Comparison

mod_unified_push/mod_unified_push.lua @ 5147:658658ea9323

mod_unified_push: Add ACL option to restrict access It defaults to the current host if on a VirtualHost, or parent host if a component.
author Matthew Wild <mwild1@gmail.com>
date Fri, 13 Jan 2023 16:41:48 +0000
parent 5146:a86022d702b2
child 5148:bf42f1401f1c
comparison
equal deleted inserted replaced
5146:a86022d702b2 5147:658658ea9323
12 12
13 module:depends("http"); 13 module:depends("http");
14 module:depends("disco"); 14 module:depends("disco");
15 15
16 module:add_feature(xmlns_up); 16 module:add_feature(xmlns_up);
17
18 local acl = module:get_option_set("unified_push_acl", {
19 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]%.(.+)$")
20 });
21
22 local function is_jid_permitted(user_jid)
23 for acl_entry in acl do
24 if jid.compare(user_jid, acl_entry) then
25 return true;
26 end
27 end
28 return false;
29 end
17 30
18 local function check_sha256(s) 31 local function check_sha256(s)
19 if not s then return nil, "no value provided"; end 32 if not s then return nil, "no value provided"; end
20 local d = base64.decode(s); 33 local d = base64.decode(s);
21 if not d then return nil, "invalid base64"; end 34 if not d then return nil, "invalid base64"; end
42 end 55 end
43 56
44 -- Handle incoming registration from XMPP client 57 -- Handle incoming registration from XMPP client
45 function handle_register(event) 58 function handle_register(event)
46 local origin, stanza = event.origin, event.stanza; 59 local origin, stanza = event.origin, event.stanza;
60 if not is_jid_permitted(stanza.attr.from) then
61 return st.error_reply(stanza, "auth", "forbidden");
62 end
47 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); 63 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance);
48 if not instance then 64 if not instance then
49 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); 65 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err);
50 end 66 end
51 local application, application_err = check_sha256(stanza.tags[1].attr.application); 67 local application, application_err = check_sha256(stanza.tags[1].attr.application);