Mercurial > prosody-modules
diff mod_unified_push/mod_unified_push.lua @ 5147:658658ea9323
mod_unified_push: Add ACL option to restrict access
It defaults to the current host if on a VirtualHost, or parent host if a
component.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 13 Jan 2023 16:41:48 +0000 |
parents | a86022d702b2 |
children | bf42f1401f1c |
line wrap: on
line diff
--- a/mod_unified_push/mod_unified_push.lua Fri Jan 13 16:40:00 2023 +0000 +++ b/mod_unified_push/mod_unified_push.lua Fri Jan 13 16:41:48 2023 +0000 @@ -15,6 +15,19 @@ module:add_feature(xmlns_up); +local acl = module:get_option_set("unified_push_acl", { + module:get_host_type() == "local" and module.host or module.host:match("^[^%.]%.(.+)$") +}); + +local function is_jid_permitted(user_jid) + for acl_entry in acl do + if jid.compare(user_jid, acl_entry) then + return true; + end + end + return false; +end + local function check_sha256(s) if not s then return nil, "no value provided"; end local d = base64.decode(s); @@ -44,6 +57,9 @@ -- Handle incoming registration from XMPP client function handle_register(event) local origin, stanza = event.origin, event.stanza; + if not is_jid_permitted(stanza.attr.from) then + return st.error_reply(stanza, "auth", "forbidden"); + end local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); if not instance then return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err);