Mercurial > prosody-modules
annotate mod_admin_blocklist/mod_admin_blocklist.lua @ 5173:460f78654864
mod_muc_rtbl: also filter messages
This was a bit tricky because we don't want to run the JIDs
through SHA256 on each message. Took a while to come up with this
simple plan of just caching the SHA256 of the JIDs on the
occupants.
This will leave some dirt in the occupants after unloading the
module, but that should be ok; once they cycle the room, the
hashes will be gone.
This is direly needed, otherwise, there is a tight race between
the moderation activities and the actors joining the room.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Tue, 21 Feb 2023 21:37:27 +0100 |
| parents | 96e83b4a93f7 |
| children |
| rev | line source |
|---|---|
|
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_admin_blocklist |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- If a local admin has blocked a domain, don't allow s2s to that domain |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
|
5017
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
5 -- Copyright (C) 2015-2022 Kim Alvefur |
|
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- This file is MIT/X11 licensed. |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 module:depends("blocklist"); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local st = require"util.stanza"; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local jid_split = require"util.jid".split; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
4805
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
15 local usermanager = require "core.usermanager"; |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
16 |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
17 local admins; |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
18 if usermanager.get_jids_with_role then |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
19 local set = require "util.set"; |
|
5017
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
20 local include_roles = module:get_option_set("admin_blocklist_roles", { "prosody:operator"; "prosody:admin" }); |
|
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
21 |
|
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
22 admins = set.new(); |
|
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
23 for role in include_roles do |
|
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
24 admins:include(set.new(usermanager.get_jids_with_role(role, module.host))); |
|
96e83b4a93f7
mod_admin_blocklist: Add config option for which role(s) to consider (0.12+)
Kim Alvefur <zash@zash.se>
parents:
5016
diff
changeset
|
25 end |
|
4805
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
26 else -- COMPAT w/pre-0.12 |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
27 admins = module:get_option_inherited_set("admins", {}); |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
28 end |
|
683d1ad16b56
mod_admin_blocklist: Update admin check for new 0.12 role API
Kim Alvefur <zash@zash.se>
parents:
2313
diff
changeset
|
29 admins = admins / |
|
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 function (admin) -- Filter out non-local admins |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 local user, host = jid_split(admin); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 if host == module.host then return user; end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local blocklists = module:open_store("blocklist"); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 local function is_blocked(host) |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 for admin in admins do |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 local blocklist = blocklists:get(admin); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 if blocklist and blocklist[host] then |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 return true; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 module:hook("route/remote", function (event) |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 local origin, stanza = event.origin, event.stanza; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 if is_blocked(event.to_host) then |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 if origin and stanza then |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed")); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 return true; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 return false; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 end |
|
2313
5d05139d0555
mod_admin_blocklist: Do block check only when a stanza is about to trigger a new outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
1735
diff
changeset
|
55 end, -9); |
|
1735
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 module:hook("s2s-stream-features", function (event) |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 local session = event.origin; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 if is_blocked(session.from_host) then |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 session:close("policy-violation"); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 return false; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 end, 1000); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 module:hook("stanza/http://etherx.jabber.org/streams:features", function (event) |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 local session = event.origin; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 if is_blocked(session.to_host) then |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 session:close("policy-violation"); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 return true; |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end, 1000); |
|
c2d43b568178
mod_admin_blocklist: Prevents s2s connections to/from domains blocked by a local admin using mod_blocklist (0.10+)
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |