Mercurial > prosody-modules
annotate mod_e2e_policy/mod_e2e_policy.lua @ 5173:460f78654864
mod_muc_rtbl: also filter messages
This was a bit tricky because we don't want to run the JIDs
through SHA256 on each message. Took a while to come up with this
simple plan of just caching the SHA256 of the JIDs on the
occupants.
This will leave some dirt in the occupants after unloading the
module, but that should be ok; once they cycle the room, the
hashes will be gone.
This is direly needed, otherwise, there is a tight race between
the moderation activities and the actors joining the room.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Tue, 21 Feb 2023 21:37:27 +0100 |
parents | a76c420eca61 |
children |
rev | line source |
---|---|
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
3385
762c7e7ee64b
mod_e2e_policy: Verify that the bare JID of stanza to and from is not in the whitelist
Michel Le Bihan <michel@lebihan.pl>
parents:
3219
diff
changeset
|
2 local jid_bare = require "util.jid".bare; |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
3 local host = module.host; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
4 local e2e_policy_chat = module:get_option_string("e2e_policy_chat", "optional"); -- possible values: none, optional and required |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
5 local e2e_policy_muc = module:get_option_string("e2e_policy_muc", "optional"); -- possible values: none, optional and required |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
6 local e2e_policy_whitelist = module:get_option_set("e2e_policy_whitelist", { }); -- make this module ignore messages sent to and from this JIDs or MUCs |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
7 |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
8 local e2e_policy_message_optional_chat = module:get_option_string("e2e_policy_message_optional_chat", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
9 local e2e_policy_message_required_chat = module:get_option_string("e2e_policy_message_required_chat", "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
10 local e2e_policy_message_optional_muc = module:get_option_string("e2e_policy_message_optional_muc", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
11 local e2e_policy_message_required_muc = module:get_option_string("e2e_policy_message_required_muc", "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server."); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
12 |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
13 function warn_on_plaintext_messages(event) |
2331
611a787e6d08
mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents:
2212
diff
changeset
|
14 -- check if JID is whitelisted |
3386
a76c420eca61
mod_e2e_policy: Fix an error with getting stanza from event
Michel Le Bihan <michel@lebihan.pl>
parents:
3385
diff
changeset
|
15 if e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.from)) or e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.to)) then |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
16 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
17 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
18 local body = event.stanza:get_child_text("body"); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
19 -- do not warn for status messages |
2331
611a787e6d08
mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents:
2212
diff
changeset
|
20 if not body or event.stanza.attr.type == "error" then |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
21 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
22 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
23 -- check otr |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
24 if body and body:sub(1,4) == "?OTR" then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
25 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
26 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
27 -- check omemo https://xmpp.org/extensions/inbox/omemo.html |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
28 if event.stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or event.stanza:get_child("encrypted", "urn:xmpp:omemo:0") then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
29 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
30 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
31 -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
32 if event.stanza:get_child("x", "jabber:x:encrypted") then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
33 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
34 end |
2331
611a787e6d08
mod_e2e_policy: Do not reply to error stenzas
Michel Le Bihan <michel@lebihan.pl>
parents:
2212
diff
changeset
|
35 -- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
36 if event.stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
37 return nil; |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
38 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
39 -- no valid encryption found |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
40 if e2e_policy_chat == "optional" and event.stanza.attr.type ~= "groupchat" then |
3219
58d61459cdb1
mod_e2e_policy: Always add the 'to' in warning stanzas
Michel Le Bihan <michel@lebihan.pl>
parents:
2331
diff
changeset
|
41 event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_chat)); |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
42 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
43 if e2e_policy_chat == "required" and event.stanza.attr.type ~= "groupchat" then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
44 return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_chat)); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
45 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
46 if e2e_policy_muc == "optional" and event.stanza.attr.type == "groupchat" then |
3219
58d61459cdb1
mod_e2e_policy: Always add the 'to' in warning stanzas
Michel Le Bihan <michel@lebihan.pl>
parents:
2331
diff
changeset
|
47 event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_muc)); |
2212
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
48 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
49 if e2e_policy_muc == "required" and event.stanza.attr.type == "groupchat" then |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
50 return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_muc)); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
51 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
52 end |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
53 |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
54 module:hook("pre-message/bare", warn_on_plaintext_messages, 300); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
55 module:hook("pre-message/full", warn_on_plaintext_messages, 300); |
57dcad6543c9
mod_e2e_policy: Initial commit
Michel Le Bihan <michel@lebihan.pl>
parents:
diff
changeset
|
56 module:hook("pre-message/host", warn_on_plaintext_messages, 300); |