Mercurial > prosody-modules
annotate mod_block_subscribes/mod_block_subscribes.lua @ 3503:882180b459a0
mod_pubsub_post: Restructure authentication and authorization (BC)
This deprecates the default "superuser" actor model and makes the
default equivalent to the previous "request.id".
A single actor and secret per node is supported because HTTP and
WebHooks don't normally include any authorization identity.
Allowing authentication bypass when no secret is given should be
relatively safe when the actor is unprivileged, as will be unless
explicitly configured otherwise.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 30 Mar 2019 21:16:13 +0100 |
| parents | f88381a39c56 |
| children |
| rev | line source |
|---|---|
|
926
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local allowed_presence_types = { probe = true, unavailable = true }; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 function filter_presence(event) |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local stanza = event.stanza; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local presence_type = stanza.attr.type; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 if presence_type == nil or allowed_presence_types[presence_type] then |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 return; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 end |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 return true; -- Drop |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 end |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 module:hook("pre-presence/bare", filter_presence, 200); -- Client sending |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 module:hook("presence/bare", filter_presence, 200); -- Client receiving |