Mercurial > prosody-modules
view mod_firewall/actions.lib.lua @ 4738:5aee8d86629a
mod_bookmarks2: Fix handling of nick and password elements
This form of child retrieval fails when the stanza elements internally
don't have an 'xmlns' attribute, which can happen sometimes for some
reason, including when they have been constructed via the stanza builder
API. When that is the case then the explicit namespace arguemnt does not
match the nil value of the internal attribute. Calling `:get_child()`
without the namespace argument does the right thing here, with both nil
and the parent namespace as valid values for the internal attribute.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 03 Nov 2021 21:11:55 +0100 |
| parents | 5a3dfb970888 |
| children | d0d251abf595 |
line wrap: on
line source
local unpack = table.unpack or unpack; local interpolation = require "util.interpolation"; local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end); --luacheck: globals meta idsafe local action_handlers = {}; -- Takes an XML string and returns a code string that builds that stanza -- using st.stanza() local function compile_xml(data) local code = {}; local first, short_close = true, nil; for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do if tagline:sub(-1,-1) == "/" then tagline = tagline:sub(1, -2); short_close = true; end if tagline:sub(1,1) == "/" then code[#code+1] = (":up()"); else local name, attr = tagline:match("^(%S*)%s*(.*)$"); local attr_str = {}; for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do if #attr_str == 0 then table.insert(attr_str, ", { "); else table.insert(attr_str, ", "); end if k:find("^%a%w*$") then table.insert(attr_str, string.format("%s = %q", k, v)); else table.insert(attr_str, string.format("[%q] = %q", k, v)); end end if #attr_str > 0 then table.insert(attr_str, " }"); end if first then code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil")); first = nil; else code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str))); end end if text and text:find("%S") then code[#code+1] = (string.format(":text(%q)", text)); elseif short_close then short_close = nil; code[#code+1] = (":up()"); end end return table.concat(code, ""); end function action_handlers.PASS() return "do return pass_return end" end function action_handlers.DROP() return "do return true end"; end function action_handlers.DEFAULT() return "do return false end"; end function action_handlers.RETURN() return "do return end" end function action_handlers.STRIP(tag_desc) local code = {}; local name, xmlns = tag_desc:match("^(%S+) (.+)$"); if not name then name, xmlns = tag_desc, nil; end if name == "*" then name = nil; end code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; "); code[#code+1] = "stanza:maptags(function (tag) if "; if name then code[#code+1] = ("tag.name == %q and "):format(name); end if xmlns then code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns); else code[#code+1] = ("tag.attr.xmlns == stanza_xmlns "); end code[#code+1] = "then return nil; end return tag; end );"; return table.concat(code); end function action_handlers.INJECT(tag) return "stanza:add_child("..compile_xml(tag)..")", { "st" }; end local error_types = { ["bad-request"] = "modify"; ["conflict"] = "cancel"; ["feature-not-implemented"] = "cancel"; ["forbidden"] = "auth"; ["gone"] = "cancel"; ["internal-server-error"] = "cancel"; ["item-not-found"] = "cancel"; ["jid-malformed"] = "modify"; ["not-acceptable"] = "modify"; ["not-allowed"] = "cancel"; ["not-authorized"] = "auth"; ["payment-required"] = "auth"; ["policy-violation"] = "modify"; ["recipient-unavailable"] = "wait"; ["redirect"] = "modify"; ["registration-required"] = "auth"; ["remote-server-not-found"] = "cancel"; ["remote-server-timeout"] = "wait"; ["resource-constraint"] = "wait"; ["service-unavailable"] = "cancel"; ["subscription-required"] = "auth"; ["undefined-condition"] = "cancel"; ["unexpected-request"] = "wait"; }; local function route_modify(make_new, to, drop) local reroute, deps = "session.send(newstanza)", { "st" }; if to then reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to); deps[#deps+1] = "core_post_stanza"; end return ([[do local newstanza = st.%s; %s;%s end]]) :format(make_new, reroute, drop and " return true" or ""), deps; end function action_handlers.BOUNCE(with) local error = with and with:match("^%S+") or "service-unavailable"; local error_type = error:match(":(%S+)"); if not error_type then error_type = error_types[error] or "cancel"; else error = error:match("^[^:]+"); end error, error_type = string.format("%q", error), string.format("%q", error_type); local text = with and with:match(" %((.+)%)$"); if text then text = string.format("%q", text); else text = "nil"; end local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true); deps[#deps+1] = "type"; deps[#deps+1] = "name"; return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results ]]..route_modify_code, deps; end function action_handlers.REDIRECT(where) return route_modify("clone(stanza)", where, true); end function action_handlers.COPY(where) return route_modify("clone(stanza)", where, false); end function action_handlers.REPLY(with) return route_modify(("reply(stanza):body(%q)"):format(with)); end function action_handlers.FORWARD(where) local code = [[ local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza); core_post_stanza(session, newstanza); ]]; return code:format(where), { "core_post_stanza", "current_host" }; end function action_handlers.LOG(string) local level = string:match("^%[(%a+)%]") or "info"; string = string:gsub("^%[%a+%] ?", ""); local meta_deps = {}; local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps); return code, meta_deps; end function action_handlers.RULEDEP(dep) return "", { dep }; end function action_handlers.EVENT(name) return ("fire_event(%q, event)"):format(name); end function action_handlers.JUMP_EVENT(name) return ("do return fire_event(%q, event); end"):format(name); end function action_handlers.JUMP_CHAIN(name) return template([[do local ret = fire_event($chain_event$, event); if ret ~= nil then if ret == false then log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret)); return pass_return; end log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret)); return ret; end end]], { chain_event = "firewall/chains/"..name, chain_name = name }); end function action_handlers.MARK_ORIGIN(name) return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" }; end function action_handlers.UNMARK_ORIGIN(name) return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] end function action_handlers.MARK_USER(name) return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = current_timestamp; end]], { "timestamp" }; end function action_handlers.UNMARK_USER(name) return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = nil; end]], { "timestamp" }; end function action_handlers.ADD_TO(spec) local list_name, value = spec:match("(%S+) (.+)"); local meta_deps = {}; value = meta(("%q"):format(value), meta_deps); return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) }; end function action_handlers.UNSUBSCRIBE_SENDER() return "rostermanager.unsubscribed(to_node, to_host, bare_from);\ rostermanager.roster_push(to_node, to_host, bare_from);\ core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));", { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" }; end return action_handlers;