Mercurial > prosody-modules
view mod_muc_http_auth/README.md @ 4299:8006da2cf44c
For deployments that have https://hg.prosody.im/trunk/file/tip/plugins/muc/register.lib.lua#l7 and use https://modules.prosody.im/mod_muc_http_auth.html users can still register to a MUC even if they are not allowed to join. That means they would receive RAI or RMN, for instance.
author | Seve Ferrer <seve@delape.net> |
---|---|
date | Tue, 15 Dec 2020 11:26:29 +0100 |
parents | 08138de4cb88 |
children | d261233f7ced |
line wrap: on
line source
# Introduction This module externalizes MUC authorization via HTTP. Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url` with the user bare jid (`userJID`) and the MUC jid (`mucJID`) as GET parameters. Example: `https://www.prosody.im/users/can-join/?userJID=romeo@example.com&mucJID=teaparty@chat.example.com` This allows an external service to decide whether a user is authorized to join a MUC or not. When a user is authorized to join a MUC, this module expects the following JSON payload: ``` { allowed: true, error: "", } ``` Otherwise, either the user not being authorized or some failure in the external service: ``` { allowed: false, error: "Some error message to be displayed in this module's logs", } ``` # Configuring ## Enabling ``` {.lua} Component "rooms.example.net" "muc" modules_enabled = { "muc_http_auth"; } ``` ## Settings |Name |Description |Default | |-----|------------|--------| |muc_http_auth_url| URL of the external HTTP service to which send `userJID` and `mucJID` in a GET request | "" | |muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil | |muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil | |muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false | This module can be enabled/disabled for specific rooms. Only one of the following settings must be set. ``` -- muc_http_auth_enabled_for = {"teaparty"} -- muc_http_auth_disabled_for = {"teaparty"} ``` If none or both are found, all rooms in the MUC component will have this module enabled. Note: Use the node part of the MUC jid for these lists. Example: Wrong: `muc_http_auth_enabled_for = {"teaparty@rooms.example.net"}` Correct: `muc_http_auth_enabled_for = {"teaparty"}`