Mercurial > prosody-modules
diff mod_http_upload_external/mod_http_upload_external.lua @ 4509:16995e7624f0
mod_http_upload_external: add access control option
| author | Nicolas Cedilnik <nicoco@nicoco.fr> |
|---|---|
| date | Sun, 14 Mar 2021 17:19:38 +0100 |
| parents | bedd3f4a8f90 |
| children |
line wrap: on
line diff
--- a/mod_http_upload_external/mod_http_upload_external.lua Fri Mar 12 21:32:03 2021 +0100 +++ b/mod_http_upload_external/mod_http_upload_external.lua Sun Mar 14 17:19:38 2021 +0100 @@ -11,6 +11,7 @@ local http = require "util.http"; local dataform = require "util.dataforms".new; local HMAC = require "util.hashes".hmac_sha256; +local jid = require "util.jid"; -- config local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 100 * 1024 * 1024); -- 100 MB @@ -18,6 +19,7 @@ module.name .. "_base_url is a required option"); local secret = assert(module:get_option_string(module.name .. "_secret"), module.name .. "_secret is a required option"); +local access = module:get_option_set(module.name .. "_access", {}); local token_protocol = module:get_option_string(module.name .. "_protocol", "v1"); @@ -56,8 +58,11 @@ end local function handle_request(origin, stanza, xmlns, filename, filesize, filetype) - -- local clients only - if origin.type ~= "c2s" then + local user_bare = jid.bare(stanza.attr.from); + local user_host = jid.host(user_bare); + + -- local clients or whitelisted jids/hosts only + if not (origin.type == "c2s" or access:contains(user_bare) or access:contains(user_host)) then module:log("debug", "Request for upload slot from a %s", origin.type); origin.send(st.error_reply(stanza, "cancel", "not-authorized")); return nil, nil;