Mercurial > prosody-modules
comparison mod_muc_http_auth/mod_muc_http_auth.lua @ 4723:0a0334a3a784
mod_muc_http_auth: Allow for enabling/disabling per user host
IMPORTANT: This is a breaking change.
The `muc_http_auth_enabled_for` and `muc_http_auth_disabled_for` options are
now maps (with user hosts as keys) and not sets.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Mon, 25 Oct 2021 15:58:16 +0200 |
| parents | 15c335dc196e |
| children | b125db92bac6 |
comparison
equal
deleted
inserted
replaced
| 4722:c5b1e9b8ccca | 4723:0a0334a3a784 |
|---|---|
| 1 local wait_for = require "util.async".wait_for; | |
| 2 local http = require "net.http"; | 1 local http = require "net.http"; |
| 2 local jid_bare = require "util.jid".bare; | |
| 3 local jid_host = require "util.jid".host; | |
| 4 local jid_node = require "util.jid".node; | |
| 5 local jid_resource = require "util.jid".resource; | |
| 3 local json = require "util.json"; | 6 local json = require "util.json"; |
| 4 local st = require "util.stanza"; | 7 local st = require "util.stanza"; |
| 5 local jid_node = require "util.jid".node; | |
| 6 local jid_bare = require "util.jid".bare; | |
| 7 local jid_resource = require "util.jid".resource; | |
| 8 local urlencode = require "util.http".urlencode; | 8 local urlencode = require "util.http".urlencode; |
| 9 local wait_for = require "util.async".wait_for; | |
| 9 | 10 |
| 10 local authorization_url = module:get_option("muc_http_auth_url", "") | 11 local authorization_url = module:get_option("muc_http_auth_url", "") |
| 11 local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil) | 12 local enabled_for = module:get_option("muc_http_auth_enabled_for", nil) |
| 12 local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil) | 13 local disabled_for = module:get_option("muc_http_auth_disabled_for", nil) |
| 13 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes | 14 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes |
| 14 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) | 15 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) |
| 15 local authorization_header = module:get_option("muc_http_auth_authorization_header", nil) | 16 local authorization_header = module:get_option("muc_http_auth_authorization_header", nil) |
| 16 | 17 |
| 17 local options = {method="GET", insecure=insecure} | 18 local options = {method="GET", insecure=insecure} |
| 19 options.headers = {["Authorization"] = authorization_header}; | 20 options.headers = {["Authorization"] = authorization_header}; |
| 20 end | 21 end |
| 21 | 22 |
| 22 local verbs = {presence='join', iq='register'}; | 23 local verbs = {presence='join', iq='register'}; |
| 23 | 24 |
| 24 local function must_be_authorized(room_node) | 25 local function must_be_authorized(room_node, user_host) |
| 25 -- If none of these is set, all rooms need authorization | 26 -- If none of these is set, all rooms need authorization |
| 26 if not enabled_for and not disabled_for then return true; end | 27 if not enabled_for and not disabled_for then return true; end |
| 27 | 28 |
| 28 if enabled_for then return enabled_for:contains(room_node); end | 29 if enabled_for then |
| 29 if disabled_for then return not disabled_for:contains(room_node); end | 30 local enabled_for_host = set.new(enabled_for[user_host] or {}); |
| 31 local enabled_for_all = set.new(enabled_for['all'] or {}); | |
| 32 return enabled_for_host:contains(room_node) or enabled_for_all:contains(room_node); | |
| 33 | |
| 34 end | |
| 35 if disabled_for then | |
| 36 local disabled_for_host = set.new(disabled_for[user_host] or {}); | |
| 37 local disabled_for_all = set.new(disabled_for['all'] or {}); | |
| 38 return not disabled_for_host:contains(room_node) and not disabled_for_all:contains(room_node); | |
| 39 end | |
| 30 end | 40 end |
| 31 | 41 |
| 32 local function handle_success(response) | 42 local function handle_success(response) |
| 33 local body = json.decode(response.body or "") or {} | 43 local body = json.decode(response.body or "") or {} |
| 34 response = { | 44 response = { |
| 48 if stanza.name ~= "iq" and stanza.name ~= "presence" or stanza.attr.type == "unavailable" then return; end | 58 if stanza.name ~= "iq" and stanza.name ~= "presence" or stanza.attr.type == "unavailable" then return; end |
| 49 | 59 |
| 50 local room, origin = event.room, event.origin; | 60 local room, origin = event.room, event.origin; |
| 51 if (not room) or (not origin) then return; end | 61 if (not room) or (not origin) then return; end |
| 52 | 62 |
| 53 if not must_be_authorized(jid_node(room.jid)) then return; end | 63 local user_bare_jid = jid_bare(stanza.attr.from) |
| 64 if not must_be_authorized(jid_node(room.jid), jid_host(user_bare_jid)) then | |
| 65 module:log("debug", "Authorization not required for "..jid_node(room.jid).." and "..jid_host(user_bare_jid)) | |
| 66 return; | |
| 67 end | |
| 54 | 68 |
| 55 local user_bare_jid = jid_bare(stanza.attr.from); | |
| 56 local user_nickname = jid_resource(stanza.attr.to); | 69 local user_nickname = jid_resource(stanza.attr.to); |
| 57 | 70 |
| 58 -- Nickname is mandatory to enter a MUC | 71 -- Nickname is mandatory to enter a MUC |
| 59 if not user_nickname then return; end | 72 if not user_nickname then return; end |
| 60 | 73 |