Annotate

mod_firewall/actions.lib.lua @ 5720:4a0279c5c7ed

mod_storage_s3: Implement archive store deletion Not the most efficient way but should work.
author Kim Alvefur <zash@zash.se>
date Sat, 11 Nov 2023 22:47:14 +0100
parent 5540:1249ab2f797c
child 5889:bfc35ae9edcb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3973
df6227e288e5 mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents: 3483
diff changeset
1 local unpack = table.unpack or unpack;
df6227e288e5 mod_firewall: Fix use of unpack() on Lua 5.3
Kim Alvefur <zash@zash.se>
parents: 3483
diff changeset
2
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
3 local interpolation = require "util.interpolation";
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
4 local template = interpolation.new("%b$$", function (s) return ("%q"):format(s) end);
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
5
2125
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents: 2107
diff changeset
6 --luacheck: globals meta idsafe
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local action_handlers = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8
961
f0108ec2b016 mod_firewall/actions: Break out logic into a separate reusable function
Matthew Wild <mwild1@gmail.com>
parents: 960
diff changeset
9
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 -- Takes an XML string and returns a code string that builds that stanza
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 -- using st.stanza()
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local function compile_xml(data)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local code = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local first, short_close = true, nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 for tagline, text in data:gmatch("<([^>]+)>([^<]*)") do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 if tagline:sub(-1,-1) == "/" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 tagline = tagline:sub(1, -2);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 short_close = true;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 if tagline:sub(1,1) == "/" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 code[#code+1] = (":up()");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 local name, attr = tagline:match("^(%S*)%s*(.*)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local attr_str = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 for k, _, v in attr:gmatch("(%S+)=([\"'])([^%2]-)%2") do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 if #attr_str == 0 then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 table.insert(attr_str, ", { ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 table.insert(attr_str, ", ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 end
2070
2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
31 if k:find("^%a%w*$") then
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 table.insert(attr_str, string.format("%s = %q", k, v));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 table.insert(attr_str, string.format("[%q] = %q", k, v));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 if #attr_str > 0 then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 table.insert(attr_str, " }");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 if first then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 code[#code+1] = (string.format("st.stanza(%q %s)", name, #attr_str>0 and table.concat(attr_str) or ", nil"));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 first = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 code[#code+1] = (string.format(":tag(%q%s)", name, table.concat(attr_str)));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
2070
2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
47 if text and text:find("%S") then
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 code[#code+1] = (string.format(":text(%q)", text));
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 elseif short_close then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 short_close = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 code[#code+1] = (":up()");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 return table.concat(code, "");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
957
9b21b91c2d96 mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents: 950
diff changeset
57 function action_handlers.PASS()
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
58 return "do return pass_return end"
957
9b21b91c2d96 mod_firewall/actions: Add PASS
Matthew Wild <mwild1@gmail.com>
parents: 950
diff changeset
59 end
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 function action_handlers.DROP()
958
843795020701 mod_firewall/actions: DROP no longer logs, log messages can be emitted with LOG
Matthew Wild <mwild1@gmail.com>
parents: 957
diff changeset
62 return "do return true end";
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
65 function action_handlers.DEFAULT()
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
66 return "do return false end";
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
67 end
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
68
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
69 function action_handlers.RETURN()
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
70 return "do return end"
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
71 end
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
72
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 function action_handlers.STRIP(tag_desc)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 local code = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 local name, xmlns = tag_desc:match("^(%S+) (.+)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 if not name then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 name, xmlns = tag_desc, nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 if name == "*" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 name = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 code[#code+1] = ("local stanza_xmlns = stanza.attr.xmlns; ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 code[#code+1] = "stanza:maptags(function (tag) if ";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 if name then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 code[#code+1] = ("tag.name == %q and "):format(name);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 if xmlns then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 code[#code+1] = ("(tag.attr.xmlns or stanza_xmlns) == %q "):format(xmlns);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 code[#code+1] = ("tag.attr.xmlns == stanza_xmlns ");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 code[#code+1] = "then return nil; end return tag; end );";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 return table.concat(code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 function action_handlers.INJECT(tag)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 return "stanza:add_child("..compile_xml(tag)..")", { "st" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 local error_types = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 ["bad-request"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 ["conflict"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 ["feature-not-implemented"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 ["forbidden"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 ["gone"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 ["internal-server-error"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 ["item-not-found"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 ["jid-malformed"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 ["not-acceptable"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 ["not-allowed"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 ["not-authorized"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 ["payment-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 ["policy-violation"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 ["recipient-unavailable"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 ["redirect"] = "modify";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 ["registration-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 ["remote-server-not-found"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 ["remote-server-timeout"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 ["resource-constraint"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 ["service-unavailable"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 ["subscription-required"] = "auth";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 ["undefined-condition"] = "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 ["unexpected-request"] = "wait";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 local function route_modify(make_new, to, drop)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 local reroute, deps = "session.send(newstanza)", { "st" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 if to then
