Software /
code /
prosody-modules
Comparison
mod_pubsub_post/README.markdown @ 3503:882180b459a0
mod_pubsub_post: Restructure authentication and authorization (BC)
This deprecates the default "superuser" actor model and makes the
default equivalent to the previous "request.id".
A single actor and secret per node is supported because HTTP and
WebHooks don't normally include any authorization identity.
Allowing authentication bypass when no secret is given should be
relatively safe when the actor is unprivileged, as will be unless
explicitly configured otherwise.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 30 Mar 2019 21:16:13 +0100 |
parent | 3502:42e9e3c5eb02 |
child | 3505:106b4ae4469b |
comparison
equal
deleted
inserted
replaced
3502:42e9e3c5eb02 | 3503:882180b459a0 |
---|---|
15 its own PubSub item. | 15 its own PubSub item. |
16 - Other XML is simply published to a randomly named item as-is. | 16 - Other XML is simply published to a randomly named item as-is. |
17 | 17 |
18 # Configuration | 18 # Configuration |
19 | 19 |
20 ## Authentication | 20 All settings are optional. |
21 | 21 |
22 Authentication can be handled in two different ways. | 22 ## Actor identification |
23 | 23 |
24 ### None | 24 First we have to figure out who is making the request. |
25 | 25 This is configured on a per-node basis like this: |
26 ``` {.lua} | |
27 pubsub_post_actor = "superuser" | |
28 ``` | |
29 | |
30 The module uses an internal actor that has all privileges and can always | |
31 do everything. It is strongly suggested that you do not expose this to | |
32 the Internet. *Maybe* it shouldn't be the default... | |
33 | |
34 ### IP | |
35 | |
36 ``` {.lua} | |
37 pubsub_post_actor = "request.ip" | |
38 ``` | |
39 | |
40 Uses the IP address from the HTTP request as actor, which means this | |
41 pseudo-JID must be given a 'publisher' affiliation. This should work | |
42 nicely with the `autocreate_on_publish` setting, where the first actor | |
43 to attempt to publish to a nonexistent node becomes owner of it, which | |
44 includes publishing rights. | |
45 | |
46 ## WebSub | |
47 | 26 |
48 ``` {.lua} | 27 ``` {.lua} |
49 -- Per node secrets | 28 -- Per node secrets |
50 pubsub_post_secrets = { | 29 pubsub_post_actors = { |
51 my_node = "shared secret" | 30 princely_musings = "hamlet@denmark.lit" |
52 } | 31 } |
53 | 32 pubsub_post_default_actor = "nobody@nowhere.invalid" |
54 -- Same secret for all nodes | |
55 pubsub_post_secret = "shared secret" | |
56 ``` | 33 ``` |
57 | 34 |
58 This enables the | 35 `pubsub_post_default_actor` is used when trying to publish to a node |
36 that is not listed in `pubsub_post_actors`. Otherwise the IP address | |
37 of the connection is used. | |
38 | |
39 ## Authentication | |
40 | |
59 [WebSub](https://www.w3.org/TR/2018/REC-websub-20180123/) [Authenticated | 41 [WebSub](https://www.w3.org/TR/2018/REC-websub-20180123/) [Authenticated |
60 Content | 42 Content |
61 Distribution](https://www.w3.org/TR/2018/REC-websub-20180123/#authenticated-content-distribution) | 43 Distribution](https://www.w3.org/TR/2018/REC-websub-20180123/#authenticated-content-distribution) |
62 authentication method, where payloads are signed using a shared secret. | 44 authentication is used. |
63 | 45 |
64 ## Setting up affiliations | 46 ``` {.lua} |
47 pubsub_post_secrets = { | |
48 princely_musings = "shared secret" | |
49 } | |
50 pubsub_post_default_secret = "default secret" | |
51 ``` | |
52 | |
53 `pubsub_post_default_secret` is used when trying to publish to a node | |
54 that is not listed in `pubsub_post_secrets`. Otherwise the request | |
55 proceeds with the previously identified actor. | |
56 | |
57 ::: {.alert .alert-danger} | |
58 If configured without a secret and a default actor that has permission | |
59 to create nodes the service becomes wide open. | |
60 ::: | |
61 | |
62 ## Authorization | |
63 | |
64 Authorization is handled via pubsub affiliations. Publishing requires an | |
65 affiliation with the _publish_ capability, usually `"publisher"`. | |
66 | |
67 ### Setting up affiliations | |
65 | 68 |
66 Prosodys PubSub module supports [setting affiliations via | 69 Prosodys PubSub module supports [setting affiliations via |
67 XMPP](https://xmpp.org/extensions/xep-0060.html#owner-affiliations), in | 70 XMPP](https://xmpp.org/extensions/xep-0060.html#owner-affiliations), in |
68 trunk since [revision | 71 trunk since [revision |
69 384ef9732b81](https://hg.prosody.im/trunk/rev/384ef9732b81). | 72 384ef9732b81](https://hg.prosody.im/trunk/rev/384ef9732b81), so |
73 affiliations can be configured with a capable client. | |
70 | 74 |
71 It can however be done from another plugin: | 75 It can however be done from another plugin: |
72 | 76 |
73 ``` {.lua} | 77 ``` {.lua} |
74 local mod_pubsub = module:depends("pubsub"); | 78 local mod_pubsub = module:depends("pubsub"); |