view mod_muc_http_auth/ @ 4690:82dabfffaddf

mod_muc_require_tos: Add this new module
author Emmanuel Gil Peyrot <>
date Thu, 16 Sep 2021 20:41:14 +0200
parents 9606e7a63a69
children 4b3f054666e6
line wrap: on
line source

# Introduction

This module externalizes MUC authorization via HTTP.  
Whenever a user wants to join a MUC, an HTTP GET request is made to `authorization_url`
with the user bare jid (`userJID`) and the MUC jid (`mucJID`) as GET parameters.  

This allows an external service to decide whether a user is authorized to join a MUC or not.  

When a user is authorized to join a MUC, this module expects the following JSON payload:
    allowed: true,
    error: "",
Otherwise, either the user not being authorized or some failure in the external service:
    allowed: false,
    error: "Some error message to be displayed in this module's logs",

# Configuring

## Enabling

``` {.lua}
Component "" "muc"

modules_enabled = {


## Settings

|Name |Description |Default |
|muc_http_auth_url| URL of the external HTTP service to which send `userJID` and `mucJID` in a GET request | "" |
|muc_http_auth_enabled_for| List of MUC names (node part) to enable this module for | nil |
|muc_http_auth_disabled_for| List of MUC names (node part) to disable this module for | nil |
|muc_http_auth_insecure| Disable certificate verification for request. Only intended for development of the external service. | false |
|muc_http_auth_authorization_header| Value of the Authorization header if requested by the external HTTP service. Example: `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`| nil |

This module can be enabled/disabled for specific rooms. Only one of the following settings must be set.
-- muc_http_auth_enabled_for = {"teaparty"}
-- muc_http_auth_disabled_for = {"teaparty"}
If none is set, all rooms in the MUC component will have this module enabled.

Note: Use the node part of the MUC jid for these lists. Example:  

`muc_http_auth_enabled_for = {""}`

`muc_http_auth_enabled_for = {"teaparty"}`