prosody-modules
e977174082ee
mod_host_blacklist/mod_host_blacklist.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_host_blacklist/mod_host_blacklist.lua @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 1182:547b3c05cc06
line wrap: on
line source

local jid_split = require "util.jid".split;
local st = require "util.stanza";
local set = require "util.set";
local select = select;

local blacklist = module:get_option_inherited_set("host_blacklist", {});

local function stanza_checker(attr)
	return function (event)
		local host = select(2, jid_split(event.stanza.attr[attr]));
		if blacklist:contains(host) then
			module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
			return true;
		end
	end
end

check_incoming_stanza = stanza_checker("from");
check_outgoing_stanza = stanza_checker("to");

for stanza_type in set.new{"presence","message","iq"}:items() do
	for jid_type in set.new{"bare", "full", "host"}:items() do
		module:hook("pre-"..stanza_type.."/"..jid_type, check_outgoing_stanza, 500);
		module:hook(stanza_type.."/"..jid_type, check_incoming_stanza, 500);
	end
end