2581
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
130 reroute = ("newstanza.attr.to = %q; core_post_stanza(session, newstanza)"):format(to);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 deps[#deps+1] = "core_post_stanza";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132 end
2581
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
133 return ([[do local newstanza = st.%s; %s;%s end]])
0116672348c4 mod_firewall: Fix syntax error in generated code with some route modification actions
Matthew Wild <mwild1@gmail.com>
parents: 2560
diff changeset
134 :format(make_new, reroute, drop and " return true" or ""), deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
135 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1303
diff changeset
136
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
137 function action_handlers.BOUNCE(with)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 local error = with and with:match("^%S+") or "service-unavailable";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139 local error_type = error:match(":(%S+)");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 if not error_type then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
141 error_type = error_types[error] or "cancel";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
142 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
143 error = error:match("^[^:]+");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 error, error_type = string.format("%q", error), string.format("%q", error_type);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 local text = with and with:match(" %((.+)%)$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 if text then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148 text = string.format("%q", text);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149 else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 text = "nil";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
151 end
2094
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
152 local route_modify_code, deps = route_modify(("error_reply(stanza, %s, %s, %s)"):format(error_type, error, text), nil, true);
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
153 deps[#deps+1] = "type";
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
154 deps[#deps+1] = "name";
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
155 return [[if type == "error" or (name == "iq" and type == "result") then return true; end -- Don't reply to 'error' stanzas, or iq results
a1e9ca4cb181 mod_firewall: BOUNCE: Don't bounce error stanzas or iq results
Matthew Wild <mwild1@gmail.com>
parents: 2086
diff changeset
156 ]]..route_modify_code, deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
157 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
158
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 function action_handlers.REDIRECT(where)
950
bea0ef13575c mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents: 949
diff changeset
160 return route_modify("clone(stanza)", where, true);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
161 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
162
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
163 function action_handlers.COPY(where)
950
bea0ef13575c mod_firewall/actions: Remove unused extra argument.
Kim Alvefur <zash@zash.se>
parents: 949
diff changeset
164 return route_modify("clone(stanza)", where, false);
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
165 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
166
959
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
167 function action_handlers.REPLY(with)
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
168 return route_modify(("reply(stanza):body(%q)"):format(with));
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
169 end
6ef334596276 mod_firewall/actions: Add REPLY
Matthew Wild <mwild1@gmail.com>
parents: 958
diff changeset
170
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
171 function action_handlers.FORWARD(where)
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
172 local code = [[
2551
9392f45b0364 mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents: 2542
diff changeset
173 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" });
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
174 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza);
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
175 core_post_stanza(session, newstanza);
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
176 ]];
2551
9392f45b0364 mod_firewall: Fix FORWARD to send from current module's host
Matthew Wild <mwild1@gmail.com>
parents: 2542
diff changeset
177 return code:format(where), { "core_post_stanza", "current_host" };
2541
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
178 end
76f03d514b13 mod_firewall: Add FORWARD action (XEP-0297)
Matthew Wild <mwild1@gmail.com>
parents: 2531
diff changeset
179
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
180 function action_handlers.LOG(string)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
181 local level = string:match("^%[(%a+)%]") or "info";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
182 string = string:gsub("^%[%a+%] ?", "");
2519
d4bc434a60a4 mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents: 2415
diff changeset
183 local meta_deps = {};
2782
8fd37f0e108c mod_firewall: Don't interpret format specifiers in LOG
Matthew Wild <mwild1@gmail.com>
parents: 2581
diff changeset
184 local code = meta(("(session.log or log)(%q, '%%s', %q);"):format(level, string), meta_deps);
2519
d4bc434a60a4 mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents: 2415
diff changeset
185 return code, meta_deps;
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
186 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
187
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
188 function action_handlers.RULEDEP(dep)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
189 return "", { dep };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
190 end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
191
960
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
192 function action_handlers.EVENT(name)
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
193 return ("fire_event(%q, event)"):format(name);
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
194 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
195
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
196 function action_handlers.JUMP_EVENT(name)
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
197 return ("do return fire_event(%q, event); end"):format(name);
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
198 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
199
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
200 function action_handlers.JUMP_CHAIN(name)
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
201 return template([[do
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
