Software /
code /
prosody-modules
Annotate
mod_firewall/actions.lib.lua @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:23:40 +0200 |
parent | 5235:d0d251abf595 |
child | 5536:96dec7681af8 |
rev | line source |
---|---|
3973
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3483
diff
changeset
|
1 local unpack = table.unpack or unpack; |
df6227e288e5
mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents:
3483
diff
changeset
|
2 |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
3 local interpolation = require "util.interpolation"; |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
4 local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end); |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
5 |
2125
edf5cf3c474b
mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents:
2107
diff
changeset
|
6 --luacheck: globals meta idsafe |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local action_handlers = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
961
f0108ec2b016
mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents:
960
diff
changeset
|
9 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 -- Takes an XML string and returns a code string that builds that stanza |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 -- using st.stanza() |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local function compile_xml(data) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local code = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local first, short_close = true, nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if tagline:sub(-1,-1) == "/" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 tagline = tagline:sub(1, -2); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 short_close = true; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 if tagline:sub(1,1) == "/" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 code[#code+1] = (":up()"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 local name, attr = tagline:match("^(%S*)%s*(.*)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 local attr_str = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 if #attr_str == 0 then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 table.insert(attr_str, ", { "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 table.insert(attr_str, ", "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 end |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
31 if k:find("^%a%w*$") then |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 table.insert(attr_str, string.format("%s = %q", k, v)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 table.insert(attr_str, string.format("[%q] = %q", k, v)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 if #attr_str > 0 then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 table.insert(attr_str, " }"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 if first then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil")); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 first = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str))); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 end |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
47 if text and text:find("%S") then |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 code[#code+1] = (string.format(":text(%q)", text)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 elseif short_close then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 short_close = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 code[#code+1] = (":up()"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 return table.concat(code, ""); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
57 function action_handlers.PASS() |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
58 return "do return pass_return end" |
957
9b21b91c2d96
mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents:
950
diff
changeset
|
59 end |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 function action_handlers.DROP() |
958
843795020701
mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents:
957
diff
changeset
|
62 return "do return true end"; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
65 function action_handlers.DEFAULT() |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
66 return "do return false end"; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
67 end |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
68 |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
69 function action_handlers.RETURN() |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
70 return "do return end" |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
71 end |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
72 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 function action_handlers.STRIP(tag_desc) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 local code = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local name, xmlns = tag_desc:match("^(%S+) (.+)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 if not name then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 name, xmlns = tag_desc, nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 if name == "*" then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 name = nil; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 code[#code+1] = "stanza:maptags(function (tag) if "; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 if name then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 code[#code+1] = ("tag.name == %q and "):format(name); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 if xmlns then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 code[#code+1] = ("tag.attr.xmlns == stanza_xmlns "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 code[#code+1] = "then return nil; end return tag; end );"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 return table.concat(code); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 function action_handlers.INJECT(tag) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 return "stanza:add_child("..compile_xml(tag)..")", { "st" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 local error_types = { |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 ["bad-request"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 ["conflict"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 ["feature-not-implemented"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 ["forbidden"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 ["gone"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 ["internal-server-error"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 ["item-not-found"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 ["jid-malformed"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 ["not-acceptable"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 ["not-allowed"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 ["not-authorized"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 ["payment-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 ["policy-violation"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 ["recipient-unavailable"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 ["redirect"] = "modify"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 ["registration-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 ["remote-server-not-found"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 ["remote-server-timeout"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 ["resource-constraint"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 ["service-unavailable"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 ["subscription-required"] = "auth"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 ["undefined-condition"] = "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 ["unexpected-request"] = "wait"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 local function route_modify(make_new, to, drop) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 local reroute, deps = "session.send(newstanza)", { "st" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 if to then |
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
130 reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 deps[#deps+1] = "core_post_stanza"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 end |
2581
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
133 return ([[do local newstanza = st.%s; %s;%s end]]) |
0116672348c4
mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents:
2560
diff
changeset
|
134 :format(make_new, reroute, drop and " return true" or ""), deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1303
diff
changeset
|
136 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 function action_handlers.BOUNCE(with) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 local error = with and with:match("^%S+") or "service-unavailable"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 local error_type = error:match(":(%S+)"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 if not error_type then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 error_type = error_types[error] or "cancel"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 error = error:match("^[^:]+"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 error, error_type = string.format("%q", error), string.format("%q", error_type); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 local text = with and with:match(" %((.+)%)$"); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 if text then |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 text = string.format("%q", text); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 text = "nil"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 end |
