# HG changeset patch
# User JC Brand <jc@opkode.com>
# Date 1614688570 -3600
# Node ID c4f11a4b5ac778bf4991effced3f61d16bb01749
# Parent  21698b960bd6acd1e4ce1f8c95a290970e21cb7c
mod_ogp: Add the ability to whitelist domains

diff -r 21698b960bd6 -r c4f11a4b5ac7 mod_ogp/README.markdown
--- a/mod_ogp/README.markdown	Tue Mar 02 12:04:14 2021 +0100
+++ b/mod_ogp/README.markdown	Tue Mar 02 13:36:10 2021 +0100
@@ -6,13 +6,25 @@
 If it finds any, it sends a [XEP-0422 fastening](https://xmpp.org/extensions/xep-0422.html) applied to the original message that looks like:
 
 ```
-    <message id="example" from="chatroom@chatservice.example" to="chatroom@chatservice.example">
-        <apply-to xmlns="urn:xmpp:fasten:0" id="origin-id-X">
-            <meta xmlns="http://www.w3.org/1999/xhtml" property="og:title" content="The Rock"/>
-            <meta xmlns="http://www.w3.org/1999/xhtml" property="og:url" content="https://www.imdb.com/title/tt0117500/"/>
-            <meta xmlns="http://www.w3.org/1999/xhtml" property="og:image" content="https://ia.media-imdb.com/images/rock.jpg"/>
-        </apply-to>
-    </message>
+<message id="example" from="chatroom@muc.example.org" to="chatroom@muc.example.org">
+<apply-to xmlns="urn:xmpp:fasten:0" id="origin-id-X">
+<meta xmlns="http://www.w3.org/1999/xhtml" property="og:title" content="The Rock"/>
+<meta xmlns="http://www.w3.org/1999/xhtml" property="og:url" content="https://www.imdb.com/title/tt0117500/"/>
+<meta xmlns="http://www.w3.org/1999/xhtml" property="og:image" content="https://ia.media-imdb.com/images/rock.jpg"/>
+</apply-to>
+</message>
 ```
 
 The module is intentionally simple in the sense that it is basically a transport for https://ogp.me/
+
+Configuration
+-------------
+
+You can present a whitelist of domains for which OGP metadata will be fetched
+via the `ogp_domain_whitelist` setting.
+
+For example:
+
+    Component "muc.example.org" "muc"
+      modules_enabled = { "ogp" }
+      ogp_domain_whitelist = { "prosody.im" }
diff -r 21698b960bd6 -r c4f11a4b5ac7 mod_ogp/mod_ogp.lua
--- a/mod_ogp/mod_ogp.lua	Tue Mar 02 12:04:14 2021 +0100
+++ b/mod_ogp/mod_ogp.lua	Tue Mar 02 13:36:10 2021 +0100
@@ -2,12 +2,28 @@
 local http = require "net.http"
 local st = require "util.stanza"
 local url_pattern = [[https?://%S+]]
-local xmlns_fasten = "urn:xmpp:fasten:0";
-local xmlns_xhtml = "http://www.w3.org/1999/xhtml";
+local domain_pattern = '^%w+://([^/]+)'
+local xmlns_fasten = "urn:xmpp:fasten:0"
+local xmlns_xhtml = "http://www.w3.org/1999/xhtml"
+local whitelist = module:get_option_set("ogp_domain_whitelist", {})
+
+
+local function is_whitelisted(url)
+	if whitelist:empty() then
+		return true
+	end
+	local domain = url:match(domain_pattern)
+	if whitelist:contains(domain) then
+		return true;
+	end
+	return false
+end
 
 
 local function fetch_ogp_data(room, url, origin_id)
-	if not url then return; end
+	if not url or not is_whitelisted(url) then
+		return;
+	end
 
 	http.request(
 		url,