Mercurial > prosody-modules
changeset 4598:09f0911c735d
mod_ogp: Add the ability to block OGP fetching for certain domains
author | JC Brand <jc@opkode.com> |
---|---|
date | Tue, 22 Jun 2021 12:25:36 +0200 |
parents | c858c76d0845 |
children | 06c9c9ef0a51 |
files | mod_ogp/README.markdown mod_ogp/mod_ogp.lua |
diffstat | 2 files changed, 25 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_ogp/README.markdown Tue Jun 22 11:41:16 2021 +0200 +++ b/mod_ogp/README.markdown Tue Jun 22 12:25:36 2021 +0200 @@ -20,13 +20,13 @@ Configuration ------------- -You can present a whitelist of domains for which OGP metadata will be fetched -via the `ogp_domain_whitelist` setting. +You can present an allowlist or denylist of domains for which OGP metadata will be fetched +via the `ogp_domain_allowlist` and `ogp_domain_denylist` settings repectively. For example: ```lua Component "muc.example.org" "muc" modules_enabled = { "ogp" } - ogp_domain_whitelist = { "prosody.im" } + ogp_domain_allowlist = { "prosody.im" } ```
--- a/mod_ogp/mod_ogp.lua Tue Jun 22 11:41:16 2021 +0200 +++ b/mod_ogp/mod_ogp.lua Tue Jun 22 12:25:36 2021 +0200 @@ -5,23 +5,38 @@ local domain_pattern = '^%w+://([^/]+)' local xmlns_fasten = "urn:xmpp:fasten:0" local xmlns_xhtml = "http://www.w3.org/1999/xhtml" -local whitelist = module:get_option_set("ogp_domain_whitelist", {}) +local allowlist = module:get_option_set("ogp_domain_allowlist", module:get_option_set("ogp_domain_whitelist", {})) +local denylist = module:get_option_set("ogp_domain_denylist", {}) -local function is_whitelisted(url) - if whitelist:empty() then +local function is_allowed(domain) + if allowlist:empty() then + return true + end + if allowlist:contains(domain) then return true end - local domain = url:match(domain_pattern) - if whitelist:contains(domain) then - return true; + return false +end + +local function is_denied(domain) + if denylist:empty() then + return false + end + if denylist:contains(domain) then + return true end return false end local function fetch_ogp_data(room, url, origin_id) - if not url or not is_whitelisted(url) then + if not url then + return; + end + + local domain = url:match(domain_pattern); + if is_denied(domain) or not is_allowed(domain) then return; end