Mercurial > prosody-modules

diff mod_muc_http_auth/README.md @ 4296:08138de4cb88

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Prosodoy module to externalize MUC authorization via HTTP
author Seve Ferrer <seve@delape.net>
date Sat, 12 Dec 2020 18:19:14 +0100
parents
children d261233f7ced
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_muc_http_auth/README.md	Sat Dec 12 18:19:14 2020 +0100
@@ -0,0 +1,63 @@
+# Introduction
+
+This module externalizes MUC authorization via HTTP.  
+Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url`
+with the user bare jid (`userJID`) and the MUC jid (`mucJID`) as GET parameters.  
+Example:  
+`https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com`
+
+This allows an external service to decide whether a user is authorized to join a MUC or not.  
+
+When a user is authorized to join a MUC, this module expects the following JSON payload:
+```
+{
+    allowed: true,
+    error: "",
+}
+```
+Otherwise, either the user not being authorized or some failure in the external service:
+```
+{
+    allowed: false,
+    error: "Some error message to be displayed in this module's logs",
+}
+```
+
+# Configuring
+
+## Enabling
+
+``` {.lua}
+Component "rooms.example.net" "muc"
+
+modules_enabled = {
+    "muc_http_auth";
+}
+
+```
+
+
+## Settings
+
+|Name |Description |Default |
+|-----|------------|--------|
+|muc_http_auth_url| URL of the external HTTP service to which send `userJID` and `mucJID` in a GET request | "" |
+|muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil |
+|muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil |
+|muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false |
+
+
+This module can be enabled/disabled for specific rooms. Only one of the following settings must be set.
+```
+-- muc_http_auth_enabled_for = {"teaparty"}
+-- muc_http_auth_disabled_for = {"teaparty"}
+```
+If none or both are found, all rooms in the MUC component will have this module enabled.
+
+Note: Use the node part of the MUC jid for these lists. Example:  
+
+Wrong:
+`muc_http_auth_enabled_for = {"teaparty@rooms.example.net"}`
+
+Correct:
+`muc_http_auth_enabled_for = {"teaparty"}`
\ No newline at end of file