Mercurial > prosody-modules
changeset 80:bed9a6b40fae
mod_proxy65: basic white list - access control list
author | Thilo Cestonaro <thilo@cestona.ro> |
---|---|
date | Sun, 01 Nov 2009 16:42:04 +0100 |
parents | 34f5818c90e9 |
children | 9ceeab822e40 |
files | mod_muc_log/mod_muc_log.lua mod_proxy65/mod_proxy65.lua |
diffstat | 2 files changed, 50 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_muc_log/mod_muc_log.lua Sun Nov 01 14:37:28 2009 +0100 +++ b/mod_muc_log/mod_muc_log.lua Sun Nov 01 16:42:04 2009 +0100 @@ -13,6 +13,8 @@ local data_load, data_store, data_getpath = datamanager.load, datamanager.store, datamanager.getpath; local datastore = "muc_log"; local config = {}; +local verifyAuthRequest = module:require "verifyhttpauth".verifyHttpAuthRequest; + --[[ LuaFileSystem @@ -421,7 +423,7 @@ return generateDayListSiteContentByRoom(bareRoomJid); -- fallback end end - +local requests = {}; function handle_request(method, body, request) local query = splitQuery(request.url.query); local node, host = grepRoomJid(request.url.path); @@ -437,7 +439,17 @@ if room._data ~= nil and room._data.subject ~= nil then subject = room._data.subject; end - return createDoc(parseDay(bare, subject, query)); + local doc = createDoc(parseDay(bare, subject, query)); + local id = "thisIsTheId"; + requests[id] = request; + requests[id].doc = doc; + + verifyAuthRequest(request.url.path .. "?" .. request.url.query, "thilo@cestona.ro", id, function (id, confirmed) + if confirmed and requests[id] then + requests[id].send(requests[id].doc); + end + end) + return true; end else return createDoc(generateRoomListSiteContent()); @@ -448,7 +460,7 @@ return; end -config = config_get(module:get_host(), "core", "muc_log"); +config = config_get(module:get_host(), "core", "muc_log") or {}; httpserver.new_from_config({ config.http_port or true }, handle_request, { base = "muc_log" });
--- a/mod_proxy65/mod_proxy65.lua Sun Nov 01 14:37:28 2009 +0100 +++ b/mod_proxy65/mod_proxy65.lua Sun Nov 01 16:42:04 2009 +0100 @@ -21,6 +21,7 @@ local proxy_port = config_get(host, "core", "proxy65_port") or 5000; local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; +local proxy_acl = config_get(host, "core", "proxy65_acl"); local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; @@ -126,16 +127,42 @@ return reply; end -local function get_stream_host(stanza) +local function get_stream_host(origin, stanza) local reply = replies_cache.stream_host; + local err_reply = replies_cache.stream_host_err; local sid = stanza.tags[1].attr.sid; - if reply == nil then - reply = st.iq({type="result", from=host}) - :query("http://jabber.org/protocol/bytestreams") - :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); -- TODO get the correct data - replies_cache.stream_host = reply; + local allow = false; + + if proxy_acl then + for _, acl in ipairs(proxy_acl) do + local acl_node, acl_host, acl_resource = jid_split(acl); + if ((acl_node ~= nil and acl_node == origin.username) or acl_node == nil) and + ((acl_host ~= nil and acl_host == origin.host) or acl_host == nil) and + ((acl_resource ~= nil and acl_resource == origin.resource) or acl_resource == nil) then + allow = true; + end + end + else + allow = true; end - + if allow == true then + if reply == nil then + reply = st.iq({type="result", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); + replies_cache.stream_host = reply; + end + else + module:log("debug", "Denying use of proxy for %s@%s/%s", tostring(origin.username), tostring(origin.host), tostring(origin.resource)); + if err_reply == nil then + err_reply = st.iq({type="error", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("error", {code='403', type='auth'}) + :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); + replies_cache.stream_host_err = err_reply; + end + reply = err_reply; + end reply.attr.id = stanza.attr.id; reply.attr.to = stanza.attr.from; reply.tags[1].attr.sid = sid; @@ -179,7 +206,7 @@ origin.send(get_disco_items(stanza)); return true; elseif xmlns == "http://jabber.org/protocol/bytestreams" then - origin.send(get_stream_host(stanza)); + origin.send(get_stream_host(origin, stanza)); return true; end elseif stanza.name == "iq" and type == "set" then