prosody-modules: mod_http_muc_kick/mod_http_muc

annotate mod_http_muc_kick/mod_http_muc_kick.lua @ 5256:44f7edd4f845

mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.

author	Kim Alvefur <zash@zash.se>
date	Thu, 16 Mar 2023 17:52:10 +0100
parents	e524a97730eb
children

rev	line source
4642 9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	1 local jid_split = require "util.jid".prepped_split;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	2 local json = require "util.json";
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	3
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	4 module:depends("http");
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	5
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	6 local authorization = assert(
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	7 module:get_option_string("http_muc_kick_authorization_header", nil),
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	8 "http_muc_kick_authorization_header setting is missing, please add it to the Prosody config before using mod_http_muc_kick"
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	9 );
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	10
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	11 local function is_authorized(request)
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	12 return request.headers.authorization == authorization;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	13 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	14
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	15 local function check_muc(jid)
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	16 local muc_node, host = jid_split(jid);
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	17
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	18 if not hosts[host] then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	19 return nil, nil, "No such host: "..host;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	20 elseif not hosts[host].modules.muc then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	21 return nil, nil, "Host '"..host.."' is not a MUC service";
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	22 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	23
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	24 return muc_node, host;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	25 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	26
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	27 local function get_muc(muc_jid)
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	28 local muc_node, host, err = check_muc(muc_jid);
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	29 if not muc_node then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	30 return nil, host, err;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	31 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	32
4652 e524a97730eb mod_http_muc_kick: Missing local keyword Seve Ferrer <seve@delape.net> parents: 4643 diff changeset	33 local muc = prosody.hosts[host].modules.muc.get_room_from_jid(muc_jid);
4642 9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	34 if not muc then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	35 return nil, host, "No MUC '"..muc_node.."' found for host: "..host;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	36 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	37
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	38 return muc;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	39 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	40
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	41 local function handle_error(response, status_code, error)
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	42 response.headers.content_type = "application/json";
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	43 response.status_code = status_code;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	44 response:send(json.encode({error = error}));
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	45
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	46 -- return true to keep the connection open, and prevent other handlers from executing.
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	47 -- https://prosody.im/doc/developers/http#return_value
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	48 return true;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	49 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	50
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	51 module:provides("http", {
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	52 route = {
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	53 ["POST"] = function (event)
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	54 local request, response = event.request, event.response;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	55
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	56 if not is_authorized(request) then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	57 return handle_error(response, 401, "Authorization failed");
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	58 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	59
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	60 local body = json.decode(request.body or "") or {};
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	61 if not body then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	62 return handle_error(response, 400, "JSON body not found");
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	63 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	64
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	65 local nickname, muc_jid, reason = body.nickname, body.muc, body.reason or "";
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	66 if not nickname or not muc_jid then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	67 return handle_error(response, 400, "Missing nickname and/or MUC");
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	68 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	69
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	70 local muc, _, err = get_muc(muc_jid);
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	71 if not muc then
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	72 return handle_error(response, 404, "MUC not found: " .. err);
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	73 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	74
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	75 local occupant_jid = muc.jid .. "/" .. nickname;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	76
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	77 -- Kick user by giving them the "none" role
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	78 -- https://xmpp.org/extensions/xep-0045.html#kick
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	79 local success, error, condition = muc:set_role(true, occupant_jid, nil, reason);
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	80 if not success then
4643 df09f9ce0b1b mod_http_muc_kick: Fix typo Seve Ferrer <seve@delape.net> parents: 4642 diff changeset	81 return handle_error(response, 400, "Couldn't kick user: ".. error .. ": " .. condition);
4642 9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	82 end
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	83
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	84 -- Kick was successful
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	85 return 200;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	86 end;
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	87 };
9fc52ccfb445 mod_http_muc_kick: Publish module Seve Ferrer <seve@delape.net> parents: diff changeset	88 });

Mercurial > prosody-modules

annotate mod_http_muc_kick/mod_http_muc_kick.lua @ 5256:44f7edd4f845