view mod_spam_report_forwarder/mod_spam_report_forwarder.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 94472eb41d0a
children
line wrap: on
line source

local st = require "util.stanza";

local destinations = module:get_option_set("spam_report_destinations", {});

function forward_report(event)
	local report = st.clone(event.report);
	report:text_tag("jid", event.jid, { xmlns = "urn:xmpp:jid:0" });

	local message = st.message({ from = module.host })
		:add_child(report);

	for destination in destinations do
		local m = st.clone(message);
		m.attr.to = destination;
		module:send(m);
	end
end

module:hook("spam_reporting/abuse-report", forward_report, -1);
module:hook("spam_reporting/spam-report", forward_report, -1);
module:hook("spam_reporting/unknown-report", forward_report, -1);