occupant;
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
34 end
3670
6a437d6eb69f mod_muc_occupant_id: add TODO regarding MAM handling
Maxime “pep” Buquet <pep@bouah.net>
parents: 3654
diff changeset
35
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
36 -- strip any existing <occupant-id/> tags to avoid forgery
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
37 stanza:remove_children("occupant-id", xmlns_occupant_id);
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
38
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
39 local unique_id = generate_id(occupant, room);
3904
d14fc974efbc mod_muc_occupant_id: id is an attribute not a text node
Maxime “pep” Buquet <pep@bouah.net>
parents: 3837
diff changeset
40 stanza:tag("occupant-id", { xmlns = xmlns_occupant_id, id = unique_id }):up();
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
41 end
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
42
3945
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
43 local function muc_private(event)
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
44 local stanza, room = event.stanza, event.room;
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
45 local occupant = room._occupants[stanza.attr.from];
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
46
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
47 update_occupant({
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
48 stanza = stanza,
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
49 room = room,
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
50 occupant = occupant,
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
51 });
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
52 end
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
53
3629
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
54 module:add_feature(xmlns_occupant_id);
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
55 module:hook("muc-disco#info", function (event)
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
56 event.reply:tag("feature", { var = xmlns_occupant_id }):up();
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
57 end);
cfe0907808e1 mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff changeset
58
3835
5258f0afa8b4 mod_muc_occupant_id: Add <occupant-id/> in presence
Maxime “pep” Buquet <pep@bouah.net>
parents: 3834
diff changeset
59 module:hook("muc-broadcast-presence", update_occupant);
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
60 module:hook("muc-occupant-pre-join", update_occupant);
3916
f1e28dcb3791 mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents: 3904
diff changeset
61 module:hook("muc-occupant-pre-change", update_occupant);
3834
2f189f022b84 mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents: 3831
diff changeset
62 module:hook("muc-occupant-groupchat", update_occupant);
3945
cf682a02b6d8 mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents: 3916
diff changeset
63 module:hook("muc-private-message", muc_private);