Mercurial > prosody-modules
view mod_e2e_policy/mod_e2e_policy.lua @ 4515:2e33eeafe962
mod_muc_markers: Prevent any markers from reaching the archive, even if untracked
Original intention was to leave alone things that this module isn't
handling. However markers in archives are just problematic without
more advanced logic about what is markable and what is not. It also
requires a more advanced query in mod_muc_rai to determine the latest
markable message instead of the latest archived message.
I'd rather keep the "is archivable" and "is markable" definition the
same for simplicity. I don't want to introduce yet another set of rules
for no reason.
No markers in MAM.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 22 Mar 2021 15:55:02 +0000 |
| parents | a76c420eca61 |
| children |
line wrap: on
line source
local st = require "util.stanza"; local jid_bare = require "util.jid".bare; local host = module.host; local e2e_policy_chat = module:get_option_string("e2e_policy_chat", "optional"); -- possible values: none, optional and required local e2e_policy_muc = module:get_option_string("e2e_policy_muc", "optional"); -- possible values: none, optional and required local e2e_policy_whitelist = module:get_option_set("e2e_policy_whitelist", { }); -- make this module ignore messages sent to and from this JIDs or MUCs local e2e_policy_message_optional_chat = module:get_option_string("e2e_policy_message_optional_chat", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."); local e2e_policy_message_required_chat = module:get_option_string("e2e_policy_message_required_chat", "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."); local e2e_policy_message_optional_muc = module:get_option_string("e2e_policy_message_optional_muc", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."); local e2e_policy_message_required_muc = module:get_option_string("e2e_policy_message_required_muc", "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server."); function warn_on_plaintext_messages(event) -- check if JID is whitelisted if e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.from)) or e2e_policy_whitelist:contains(jid_bare(event.stanza.attr.to)) then return nil; end local body = event.stanza:get_child_text("body"); -- do not warn for status messages if not body or event.stanza.attr.type == "error" then return nil; end -- check otr if body and body:sub(1,4) == "?OTR" then return nil; end -- check omemo https://xmpp.org/extensions/inbox/omemo.html if event.stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or event.stanza:get_child("encrypted", "urn:xmpp:omemo:0") then return nil; end -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html if event.stanza:get_child("x", "jabber:x:encrypted") then return nil; end -- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html if event.stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then return nil; end -- no valid encryption found if e2e_policy_chat == "optional" and event.stanza.attr.type ~= "groupchat" then event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_chat)); end if e2e_policy_chat == "required" and event.stanza.attr.type ~= "groupchat" then return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_chat)); end if e2e_policy_muc == "optional" and event.stanza.attr.type == "groupchat" then event.origin.send(st.message({ from = host, to = event.stanza.attr.from, type = "headline" }, e2e_policy_message_optional_muc)); end if e2e_policy_muc == "required" and event.stanza.attr.type == "groupchat" then return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_muc)); end end module:hook("pre-message/bare", warn_on_plaintext_messages, 300); module:hook("pre-message/full", warn_on_plaintext_messages, 300); module:hook("pre-message/host", warn_on_plaintext_messages, 300);