Software /
code /
prosody-modules
Changeset
1954:050cd7b6fa96
mod_muc_access_control: Module to allow restricting rooms to a list of JIDs, which can include domains
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sun, 22 Nov 2015 19:33:09 +0000 |
parents | 1953:0c3ba5ff7a3b |
children | 1956:1a5be0ecc876 |
files | mod_muc_access_control/mod_muc_access_control.lua |
diffstat | 1 files changed, 57 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_muc_access_control/mod_muc_access_control.lua Sun Nov 22 19:33:09 2015 +0000 @@ -0,0 +1,57 @@ +local st = require "util.stanza"; +local jid = require "util.jid"; +local nodeprep = require "util.encodings".stringprep.nodeprep; + +local unprepped_access_lists = module:get_option("muc_access_lists", {}); +local access_lists = {}; + +-- Make sure all input is prepped +for unprepped_room_name, unprepped_list in pairs(unprepped_access_lists) do + local prepped_room_name = nodeprep(unprepped_room_name); + if not prepped_room_name then + module:log("error", "Invalid room name: %s", unprepped_room_name); + else + local prepped_list = {}; + for _, unprepped_jid in ipairs(unprepped_list) do + local prepped_jid = jid.prep(jid); + if not prepped_jid then + module:log("error", "Invalid JID: %s", unprepped_jid); + else + table.insert(prepped_list, jid.pep(jid)); + end + end + end +end + +local function is_restricted(room, who) + local allowed = access_lists[room]; + + if allowed == nil or allowed[who] or allowed[select(2, jid.split(who))] then + return nil; + end + + return "forbidden"; +end + +module:hook("presence/full", function(event) + local stanza = event.stanza; + + if stanza.name == "presence" and stanza.attr.type == "unavailable" then -- Leaving events get discarded + return; + end + + -- Get the room + local room = jid.split(stanza.attr.to); + if not room then return; end + + -- Get who has tried to join it + local who = jid.bare(stanza.attr.from) + + -- Checking whether room is restricted + local check_restricted = is_restricted(room, who) + if check_restricted ~= nil then + event.allowed = false; + event.stanza.attr.type = 'error'; + return event.origin.send(st.error_reply(event.stanza, "cancel", "forbidden", "You're not allowed to enter this room: " .. check_restricted)); + end +end, 10);