Mercurial > prosody-modules

view mod_addressing/mod_addressing.lua @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents f66a08f208ad
children
line wrap: on
line source

-- TODO Querying other servers for support, needs to keep track of remote
-- server disco features

local xmlns_address = 'http://jabber.org/protocol/address';

local function handle_extended_addressing(data)
	local stanza = data.stanza;
	if stanza.attr.type == "error" then
		return -- so we don't process bounces
	end
	local orig_to = stanza.attr.to;
	local addresses = stanza:get_child("addresses", xmlns_address);
	if addresses then
		module:log("debug", "Extended addressing found");
		local destinations = {};
		addresses:maptags(function(address)
			if address.attr.xmlns == xmlns_address and address.name == "address" then
				local type, jid, delivered = address.attr.type, address.attr.jid, address.attr.delivered;
				if (type == "cc" or type == "bcc" or type == "to")
					and jid and not delivered then
					destinations[#destinations+1] = jid;
					module:log("debug", "%s to %s", type, jid)
					if type == "to" or type == "cc" then
						address.attr.delivered = "true";
						return address;
					elseif type == "bcc" then
						return nil;
					end
				end
			end
			return address; -- unsupported stuff goes right back
		end);
		for i=1,#destinations do
			stanza.attr.to = destinations[i];
			module:log("debug", "posting stanza to %s", destinations[i])
			module:send(stanza);
		end
		stanza.attr.to = orig_to;
		return stanza.attr.to == module.host or nil;
	end
end

module:hook("message/host", handle_extended_addressing, 10);
module:hook("message/bare", handle_extended_addressing, 10);
module:hook("message/full", handle_extended_addressing, 10);

module:hook("presence/host", handle_extended_addressing, 10);
module:hook("presence/bare", handle_extended_addressing, 10);
module:hook("presence/full", handle_extended_addressing, 10);

-- IQ stanzas makes no sense

module:add_feature(xmlns_address);