Mercurial > prosody-modules
comparison mod_muc_http_auth/mod_muc_http_auth.lua @ 4322:9606e7a63a69
mod_mucc_http_auth: Provide Authorization header setting for deployments behind a login
| author | Seve Ferrer <seve@delape.net> |
|---|---|
| date | Wed, 06 Jan 2021 20:49:45 +0100 |
| parents | caaa40f072da |
| children | 4b3f054666e6 |
comparison
equal
deleted
inserted
replaced
| 4321:71498f484c22 | 4322:9606e7a63a69 |
|---|---|
| 8 local authorization_url = module:get_option("muc_http_auth_url", "") | 8 local authorization_url = module:get_option("muc_http_auth_url", "") |
| 9 local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil) | 9 local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil) |
| 10 local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil) | 10 local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil) |
| 11 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes | 11 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes |
| 12 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) | 12 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) |
| 13 local authorization_header = module:get_option("muc_http_auth_authorization_header", nil) | |
| 14 | |
| 15 local options = {method="GET", insecure=insecure} | |
| 16 if authorization_header then | |
| 17 options.headers = {["Authorization"] = authorization_header}; | |
| 18 end | |
| 13 | 19 |
| 14 local verbs = {presence='join', iq='register'}; | 20 local verbs = {presence='join', iq='register'}; |
| 15 | 21 |
| 16 local function must_be_authorized(room_node) | 22 local function must_be_authorized(room_node) |
| 17 -- If none of these is set, all rooms need authorization | 23 -- If none of these is set, all rooms need authorization |
| 45 if not must_be_authorized(jid_node(room.jid)) then return; end | 51 if not must_be_authorized(jid_node(room.jid)) then return; end |
| 46 | 52 |
| 47 local user_bare_jid = jid_bare(stanza.attr.from); | 53 local user_bare_jid = jid_bare(stanza.attr.from); |
| 48 local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid; | 54 local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid; |
| 49 | 55 |
| 50 local result = wait_for(http.request(url, {method="GET", insecure=insecure}):next(handle_success, handle_error)); | 56 local result = wait_for(http.request(url, options):next(handle_success, handle_error)); |
| 51 local response, err = result.response, result.err; | 57 local response, err = result.response, result.err; |
| 52 | 58 |
| 53 local verb = verbs[stanza.name]; | 59 local verb = verbs[stanza.name]; |
| 54 if not (response and response.allowed) then | 60 if not (response and response.allowed) then |
| 55 -- User is not authorized to join this room | 61 -- User is not authorized to join this room |