Diff

util/prosodyctl/check.lua @ 12317:b4f2027ef917

util.prosodyctl: Warn about enabled public registration in 'check config'
author Matthew Wild <mwild1@gmail.com>
date Wed, 02 Mar 2022 15:22:12 +0000
parent 12233:e4530bdbf5f3
child 12318:239ce74aa6a4
line wrap: on
line diff
--- a/util/prosodyctl/check.lua	Wed Feb 23 20:31:03 2022 +0100
+++ b/util/prosodyctl/check.lua	Wed Mar 02 15:22:12 2022 +0000
@@ -403,6 +403,34 @@
 			ok = false;
 		end
 
+		do
+			local global_modules = set.new(config["*"].modules_enabled);
+			local registration_enabled_hosts = {};
+			for host in enabled_hosts() do
+				local host_modules = set.new(config[host].modules_enabled) + global_modules;
+				local allow_registration = config[host].allow_registration;
+				local mod_register = host_modules:contains("register");
+				local mod_register_ibr = host_modules:contains("register_ibr");
+				local mod_invites_register = host_modules:contains("invites_register");
+				local registration_invite_only = config[host].registration_invite_only;
+				local is_vhost = not config[host].component_module;
+				if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
+				   and not (mod_invites_register and registration_invite_only) then
+					table.insert(registration_enabled_hosts, host);
+				end
+			end
+			if #registration_enabled_hosts > 0 then
+				table.sort(registration_enabled_hosts);
+				print("");
+				print("    Public registration is enabled on:");
+				print("        "..table.concat(registration_enabled_hosts, ", "));
+				print("");
+				print("        If this is intentional, review our guidelines on running a public server");
+				print("        at https://prosody.im/doc/public_servers - otherwise, consider switching to");
+				print("        invite-based registration, which is more secure.");
+			end
+		end
+
 		print("Done.\n");
 	end
 	if not what or what == "dns" then