Mercurial > prosody-modules

view mod_muc_rtbl/mod_muc_rtbl.lua @ 5418:f2c7bb3af600

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Add role selector to consent page List includes all roles available to the user, if more than one. Defaults to either the first role in the scope string or the users primary role. Earlier draft listed all roles, but having options that can't be selected is bad UX and the entire list of all roles on the server could be long, and perhaps even sensitive. Allows e.g. picking a role with fewer permissions than what might otherwise have been selected. UX wise, doing this with more checkboxes or possibly radio buttons would have been confusion and/or looked messier. Fixes the previous situation where unselecting a role would default to the primary role, which could be more permissions than requested.
author Kim Alvefur <zash@zash.se>
date Fri, 05 May 2023 01:23:13 +0200
parents f6577cdb1d91
children ba71fdc8ea73
line wrap: on
line source

local array = require "util.array";
local it = require "util.iterators";
local jid = require "util.jid";
local sha256 = require "util.hashes".sha256;
local set = require "util.set";
local st = require "util.stanza";

local rtbl_service_jid = assert(module:get_option_string("muc_rtbl_jid"), "No RTBL JID supplied");
local rtbl_node = module:get_option_string("muc_rtbl_node", "muc_bans_sha256");

local banned_hashes = module:shared("banned_hashes");

module:depends("pubsub_subscription");

module:add_item("pubsub-subscription", {
	service = rtbl_service_jid;
	node = rtbl_node;

	-- Callbacks:
	on_subscribed = function()
		module:log("info", "RTBL active");
	end;

	on_error = function(err)
		module:log("error", "Failed to subscribe to RTBL: %s::%s:  %s", err.type, err.condition, err.text);
	end;

	on_item = function(event)
		local hash = event.item.attr.id;
		if not hash then return; end
		module:log("debug", "Received new hash: %s", hash);
		banned_hashes[hash] = true;
	end;

	on_retract = function (event)
		local hash = event.item.attr.id;
		if not hash then return; end
		module:log("debug", "Retracted hash: %s", hash);
		banned_hashes[hash] = nil;
	end;

	purge = function()
		module:log("debug", "Purge all hashes");
		for hash in pairs(banned_hashes) do
			banned_hashes[hash] = nil;
		end
	end;
});

function request_list()
	local items_request = st.iq({ to = rtbl_service_jid, from = module.host, type = "get", id = "rtbl-request" })
		:tag("pubsub", { xmlns = "http://jabber.org/protocol/pubsub" })
			:tag("items", { node = rtbl_node }):up()
		:up();

	module:send(items_request);
end

function update_list(event)
	local from_jid = event.stanza.attr.from;
	if from_jid ~= rtbl_service_jid then
		module:log("debug", "Ignoring RTBL response from unknown sender");
		return;
	end
	local items_el = event.stanza:find("{http://jabber.org/protocol/pubsub}pubsub/items");
	if not items_el then
		module:log("warn", "Invalid items response from RTBL service");
		return;
	end

	local old_entries = set.new(array.collect(it.keys(banned_hashes)));

	local n_added, n_removed, n_total = 0, 0, 0;
	for item in items_el:childtags("item") do
		local hash = item.attr.id;
		if hash then
			n_total = n_total + 1;
			if not old_entries:contains(hash) then
				-- New entry
				n_added = n_added + 1;
				banned_hashes[hash] = true;
			else
				-- Entry already existed
				old_entries:remove(hash);
			end
		end
	end

	-- Remove old entries that weren't in the received list
	for hash in old_entries do
		n_removed = n_removed + 1;
		banned_hashes[hash] = nil;
	end

	module:log("info", "%d RTBL entries received from %s (%d added, %d removed)", n_total, from_jid, n_added, n_removed);
	return true;
end

module:hook("iq-result/host/rtbl-request", update_list);

function update_hashes(occupant)
	local bare_hash, host_hash;
	if not occupant.mod_muc_rtbl_bare_hash then
		bare_hash = sha256(jid.bare(occupant.bare_jid), true);
		occupant.mod_muc_rtbl_bare_hash = bare_hash;
	else
		bare_hash = occupant.mod_muc_rtbl_bare_hash;
	end
	if not occupant.mod_muc_rtbl_host_hash then
		host_hash = sha256(jid.host(occupant.bare_jid), true);
		occupant.mod_muc_rtbl_host_hash = host_hash;
	else
		host_hash = occupant.mod_muc_rtbl_host_hash;
	end
	return bare_hash, host_hash
end

module:hook("muc-occupant-pre-join", function (event)
	if next(banned_hashes) == nil then return end

	local from_bare = jid.bare(event.stanza.attr.from);

	local affiliation = event.room:get_affiliation(from_bare);
	if affiliation and affiliation ~= "none" then
		-- Skip check for affiliated users
		return;
	end

	local bare_hash, host_hash = update_hashes(event.occupant);
	if banned_hashes[bare_hash] or banned_hashes[host_hash] then
		module:log("info", "Blocked user <%s> from room <%s> due to RTBL match", from_bare, event.stanza.attr.to);
		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
		event.origin.send(error_reply);
		return true;
	end
end);

module:hook("muc-occupant-groupchat", function(event)
	local affiliation = event.room:get_affiliation(event.occupant.bare_jid);
	if affiliation and affiliation ~= "none" then
		-- Skip check for affiliated users
		return;
	end

	local bare_hash, host_hash = update_hashes(event.occupant);
	if banned_hashes[bare_hash] or banned_hashes[host_hash] then
		module:log("debug", "Blocked message from user <%s> to room <%s> due to RTBL match", event.stanza.attr.from, event.stanza.attr.to);
		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
		event.origin.send(error_reply);
		return true;
	end
end);

module:hook("muc-private-message", function(event)
	local occupant = event.room:get_occupant_by_nick(event.stanza.attr.from);
	local affiliation = event.room:get_affiliation(occupant.bare_jid);
	if affiliation and affiliation ~= "none" then
		-- Skip check for affiliated users
		return;
	end

	local bare_hash, host_hash = update_hashes(occupant);
	if banned_hashes[bare_hash] or banned_hashes[host_hash] then
		module:log("debug", "Blocked private message from user <%s> from room <%s> due to RTBL match", occupant.bare_jid, event.stanza.attr.to);
		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
		event.origin.send(error_reply);
		return true;
	end
end);

if prosody.start_time then
	request_list();
else
	module:hook_global("server-started", function ()
		request_list();
	end);
end