Software / code / prosody
Annotate
plugins/muc/lock.lib.lua @ 12953:ebe3b2f96cad
mod_tokenauth: Switch to new token format (invalidates existing tokens!)
The new format has the following properties:
- 5 bytes longer than the previous format
- The token now has separate 'id' and 'secret' parts - the token itself is no
longer stored in the DB, and the secret part is hashed
- The only variable length field (JID) has been moved to the end
- The 'secret-token:' prefix (RFC 8959) is now included
Compatibility with the old token format was not maintained, and all previously
issued tokens are invalid after this commit (they will be removed from the DB
if used).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 21 Mar 2023 14:33:29 +0000 |
| parent | 10450:c1edeb9fe337 |
| child | 12977:74b9e05af71e |
| rev | line source |
|---|---|
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
1 -- Prosody IM |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
4 -- Copyright (C) 2014 Daurnimator |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
5 -- |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
6 -- This project is MIT/X11 licensed. Please see the |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
7 -- COPYING file in the source package for more information. |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
8 -- |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
9 |
|
6329
6b3eb1611587
mod_muc: Import util.stanza into the config handler modules that need it. Fixes #432.
Matthew Wild <mwild1@gmail.com>
parents:
6242
diff
changeset
|
10 local st = require "util.stanza"; |
|
6b3eb1611587
mod_muc: Import util.stanza into the config handler modules that need it. Fixes #432.
Matthew Wild <mwild1@gmail.com>
parents:
6242
diff
changeset
|
11 |
|
8866
2c60ae791bdc
MUC: Enable room locking by default to gather feedback (#328)
Kim Alvefur <zash@zash.se>
parents:
8566
diff
changeset
|
12 local lock_rooms = module:get_option_boolean("muc_room_locking", true); |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
13 local lock_room_timeout = module:get_option_number("muc_room_lock_timeout", 300); |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
14 |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
15 local function lock(room) |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
16 module:fire_event("muc-room-locked", {room = room;}); |
|
7408
cf53081ce767
MUC: Use a timestamp to keep track of when to unlock room instead of a timer (so timer does not unlock an evicted room)
Kim Alvefur <zash@zash.se>
parents:
7407
diff
changeset
|
17 room._data.locked = os.time() + lock_room_timeout; |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
18 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
19 local function unlock(room) |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
20 module:fire_event("muc-room-unlocked", {room = room;}); |
|
7407
e465b584547b
MUC: Move the locked flag into persisted data (so not to lose it on eviction)
Kim Alvefur <zash@zash.se>
parents:
6329
diff
changeset
|
21 room._data.locked = nil; |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
22 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
23 local function is_locked(room) |
|
8565
301e5b82b4d8
MUC/lock: Remove redundant fallback value
Kim Alvefur <zash@zash.se>
parents:
7999
diff
changeset
|
24 local ts = room._data.locked; |
|
7408
cf53081ce767
MUC: Use a timestamp to keep track of when to unlock room instead of a timer (so timer does not unlock an evicted room)
Kim Alvefur <zash@zash.se>
parents:
7407
diff
changeset
|
25 if ts then |
|
8566
8ea66e42a27b
MUC/lock: Fix locking timeout to account for the direction of time
Kim Alvefur <zash@zash.se>
parents:
8565
diff
changeset
|
26 if os.time() < ts then return true; end |
|
7408
cf53081ce767
MUC: Use a timestamp to keep track of when to unlock room instead of a timer (so timer does not unlock an evicted room)
Kim Alvefur <zash@zash.se>
parents:
7407
diff
changeset
|
27 unlock(room); |
|
cf53081ce767
MUC: Use a timestamp to keep track of when to unlock room instead of a timer (so timer does not unlock an evicted room)
Kim Alvefur <zash@zash.se>
parents:
7407
diff
changeset
|
28 end |
|
cf53081ce767
MUC: Use a timestamp to keep track of when to unlock room instead of a timer (so timer does not unlock an evicted room)
Kim Alvefur <zash@zash.se>
parents:
7407
diff
changeset
|
29 return false; |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
30 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
31 |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
32 if lock_rooms then |
|
6242
67efeadd9e77
plugins/muc/lock.lib: lock inside of pre-create instead of 'created'
daurnimator <quae@daurnimator.com>
parents:
6207
diff
changeset
|
33 module:hook("muc-room-pre-create", function(event) |
|
67efeadd9e77
plugins/muc/lock.lib: lock inside of pre-create instead of 'created'
daurnimator <quae@daurnimator.com>
parents:
6207
diff
changeset
|
34 -- Older groupchat protocol doesn't lock |
|
67efeadd9e77
plugins/muc/lock.lib: lock inside of pre-create instead of 'created'
daurnimator <quae@daurnimator.com>
parents:
6207
diff
changeset
|
35 if not event.stanza:get_child("x", "http://jabber.org/protocol/muc") then return end |
|
67efeadd9e77
plugins/muc/lock.lib: lock inside of pre-create instead of 'created'
daurnimator <quae@daurnimator.com>
parents:
6207
diff
changeset
|
36 -- Lock room at creation |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
37 local room = event.room; |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
38 lock(room); |
|
6242
67efeadd9e77
plugins/muc/lock.lib: lock inside of pre-create instead of 'created'
daurnimator <quae@daurnimator.com>
parents:
6207
diff
changeset
|
39 end, 10); |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
40 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
41 |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
42 -- Don't let users into room while it is locked |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
43 module:hook("muc-occupant-pre-join", function(event) |
|
6207
a5928fdeaf97
plugins/muc/lock.lib: Need to let creator into the locked room :)
daurnimator <quae@daurnimator.com>
parents:
6206
diff
changeset
|
44 if not event.is_new_room and is_locked(event.room) then -- Deny entry |
| 7999 | 45 module:log("debug", "Room is locked, denying entry"); |
|
10450
c1edeb9fe337
MUC: Indicate the component as origin of various errors where there's no room
Kim Alvefur <zash@zash.se>
parents:
8866
diff
changeset
|
46 event.origin.send(st.error_reply(event.stanza, "cancel", "item-not-found", nil, module.host)); |
|
6206
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
47 return true; |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
48 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
49 end, -30); |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
50 |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
51 -- When config is submitted; unlock the room |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
52 module:hook("muc-config-submitted", function(event) |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
53 if is_locked(event.room) then |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
54 unlock(event.room); |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
55 end |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
56 end, -1); |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
57 |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
58 return { |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
59 lock = lock; |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
60 unlock = unlock; |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
61 is_locked = is_locked; |
|
f937bb5c83c3
plugins/muc: Move locking to seperate module
daurnimator <quae@daurnimator.com>
parents:
diff
changeset
|
62 }; |
