Mercurial > prosody-modules
annotate mod_firewall/actions.lib.lua @ 3568:6b3181fe5617
mod_auth_token: Timezone fix for TOTP checking
luatz.time() returns milliseconds since epoch which is in UTC time, so we don't
need to convert to UTC with gmtime.
By calling gmtime, TOTP validation was failing when this module wasn't running
on machine set to UTC time.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Thu, 02 May 2019 11:07:27 +0200 |
| parents | 78049e8b5a6b |
| children | df6227e288e5 |
| rev | line source |
|---|---|
|
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
1 local interpolation = require "util.interpolation"; |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
2 local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end); |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
3 |
|
2125
edf5cf3c474b
mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents:
2107
diff
changeset
|
4 --luacheck: globals meta idsafe |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local action_handlers = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
961
f0108ec2b016
mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents:
960
diff
changeset
|
7 |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 -- Takes an XML string and returns a code string that builds that stanza |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 -- using st.stanza() |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local function compile_xml(data) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local code = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local first, short_close = true, nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 if tagline:sub(-1,-1) == "/" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 tagline = tagline:sub(1, -2); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 short_close = true; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 if tagline:sub(1,1) == "/" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 code[#code+1] = (":up()"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local name, attr = tagline:match("^(%S*)%s*(.*)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 local attr_str = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 if #attr_str == 0 then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 table.insert(attr_str, ", { "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 table.insert(attr_str, ", "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 end |
|
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
29 if k:find("^%a%w*$") then |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 table.insert(attr_str, string.format("%s = %q", k, v)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 table.insert(attr_str, string.format("[%q] = %q", k, v)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if #attr_str > 0 then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 table.insert(attr_str, " }"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 if first then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil")); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 first = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str))); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 end |
|
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
45 if text and text:find("%S") then |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 code[#code+1] = (string.format(":text(%q)", text)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 elseif short_close then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 short_close = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 code[#code+1] = (":up()"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 return table.concat(code, ""); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
|
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
55 function action_handlers.PASS() |
|
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
56 return "do return pass_return end" |
|
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
57 end |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 function action_handlers.DROP() |
|
958
843795020701
mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents:
957
diff
changeset
|
60 return "do return true end"; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
|
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
63 function action_handlers.DEFAULT() |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
64 return "do return false end"; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
65 end |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
66 |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
67 function action_handlers.RETURN() |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
68 return "do return end" |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
69 end |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
70 |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 function action_handlers.STRIP(tag_desc) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 local code = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 local name, xmlns = tag_desc:match("^(%S+) (.+)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 if not name then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 name, xmlns = tag_desc, nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 if name == "*" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 name = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 code[#code+1] = "stanza:maptags(function (tag) if "; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 if name then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 code[#code+1] = ("tag.name == %q and "):format(name); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 if xmlns then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 code[#code+1] = ("tag.attr.xmlns == stanza_xmlns "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 code[#code+1] = "then return nil; end return tag; end );"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 return table.concat(code); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 function action_handlers.INJECT(tag) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 return "stanza:add_child("..compile_xml(tag)..")", { "st" }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 local error_types = { |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 ["bad-request"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 ["conflict"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 ["feature-not-implemented"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 ["forbidden"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 ["gone"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 ["internal-server-error"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 ["item-not-found"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 ["jid-malformed"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 ["not-acceptable"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 ["not-allowed"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 ["not-authorized"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 ["payment-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 ["policy-violation"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 ["recipient-unavailable"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 ["redirect"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 ["registration-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 ["remote-server-not-found"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 ["remote-server-timeout"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 ["resource-constraint"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 ["service-unavailable"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 ["subscription-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 ["undefined-condition"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 ["unexpected-request"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 local function route_modify(make_new, to, drop) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 local reroute, deps = "session.send(newstanza)", { "st" }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 if to then |
|
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
128 reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 deps[#deps+1] = "core_post_stanza"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 end |
|
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
131 return ([[do local newstanza = st.%s; %s;%s end]]) |
|
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
132 :format(make_new, reroute, drop and " return true" or ""), deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1303
diff
changeset
|
