Diff

mod_muc_ban_ip/mod_muc_ban_ip.lua @ 1005:591590de34ef

mod_muc_ban_ip: When a user is banned from a MUC, ban their IP from the MUC also (works for remote rooms too)
author Matthew Wild <mwild1@gmail.com>
date Thu, 09 May 2013 10:15:47 +0100
child 1647:8860405e2af6
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_muc_ban_ip/mod_muc_ban_ip.lua	Thu May 09 10:15:47 2013 +0100
@@ -0,0 +1,60 @@
+module:set_global();
+
+local jid_bare = require "util.jid".bare;
+local st = require "util.stanza";
+local xmlns_muc_user = "http://jabber.org/protocol/muc#user";
+
+local ip_bans = module:shared("bans");
+local full_sessions = prosody.full_sessions;
+
+local function ban_ip(session, from)
+	local ip = session.ip;
+	if not ip then
+		module:log("warn", "Failed to ban IP (IP unknown) for %s", session.full_jid);
+		return;
+	end
+	local banned_from = ip_bans[ip];
+	if not banned_from then
+		banned_from = {};
+		ip_bans[ip] = banned_from;
+	end
+	banned_from[from] = true;
+	module:log("debug", "Banned IP address %s from %s", ip, from);
+end
+
+function check_for_incoming_ban(event)
+	local stanza = event.stanza;
+	local to_session = full_sessions[stanza.attr.to];
+	if to_session then
+		local directed = to_session.directed;
+		local from = stanza.attr.from;
+		if directed and directed[from] and stanza.attr.type == "unavailable" then
+			-- This is a stanza from somewhere we sent directed presence to (may be a MUC)
+			local x = stanza:get_child("x", xmlns_muc_user);
+			if x then
+				for status in x:childtags("status") do
+					if status.attr.code == '301' then
+						ban_ip(to_session, jid_bare(from));
+					end
+				end
+			end
+		end
+	end
+end
+
+function check_for_ban(event)
+	local ip = event.origin.ip;
+	local to = jid_bare(event.stanza.attr.to);
+	if ip_bans[ip] and ip_bans[ip][to] then
+		event.origin.send(st.error_reply(event.stanza, "auth", "forbidden")
+			:tag("x", { xmlns = xmlns_muc_user })
+				:tag("status", { code = '301' }));
+		return true;
+	end
+	module:log("debug", "Not banned: %s from %s", ip, to)
+end
+
+function module.add_host(module)
+	module:hook("presence/full", check_for_incoming_ban);
+	module:hook("pre-presence/full", check_for_ban);
+end