| author | Matthew Wild <mwild1@gmail.com> |
| Thu, 08 Jun 2023 16:20:42 +0100 | |
| changeset 5540 | 96dec7681af8 |
| parent 5239 | d0d251abf595 |
| child 5541 | 4b9a7684ae02 |
| permissions | -rw-r--r-- |
|
3977
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3487
diff
changeset
|
1 |
local unpack = table.unpack or unpack; |
|
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3487
diff
changeset
|
2 |
|
|
3487
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
3 |
local interpolation = require "util.interpolation"; |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
4 |
local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end); |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
5 |
|
|
2129
edf5cf3c474b
mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents:
2111
diff
changeset
|
6 |
--luacheck: globals meta idsafe |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
local action_handlers = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
|
961
f0108ec2b016
mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents:
960
diff
changeset
|
9 |
|
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
-- Takes an XML string and returns a code string that builds that stanza |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
-- using st.stanza() |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
local function compile_xml(data) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
local code = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
local first, short_close = true, nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
if tagline:sub(-1,-1) == "/" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
tagline = tagline:sub(1, -2); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
short_close = true; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
if tagline:sub(1,1) == "/" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
code[#code+1] = (":up()"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
local name, attr = tagline:match("^(%S*)%s*(.*)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
local attr_str = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
if #attr_str == 0 then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
table.insert(attr_str, ", { "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
table.insert(attr_str, ", "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
end |
|
2074
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
31 |
if k:find("^%a%w*$") then |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
table.insert(attr_str, string.format("%s = %q", k, v)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
table.insert(attr_str, string.format("[%q] = %q", k, v)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
if #attr_str > 0 then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
table.insert(attr_str, " }"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
if first then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 |
code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil")); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
first = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str))); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
end |
|
2074
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
47 |
if text and text:find("%S") then |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 |
code[#code+1] = (string.format(":text(%q)", text)); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
elseif short_close then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
short_close = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 |
code[#code+1] = (":up()"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
return table.concat(code, ""); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
|
|
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
57 |
function action_handlers.PASS() |
|
2562
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
58 |
return "do return pass_return end" |
|
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
59 |
end |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
function action_handlers.DROP() |
|
958
843795020701
mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents:
957
diff
changeset
|
62 |
return "do return true end"; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
|
|
2562
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
65 |
function action_handlers.DEFAULT() |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
66 |
return "do return false end"; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
67 |
end |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
68 |
|
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
69 |
function action_handlers.RETURN() |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
70 |
return "do return end" |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
71 |
end |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
72 |
|
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
function action_handlers.STRIP(tag_desc) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
local code = {}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 |
local name, xmlns = tag_desc:match("^(%S+) (.+)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
if not name then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
name, xmlns = tag_desc, nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 |
if name == "*" then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 |
name = nil; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 |
code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
code[#code+1] = "stanza:maptags(function (tag) if "; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
if name then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
code[#code+1] = ("tag.name == %q and "):format(name); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
if xmlns then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 |
code[#code+1] = ("tag.attr.xmlns == stanza_xmlns "); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 |
code[#code+1] = "then return nil; end return tag; end );"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
return table.concat(code); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
function action_handlers.INJECT(tag) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 |
return "stanza:add_child("..compile_xml(tag)..")", { "st" }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 |
local error_types = { |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 |
["bad-request"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 |
["conflict"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 |
["feature-not-implemented"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
["forbidden"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 |
["gone"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 |
["internal-server-error"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 |
["item-not-found"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 |
["jid-malformed"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 |
["not-acceptable"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
["not-allowed"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 |
["not-authorized"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 |
["payment-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
["policy-violation"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 |
["recipient-unavailable"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
["redirect"] = "modify"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 |
["registration-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 |
["remote-server-not-found"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 |
["remote-server-timeout"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 |
["resource-constraint"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 |
["service-unavailable"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 |
["subscription-required"] = "auth"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 |
["undefined-condition"] = "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
["unexpected-request"] = "wait"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
}; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 |
local function route_modify(make_new, to, drop) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 |
local reroute, deps = "session.send(newstanza)", { "st" }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
if to then |
|
2585
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2564
diff
changeset
|
130 |
reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 |
deps[#deps+1] = "core_post_stanza"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
end |
|
2585
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2564
diff
changeset
|
133 |
return ([[do local newstanza = st.%s; %s;%s end]]) |
|
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2564
diff
changeset
|
134 |
:format(make_new, reroute, drop and " return true" or ""), deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 |
end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1303
diff
changeset
|
136 |
|
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 |
function action_handlers.BOUNCE(with) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 |
local error = with and with:match("^%S+") or "service-unavailable"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
local error_type = error:match(":(%S+)"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 |
if not error_type then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 |
error_type = error_types[error] or "cancel"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 |
error = error:match("^[^:]+"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 |
error, error_type = string.format("%q", error), string.format("%q", error_type); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
local text = with and with:match(" %((.+)%)$"); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 |
if text then |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 |
text = string.format("%q", text); |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 |
else |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 |
text = "nil"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 |
end |
|
2098
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2090
diff
changeset
|
152 |
local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true); |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2090
diff
changeset
|
153 |
deps[#deps+1] = "type"; |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2090
diff
changeset
|
154 |
