view mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5296:0f5657db1cfc

mod_isolate_host: handle server-generated stanzas The hook for setting the no_host_isolation is only called for c2s sessions. This does not work for stanzas generated by the server, such as PEP notifications or presence probe answers. To handle that, we do per-stanza checks for the case that the origin is local.
author Jonas Schäfer <jonas@wielicki.name>
date Sat, 01 Apr 2023 12:03:08 +0200
parents d958558e0058
children
line wrap: on
line source

local st = require "util.stanza";

local blacklist = module:get_option_inherited_set("s2s_blacklist", {});

module:hook("route/remote", function (event)
	if blacklist:contains(event.to_host) then
		if event.stanza.attr.type ~= "error" then
			module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
		end
		return true;
	end
end, 100);

module:hook("s2s-stream-features", function (event)
	if blacklist:contains(event.origin.from_host) then
		event.origin:close({
			condition = "policy-violation";
			text = "Communication with this domain is restricted";
		});
	end
end, 1000);