Comparison

mod_muc_http_auth/mod_muc_http_auth.lua @ 4723:0a0334a3a784

mod_muc_http_auth: Allow for enabling/disabling per user host IMPORTANT: This is a breaking change. The `muc_http_auth_enabled_for` and `muc_http_auth_disabled_for` options are now maps (with user hosts as keys) and not sets.
author JC Brand <jc@opkode.com>
date Mon, 25 Oct 2021 15:58:16 +0200
parent 4697:15c335dc196e
child 4724:b125db92bac6
comparison
equal deleted inserted replaced
4722:c5b1e9b8ccca 4723:0a0334a3a784
1 local wait_for = require "util.async".wait_for;
2 local http = require "net.http"; 1 local http = require "net.http";
2 local jid_bare = require "util.jid".bare;
3 local jid_host = require "util.jid".host;
4 local jid_node = require "util.jid".node;
5 local jid_resource = require "util.jid".resource;
3 local json = require "util.json"; 6 local json = require "util.json";
4 local st = require "util.stanza"; 7 local st = require "util.stanza";
5 local jid_node = require "util.jid".node;
6 local jid_bare = require "util.jid".bare;
7 local jid_resource = require "util.jid".resource;
8 local urlencode = require "util.http".urlencode; 8 local urlencode = require "util.http".urlencode;
9 local wait_for = require "util.async".wait_for;
9 10
10 local authorization_url = module:get_option("muc_http_auth_url", "") 11 local authorization_url = module:get_option("muc_http_auth_url", "")
11 local enabled_for = module:get_option_set("muc_http_auth_enabled_for", nil) 12 local enabled_for = module:get_option("muc_http_auth_enabled_for", nil)
12 local disabled_for = module:get_option_set("muc_http_auth_disabled_for", nil) 13 local disabled_for = module:get_option("muc_http_auth_disabled_for", nil)
13 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes 14 local insecure = module:get_option("muc_http_auth_insecure", false) --For development purposes
14 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false) 15 local authorize_registration = module:get_option("muc_http_auth_authorize_registration", false)
15 local authorization_header = module:get_option("muc_http_auth_authorization_header", nil) 16 local authorization_header = module:get_option("muc_http_auth_authorization_header", nil)
16 17
17 local options = {method="GET", insecure=insecure} 18 local options = {method="GET", insecure=insecure}
19 options.headers = {["Authorization"] = authorization_header}; 20 options.headers = {["Authorization"] = authorization_header};
20 end 21 end
21 22
22 local verbs = {presence='join', iq='register'}; 23 local verbs = {presence='join', iq='register'};
23 24
24 local function must_be_authorized(room_node) 25 local function must_be_authorized(room_node, user_host)
25 -- If none of these is set, all rooms need authorization 26 -- If none of these is set, all rooms need authorization
26 if not enabled_for and not disabled_for then return true; end 27 if not enabled_for and not disabled_for then return true; end
27 28
28 if enabled_for then return enabled_for:contains(room_node); end 29 if enabled_for then
29 if disabled_for then return not disabled_for:contains(room_node); end 30 local enabled_for_host = set.new(enabled_for[user_host] or {});
31 local enabled_for_all = set.new(enabled_for['all'] or {});
32 return enabled_for_host:contains(room_node) or enabled_for_all:contains(room_node);
33
34 end
35 if disabled_for then
36 local disabled_for_host = set.new(disabled_for[user_host] or {});
37 local disabled_for_all = set.new(disabled_for['all'] or {});
38 return not disabled_for_host:contains(room_node) and not disabled_for_all:contains(room_node);
39 end
30 end 40 end
31 41
32 local function handle_success(response) 42 local function handle_success(response)
33 local body = json.decode(response.body or "") or {} 43 local body = json.decode(response.body or "") or {}
34 response = { 44 response = {
48 if stanza.name ~= "iq" and stanza.name ~= "presence" or stanza.attr.type == "unavailable" then return; end 58 if stanza.name ~= "iq" and stanza.name ~= "presence" or stanza.attr.type == "unavailable" then return; end
49 59
50 local room, origin = event.room, event.origin; 60 local room, origin = event.room, event.origin;
51 if (not room) or (not origin) then return; end 61 if (not room) or (not origin) then return; end
52 62
53 if not must_be_authorized(jid_node(room.jid)) then return; end 63 local user_bare_jid = jid_bare(stanza.attr.from)
64 if not must_be_authorized(jid_node(room.jid), jid_host(user_bare_jid)) then
65 module:log("debug", "Authorization not required for "..jid_node(room.jid).." and "..jid_host(user_bare_jid))
66 return;
67 end
54 68
55 local user_bare_jid = jid_bare(stanza.attr.from);
56 local user_nickname = jid_resource(stanza.attr.to); 69 local user_nickname = jid_resource(stanza.attr.to);
57 70
58 -- Nickname is mandatory to enter a MUC 71 -- Nickname is mandatory to enter a MUC
59 if not user_nickname then return; end 72 if not user_nickname then return; end
60 73