view mod_track_muc_joins/mod_track_muc_joins.lua @ 5682:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 443d9dae3216
children
line wrap: on
line source

local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local sessions = prosody.full_sessions;

module:hook("presence/full", function (event)
	local stanza = event.stanza;
	local session = sessions[stanza.attr.to];
	if not session then return end;
	if not session.directed then return end -- hasn't sent presence yet
	local log = session.log or module._log;

	local muc_x = stanza:get_child("x", "http://jabber.org/protocol/muc#user");
	if not muc_x then return end -- Not MUC related

	local from_jid = stanza.attr.from;
	local room = jid_bare(from_jid);
	local _,_,nick = jid_split(from_jid);
	local joined = stanza.attr.type;
	if joined == nil then
		joined = nick;
	elseif joined == "unavailable" then
		joined = nil;
	else
		-- Ignore errors and whatever
		return;
	end

	if joined and not session.directed[from_jid] then
		return; -- Never sent presence there, can't be a MUC join
	end

	-- Check for status code 110, meaning it's their own reflected presence
	for status in muc_x:childtags("status") do
		log("debug", "Status code %d", status.attr.code);
		if status.attr.code == "110" then
			log("debug", "%s room %s", joined and "Joined" or "Left", room);
			local rooms = session.rooms_joined;
			if not rooms then
				if not joined then return; end
				session.rooms_joined = { [room] = joined };
			else
				rooms[room] = joined;
			end
			return;
		end
	end
end, 1);