Mercurial > prosody-modules
annotate mod_muc_occupant_id/mod_muc_occupant_id.lua @ 5298:12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
This can be more privacy-friendly than logging full IP addresses, and also
more informative to a user - IP addresses don't mean much to the average
person, however if they see activity from outside their expected country, they
can immediately identify suspicious activity.
As with IPs, this field is configurable for deployments that would like to
disable it. Location is also not logged when the geoip library is not
available.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 01 Apr 2023 13:11:53 +0100 |
parents | ae27f3359df8 |
children |
rev | line source |
---|---|
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
1 |
3631
d6164ae6179c
mod_muc_occupant_id: Update links to the XEP inbox.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3630
diff
changeset
|
2 -- Implementation of https://xmpp.org/extensions/inbox/occupant-id.html |
3654
7b02b8de6d27
mod_muc_occupant_id: Update XEP number (XEP-0421)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3632
diff
changeset
|
3 -- XEP-0421: Anonymous unique occupant identifiers for MUCs |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
4 |
3632
83a68f5fde1d
mod_muc_occupant_id: depend on muc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3631
diff
changeset
|
5 module:depends("muc"); |
83a68f5fde1d
mod_muc_occupant_id: depend on muc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3631
diff
changeset
|
6 |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
7 local uuid = require "util.uuid"; |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
8 local hmac_sha256 = require "util.hashes".hmac_sha256; |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
9 local b64encode = require "util.encodings".base64.encode; |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
10 |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
11 local xmlns_occupant_id = "urn:xmpp:occupant-id:0"; |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
12 |
3829
f20a5d28910f
mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents:
3775
diff
changeset
|
13 local function generate_id(occupant, room) |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
14 local bare = occupant.bare_jid; |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
15 |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
16 if room._data.occupant_id_salt == nil then |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
17 room._data.occupant_id_salt = uuid.generate(); |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
18 end |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
19 |
4010
ae27f3359df8
mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3945
diff
changeset
|
20 -- XXX: Temporary not-so-important migration measure. Remove this next time |
ae27f3359df8
mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3945
diff
changeset
|
21 -- somebody looks at it. This module used to store every participant's |
ae27f3359df8
mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3945
diff
changeset
|
22 -- occupant-id all the time forever. |
ae27f3359df8
mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3945
diff
changeset
|
23 room._data.occupant_ids = nil; |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
24 |
4010
ae27f3359df8
mod_muc_occupant_id: Don't store occupant-ids.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3945
diff
changeset
|
25 return b64encode(hmac_sha256(bare, room._data.occupant_id_salt)); |
3829
f20a5d28910f
mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents:
3775
diff
changeset
|
26 end |
f20a5d28910f
mod_muc_occupant_id: Ensure occupants have a generated id
Maxime “pep” Buquet <pep@bouah.net>
parents:
3775
diff
changeset
|
27 |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
28 local function update_occupant(event) |
3916
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
29 local stanza, room, occupant, dest_occupant = event.stanza, event.room, event.occupant, event.dest_occupant; |
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
30 |
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
31 -- "muc-occupant-pre-change" provides "dest_occupant" but not "occupant". |
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
32 if dest_occupant ~= nil then |
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
33 occupant = dest_occupant; |
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
34 end |
3670
6a437d6eb69f
mod_muc_occupant_id: add TODO regarding MAM handling
Maxime “pep” Buquet <pep@bouah.net>
parents:
3654
diff
changeset
|
35 |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
36 -- strip any existing <occupant-id/> tags to avoid forgery |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
37 stanza:remove_children("occupant-id", xmlns_occupant_id); |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
38 |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
39 local unique_id = generate_id(occupant, room); |
3904
d14fc974efbc
mod_muc_occupant_id: id is an attribute not a text node
Maxime “pep” Buquet <pep@bouah.net>
parents:
3837
diff
changeset
|
40 stanza:tag("occupant-id", { xmlns = xmlns_occupant_id, id = unique_id }):up(); |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
41 end |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
42 |
3945
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
43 local function muc_private(event) |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
44 local stanza, room = event.stanza, event.room; |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
45 local occupant = room._occupants[stanza.attr.from]; |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
46 |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
47 update_occupant({ |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
48 stanza = stanza, |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
49 room = room, |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
50 occupant = occupant, |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
51 }); |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
52 end |
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
53 |
3629
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
54 module:add_feature(xmlns_occupant_id); |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
55 module:hook("muc-disco#info", function (event) |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
56 event.reply:tag("feature", { var = xmlns_occupant_id }):up(); |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
57 end); |
cfe0907808e1
mod_muc_occupant_id: initial commit
Maxime “pep” Buquet <pep@bouah.net>
parents:
diff
changeset
|
58 |
3835
5258f0afa8b4
mod_muc_occupant_id: Add <occupant-id/> in presence
Maxime “pep” Buquet <pep@bouah.net>
parents:
3834
diff
changeset
|
59 module:hook("muc-broadcast-presence", update_occupant); |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
60 module:hook("muc-occupant-pre-join", update_occupant); |
3916
f1e28dcb3791
mod_muc_occupant_id: Ensure id is added to self-presences, nick changes, etc.
Maxime “pep” Buquet <pep@bouah.net>
parents:
3904
diff
changeset
|
61 module:hook("muc-occupant-pre-change", update_occupant); |
3834
2f189f022b84
mod_muc_occupant_id: Simplify handling of occupants (all into one function)
Maxime “pep” Buquet <pep@bouah.net>
parents:
3831
diff
changeset
|
62 module:hook("muc-occupant-groupchat", update_occupant); |
3945
cf682a02b6d8
mod_muc_occupant_id: Handle MUC-PMs
Maxime “pep” Buquet <pep@bouah.net>
parents:
3916
diff
changeset
|
63 module:hook("muc-private-message", muc_private); |