annotate mod_poke_strangers/mod_poke_strangers.lua @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parents 0aa8aa6cdb1b
children 1e28f32257d6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2044
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
1 local st = require"util.stanza";
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
2 local jid_split = require "util.jid".split;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
3 local jid_bare = require "util.jid".bare;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
4 local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
5 local uuid_generate = require "util.uuid".generate;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
6 local set = require "util.set";
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
7
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
8 local recently_queried = set.new();
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
9
2045
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
10 local version_id = uuid_generate();
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
11 local disco_id = uuid_generate();
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
12
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
13 module:hook("iq-result/host/" .. version_id, function (event)
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
14 module:log("info", "Stranger " .. event.stanza.attr.from .. " version: " .. tostring(event.stanza));
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
15 return true;
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
16 end);
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
17
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
18 module:hook("iq-result/host/" .. disco_id, function (event)
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
19 module:log("info", "Stranger " .. event.stanza.attr.from .. " disco: " .. tostring(event.stanza));
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
20 return true;
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
21 end);
0aa8aa6cdb1b mod_poke_strangers: Create only one hook, re-use the UUIDs.
Thijs Alkemade <me@thijsalkema.de>
parents: 2044
diff changeset
22
2044
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
23 function check_subscribed(event)
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
24 local stanza = event.stanza;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
25 local local_user_jid = stanza.attr.to;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
26 local to_user, to_host, to_resource = jid_split(local_user_jid);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
27 local stranger_jid = stanza.attr.from;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
28
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
29 if recently_queried:contains(stranger_jid) then
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
30 module:log("debug", "Not re-poking " .. stranger_jid);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
31 return nil;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
32 end
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
33
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
34 local from_jid = jid_bare(stranger_jid);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
35
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
36 if to_user and not is_contact_subscribed(to_user, to_host, from_jid) then
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
37 if to_resource and stanza.attr.type == "groupchat" then
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
38 return nil;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
39 end
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
40
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
41 recently_queried:add(stranger_jid);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
42
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
43 module:send(st.iq({ type = "get", to = stranger_jid, from = to_host, id = version_id }):query("jabber:iq:version"));
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
44
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
45 module:send(st.iq({ type = "get", to = stranger_jid, from = to_host, id = disco_id }):query("http://jabber.org/protocol/disco#info"));
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
46 end
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
47
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
48 return nil;
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
49 end
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
50
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
51 module:hook("message/bare", check_subscribed, 225);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
52 module:hook("message/full", check_subscribed, 225);
06faf7a149e3 mod_poke_strangers: Log details about JIDs that look like they are spamming.
Thijs Alkemade <me@thijsalkema.de>
parents:
diff changeset
53 -- Not hooking iqs, as that could turn into infinite loops!