Changeset

5173:460f78654864

mod_muc_rtbl: also filter messages This was a bit tricky because we don't want to run the JIDs through SHA256 on each message. Took a while to come up with this simple plan of just caching the SHA256 of the JIDs on the occupants. This will leave some dirt in the occupants after unloading the module, but that should be ok; once they cycle the room, the hashes will be gone. This is direly needed, otherwise, there is a tight race between the moderation activities and the actors joining the room.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Feb 2023 21:37:27 +0100
parents 5172:dc6a10629670
children 5174:354832098f2f
files mod_muc_rtbl/mod_muc_rtbl.lua
diffstat 1 files changed, 34 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mod_muc_rtbl/mod_muc_rtbl.lua	Mon Feb 20 13:42:13 2023 -0500
+++ b/mod_muc_rtbl/mod_muc_rtbl.lua	Tue Feb 21 21:37:27 2023 +0100
@@ -91,6 +91,17 @@
 
 module:hook("iq-result/host/rtbl-request", update_list);
 
+function update_hashes(occupant)
+	if not occupant.mod_muc_rtbl_bare_hash then
+		local bare_hash = sha256(jid.bare(event.stanza.attr.from), true);
+		occupant.mod_muc_rtbl_bare_hash = bare_hash;
+	end
+	if not occupant.mod_muc_rtbl_host_hash then
+		local host_hash = sha256(jid.host(event.stanza.attr.from), true);
+		event.occupant.mod_muc_rtbl_host_hash = host_hash;
+	end
+end
+
 module:hook("muc-occupant-pre-join", function (event)
 	if next(banned_hashes) == nil then return end
 
@@ -102,9 +113,8 @@
 		return;
 	end
 
-	local bare_hash = sha256(jid.bare(event.stanza.attr.from), true);
-	local host_hash = sha256(jid.host(event.stanza.attr.from), true);
-	if banned_hashes[bare_hash] or banned_hashes[host_hash] then
+	update_hashes(event.occupant);
+	if banned_hashes[event.occupant.mod_muc_rtbl_bare_hash] or banned_hashes[event.occupant.mod_muc_rtbl_host_hash] then
 		module:log("info", "Blocked user <%s> from room <%s> due to RTBL match", from_bare, event.stanza.attr.to);
 		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
 		event.origin.send(error_reply);
@@ -112,6 +122,27 @@
 	end
 end);
 
+module:hook("muc-occupant-groupchat", function(event)
+	update_hashes(event.occupant);
+	if banned_hashes[event.occupant.mod_muc_rtbl_bare_hash] or banned_hashes[event.occupant.mod_muc_rtbl_host_hash] then
+		module:log("debug", "Blocked message from user <%s> to room <%s> due to RTBL match", event.stanza.attr.from, event.stanza.attr.to);
+		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
+		event.origin.send(error_reply);
+		return true;
+	end
+end);
+
+module:hook("muc-private-message", function(event)
+	local occupant = event.room:get_occupant_by_nick(event.stanza.attr.from);
+	update_hashes(occupant);
+	if banned_hashes[occupant.mod_muc_rtbl_bare_hash] or banned_hashes[occupant.mod_muc_rtbl_host_hash] then
+		module:log("debug", "Blocked private message from user <%s> from room <%s> due to RTBL match", occupant.bare_jid, event.stanza.attr.to);
+		local error_reply = st.error_reply(event.stanza, "cancel", "forbidden", "You are banned from this service", event.room.jid);
+		event.origin.send(error_reply);
+		return true;
+	end
+end);
+
 if prosody.start_time then
 	request_list();
 else