Mercurial > prosody-modules

view mod_spam_reporting/mod_spam_reporting.lua @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents a357c3e3bd32
children
line wrap: on
line source

-- XEP-0377: Spam Reporting for Prosody
-- Copyright (C) 2016-2021 Kim Alvefur
--
-- This file is MIT/X11 licensed.

local jid_prep = require "util.jid".prep;

module:depends("blocklist");

module:add_feature("urn:xmpp:reporting:0");
module:add_feature("urn:xmpp:reporting:reason:spam:0");
module:add_feature("urn:xmpp:reporting:reason:abuse:0");
module:add_feature("urn:xmpp:reporting:1");

module:hook("iq-set/self/urn:xmpp:blocking:block", function (event)
	for item in event.stanza.tags[1]:childtags("item") do
		local report = item:get_child("report", "urn:xmpp:reporting:0") or item:get_child("report", "urn:xmpp:reporting:1");
		local jid = jid_prep(item.attr.jid);
		if report and jid then
			local report_type, reason;
			if report.attr.xmlns == "urn:xmpp:reporting:0" then
				report_type = report:get_child("spam") and "spam" or report:get_child("abuse") and "abuse" or "unknown";
				reason = report:get_child_text("text");
			elseif report.attr.xmlns == "urn:xmpp:reporting:1" then
				report_type = "unknown";
				if report.attr.reason == "urn:xmpp:reporting:abuse" then
					report_type = "abuse";
				end
				if report.attr.reason == "urn:xmpp:reporting:spam" then
					report_type = "spam";
				end
				reason = report:get_child_text("text");
			end

			if report_type then
				module:log("warn", "Received report of %s from JID '%s', %s", report_type, jid, reason or "no reason given");
				module:fire_event(module.name.."/"..report_type.."-report", {
					origin = event.origin, stanza = event.stanza, jid = jid,
					item = item, report = report, reason = reason, });
			end
		end
	end
end, 1);