Mercurial > prosody-modules
annotate mod_adhoc_blacklist/mod_adhoc_blacklist.lua @ 5256:44f7edd4f845
mod_http_oauth2: Reject non-local hosts in more code paths
We're not issuing tokens for users on remote hosts, we can't even
authenticate them since they're remote. Thus the host is always the
local module.host so no need to pass around the host in most cases or
use it for anything but enforcing the same host.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 17:52:10 +0100 |
parents | efbb73851af9 |
children |
rev | line source |
---|---|
1734
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_adhoc_blacklist |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- http://xmpp.org/extensions/xep-0133.html#edit-blacklist |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- Copyright (C) 2015 Kim Alvefur |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- This file is MIT/X11 licensed. |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 module:depends("adhoc"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local adhoc = module:require "adhoc"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local st = require"util.stanza"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local set = require"util.set"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local dataform = require"util.dataforms"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local adhoc_inital_data = require "util.adhoc".new_initial_data_form; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local blocklist_form = dataform.new { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 title = "Editing the Blacklist"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 instructions = "Fill out this form to edit the list of entities with whom communications are disallowed."; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 type = "hidden"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 name = "FORM_TYPE"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 value = "http://jabber.org/protocol/admin"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 type = "jid-multi"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 name = "blacklistjids"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 label = "The blacklist"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 } |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local blocklists = module:open_store("blocklist"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 local blocklist_handler = adhoc_inital_data(blocklist_form, function () |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local blacklistjids = {}; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 local blacklist = blocklists:get(); |
1736
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
37 if blacklist then |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
38 for jid in pairs(blacklist) do |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
39 table.insert(blacklistjids, jid); |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
40 end |
1734
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 return { blacklistjids = blacklistjids }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end, function(fields, form_err) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 if form_err then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 return { status = "completed", error = { message = "Problem in submitted form" } }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 local blacklistjids = set.new(fields.blacklistjids); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 local ok, err = blocklists:set(nil, blacklistjids._items); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 if ok then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 return { status = "completed", info = "Blacklist updated" }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 else |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 return { status = "completed", error = { message = "Error saving blacklist: "..err } }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 end); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 module:add_item("adhoc", adhoc.new("Edit Blacklist", "http://jabber.org/protocol/admin#edit-blacklist", blocklist_handler, "admin")); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 local function is_blocked(host) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 local blacklistjids = blocklists:get(); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 return blacklistjids and blacklistjids[host]; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 module:hook("route/remote", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 local origin, stanza = event.origin, event.stanza; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 if is_blocked(event.to_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 if origin and stanza then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed")); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 return true; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 return false; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 module:hook("s2s-stream-features", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 local session = event.origin; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 if is_blocked(session.from_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 session:close("policy-violation"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 return false; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 module:hook("stanza/http://etherx.jabber.org/streams:features", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 local session = event.origin; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 if is_blocked(session.to_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 session:close("policy-violation"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 return true; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |