Mercurial > prosody-modules
annotate mod_block_subscribes/mod_block_subscribes.lua @ 5448:9d542e86e19a
mod_http_oauth2: Allow requesting a subset of scopes on token refresh
This enables clients to request access tokens with fewer permissions
than the grant they were given, reducing impact of token leak. Clients
could e.g. request access tokens with some privileges and immediately
revoke them after use, or other strategies.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 11 May 2023 21:40:09 +0200 |
| parents | f88381a39c56 |
| children |
| rev | line source |
|---|---|
|
926
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local allowed_presence_types = { probe = true, unavailable = true }; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 function filter_presence(event) |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local stanza = event.stanza; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local presence_type = stanza.attr.type; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 if presence_type == nil or allowed_presence_types[presence_type] then |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 return; |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 end |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 return true; -- Drop |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 end |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 module:hook("pre-presence/bare", filter_presence, 200); -- Client sending |
|
f88381a39c56
mod_block_subscribes: Block inbound and outbound subscription requests (useful to prevent implicit roster modification)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 module:hook("presence/bare", filter_presence, 200); -- Client receiving |