Software /
code /
prosody-modules
Annotate
mod_muc_restrict_avatars/mod_muc_restrict_avatars.lua @ 5930:cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
This can be triggered by e.g. a distributed brute force attack, or from Monal.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 13 May 2024 18:30:18 +0100 |
parent | 5920:5b95e06d75d5 |
rev | line source |
---|---|
5672
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
1 local bare_jid = require"util.jid".bare; |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
2 local mod_muc = module:depends("muc"); |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
3 |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
4 local function filter_avatar_advertisement(tag) |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
5 if tag.attr.xmlns == "vcard-temp:x:update" then |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
6 return nil; |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
7 end |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
8 |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
9 return tag; |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
10 end |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
11 |
5905
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
12 -- Function to determine if avatar restriction is enabled |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
13 local function is_avatar_restriction_enabled(room) |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
14 return room._data.restrict_avatars; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
15 end |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
16 |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
17 -- Add MUC configuration form option for avatar restriction |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
18 module:hook("muc-config-form", function(event) |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
19 local room, form = event.room, event.form; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
20 table.insert(form, { |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
21 name = "restrict_avatars", |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
22 type = "boolean", |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
23 label = "Restrict avatars to members only", |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
24 value = is_avatar_restriction_enabled(room) |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
25 }); |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
26 end); |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
27 |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
28 -- Handle MUC configuration form submission |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
29 module:hook("muc-config-submitted", function(event) |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
30 local room, fields, changed = event.room, event.fields, event.changed; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
31 local restrict_avatars = fields["restrict_avatars"]; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
32 |
5920
5b95e06d75d5
Guard for not room
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5905
diff
changeset
|
33 if room and restrict_avatars ~= is_avatar_restriction_enabled(room) then |
5905
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
34 -- Update room settings based on the submitted value |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
35 room._data.restrict_avatars = restrict_avatars; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
36 -- Mark the configuration as changed |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
37 if type(changed) == "table" then |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
38 changed["restrict_avatars"] = true; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
39 else |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
40 event.changed = true; |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
41 end |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
42 end |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
43 end); |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
44 |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
45 -- Handle presence/full events to filter avatar advertisements |
5672
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
46 module:hook("presence/full", function(event) |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
47 local stanza = event.stanza; |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
48 local room = mod_muc.get_room_from_jid(bare_jid(stanza.attr.to)); |
5920
5b95e06d75d5
Guard for not room
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5905
diff
changeset
|
49 if room and not room:get_affiliation(stanza.attr.from) then |
5905
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
50 if is_avatar_restriction_enabled(room) then |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
51 stanza:maptags(filter_avatar_advertisement); |
66e7d46b1d4b
mod_muc_restrict_avatars: Allow MUC admin to control restriction
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
5672
diff
changeset
|
52 end |
5672
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
53 end |
2c69577b28c2
mod_muc_restrict_avatars: Block MUC participant avatars for non-members
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
diff
changeset
|
54 end, 1); |