2094
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
152 local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true); |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
153 deps[#deps+1] = "type"; |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
154 deps[#deps+1] = "name"; |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
155 return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results |
a1e9ca4cb181
mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents:
2086
diff
changeset
|
156 ]]..route_modify_code, deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 function action_handlers.REDIRECT(where) |
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
160 return route_modify("clone(stanza)", where, true); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 function action_handlers.COPY(where) |
950
bea0ef13575c
mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents:
949
diff
changeset
|
164 return route_modify("clone(stanza)", where, false); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
959
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
167 function action_handlers.REPLY(with) |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
168 return route_modify(("reply(stanza):body(%q)"):format(with)); |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
169 end |
6ef334596276
mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents:
958
diff
changeset
|
170 |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
171 function action_handlers.FORWARD(where) |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
172 local code = [[ |
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
173 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
174 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza); |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
175 core_post_stanza(session, newstanza); |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
176 ]]; |
2551
9392f45b0364
mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents:
2542
diff
changeset
|
177 return code:format(where), { "core_post_stanza", "current_host" }; |
2541
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
178 end |
76f03d514b13
mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents:
2531
diff
changeset
|
179 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 function action_handlers.LOG(string) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 local level = string:match("^%[(%a+)%]") or "info"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 string = string:gsub("^%[%a+%] ?", ""); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
183 local meta_deps = {}; |
2782
8fd37f0e108c
mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents:
2581
diff
changeset
|
184 local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2415
diff
changeset
|
185 return code, meta_deps; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 function action_handlers.RULEDEP(dep) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 return "", { dep }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 |
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
192 function action_handlers.EVENT(name) |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
193 return ("fire_event(%q, event)"):format(name); |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
194 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
195 |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
196 function action_handlers.JUMP_EVENT(name) |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
197 return ("do return fire_event(%q, event); end"):format(name); |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
198 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
199 |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
200 function action_handlers.JUMP_CHAIN(name) |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
201 return template([[do |
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
202 local ret = fire_event($chain_event$, event); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
203 if ret ~= nil then |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
204 if ret == false then |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
205 log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret)); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
206 return pass_return; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
207 end |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
208 log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret)); |
2558
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
209 return ret; |
2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents:
2551
diff
changeset
|
210 end |
3483
78049e8b5a6b
mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents:
3371
diff
changeset
|
211 end]], { chain_event = "firewall/chains/"..name, chain_name = name }); |
960
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
212 end |
d773a51af9b1
mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents:
959
diff
changeset
|
213 |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
214 function action_handlers.MARK_ORIGIN(name) |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
215 return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" }; |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
216 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
217 |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
218 function action_handlers.UNMARK_ORIGIN(name) |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]] |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
220 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2106
diff
changeset
|
221 |
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
222 function action_handlers.MARK_USER(name) |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
223 return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = current_timestamp; end]], { "timestamp" }; |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
224 end |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
225 |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
226 function action_handlers.UNMARK_USER(name) |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
227 return [[if session.firewall_marks then session.firewall_marks.]]..idsafe(name)..[[ = nil; end]], { "timestamp" }; |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
228 end |
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
2782
diff
changeset
|
229 |
2531
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
230 function action_handlers.ADD_TO(spec) |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
231 local list_name, value = spec:match("(%S+) (.+)"); |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
232 local meta_deps = {}; |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
233 value = meta(("%q"):format(value), meta_deps); |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
234 return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) }; |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
235 end |
9d2bfff515b8
mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
236 |
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
237 function action_handlers.UNSUBSCRIBE_SENDER() |
2996
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
238 return "rostermanager.unsubscribed(to_node, to_host, bare_from);\ |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
239 rostermanager.roster_push(to_node, to_host, bare_from);\ |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
240 core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));", |
0fb95dc11bc8
mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents:
2915
diff
changeset
|
241 { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" }; |
2915
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
242 end |
b8f2e86df7ce
mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
243 |
5235
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
244 function action_handlers.REPORT_TO(spec) |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
245 local where, reason, text = spec:match("^%s*(%S+) *(%S*) *(.*)$"); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
246 if reason == "spam" then |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
247 reason = "urn:xmpp:reporting:spam"; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
248 elseif reason == "abuse" or not reason then |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
249 reason = "urn:xmpp:reporting:abuse"; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
250 end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
251 local code = [[ |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
252 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" }); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
253 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza):up(); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
254 newstanza:tag("report", { xmlns = "urn:xmpp:reporting:1", reason = %q }) |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
255 do local text = %q; if text ~= "" then newstanza:text_tag("text", text); end end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
256 newstanza:up(); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
257 core_post_stanza(session, newstanza); |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
258 ]]; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
259 return code:format(where, reason, text), { "core_post_stanza", "current_host", "st" }; |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
260 end |
d0d251abf595
mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents:
3994
diff
changeset
|
261 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
262 return action_handlers; |