Mercurial > prosody-modules
annotate mod_firewall/actions.lib.lua @ 5593:6d0574bfbf5d
mod_client_management: Include software version in table (when known)
Showing software versions could be useful for statistical reasons, e.g.
determining how quickly (or not) users upgrade, but most importantly for
revoking vulnerable clients versions in case of a security issue.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 13 Jul 2023 23:26:02 +0200 |
parents | 1249ab2f797c |
children | bfc35ae9edcb |
rev | line source |
---|---|
3973
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3483
diff
changeset
|
1 local unpack = table.unpack or unpack; |
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3483
diff
changeset
|
2 |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
3 local interpolation = require "util.interpolation"; |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
4 local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end); |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
5 |
2125
edf5cf3c474b
mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents:
2107
diff
changeset
|
6 --luacheck: globals meta idsafe |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local action_handlers = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
961
f0108ec2b016
mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents:
960
diff
changeset
|
9 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 -- Takes an XML string and returns a code string that builds that stanza |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 -- using st.stanza() |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local function compile_xml(data) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local code = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local first, short_close = true, nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if tagline:sub(-1,-1) == "/" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 tagline = tagline:sub(1, -2); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 short_close = true; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 if tagline:sub(1,1) == "/" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 code[#code+1] = (":up()"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 local name, attr = tagline:match("^(%S*)%s*(.*)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 local attr_str = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 if #attr_str == 0 then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 table.insert(attr_str, ", { "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 table.insert(attr_str, ", "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 end |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
31 if k:find("^%a%w*$") then |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 table.insert(attr_str, string.format("%s = %q", k, v)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 table.insert(attr_str, string.format("[%q] = %q", k, v)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 if #attr_str > 0 then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 table.insert(attr_str, " }"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 if first then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil")); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 first = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str))); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 end |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
47 if text and text:find("%S") then |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 code[#code+1] = (string.format(":text(%q)", text)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 elseif short_close then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 short_close = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 code[#code+1] = (":up()"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 return table.concat(code, ""); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
57 function action_handlers.PASS() |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
58 return "do return pass_return end" |
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
59 end |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 function action_handlers.DROP() |
958
843795020701
mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents:
957
diff
changeset
|
62 return "do return true end"; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
65 function action_handlers.DEFAULT() |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
66 return "do return false end"; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
67 end |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
68 |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
69 function action_handlers.RETURN() |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
70 return "do return end" |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
71 end |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
72 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 function action_handlers.STRIP(tag_desc) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 local code = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local name, xmlns = tag_desc:match("^(%S+) (.+)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 if not name then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 name, xmlns = tag_desc, nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 if name == "*" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 name = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 code[#code+1] = "stanza:maptags(function (tag) if "; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 if name then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 code[#code+1] = ("tag.name == %q and "):format(name); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 if xmlns then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 code[#code+1] = ("tag.attr.xmlns == stanza_xmlns "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 code[#code+1] = "then return nil; end return tag; end );"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 return table.concat(code); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 function action_handlers.INJECT(tag) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 return "stanza:add_child("..compile_xml(tag)..")", { "st" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 local error_types = { |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 ["bad-request"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 ["conflict"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 ["feature-not-implemented"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 ["forbidden"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 ["gone"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 ["internal-server-error"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 ["item-not-found"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 ["jid-malformed"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 ["not-acceptable"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 ["not-allowed"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 ["not-authorized"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 ["payment-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 ["policy-violation"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 ["recipient-unavailable"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 ["redirect"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 ["registration-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 ["remote-server-not-found"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 ["remote-server-timeout"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 ["resource-constraint"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 ["service-unavailable"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 ["subscription-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 ["undefined-condition"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 ["unexpected-request"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 local function route_modify(make_new, to, drop) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 local reroute, deps = "session.send(newstanza)", { "st" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 if to then |
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
130 reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 deps[#deps+1] = "core_post_stanza"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 end |
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
133 return ([[do local newstanza = st.%s; %s;%s end]]) |
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
134 :format(make_new, reroute, drop and " return true" or ""), deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1303
diff
changeset
|
136 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 function action_handlers.BOUNCE(with) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 local error = with and with:match("^%S+") or "service-unavailable"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 local error_type = error:match(":(%S+)"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 if not error_type then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 error_type = error_types[error] or "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 error = error:match("^[^:]+"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 error, error_type = string.format("%q", error), string.format("%q", error_type); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 local text = with and with:match(" %((.+)%)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 if text then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 text = string.format("%q", text); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 text = "nil"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 end |
2094
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
152 local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true); |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
153 deps[#deps+1] = "type"; |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
154 deps[#deps+1] = "name"; |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
