Annotate

mod_muc_local_only/mod_muc_local_only.lua @ 5447:aa4828f040c5

mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 19:33:44 +0200
parent 4019:221b6bee26e2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4019
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local jid = require "util.jid";
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local st = require "util.stanza";
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local local_rooms = module:get_option_inherited_set("muc_local_only", {});
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 module:hook("muc-occupant-pre-join", function (event)
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local room = event.room;
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 if not local_rooms:contains(room.jid) then
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 return; -- Not a protected room, ignore
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 end
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local user_jid = event.occupant.bare_jid;
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local user_host = jid.host(user_jid);
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 if not prosody.hosts[user_host] then
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "This group is only available to local users", room.jid);
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 event.origin.send(error_reply);
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 return true;
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 end
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 room:set_affiliation(true, user_jid, "member", "Granting access to local user");
221b6bee26e2 mod_muc_local_only: New module to restrict a list of MUCs to local users
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 end);