Annotate

mod_muc_http_auth/mod_muc_http_auth.lua @ 4296:08138de4cb88

Prosodoy module to externalize MUC authorization via HTTP
author Seve Ferrer <seve@delape.net>
date Sat, 12 Dec 2020 18:19:14 +0100
child 4299:8006da2cf44c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4296
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
1 local wait_for = require "util.async".wait_for;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
2 local http = require "net.http";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
3 local json = require "util.json";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
4 local st = require "util.stanza";
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
5 local jid_node = require "util.jid".node;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
6 local jid_bare = require "util.jid".bare;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
7
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
8 local authorization_url = module:get_option("muc_http_auth_url", "")
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
9 local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
10 local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
11 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
12
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
13 local function must_be_authorized(room_node)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
14 -- If none of these is set, all rooms need authorization
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
15 if not enabled_for and not disabled_for then return true; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
16
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
17 if enabled_for and not disabled_for then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
18 for _, _room_node in ipairs(enabled_for) do
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
19 if _room_node == room_node then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
20 return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
21 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
22 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
23 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
24
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
25 if disabled_for and not enabled_for then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
26 for _, _room_node in ipairs(disabled_for) do
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
27 if _room_node == room_node then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
28 return false;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
29 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
30 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
31 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
32
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
33 return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
34 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
35
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
36 local function handle_success(response)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
37 local body = json.decode(response.body or "") or {}
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
38 response = {
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
39 err = body.error,
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
40 allowed = body.allowed,
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
41 code = response.code
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
42 }
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
43 return {response=response, err=response.err};
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
44 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
45
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
46 local function handle_error(err)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
47 return {err=err};
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
48 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
49
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
50 local function handle_presence(event)
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
51 local stanza = event.stanza;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
52 if stanza.name ~= "presence" or stanza.attr.type == "unavailable" then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
53 return;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
54 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
55
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
56 local room, origin = event.room, event.origin;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
57 if (not room) or (not origin) then return; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
58
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
59 if not must_be_authorized(jid_node(room.jid)) then return; end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
60
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
61 local user_bare_jid = jid_bare(stanza.attr.from);
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
62 local url = authorization_url .. "?userJID=" .. user_bare_jid .."&mucJID=" .. room.jid;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
63
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
64 local result = wait_for(http.request(url, {method="GET", insecure=insecure}):next(handle_success, handle_error));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
65 local response, err = result.response, result.err;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
66
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
67 if not (response and response.allowed) then
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
68 -- User is not authorized to join this room
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
69 err = (response or {}).err or err
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
70 module:log("debug", user_bare_jid .. " is not authorized to join " .. room.jid .. " Error: " .. tostring(err));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
71 origin.send(st.error_reply(stanza, "error", "not-authorized", nil, module.host));
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
72 return true;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
73 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
74
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
75 module:log("debug", user_bare_jid .. " is authorized to join " .. room.jid);
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
76 return;
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
77 end
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
78
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
79
08138de4cb88 Prosodoy module to externalize MUC authorization via HTTP
Seve Ferrer <seve@delape.net>
parents:
diff changeset
80 module:hook("muc-occupant-pre-join", handle_presence);