155 return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
156 ]]..route_modify_code, deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 function action_handlers.REDIRECT(where) |
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
160 return route_modify("clone(stanza)", where, true); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 function action_handlers.COPY(where) |
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
164 return route_modify("clone(stanza)", where, false); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
959
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
167 function action_handlers.REPLY(with) |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
168 return route_modify(("reply(stanza):body(%q)"):format(with)); |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
169 end |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
170 |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
171 function action_handlers.FORWARD(where) |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
172 local code = [[ |
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
173 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
174 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza); |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
175 core_post_stanza(session, newstanza); |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
176 ]]; |
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
177 return code:format(where), { "core_post_stanza", "current_host" }; |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
178 end |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
179 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 function action_handlers.LOG(string) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 local level = string:match("^%[(%a+)%]") or "info"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 string = string:gsub("^%[%a+%] ?", ""); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
183 local meta_deps = {}; |
2782
8fd37f0e108c
mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents:
2581
diff
changeset
|
184 local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
185 return code, meta_deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 function action_handlers.RULEDEP(dep) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 return "", { dep }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 |
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
192 function action_handlers.EVENT(name) |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
193 return ("fire_event(%q, event)"):format(name); |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
194 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
195 |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
196 function action_handlers.JUMP_EVENT(name) |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
197 return ("do return fire_event(%q, event); end"):format(name); |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
198 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
199 |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
200 function action_handlers.JUMP_CHAIN(name) |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
201 return template([[do |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
202 local ret = fire_event($chain_event$, event); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
203 if ret ~= nil then |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
204 if ret == false then |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
205 log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret)); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
206 return pass_return; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
207 end |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
208 log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret)); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
209 return ret; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
210 end |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
211 end]], { chain_event = "firewall/chains/"..name, chain_name = name }); |
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
212 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
213 |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
214 function action_handlers.MARK_ORIGIN(name) |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
215 return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" }; |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
216 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
217 |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
218 function action_handlers.UNMARK_ORIGIN(name) |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
220 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
221 |
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
222 function action_handlers.MARK_USER(name) |
5540
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
223 return ([[if session.username and session.host == current_host then |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
224 fire_event("firewall/marked/user", { |
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
225 username = session.username; |
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
226 mark = %q; |
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
227 timestamp = current_timestamp; |
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
228 }); |
5540
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
229 else |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
230 log("warn", "Attempt to MARK a remote user - only local users may be marked"); |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
231 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), { |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
232 "current_host"; |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
233 "timestamp"; |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
234 }; |
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
235 end |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
236 |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
237 function action_handlers.UNMARK_USER(name) |
5540
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
238 return ([[if session.username and session.host == current_host then |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
239 fire_event("firewall/unmarked/user", { |
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
240 username = session.username; |
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
241 mark = %q; |
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5235
diff
changeset
|
242 }); |
5540
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
243 else |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
244 log("warn", "Attempt to UNMARK a remote user - only local users may be marked"); |
1249ab2f797c
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents:
5538
diff
changeset
|
245 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)); |
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
246 end |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
247 |
2531
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
248 function action_handlers.ADD_TO(spec) |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
249 local list_name, value = spec:match("(%S+) (.+)"); |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
250 local meta_deps = {}; |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
251 value = meta(("%q"):format(value), meta_deps); |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
252 return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) }; |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
253 end |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
254 |
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
255 function action_handlers.UNSUBSCRIBE_SENDER() |
2996
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
256 return "rostermanager.unsubscribed(to_node, to_host, bare_from);\ |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
257 rostermanager.roster_push(to_node, to_host, bare_from);\ |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
258 core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));", |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
259 { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" }; |
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
260 end |
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
261 |
5235
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
262 function action_handlers.REPORT_TO(spec) |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
263 local where, reason, text = spec:match("^%s*(%S+) *(%S*) *(.*)$"); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
264 if reason == "spam" then |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
265 reason = "urn:xmpp:reporting:spam"; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
266 elseif reason == "abuse" or not reason then |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
267 reason = "urn:xmpp:reporting:abuse"; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
268 end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
269 local code = [[ |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
270 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
271 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza):up(); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
272 newstanza:tag("report", { xmlns = "urn:xmpp:reporting:1", reason = %q }) |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
273 do local text = %q; if text ~= "" then newstanza:text_tag("text", text); end end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
274 newstanza:up(); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
275 core_post_stanza(session, newstanza); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
276 ]]; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
277 return code:format(where, reason, text), { "core_post_stanza", "current_host", "st" }; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
278 end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
279 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
280 return action_handlers; |