prosody-modules
882180b459a0
mod_pubsub_post/mod_pubsub_post.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Diff

mod_pubsub_post/mod_pubsub_post.lua @ 3503:882180b459a0

mod_pubsub_post: Restructure authentication and authorization (BC) This deprecates the default "superuser" actor model and makes the default equivalent to the previous "request.id". A single actor and secret per node is supported because HTTP and WebHooks don't normally include any authorization identity. Allowing authentication bypass when no secret is given should be relatively safe when the actor is unprivileged, as will be unless explicitly configured otherwise.
author Kim Alvefur <zash@zash.se>
date Sat, 30 Mar 2019 21:16:13 +0100
parent 3501:1df139b157fb
child 3504:9ef5b229f73e
line wrap: on
line diff
--- a/mod_pubsub_post/mod_pubsub_post.lua	Sat Mar 30 19:24:18 2019 +0100
+++ b/mod_pubsub_post/mod_pubsub_post.lua	Sat Mar 30 21:16:13 2019 +0100
@@ -75,9 +75,14 @@
 	end
 end
 
-local actor_source = module:get_option_string("pubsub_post_actor", "superuser");
-local actor_secret = module:get_option_string("pubsub_post_secret");
+local actor_source = module:get_option_string("pubsub_post_actor"); -- COMPAT
+local default_secret = module:get_option_string("pubsub_post_default_secret");
 local actor_secrets = module:get_option("pubsub_post_secrets");
+local actors = module:get_option("pubsub_post_actors");
+local default_actor = module:get_option_string("pubsub_post_default_actor");
+if not default_actor and actor_source == "superuser" then
+	default_actor = true;
+end
 
 local function verify_signature(secret, body, signature)
 	if not signature then return false; end
@@ -93,22 +98,13 @@
 	module:log("debug", "Handling POST: \n%s\n", tostring(request.body));
 
 	local content_type = request.headers.content_type or "application/octet-stream";
-	local actor;
+	local actor = actors and actors[path] or default_actor or request.ip;
+	local secret = actor_secrets and actor_secrets[path] or default_secret;
 
-	local secret = actor_secrets and actor_secrets[path] or actor_secret;
 	if secret and not verify_signature(secret, request.body, request.headers.x_hub_signature) then
 		return 401;
 	end
 
-	if actor_source == "request.ip" then
-		actor = request.ip or request.conn:ip();
-	elseif actor_source == "superuser" then
-		actor = true;
-	else
-		module:log("error", "pubsub_post_actor set to unsupported value %q", actor_source);
-		return 500;
-	end
-
 	if not actor then
 		return 401;
 	end