view mod_spam_report_forwarder/README.markdown @ 5682:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 94472eb41d0a
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'Forward spam/abuse reports to a JID'
---

This module forwards spam/abuse reports (e.g. those submitted by users via
XEP-0377 via mod_spam_reporting) to one or more JIDs.

## Configuration

Install and enable the module the same as any other.

There is a single option, `spam_report_destinations` which accepts a list of
JIDs to send reports to.

For example:

```lua
modules_enabled = {
    ---
    "spam_reporting";
    "spam_report_forwarder";
    ---
}

spam_report_destinations = { "antispam.example.com" }
```

## Protocol

This section is intended for developers.

XEP-0377 assumes the report is embedded within another protocol such as
XEP-0191, and doesn't specify a format for communicating "standalone" reports.
This module transmits them inside a `<message>` stanza, and adds a `<jid/>`
element (borrowed from XEP-0268):

```xml
<message from="prosody.example" to="destination.example">
    <report xmlns="urn:xmpp:reporting:1" reason="urn:xmpp:reporting:spam">
        <jid xmlns="urn:xmpp:jid:0">spammer@bad.example</jid>
        <text>
          Never came trouble to my house like this.
        </text>
    </report>
</message>
```