Mercurial > prosody-modules
annotate mod_http_muc_kick/mod_http_muc_kick.lua @ 5418:f2c7bb3af600
mod_http_oauth2: Add role selector to consent page
List includes all roles available to the user, if more than one.
Defaults to either the first role in the scope string or the users
primary role.
Earlier draft listed all roles, but having options that can't be
selected is bad UX and the entire list of all roles on the server could
be long, and perhaps even sensitive.
Allows e.g. picking a role with fewer permissions than what might
otherwise have been selected.
UX wise, doing this with more checkboxes or possibly radio buttons would
have been confusion and/or looked messier.
Fixes the previous situation where unselecting a role would default to
the primary role, which could be more permissions than requested.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 05 May 2023 01:23:13 +0200 |
| parents | e524a97730eb |
| children |
| rev | line source |
|---|---|
|
4642
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
1 local jid_split = require "util.jid".prepped_split; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
2 local json = require "util.json"; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
3 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
4 module:depends("http"); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
5 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
6 local authorization = assert( |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
7 module:get_option_string("http_muc_kick_authorization_header", nil), |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
8 "http_muc_kick_authorization_header setting is missing, please add it to the Prosody config before using mod_http_muc_kick" |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
9 ); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
10 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
11 local function is_authorized(request) |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
12 return request.headers.authorization == authorization; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
13 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
14 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
15 local function check_muc(jid) |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
16 local muc_node, host = jid_split(jid); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
17 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
18 if not hosts[host] then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
19 return nil, nil, "No such host: "..host; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
20 elseif not hosts[host].modules.muc then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
21 return nil, nil, "Host '"..host.."' is not a MUC service"; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
22 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
23 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
24 return muc_node, host; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
25 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
26 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
27 local function get_muc(muc_jid) |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
28 local muc_node, host, err = check_muc(muc_jid); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
29 if not muc_node then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
30 return nil, host, err; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
31 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
32 |
|
4652
e524a97730eb
mod_http_muc_kick: Missing local keyword
Seve Ferrer <seve@delape.net>
parents:
4643
diff
changeset
|
33 local muc = prosody.hosts[host].modules.muc.get_room_from_jid(muc_jid); |
|
4642
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
34 if not muc then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
35 return nil, host, "No MUC '"..muc_node.."' found for host: "..host; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
36 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
37 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
38 return muc; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
39 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
40 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
41 local function handle_error(response, status_code, error) |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
42 response.headers.content_type = "application/json"; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
43 response.status_code = status_code; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
44 response:send(json.encode({error = error})); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
45 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
46 -- return true to keep the connection open, and prevent other handlers from executing. |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
47 -- https://prosody.im/doc/developers/http#return_value |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
48 return true; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
49 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
50 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
51 module:provides("http", { |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
52 route = { |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
53 ["POST"] = function (event) |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
54 local request, response = event.request, event.response; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
55 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
56 if not is_authorized(request) then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
57 return handle_error(response, 401, "Authorization failed"); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
58 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
59 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
60 local body = json.decode(request.body or "") or {}; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
61 if not body then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
62 return handle_error(response, 400, "JSON body not found"); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
63 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
64 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
65 local nickname, muc_jid, reason = body.nickname, body.muc, body.reason or ""; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
66 if not nickname or not muc_jid then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
67 return handle_error(response, 400, "Missing nickname and/or MUC"); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
68 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
69 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
70 local muc, _, err = get_muc(muc_jid); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
71 if not muc then |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
72 return handle_error(response, 404, "MUC not found: " .. err); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
73 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
74 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
75 local occupant_jid = muc.jid .. "/" .. nickname; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
76 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
77 -- Kick user by giving them the "none" role |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
78 -- https://xmpp.org/extensions/xep-0045.html#kick |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
79 local success, error, condition = muc:set_role(true, occupant_jid, nil, reason); |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
80 if not success then |
| 4643 | 81 return handle_error(response, 400, "Couldn't kick user: ".. error .. ": " .. condition); |
|
4642
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
82 end |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
83 |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
84 -- Kick was successful |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
85 return 200; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
86 end; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
87 }; |
|
9fc52ccfb445
mod_http_muc_kick: Publish module
Seve Ferrer <seve@delape.net>
parents:
diff
changeset
|
88 }); |