Mercurial Mercurial > prosody > prosody-modules / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_proxy65_whitelist/mod_proxy65_whitelist.lua
author Matthew Wild <mwild1@gmail.com>
Sat, 14 Jan 2023 14:31:37 +0000
changeset 5153 fa56ed2bacab
parent 2362 f96b947303a2
permissions -rw-r--r--
mod_unified_push: Add support for multiple token backends, including stoage Now that we have ACLs by default, it is no longer necessary to be completely stateless. On 0.12, using storage has benefits over JWT, because it does not expose client JIDs to the push apps/services. In trunk, PASETO is stateless and does not expose client JIDs.

local allowed_streamhosts = module:get_option_set("allowed_streamhosts", {}); -- eg proxy.eu.jabber.org

if module:get_option_boolean("allow_local_streamhosts", true) then
	for hostname, host in pairs(hosts) do
		if host.modules.proxy65 then
			allowed_streamhosts:add(hostname);
		end
	end

	module:hook_global("host-activated", function (host)
		if hosts[host].modules.proxy65 then
			allowed_streamhosts:add(host);
		end
	end);
end

local function filter_streamhosts(tag)
	if tag.name == "streamhost" and not allowed_streamhosts:contains(tag.attr.jid) then
		return nil;
	end
	return tag;
end

module:hook("iq/full", function (event)
	local stanza = event.stanza;
	if stanza.attr.type == "set" then
		local payload = stanza:get_child("query", "http://jabber.org/protocol/bytestreams");
		if payload then
			payload:maptags(filter_streamhosts);
		end
	end
end, 1);
prosody-modules