annotate mod_adhoc_blacklist/mod_adhoc_blacklist.lua @ 5256:44f7edd4f845

mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Mar 2023 17:52:10 +0100
parents efbb73851af9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1734
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- mod_adhoc_blacklist
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- http://xmpp.org/extensions/xep-0133.html#edit-blacklist
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 --
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- Copyright (C) 2015 Kim Alvefur
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 --
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- This file is MIT/X11 licensed.
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 --
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 module:depends("adhoc");
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local adhoc = module:require "adhoc";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local st = require"util.stanza";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local set = require"util.set";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local dataform = require"util.dataforms";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local adhoc_inital_data = require "util.adhoc".new_initial_data_form;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local blocklist_form = dataform.new {
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 title = "Editing the Blacklist";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 instructions = "Fill out this form to edit the list of entities with whom communications are disallowed.";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 {
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 type = "hidden";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 name = "FORM_TYPE";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 value = "http://jabber.org/protocol/admin";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 {
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 type = "jid-multi";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 name = "blacklistjids";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 label = "The blacklist";
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 }
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 local blocklists = module:open_store("blocklist");
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 local blocklist_handler = adhoc_inital_data(blocklist_form, function ()
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 local blacklistjids = {};
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 local blacklist = blocklists:get();
1736
efbb73851af9 mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents: 1734
diff changeset
37 if blacklist then
efbb73851af9 mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents: 1734
diff changeset
38 for jid in pairs(blacklist) do
efbb73851af9 mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents: 1734
diff changeset
39 table.insert(blacklistjids, jid);
efbb73851af9 mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents: 1734
diff changeset
40 end
1734
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 return { blacklistjids = blacklistjids };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end, function(fields, form_err)
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 if form_err then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 return { status = "completed", error = { message = "Problem in submitted form" } };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 local blacklistjids = set.new(fields.blacklistjids);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 local ok, err = blocklists:set(nil, blacklistjids._items);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 if ok then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 return { status = "completed", info = "Blacklist updated" };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 else
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 return { status = "completed", error = { message = "Error saving blacklist: "..err } };
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 end);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 module:add_item("adhoc", adhoc.new("Edit Blacklist", "http://jabber.org/protocol/admin#edit-blacklist", blocklist_handler, "admin"));
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 local function is_blocked(host)
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 local blacklistjids = blocklists:get();
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 return blacklistjids and blacklistjids[host];
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 module:hook("route/remote", function (event)
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 local origin, stanza = event.origin, event.stanza;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 if is_blocked(event.to_host) then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 if origin and stanza then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed"));
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 return true;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 return false;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 end, 1000);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 module:hook("s2s-stream-features", function (event)
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 local session = event.origin;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 if is_blocked(session.from_host) then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 session:close("policy-violation");
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 return false;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 end, 1000);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 module:hook("stanza/http://etherx.jabber.org/streams:features", function (event)
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 local session = event.origin;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 if is_blocked(session.to_host) then
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 session:close("policy-violation");
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 return true;
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 end
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 end, 1000);
d82b03e79d8b mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90