Mercurial > prosody-modules
comparison mod_muc_http_auth/README.md @ 4296:08138de4cb88
Prosodoy module to externalize MUC authorization via HTTP
| author | Seve Ferrer <seve@delape.net> |
|---|---|
| date | Sat, 12 Dec 2020 18:19:14 +0100 |
| parents | |
| children | d261233f7ced |
comparison
equal
deleted
inserted
replaced
| 4295:d44a8d3dd571 | 4296:08138de4cb88 |
|---|---|
| 1 # Introduction | |
| 2 | |
| 3 This module externalizes MUC authorization via HTTP. | |
| 4 Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url` | |
| 5 with the user bare jid (`userJID`) and the MUC jid (`mucJID`) as GET parameters. | |
| 6 Example: | |
| 7 `https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com` | |
| 8 | |
| 9 This allows an external service to decide whether a user is authorized to join a MUC or not. | |
| 10 | |
| 11 When a user is authorized to join a MUC, this module expects the following JSON payload: | |
| 12 ``` | |
| 13 { | |
| 14 allowed: true, | |
| 15 error: "", | |
| 16 } | |
| 17 ``` | |
| 18 Otherwise, either the user not being authorized or some failure in the external service: | |
| 19 ``` | |
| 20 { | |
| 21 allowed: false, | |
| 22 error: "Some error message to be displayed in this module's logs", | |
| 23 } | |
| 24 ``` | |
| 25 | |
| 26 # Configuring | |
| 27 | |
| 28 ## Enabling | |
| 29 | |
| 30 ``` {.lua} | |
| 31 Component "rooms.example.net" "muc" | |
| 32 | |
| 33 modules_enabled = { | |
| 34 "muc_http_auth"; | |
| 35 } | |
| 36 | |
| 37 ``` | |
| 38 | |
| 39 | |
| 40 ## Settings | |
| 41 | |
| 42 |Name |Description |Default | | |
| 43 |-----|------------|--------| | |
| 44 |muc_http_auth_url| URL of the external HTTP service to which send `userJID` and `mucJID` in a GET request | "" | | |
| 45 |muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil | | |
| 46 |muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil | | |
| 47 |muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false | | |
| 48 | |
| 49 | |
| 50 This module can be enabled/disabled for specific rooms. Only one of the following settings must be set. | |
| 51 ``` | |
| 52 -- muc_http_auth_enabled_for = {"teaparty"} | |
| 53 -- muc_http_auth_disabled_for = {"teaparty"} | |
| 54 ``` | |
| 55 If none or both are found, all rooms in the MUC component will have this module enabled. | |
| 56 | |
| 57 Note: Use the node part of the MUC jid for these lists. Example: | |
| 58 | |
| 59 Wrong: | |
| 60 `muc_http_auth_enabled_for = {"teaparty@rooms.example.net"}` | |
| 61 | |
| 62 Correct: | |
| 63 `muc_http_auth_enabled_for = {"teaparty"}` |