Mercurial > prosody-modules
view mod_isolate_host/mod_isolate_host.lua @ 4203:c4002aae4ad3
mod_s2s_keepalive: Use timestamp as iq @id
RFC 6120 implies that the id attribute must be unique within a stream.
This should fix problems with remote servers that enforce uniqueness and
don't answer duplicated ids.
If it doesn't do that, then at least you can get a guesstimate at
round-trip time from the difference between the result iq stanza and the
timestamp it was logged without having to go look for when it was sent,
or needing to keep state.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 14 Oct 2020 18:02:10 +0200 |
parents | 8e19b943c2cd |
children | bc75fc9400ae |
line wrap: on
line source
local jid = require "util.jid"; local jid_bare, jid_split = jid.bare, jid.split; local is_admin = require "core.usermanager".is_admin; local set = require "util.set"; local st = require "util.stanza"; local stanza_types = set.new{"message", "presence", "iq"}; local jid_types = set.new{"bare", "full", "host"}; local except_domains = module:get_option_inherited_set("isolate_except_domains", {}); local except_users = module:get_option_inherited_set("isolate_except_users", {}); function check_stanza(event) local origin, stanza = event.origin, event.stanza; if origin.no_host_isolation then return; end local to_user, to_host = jid_split(event.stanza.attr.to); if to_host and to_host ~= origin.host and not except_domains:contains(to_host) then if to_host:match("^[^.]+%.(.+)$") == origin.host then -- Permit subdomains except_domains:add(to_host); return; end module:log("warn", "Forbidding stanza from %s to %s", stanza.attr.from or origin.full_jid, stanza.attr.to); origin.send(st.error_reply(stanza, "auth", "forbidden", "Communication with "..to_host.." is not available")); return true; end end for stanza_type in stanza_types do for jid_type in jid_types do module:hook("pre-"..stanza_type.."/"..jid_type, check_stanza, 1); end end function check_user_isolated(event) local session = event.session; local bare_jid = jid_bare(session.full_jid); if is_admin(bare_jid, module.host) or except_users:contains(bare_jid) then session.no_host_isolation = true; end module:log("debug", "%s is %sisolated", session.full_jid or "[?]", session.no_host_isolation and "" or "not "); end module:hook("resource-bind", check_user_isolated);