annotate mod_ping_muc/mod_ping_muc.lua @ 5298:12f7d8b901e0

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.
author Matthew Wild <mwild1@gmail.com>
date Sat, 01 Apr 2023 13:11:53 +0100
parents 0772facc786f
children d6a695abb33c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4804
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local id = require "util.id";
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local jid = require "util.jid";
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local set = require "util.set";
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local st = require "util.stanza";
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
5130
0772facc786f mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents: 4887
diff changeset
6 if module:get_host_type() ~= "local" then
0772facc786f mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents: 4887
diff changeset
7 module:log("error", "mod_%s must be loaded as a regular module, not on Components", module.name);
0772facc786f mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents: 4887
diff changeset
8 return
0772facc786f mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents: 4887
diff changeset
9 end
0772facc786f mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents: 4887
diff changeset
10
4804
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 module:depends "track_muc_joins";
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 module:add_feature("https://modules.prosody.im/mod_" .. module.name);
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local local_sessions = prosody.hosts[module.host].sessions;
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 module:hook_global("s2s-destroyed", function(event)
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local s2s_session = event.session;
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 if s2s_session.direction == "outgoing" and s2s_session.from_host ~= module.host then
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 return
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 elseif s2s_session.direction == "incoming" and s2s_session.to_host ~= module.host then
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 return
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local related_hosts = set.new({ s2s_session.direction == "outgoing" and s2s_session.to_host or s2s_session.from_host });
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 if s2s_session.hosts then
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 -- While rarely used, multiplexing is still supported
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 for host, state in pairs(s2s_session.hosts) do if state.authed then related_hosts:add(host); end end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 for _, user_session in pairs(local_sessions) do
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 for _, session in pairs(user_session.sessions) do
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 if session.rooms_joined then
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 for room, info in pairs(session.rooms_joined) do
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 local nick = info.nick or info;
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 local room_nick = room .. "/" .. nick;
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 if related_hosts:contains(jid.host(room)) then
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 -- User is in a MUC room for which the s2s connection was lost. Now what?
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 -- Self-ping
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 -- =========
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 --
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 -- Response of <iq type=result> means the user is still in the room
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 -- (and self-ping is supported), so we do nothing.
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 --
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 -- An error reply either means the user has fallen out of the room,
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 -- or that self-ping is unsupported. In the later case, whether the
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 -- user is still joined is indeterminate and we might as well
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 -- pretend they fell out.
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 module:send_iq(st.iq({ type = "get"; id = id.medium(); from = session.full_jid; to = room_nick })
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 :tag("ping", { xmlns = "urn:xmpp:ping"; }))
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 :catch(function(err)
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 module:send(
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 st.presence({ type = "unavailable"; id = id.medium(); to = session.full_jid; from = room_nick })
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 :tag("x", { xmlns = "http://jabber.org/protocol/muc#user" })
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 :tag("item", { affiliation = "none"; role = "none" })
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 :text_tag("reason", err.text or "Connection to remote server lost")
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 :up()
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 :tag("status", { code = "110" }):up()
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 :tag("status", { code = "333" }):up()
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 :reset());
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 end);
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 -- TODO do this with some delay?
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 end
a7c0c70e64b6 mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 end);