Mercurial > prosody-modules
annotate mod_readonly/mod_readonly.lua @ 4260:c539334dd01a
mod_http_oauth2: Rescope oauth client config into users' storage
This produces client_id of the form owner@host/random and prevents
clients from being deleted by registering an account with the same name
and then deleting the account, as well as having the client
automatically be deleted when the owner account is removed.
On one hand, this leaks the bare JID of the creator to users. On the
other hand, it makes it obvious who made the oauth application.
This module is experimental and only for developers, so this can be
changed if a better method comes up.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 21 Nov 2020 23:55:10 +0100 |
| parents | 7776c9dc5f37 |
| children |
| rev | line source |
|---|---|
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local stores = module:get_option("readonly_stores", { |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 vcard = { "vcard-temp", "vCard" }; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 }); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local namespaces = {}; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 for name, namespace in pairs(stores) do |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 namespaces[table.concat(namespace, ":")] = name; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
3270
7776c9dc5f37
mod_readonly: Simplify iq handling by hooking on iq-set/ instead of iq/.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
750
diff
changeset
|
12 local function prevent_write(event) |
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local stanza = event.stanza; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local xmlns_and_tag = stanza.tags[1].attr.xmlns..":"..stanza.tags[1].name; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local store_name = namespaces[xmlns_and_tag]; |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if store_name then |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 module:log("warn", "Preventing modification of %s store by %s", store_name, stanza.attr.from); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 event.origin.send(st.error_reply(stanza, "cancel", "not-allowed", store_name.." data is read-only")); |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 return true; -- Block stanza |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
|
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 for namespace in pairs(namespaces) do |
|
3270
7776c9dc5f37
mod_readonly: Simplify iq handling by hooking on iq-set/ instead of iq/.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
750
diff
changeset
|
24 module:hook("iq-set/bare/"..namespace, prevent_write, 200); |
|
750
8133dd5f266a
mod_readonly: Allow preventing direct modification of certain user data via XMPP
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |