Annotate

mod_muc_restrict_avatars/mod_muc_restrict_avatars.lua @ 5930:cc30c4b5f006

mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time This can be triggered by e.g. a distributed brute force attack, or from Monal.
author Matthew Wild <mwild1@gmail.com>
date Mon, 13 May 2024 18:30:18 +0100
parent 5920:5b95e06d75d5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5672
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
1 local bare_jid = require"util.jid".bare;
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
2 local mod_muc = module:depends("muc");
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
3
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
4 local function filter_avatar_advertisement(tag)
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
5 if tag.attr.xmlns == "vcard-temp:x:update" then
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
6 return nil;
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
7 end
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
8
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
9 return tag;
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
10 end
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
11
5905
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
12 -- Function to determine if avatar restriction is enabled
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
13 local function is_avatar_restriction_enabled(room)
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
14 return room._data.restrict_avatars;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
15 end
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
16
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
17 -- Add MUC configuration form option for avatar restriction
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
18 module:hook("muc-config-form", function(event)
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
19 local room, form = event.room, event.form;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
20 table.insert(form, {
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
21 name = "restrict_avatars",
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
22 type = "boolean",
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
23 label = "Restrict avatars to members only",
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
24 value = is_avatar_restriction_enabled(room)
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
25 });
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
26 end);
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
27
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
28 -- Handle MUC configuration form submission
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
29 module:hook("muc-config-submitted", function(event)
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
30 local room, fields, changed = event.room, event.fields, event.changed;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
31 local restrict_avatars = fields["restrict_avatars"];
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
32
5920
5b95e06d75d5 Guard for not room
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5905
diff changeset
33 if room and restrict_avatars ~= is_avatar_restriction_enabled(room) then
5905
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
34 -- Update room settings based on the submitted value
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
35 room._data.restrict_avatars = restrict_avatars;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
36 -- Mark the configuration as changed
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
37 if type(changed) == "table" then
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
38 changed["restrict_avatars"] = true;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
39 else
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
40 event.changed = true;
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
41 end
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
42 end
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
43 end);
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
44
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
45 -- Handle presence/full events to filter avatar advertisements
5672
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
46 module:hook("presence/full", function(event)
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
47 local stanza = event.stanza;
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
48 local room = mod_muc.get_room_from_jid(bare_jid(stanza.attr.to));
5920
5b95e06d75d5 Guard for not room
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5905
diff changeset
49 if room and not room:get_affiliation(stanza.attr.from) then
5905
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
50 if is_avatar_restriction_enabled(room) then
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
51 stanza:maptags(filter_avatar_advertisement);
66e7d46b1d4b mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5672
diff changeset
52 end
5672
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
53 end
2c69577b28c2 mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff changeset
54 end, 1);