Mercurial > prosody-modules
diff mod_muc_http_auth/mod_muc_http_auth.lua @ 4723:0a0334a3a784
mod_muc_http_auth: Allow for enabling/disabling per user host
IMPORTANT: This is a breaking change.
The `muc_http_auth_enabled_for` and `muc_http_auth_disabled_for` options are
now maps (with user hosts as keys) and not sets.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Mon, 25 Oct 2021 15:58:16 +0200 |
| parents | 15c335dc196e |
| children | b125db92bac6 |
line wrap: on
line diff
--- a/mod_muc_http_auth/mod_muc_http_auth.lua Mon Oct 25 12:40:26 2021 +0200 +++ b/mod_muc_http_auth/mod_muc_http_auth.lua Mon Oct 25 15:58:16 2021 +0200 @@ -1,15 +1,16 @@ -local wait_for = require "util.async".wait_for; local http = require "net.http"; +local jid_bare = require "util.jid".bare; +local jid_host = require "util.jid".host; +local jid_node = require "util.jid".node; +local jid_resource = require "util.jid".resource; local json = require "util.json"; local st = require "util.stanza"; -local jid_node = require "util.jid".node; -local jid_bare = require "util.jid".bare; -local jid_resource = require "util.jid".resource; local urlencode = require "util.http".urlencode; +local wait_for = require "util.async".wait_for; local authorization_url = module:get_option("muc_http_auth_url", "") -local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil) -local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil) +local enabled_for = module:get_option("muc_http_auth_enabled_for", nil) +local disabled_for = module:get_option("muc_http_auth_disabled_for", nil) local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) local authorization_header = module:get_option("muc_http_auth_authorization_header", nil) @@ -21,12 +22,21 @@ local verbs = {presence='join', iq='register'}; -local function must_be_authorized(room_node) +local function must_be_authorized(room_node, user_host) -- If none of these is set, all rooms need authorization if not enabled_for and not disabled_for then return true; end - if enabled_for then return enabled_for:contains(room_node); end - if disabled_for then return not disabled_for:contains(room_node); end + if enabled_for then + local enabled_for_host = set.new(enabled_for[user_host] or {}); + local enabled_for_all = set.new(enabled_for['all'] or {}); + return enabled_for_host:contains(room_node) or enabled_for_all:contains(room_node); + + end + if disabled_for then + local disabled_for_host = set.new(disabled_for[user_host] or {}); + local disabled_for_all = set.new(disabled_for['all'] or {}); + return not disabled_for_host:contains(room_node) and not disabled_for_all:contains(room_node); + end end local function handle_success(response) @@ -50,9 +60,12 @@ local room, origin = event.room, event.origin; if (not room) or (not origin) then return; end - if not must_be_authorized(jid_node(room.jid)) then return; end + local user_bare_jid = jid_bare(stanza.attr.from) + if not must_be_authorized(jid_node(room.jid), jid_host(user_bare_jid)) then + module:log("debug", "Authorization not required for "..jid_node(room.jid).." and "..jid_host(user_bare_jid)) + return; + end - local user_bare_jid = jid_bare(stanza.attr.from); local user_nickname = jid_resource(stanza.attr.to); -- Nickname is mandatory to enter a MUC