deps[#deps+1] = "name"; |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2090
diff
changeset
|
155 |
return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results |
|
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2090
diff
changeset
|
156 |
]]..route_modify_code, deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
function action_handlers.REDIRECT(where) |
|
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
160 |
return route_modify("clone(stanza)", where, true); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 |
function action_handlers.COPY(where) |
|
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
164 |
return route_modify("clone(stanza)", where, false); |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
|
|
959
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
167 |
function action_handlers.REPLY(with) |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
168 |
return route_modify(("reply(stanza):body(%q)"):format(with)); |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
169 |
end |
|
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
170 |
|
|
2545
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
171 |
function action_handlers.FORWARD(where) |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
172 |
local code = [[ |
|
2555
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2546
diff
changeset
|
173 |
local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
|
2545
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
174 |
local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza); |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
175 |
core_post_stanza(session, newstanza); |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
176 |
]]; |
|
2555
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2546
diff
changeset
|
177 |
return code:format(where), { "core_post_stanza", "current_host" }; |
|
2545
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
178 |
end |
|
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
179 |
|
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 |
function action_handlers.LOG(string) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 |
local level = string:match("^%[(%a+)%]") or "info"; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 |
string = string:gsub("^%[%a+%] ?", ""); |
|
2523
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2419
diff
changeset
|
183 |
local meta_deps = {}; |
|
2786
8fd37f0e108c
mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents:
2585
diff
changeset
|
184 |
local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps); |
|
2523
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2419
diff
changeset
|
185 |
return code, meta_deps; |
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 |
|
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 |
function action_handlers.RULEDEP(dep) |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 |
return "", { dep }; |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 |
end |
|
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 |
|
|
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
192 |
function action_handlers.EVENT(name) |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
193 |
return ("fire_event(%q, event)"):format(name); |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
194 |
end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
195 |
|
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
196 |
function action_handlers.JUMP_EVENT(name) |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
197 |
return ("do return fire_event(%q, event); end"):format(name); |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
198 |
end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
199 |
|
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
200 |
function action_handlers.JUMP_CHAIN(name) |
|
3487
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
201 |
return template([[do |
|
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
202 |
local ret = fire_event($chain_event$, event); |
|
2562
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
203 |
if ret ~= nil then |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
204 |
if ret == false then |
|
3487
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
205 |
log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret)); |
|
2562
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
206 |
return pass_return; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
207 |
end |
|
3487
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
208 |
log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret)); |
|
2562
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
209 |
return ret; |
|
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
210 |
end |
|
3487
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3375
diff
changeset
|
211 |
end]], { chain_event = "firewall/chains/"..name, chain_name = name }); |
|
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
212 |
end |
|
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
213 |
|
|
2111
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
214 |
function action_handlers.MARK_ORIGIN(name) |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
215 |
return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" }; |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
216 |
end |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
217 |
|
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
218 |
function action_handlers.UNMARK_ORIGIN(name) |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
219 |
return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
220 |
end |
|
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2110
diff
changeset
|
221 |
|
|
2898
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
222 |
function action_handlers.MARK_USER(name) |
|
5540
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
223 |
return ([[if session.firewall_marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
224 |
fire_event("firewall/marked/user", { |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
225 |
username = session.username; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
226 |
mark = %q; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
227 |
timestamp = current_timestamp; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
228 |
}); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
229 |
end]]):format(idsafe(name)), { "timestamp" }; |
|
2898
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
230 |
end |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
231 |
|
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
232 |
function action_handlers.UNMARK_USER(name) |
|
5540
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
233 |
return ([[if session.firewall_marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
234 |
fire_event("firewall/unmarked/user", { |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
235 |
username = session.username; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
236 |
mark = %q; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
237 |
}); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
5239
diff
changeset
|
238 |
end]]):format(idsafe(name)); |
|
2898
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
239 |
end |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2786
diff
changeset
|
240 |
|
|
2535
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
241 |
function action_handlers.ADD_TO(spec) |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
242 |
local list_name, value = spec:match("(%S+) (.+)"); |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
243 |
local meta_deps = {}; |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
244 |
value = meta(("%q"):format(value), meta_deps); |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
245 |
return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) }; |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
246 |
end |
|
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
247 |
|
|
2919
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
248 |
function action_handlers.UNSUBSCRIBE_SENDER() |
|
3000
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2919
diff
changeset
|
249 |
return "rostermanager.unsubscribed(to_node, to_host, bare_from);\ |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2919
diff
changeset
|
250 |
rostermanager.roster_push(to_node, to_host, bare_from);\ |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2919
diff
changeset
|
251 |
core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));", |
|
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2919
diff
changeset
|
252 |
{ "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" }; |
|
2919
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
253 |
end |
|
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
254 |
|
|
5239
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
255 |
function action_handlers.REPORT_TO(spec) |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
256 |
local where, reason, text = spec:match("^%s*(%S+) *(%S*) *(.*)$"); |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
257 |
if reason == "spam" then |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
258 |
reason = "urn:xmpp:reporting:spam"; |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
259 |
elseif reason == "abuse" or not reason then |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
260 |
reason = "urn:xmpp:reporting:abuse"; |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
261 |
end |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
262 |
local code = [[ |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
263 |
local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
264 |
local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza):up(); |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
265 |
newstanza:tag("report", { xmlns = "urn:xmpp:reporting:1", reason = %q }) |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
266 |
do local text = %q; if text ~= "" then newstanza:text_tag("text", text); end end |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
267 |
newstanza:up(); |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
268 |
core_post_stanza(session, newstanza); |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
269 |
]]; |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
270 |
return code:format(where, reason, text), { "core_post_stanza", "current_host", "st" }; |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
271 |
end |
|
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3998
diff
changeset
|
272 |
|
|
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
273 |
return action_handlers; |