File

mod_proxy65_whitelist/mod_proxy65_whitelist.lua @ 5185:09d6bbd6c8a4

mod_http_oauth2: Fix treatment of 'redirect_uri' parameter in code flow It's optional and the one stored in the client registration should really be used instead. RFC 6749 says an URI provided as parameter MUST be validated against the stored one but does not say how. Given that the client needs their secret to proceed, it seems fine to leave this for later.
author Kim Alvefur <zash@zash.se>
date Thu, 02 Mar 2023 22:00:42 +0100
parent 2358:f96b947303a2
line wrap: on
line source

local allowed_streamhosts = module:get_option_set("allowed_streamhosts", {}); -- eg proxy.eu.jabber.org

if module:get_option_boolean("allow_local_streamhosts", true) then
	for hostname, host in pairs(hosts) do
		if host.modules.proxy65 then
			allowed_streamhosts:add(hostname);
		end
	end

	module:hook_global("host-activated", function (host)
		if hosts[host].modules.proxy65 then
			allowed_streamhosts:add(host);
		end
	end);
end

local function filter_streamhosts(tag)
	if tag.name == "streamhost" and not allowed_streamhosts:contains(tag.attr.jid) then
		return nil;
	end
	return tag;
end

module:hook("iq/full", function (event)
	local stanza = event.stanza;
	if stanza.attr.type == "set" then
		local payload = stanza:get_child("query", "http://jabber.org/protocol/bytestreams");
		if payload then
			payload:maptags(filter_streamhosts);
		end
	end
end, 1);