Mercurial > prosody-modules

view mod_welcome_page/mod_welcome_page.lua @ 5425:3b30635d215c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Support granting zero role-scopes It seems Very Bad that if you uncheck all roles on the consent page, you get the default scopes, which seems the opposite of what you probably intended. Currently, mod_tokenauth will do the same thing, so work is needed there too to allow issuing tokens without roles. A token without a role could be used for OIDC login, and not much else. This seems like a valuable thing to support.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 19:29:15 +0200
parents 75b6e5df65f9
children
line wrap: on
line source

local st = require "util.stanza";
local url_escape = require "util.http".urlencode;
local render_html_template = require"util.interpolation".new("%b{}", st.xml_escape, {
	urlescape = url_escape;
});

local template_path = module:get_option_string("welcome_page_template_path", module:get_directory().."/html");
local user_vars = module:get_option("welcome_page_variables", {});
local site_name = module:get_option("site_name", module.host);
local invite_only = module:get_option_boolean("registration_invite_only", true);
local open_registration = module:get_option_boolean("welcome_page_open_registration", not invite_only);

module:depends("http");
module:depends("http_libjs");
local invites = module:depends("invites");

local function load_template(path)
	local template_file, err = io.open(path);
	if not template_file then
		error("Unable to load template file: "..tostring(err));
	end
	local template = template_file:read("*a");
	template_file:close();
	return template;
end

local template = load_template(template_path.."/index.html");

local function serve_page(event)
	event.response.headers["Content-Type"] = "text/html; charset=utf-8";
	return render_html_template(template, {
		site_name = site_name;
		request = event.request;
		var = user_vars;
	});
end

local function handle_submit(event)
	local submission = { allowed = open_registration, request = event.request };
	module:fire_event("mod_welcome_page/submission", submission);
	if not submission.allowed then
		event.response.headers["Content-Type"] = "text/html; charset=utf-8";
		return render_html_template(template, {
			site_name = site_name;
			request = event.request;
			var = user_vars;
			message = {
				class = "alert-danger";
				text = submission.reason or "Account creation is not possible at this time";
			};
		});
	end

	local invite = invites.create_account(nil, { source = module.name });
	if not invite then
		return 500;
	end

	event.response.headers.Location = invite.landing_page or invite.uri;

	return 303;
end

local http_files
if prosody.process_type == "prosody" then
	-- Prosody >= 0.12
	http_files = require "net.http.files";
else
	-- Prosody <= 0.11
	http_files = module:depends "http_files";
end

module:provides("http", {
	default_path = "/";
	route = {
		["GET"] = serve_page;
		["GET /*"] = http_files.serve({ path = template_path });
		["POST"] = handle_submit;
	};
});