annotate mod_muc_access_control/mod_muc_access_control.lua @ 2618:c6652d055ba3

mod_firewall: Add some more comments
author Matthew Wild <mwild1@gmail.com>
date Fri, 10 Mar 2017 10:36:17 +0000
parents 050cd7b6fa96
children f54c80404ad3
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1954
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local st = require "util.stanza";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local jid = require "util.jid";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local nodeprep = require "util.encodings".stringprep.nodeprep;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local unprepped_access_lists = module:get_option("muc_access_lists", {});
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local access_lists = {};
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 -- Make sure all input is prepped
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 for unprepped_room_name, unprepped_list in pairs(unprepped_access_lists) do
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local prepped_room_name = nodeprep(unprepped_room_name);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 if not prepped_room_name then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 module:log("error", "Invalid room name: %s", unprepped_room_name);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 else
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local prepped_list = {};
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 for _, unprepped_jid in ipairs(unprepped_list) do
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 local prepped_jid = jid.prep(jid);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 if not prepped_jid then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 module:log("error", "Invalid JID: %s", unprepped_jid);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 else
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 table.insert(prepped_list, jid.pep(jid));
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 local function is_restricted(room, who)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local allowed = access_lists[room];
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 if allowed == nil or allowed[who] or allowed[select(2, jid.split(who))] then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 return nil;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 return "forbidden";
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 module:hook("presence/full", function(event)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 local stanza = event.stanza;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if stanza.name == "presence" and stanza.attr.type == "unavailable" then -- Leaving events get discarded
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 return;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 -- Get the room
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 local room = jid.split(stanza.attr.to);
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 if not room then return; end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 -- Get who has tried to join it
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 local who = jid.bare(stanza.attr.from)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 -- Checking whether room is restricted
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 local check_restricted = is_restricted(room, who)
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 if check_restricted ~= nil then
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 event.allowed = false;
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 event.stanza.attr.type = 'error';
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 return event.origin.send(st.error_reply(event.stanza, "cancel", "forbidden", "You're not allowed to enter this room: " .. check_restricted));
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 end
050cd7b6fa96 mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 end, 10);