prosody-modules: mod_muc_http_auth/mod_muc_http_auth.lua@08138de4cb88 (annotated)

4300 08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	1	local wait_for = require "util.async".wait_for;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	2	local http = require "net.http";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	3	local json = require "util.json";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	4	local st = require "util.stanza";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	5	local jid_node = require "util.jid".node;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	6	local jid_bare = require "util.jid".bare;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	7
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	8	local authorization_url = module:get_option("muc_http_auth_url", "")
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	9	local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	10	local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	11	local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	12
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	13	local function must_be_authorized(room_node)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	14	-- If none of these is set, all rooms need authorization
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	15	if not enabled_for and not disabled_for then return true; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	16
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	17	if enabled_for and not disabled_for then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	18	for _, _room_node in ipairs(enabled_for) do
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	19	if _room_node == room_node then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	20	return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	21	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	22	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	23	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	24
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	25	if disabled_for and not enabled_for then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	26	for _, _room_node in ipairs(disabled_for) do
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	27	if _room_node == room_node then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	28	return false;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	29	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	30	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	31	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	32
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	33	return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	34	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	35
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	36	local function handle_success(response)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	37	local body = json.decode(response.body or "") or {}
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	38	response = {
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	39	err = body.error,
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	40	allowed = body.allowed,
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	41	code = response.code
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	42	}
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	43	return {response=response, err=response.err};
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	44	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	45
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	46	local function handle_error(err)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	47	return {err=err};
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	48	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	49
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	50	local function handle_presence(event)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	51	local stanza = event.stanza;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	52	if stanza.name ~= "presence" or stanza.attr.type == "unavailable" then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	53	return;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	54	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	55
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	56	local room, origin = event.room, event.origin;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	57	if (not room) or (not origin) then return; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	58
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	59	if not must_be_authorized(jid_node(room.jid)) then return; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	60
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	61	local user_bare_jid = jid_bare(stanza.attr.from);
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	62	local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	63
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	64	local result = wait_for(http.request(url, {method="GET", insecure=insecure}):next(handle_success, handle_error));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	65	local response, err = result.response, result.err;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	66
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	67	if not (response and response.allowed) then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	68	-- User is not authorized to join this room
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	69	err = (response or {}).err or err
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	70	module:log("debug", user_bare_jid .. " is not authorized to join " .. room.jid .. " Error: " .. tostring(err));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	71	origin.send(st.error_reply(stanza, "error", "not-authorized", nil, module.host));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	72	return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	73	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	74
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	75	module:log("debug", user_bare_jid .. " is authorized to join " .. room.jid);
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	76	return;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	77	end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	78
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	79
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP Seve Ferrer <seve@delape.net> parents: diff changeset	80	module:hook("muc-occupant-pre-join", handle_presence);

author	Seve Ferrer <seve@delape.net>
	Sat, 12 Dec 2020 18:19:14 +0100
changeset 4300	08138de4cb88
child 4303	8006da2cf44c
permissions	-rw-r--r--