134 |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 function action_handlers.BOUNCE(with) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 local error = with and with:match("^%S+") or "service-unavailable"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 local error_type = error:match(":(%S+)"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 if not error_type then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 error_type = error_types[error] or "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 error = error:match("^[^:]+"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 error, error_type = string.format("%q", error), string.format("%q", error_type); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 local text = with and with:match(" %((.+)%)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 if text then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 text = string.format("%q", text); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 text = "nil"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 end |
|
2094
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
150 local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true); |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
151 deps[#deps+1] = "type"; |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
152 deps[#deps+1] = "name"; |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
153 return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
154 ]]..route_modify_code, deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 function action_handlers.REDIRECT(where) |
|
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
158 return route_modify("clone(stanza)", where, true); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 function action_handlers.COPY(where) |
|
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
162 return route_modify("clone(stanza)", where, false); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
164 |
|
959
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
165 function action_handlers.REPLY(with) |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
166 return route_modify(("reply(stanza):body(%q)"):format(with)); |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
167 end |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
168 |
|
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
169 function action_handlers.FORWARD(where) |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
170 local code = [[ |
|
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
171 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
|
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
172 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza); |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
173 core_post_stanza(session, newstanza); |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
174 ]]; |
|
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
175 return code:format(where), { "core_post_stanza", "current_host" }; |
|
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
176 end |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
177 |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 function action_handlers.LOG(string) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 local level = string:match("^%[(%a+)%]") or "info"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 string = string:gsub("^%[%a+%] ?", ""); |
|
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
181 local meta_deps = {}; |
|
2782
8fd37f0e108c
mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents:
2581
diff
changeset
|
182 local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps); |
|
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
183 return code, meta_deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 function action_handlers.RULEDEP(dep) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 return "", { dep }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 |
|
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
190 function action_handlers.EVENT(name) |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
191 return ("fire_event(%q, event)"):format(name); |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
192 end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
193 |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
194 function action_handlers.JUMP_EVENT(name) |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
195 return ("do return fire_event(%q, event); end"):format(name); |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
196 end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
197 |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
198 function action_handlers.JUMP_CHAIN(name) |
|
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
199 return template([[do |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
200 local ret = fire_event($chain_event$, event); |
|
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
201 if ret ~= nil then |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
202 if ret == false then |
|
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
203 log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret)); |
|
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
204 return pass_return; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
205 end |
|
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
206 log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret)); |
|
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
207 return ret; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
208 end |
|
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
209 log("debug", "Chain %q did not accept or reject stanza (ret %s)", $chain_name$, tostring(ret)); |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
210 end]], { chain_event = "firewall/chains/"..name, chain_name = name }); |
|
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
211 end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
212 |
|
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
213 function action_handlers.MARK_ORIGIN(name) |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
214 return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" }; |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
215 end |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
216 |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
217 function action_handlers.UNMARK_ORIGIN(name) |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
218 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
219 end |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
220 |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
221 function action_handlers.MARK_USER(name) |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
222 return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = current_timestamp; end]], { "timestamp" }; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
223 end |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
224 |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
225 function action_handlers.UNMARK_USER(name) |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
226 return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = nil; end]], { "timestamp" }; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
227 end |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
228 |
|
2531
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
229 function action_handlers.ADD_TO(spec) |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
230 local list_name, value = spec:match("(%S+) (.+)"); |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
231 local meta_deps = {}; |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
232 value = meta(("%q"):format(value), meta_deps); |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
233 return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) }; |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
234 end |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
235 |
|
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
236 function action_handlers.UNSUBSCRIBE_SENDER() |
|
2996
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
237 return "rostermanager.unsubscribed(to_node, to_host, bare_from);\ |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
238 rostermanager.roster_push(to_node, to_host, bare_from);\ |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
239 core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));", |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
240 { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" }; |
|
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
241 end |
|
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
242 |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
243 return action_handlers; |