prosody-modules
e977174082ee
mod_muc_restrict_avatars/mod_muc_restrict_avatars.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_muc_restrict_avatars/mod_muc_restrict_avatars.lua @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 5920:5b95e06d75d5
line wrap: on
line source

local bare_jid = require"util.jid".bare;
local mod_muc = module:depends("muc");

local function filter_avatar_advertisement(tag)
	if tag.attr.xmlns == "vcard-temp:x:update" then
		return nil;
	end

	return tag;
end

-- Function to determine if avatar restriction is enabled
local function is_avatar_restriction_enabled(room)
	return room._data.restrict_avatars;
end

-- Add MUC configuration form option for avatar restriction
module:hook("muc-config-form", function(event)
	local room, form = event.room, event.form;
	table.insert(form, {
		name = "restrict_avatars",
		type = "boolean",
		label = "Restrict avatars to members only",
		value = is_avatar_restriction_enabled(room)
	});
end);

-- Handle MUC configuration form submission
module:hook("muc-config-submitted", function(event)
	local room, fields, changed = event.room, event.fields, event.changed;
	local restrict_avatars = fields["restrict_avatars"];

	if room and restrict_avatars ~= is_avatar_restriction_enabled(room) then
		-- Update room settings based on the submitted value
		room._data.restrict_avatars = restrict_avatars;
		-- Mark the configuration as changed
		if type(changed) == "table" then
			changed["restrict_avatars"] = true;
		else
			event.changed = true;
		end
	end
end);

-- Handle presence/full events to filter avatar advertisements
module:hook("presence/full", function(event)
	local stanza = event.stanza;
	local room = mod_muc.get_room_from_jid(bare_jid(stanza.attr.to));
	if room and not room:get_affiliation(stanza.attr.from) then
		if is_avatar_restriction_enabled(room) then
			stanza:maptags(filter_avatar_advertisement);
		end
	end
end, 1);