Mercurial > prosody-modules

view mod_omemo_all_access/mod_omemo_all_access.lua @ 5193:2bb29ece216b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parents 9505282ad24f
children
line wrap: on
line source

-- OMEMO all access module
-- Copyright (c) 2017 Daniel Gultsch
--
-- This module is MIT/X11 licensed
--

local jid_bare = require "util.jid".bare;
local st = require "util.stanza"
local white_listed_namespace = "eu.siacs.conversations.axolotl."
local disco_feature_namespace = white_listed_namespace .. "whitelisted"

local mm = require "core.modulemanager";


-- COMPAT w/trunk
local pep_module_name = "pep";
if mm.get_modules_for_host then
	if mm.get_modules_for_host(module.host):contains("pep_simple") then
		pep_module_name = "pep_simple";
	end
end

local mod_pep = module:depends(pep_module_name);
local pep_data = mod_pep.module.save().data;

if not pep_data then
	module:log("error", "This module is not compatible with your version of mod_pep");
	if mm.get_modules_for_host then
		module:log("error", "Please use mod_pep_simple instead of mod_pep to continue using this module");
	end
	return false;
end

local function on_account_disco_info(event)
	(event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up();
end

local function on_pep_request(event)
	local session, stanza = event.origin, event.stanza
	local payload = stanza.tags[1];
	if stanza.attr.type == 'get' then
		local node, requested_id;
		payload = payload.tags[1]
		if payload and payload.name == 'items' then
			node = payload.attr.node
			local item = payload.tags[1];
			if item and item.name == 'item' then
				requested_id = item.attr.id;
			end
		end
		if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then
			local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host;
			local user_data = pep_data[user];
			if user_data and user_data[node] then
				local id, item = unpack(user_data[node]);
				if not requested_id or id == requested_id then
					local reply_stanza = st.reply(stanza)
						:tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'})
							:tag('items', {node=node})
								:add_child(item)
							:up()
						:up();
					session.send(reply_stanza);
					module:log("debug","provided access to omemo node",node)
					return true;
				end
			end
			module:log("debug","requested node was white listed", node)
		end
	end
end

module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10);
module:hook("account-disco-info", on_account_disco_info);