| author | Kim Alvefur <zash@zash.se> |
| Sun, 03 Mar 2024 11:23:40 +0100 | |
| changeset 5857 | 97c9b76867ca |
| parent 3028 | f54c80404ad3 |
| permissions | -rw-r--r-- |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
local st = require "util.stanza"; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
local jid = require "util.jid"; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
local nodeprep = require "util.encodings".stringprep.nodeprep; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
local unprepped_access_lists = module:get_option("muc_access_lists", {}); |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
local access_lists = {}; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
-- Make sure all input is prepped |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
for unprepped_room_name, unprepped_list in pairs(unprepped_access_lists) do |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
local prepped_room_name = nodeprep(unprepped_room_name); |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
if not prepped_room_name then |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
module:log("error", "Invalid room name: %s", unprepped_room_name); |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
else |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
local prepped_list = {}; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
for _, unprepped_jid in ipairs(unprepped_list) do |
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
16 |
local prepped_jid = jid.prep(unprepped_jid); |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
if not prepped_jid then |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
module:log("error", "Invalid JID: %s", unprepped_jid); |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
else |
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
20 |
prepped_list[prepped_jid] = true; |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
end |
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
23 |
access_lists[prepped_room_name] = prepped_list; |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
local function is_restricted(room, who) |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
local allowed = access_lists[room]; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
if allowed == nil or allowed[who] or allowed[select(2, jid.split(who))] then |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
return nil; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
return "forbidden"; |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
module:hook("presence/full", function(event) |
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
38 |
local stanza = event.stanza; |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
|
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
40 |
if stanza.name == "presence" and stanza.attr.type == "unavailable" then -- Leaving events get discarded |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
41 |
return; |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
42 |
end |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
-- Get the room |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
local room = jid.split(stanza.attr.to); |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
if not room then return; end |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 |
-- Get who has tried to join it |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
local who = jid.bare(stanza.attr.from) |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
|
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 |
-- Checking whether room is restricted |
|
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
local check_restricted = is_restricted(room, who) |
|
3028
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
53 |
if check_restricted ~= nil then |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
54 |
event.allowed = false; |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
55 |
event.stanza.attr.type = 'error'; |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
56 |
return event.origin.send(st.error_reply(event.stanza, "cancel", "forbidden", "You're not allowed to enter this room: " .. check_restricted)); |
|
f54c80404ad3
mod_muc_access_control: Multiple fixes to make the module work (fixes #1086)
Frank Doepper <prosody@woffs.de>
parents:
1958
diff
changeset
|
57 |
end |
|
1958
050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
end, 10); |