Mercurial > prosody-modules
diff mod_muc_http_auth/README.md @ 4723:0a0334a3a784
mod_muc_http_auth: Allow for enabling/disabling per user host
IMPORTANT: This is a breaking change.
The `muc_http_auth_enabled_for` and `muc_http_auth_disabled_for` options are
now maps (with user hosts as keys) and not sets.
author | JC Brand <jc@opkode.com> |
---|---|
date | Mon, 25 Oct 2021 15:58:16 +0200 |
parents | 4b3f054666e6 |
children |
line wrap: on
line diff
--- a/mod_muc_http_auth/README.md Mon Oct 25 12:40:26 2021 +0200 +++ b/mod_muc_http_auth/README.md Mon Oct 25 15:58:16 2021 +0200 @@ -1,12 +1,12 @@ # Introduction -This module externalizes MUC authorization via HTTP. +This module externalizes MUC authorization via HTTP. Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url` -with the user's bare jid (`userJID`), the MUC jid (`mucJID`) and the user's nickname (`nickname`) as GET parameters. -Example: +with the user's bare jid (`userJID`), the MUC jid (`mucJID`) and the user's nickname (`nickname`) as GET parameters. +Example: `https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com&nickname=Romeo` -This allows an external service to decide whether a user is authorized to join a MUC or not. +This allows an external service to decide whether a user is authorized to join a MUC or not. When a user is authorized to join a MUC, this module expects the following JSON payload: ``` @@ -39,26 +39,30 @@ ## Settings -|Name |Description |Default | -|-----|------------|--------| -|muc_http_auth_url| URL of the external HTTP service to which send `userJID`, `mucJID` and `nickname` in a GET request | "" | -|muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil | -|muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil | -|muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false | -|muc_http_auth_authorization_header| Value of the Authorization header if requested by the external HTTP service. Example: `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`| nil | +| Name | Description | Default | +|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|---------| +| muc_http_auth_url | URL of the external HTTP service to which send `userJID`, `mucJID` and `nickname` in a GET request | "" | +| muc_http_auth_enabled_for | A map of user hostnames to an array of MUC names (node part) to enable this module for. To enable for all hostnames, use `"all"` as key. | nil | +| muc_http_auth_disabled_for | A map of user hostnames to an array of MUC names (node part) to disable this module for. To disable for all hostnames, use `"all"` as key. | nil | +| muc_http_auth_insecure | Disable certificate verification for request. Only intended for development of the external service. | false | +| muc_http_auth_authorization_header | Value of the Authorization header if requested by the external HTTP service. Example: `Basic dXNlcm5hbWU6cGFzc3dvcmQ=` | nil | This module can be enabled/disabled for specific rooms. Only one of the following settings must be set. ``` --- muc_http_auth_enabled_for = {"teaparty"} --- muc_http_auth_disabled_for = {"teaparty"} +-- muc_http_auth_enabled_for = {["all"] = {"teaparty"}} +-- muc_http_auth_disabled_for = {["all"] = {"teaparty"}} ``` If none is set, all rooms in the MUC component will have this module enabled. -Note: Use the node part of the MUC jid for these lists. Example: +Note: Use the node part of the MUC jid for these lists. Example: Wrong: -`muc_http_auth_enabled_for = {"teaparty@rooms.example.net"}` +`muc_http_auth_enabled_for = {["all"] = {"teaparty@rooms.example.net"}}` Correct: -`muc_http_auth_enabled_for = {"teaparty"}` \ No newline at end of file +`muc_http_auth_enabled_for = {["all"] = {"teaparty"}}` + +It's also possible to disable/enable checking for a particular host, for example: + + `muc_http_auth_enabled_for = {["jabber.org"] = {"teaparty"}, ["prosody.org] = {"orchard"}}`