202 local ret = fire_event($chain_event$, event);
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
203 if ret ~= nil then
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
204 if ret == false then
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
205 log("debug", "Chain %q accepted stanza (ret %s)", $chain_name$, tostring(ret));
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
206 return pass_return;
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
207 end
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
208 log("debug", "Chain %q rejected stanza (ret %s)", $chain_name$, tostring(ret));
2558
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
209 return ret;
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
Matthew Wild <mwild1@gmail.com>
parents: 2551
diff changeset
210 end
3483
78049e8b5a6b mod_firewall: Improve debug logging for chain results
Matthew Wild <mwild1@gmail.com>
parents: 3371
diff changeset
211 end]], { chain_event = "firewall/chains/"..name, chain_name = name });
960
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
212 end
d773a51af9b1 mod_firewall: Add actions EVENT (fire an event), JUMP EVENT (transfer control to the handlers of an event), JUMP CHAIN (transfer control to another mod_firewall chain)
Matthew Wild <mwild1@gmail.com>
parents: 959
diff changeset
213
2107
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
214 function action_handlers.MARK_ORIGIN(name)
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
215 return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" };
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
216 end
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
217
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
218 function action_handlers.UNMARK_ORIGIN(name)
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
219 return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]]
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
220 end
f445f43b9ba1 mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents: 2106
diff changeset
221
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
222 function action_handlers.MARK_USER(name)
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
223 return ([[if session.username and session.host == current_host then
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
224 fire_event("firewall/marked/user", {
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
225 username = session.username;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
226 mark = %q;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
227 timestamp = current_timestamp;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
228 });
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
229 else
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
230 log("warn", "Attempt to MARK a remote user - only local users may be marked");
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
231 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name)), {
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
232 "current_host";
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
233 "timestamp";
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
234 };
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
235 end
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
236
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
237 function action_handlers.UNMARK_USER(name)
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
238 return ([[if session.username and session.host == current_host then
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
239 fire_event("firewall/unmarked/user", {
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
240 username = session.username;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
241 mark = %q;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 5235
diff changeset
242 });
5540
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
243 else
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
244 log("warn", "Attempt to UNMARK a remote user - only local users may be marked");
1249ab2f797c mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com>
parents: 5538
diff changeset
245 end]]):format(assert(idsafe(name), "Invalid characters in mark name: "..name));
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
246 end
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents: 2782
diff changeset
247
2531
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
248 function action_handlers.ADD_TO(spec)
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
249 local list_name, value = spec:match("(%S+) (.+)");
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
250 local meta_deps = {};
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
251 value = meta(("%q"):format(value), meta_deps);
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
252 return ("list_%s:add(%s);"):format(list_name, value), { "list:"..list_name, unpack(meta_deps) };
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
253 end
9d2bfff515b8 mod_firewall: Add 'ADD TO' action for adding to lists
Matthew Wild <mwild1@gmail.com>
parents: 2519
diff changeset
254
2915
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
255 function action_handlers.UNSUBSCRIBE_SENDER()
2996
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
256 return "rostermanager.unsubscribed(to_node, to_host, bare_from);\
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
257 rostermanager.roster_push(to_node, to_host, bare_from);\
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
258 core_post_stanza(session, st.presence({ from = bare_to, to = bare_from, type = \"unsubscribed\" }));",
0fb95dc11bc8 mod_firewall: Handle unsubcription action correctly (fixes #1119)
Kim Alvefur <zash@zash.se>
parents: 2915
diff changeset
259 { "rostermanager", "core_post_stanza", "st", "split_to", "bare_to", "bare_from" };
2915
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
260 end
b8f2e86df7ce mod_firewall: Add UNSBSCRIBE SENDER action
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
261
5235
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
262 function action_handlers.REPORT_TO(spec)
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
263 local where, reason, text = spec:match("^%s*(%S+) *(%S*) *(.*)$");
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
264 if reason == "spam" then
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
265 reason = "urn:xmpp:reporting:spam";
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
266 elseif reason == "abuse" or not reason then
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
267 reason = "urn:xmpp:reporting:abuse";
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
268 end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
269 local code = [[
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
270 local newstanza = st.stanza("message", { to = %q, from = current_host }):tag("forwarded", { xmlns = "urn:xmpp:forward:0" });
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
271 local tmp_stanza = st.clone(stanza); tmp_stanza.attr.xmlns = "jabber:client"; newstanza:add_child(tmp_stanza):up();
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
272 newstanza:tag("report", { xmlns = "urn:xmpp:reporting:1", reason = %q })
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
273 do local text = %q; if text ~= "" then newstanza:text_tag("text", text); end end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
274 newstanza:up();
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
275 core_post_stanza(session, newstanza);
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
276 ]];
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
277 return code:format(where, reason, text), { "core_post_stanza", "current_host", "st" };
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
278 end
d0d251abf595 mod_firewall: Add 'REPORT TO' to report (XEP-0377) a stanza to a specified JID
Matthew Wild <mwild1@gmail.com>
parents: 3994
diff changeset
279
947
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
280 return action_handlers;