Mercurial > prosody-modules
comparison mod_unified_push/mod_unified_push.lua @ 5147:658658ea9323
mod_unified_push: Add ACL option to restrict access
It defaults to the current host if on a VirtualHost, or parent host if a
component.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 13 Jan 2023 16:41:48 +0000 |
parents | a86022d702b2 |
children | bf42f1401f1c |
comparison
equal
deleted
inserted
replaced
5146:a86022d702b2 | 5147:658658ea9323 |
---|---|
12 | 12 |
13 module:depends("http"); | 13 module:depends("http"); |
14 module:depends("disco"); | 14 module:depends("disco"); |
15 | 15 |
16 module:add_feature(xmlns_up); | 16 module:add_feature(xmlns_up); |
17 | |
18 local acl = module:get_option_set("unified_push_acl", { | |
19 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]%.(.+)$") | |
20 }); | |
21 | |
22 local function is_jid_permitted(user_jid) | |
23 for acl_entry in acl do | |
24 if jid.compare(user_jid, acl_entry) then | |
25 return true; | |
26 end | |
27 end | |
28 return false; | |
29 end | |
17 | 30 |
18 local function check_sha256(s) | 31 local function check_sha256(s) |
19 if not s then return nil, "no value provided"; end | 32 if not s then return nil, "no value provided"; end |
20 local d = base64.decode(s); | 33 local d = base64.decode(s); |
21 if not d then return nil, "invalid base64"; end | 34 if not d then return nil, "invalid base64"; end |
42 end | 55 end |
43 | 56 |
44 -- Handle incoming registration from XMPP client | 57 -- Handle incoming registration from XMPP client |
45 function handle_register(event) | 58 function handle_register(event) |
46 local origin, stanza = event.origin, event.stanza; | 59 local origin, stanza = event.origin, event.stanza; |
60 if not is_jid_permitted(stanza.attr.from) then | |
61 return st.error_reply(stanza, "auth", "forbidden"); | |
62 end | |
47 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); | 63 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
48 if not instance then | 64 if not instance then |
49 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); | 65 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); |
50 end | 66 end |
51 local application, application_err = check_sha256(stanza.tags[1].attr.application); | 67 local application, application_err = check_sha256(stanza.tags[1].attr.application); |