annotate mod_e2e_policy/mod_e2e_policy.lua @ 5173:460f78654864

mod_muc_rtbl: also filter messages This was a bit tricky because we don't want to run the JIDs through SHA256 on each message. Took a while to come up with this simple plan of just caching the SHA256 of the JIDs on the occupants. This will leave some dirt in the occupants after unloading the module, but that should be ok; once they cycle the room, the hashes will be gone. This is direly needed, otherwise, there is a tight race between the moderation activities and the actors joining the room.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Feb 2023 21:37:27 +0100
parents a76c420eca61
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
1 local st = require "util.stanza";
3385
762c7e7ee64b mod_e2e_policy: Verify that the bare JID of stanza to and from is not in the whitelist
Michel Le Bihan <michel@lebihan.pl>
parents: 3219
diff changeset
2 local jid_bare = require "util.jid".bare;
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
3 local host = module.host;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
4 local e2e_policy_chat = module:get_option_string("e2e_policy_chat", "optional"); -- possible values: none, optional and required
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
5 local e2e_policy_muc = module:get_option_string("e2e_policy_muc", "optional"); -- possible values: none, optional and required
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
6 local e2e_policy_whitelist = module:get_option_set("e2e_policy_whitelist", { }); -- make this module ignore messages sent to and from this JIDs or MUCs
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
7
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
8 local e2e_policy_message_optional_chat = module:get_option_string("e2e_policy_message_optional_chat", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server.");
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
9 local e2e_policy_message_required_chat = module:get_option_string("e2e_policy_message_required_chat", "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server.");
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
10 local e2e_policy_message_optional_muc = module:get_option_string("e2e_policy_message_optional_muc", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server.");
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
11 local e2e_policy_message_required_muc = module:get_option_string("e2e_policy_message_required_muc", "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server.");
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
12
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
13 function warn_on_plaintext_messages(event)
2331
611a787e6d08 mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents: 2212
diff changeset
14 -- check if JID is whitelisted
3386
a76c420eca61 mod_e2e_policy: Fix an error with getting stanza from event
Michel Le Bihan <michel@lebihan.pl>
parents: 3385
diff changeset
15 if e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.from)) or e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.to)) then
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
16 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
17 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
18 local body = event.stanza:get_child_text("body");
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
19 -- do not warn for status messages
2331
611a787e6d08 mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents: 2212
diff changeset
20 if not body or event.stanza.attr.type == "error" then
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
21 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
22 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
23 -- check otr
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
24 if body and body:sub(1,4) == "?OTR" then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
25 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
26 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
27 -- check omemo https://xmpp.org/extensions/inbox/omemo.html
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
28 if event.stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or event.stanza:get_child("encrypted", "urn:xmpp:omemo:0") then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
29 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
30 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
31 -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
32 if event.stanza:get_child("x", "jabber:x:encrypted") then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
33 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
34 end
2331
611a787e6d08 mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents: 2212
diff changeset
35 -- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
36 if event.stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
37 return nil;
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
38 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
39 -- no valid encryption found
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
40 if e2e_policy_chat == "optional" and event.stanza.attr.type ~= "groupchat" then
3219
58d61459cdb1 mod_e2e_policy: Always add the 'to' in warning stanzas
Michel Le Bihan <michel@lebihan.pl>
parents: 2331
diff changeset
41 event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_chat));
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
42 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
43 if e2e_policy_chat == "required" and event.stanza.attr.type ~= "groupchat" then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
44 return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_chat));
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
45 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
46 if e2e_policy_muc == "optional" and event.stanza.attr.type == "groupchat" then
3219
58d61459cdb1 mod_e2e_policy: Always add the 'to' in warning stanzas
Michel Le Bihan <michel@lebihan.pl>
parents: 2331
diff changeset
47 event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_muc));
2212
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
48 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
49 if e2e_policy_muc == "required" and event.stanza.attr.type == "groupchat" then
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
50 return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_muc));
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
51 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
52 end
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
53
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
54 module:hook("pre-message/bare", warn_on_plaintext_messages, 300);
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
55 module:hook("pre-message/full", warn_on_plaintext_messages, 300);
57dcad6543c9 mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff changeset
56 module:hook("pre-message/host", warn_on_plaintext_messages, 300);