Mercurial > prosody-modules
annotate mod_adhoc_blacklist/mod_adhoc_blacklist.lua @ 5401:c8d04ac200fc
mod_http_oauth2: Reject loopback URIs as client_uri
This really should be a proper website with info, https://localhost is
not good enough. Ideally we'd validate that it's got proper DNS and is
actually reachable, but triggering HTTP or even DNS lookups seems like
it would carry abuse potential that would best to avoid.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:20:55 +0200 |
parents | efbb73851af9 |
children |
rev | line source |
---|---|
1734
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_adhoc_blacklist |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- http://xmpp.org/extensions/xep-0133.html#edit-blacklist |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- Copyright (C) 2015 Kim Alvefur |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- This file is MIT/X11 licensed. |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 module:depends("adhoc"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local adhoc = module:require "adhoc"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local st = require"util.stanza"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local set = require"util.set"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local dataform = require"util.dataforms"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local adhoc_inital_data = require "util.adhoc".new_initial_data_form; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local blocklist_form = dataform.new { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 title = "Editing the Blacklist"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 instructions = "Fill out this form to edit the list of entities with whom communications are disallowed."; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 type = "hidden"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 name = "FORM_TYPE"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 value = "http://jabber.org/protocol/admin"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 { |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 type = "jid-multi"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 name = "blacklistjids"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 label = "The blacklist"; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 } |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local blocklists = module:open_store("blocklist"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 local blocklist_handler = adhoc_inital_data(blocklist_form, function () |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local blacklistjids = {}; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 local blacklist = blocklists:get(); |
1736
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
37 if blacklist then |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
38 for jid in pairs(blacklist) do |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
39 table.insert(blacklistjids, jid); |
efbb73851af9
mod_adhoc_blacklist: Fix traceback if blacklist is empty
Kim Alvefur <zash@zash.se>
parents:
1734
diff
changeset
|
40 end |
1734
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 return { blacklistjids = blacklistjids }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end, function(fields, form_err) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 if form_err then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 return { status = "completed", error = { message = "Problem in submitted form" } }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 local blacklistjids = set.new(fields.blacklistjids); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 local ok, err = blocklists:set(nil, blacklistjids._items); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 if ok then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 return { status = "completed", info = "Blacklist updated" }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 else |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 return { status = "completed", error = { message = "Error saving blacklist: "..err } }; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 end); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 module:add_item("adhoc", adhoc.new("Edit Blacklist", "http://jabber.org/protocol/admin#edit-blacklist", blocklist_handler, "admin")); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 local function is_blocked(host) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 local blacklistjids = blocklists:get(); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 return blacklistjids and blacklistjids[host]; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 module:hook("route/remote", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 local origin, stanza = event.origin, event.stanza; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 if is_blocked(event.to_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 if origin and stanza then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Communication with this domain is not allowed")); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 return true; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 return false; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 module:hook("s2s-stream-features", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 local session = event.origin; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 if is_blocked(session.from_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 session:close("policy-violation"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 return false; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 module:hook("stanza/http://etherx.jabber.org/streams:features", function (event) |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 local session = event.origin; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 if is_blocked(session.to_host) then |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 session:close("policy-violation"); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 return true; |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 end |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 end, 1000); |
d82b03e79d8b
mod_adhoc_blacklist: Provides the Edit Blacklist command described in XEP-0133 and uses this to block s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |