Software /
code /
prosody
Diff
util/prosodyctl/check.lua @ 12317:b4f2027ef917
util.prosodyctl: Warn about enabled public registration in 'check config'
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 02 Mar 2022 15:22:12 +0000 |
parent | 12233:e4530bdbf5f3 |
child | 12318:239ce74aa6a4 |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Wed Feb 23 20:31:03 2022 +0100 +++ b/util/prosodyctl/check.lua Wed Mar 02 15:22:12 2022 +0000 @@ -403,6 +403,34 @@ ok = false; end + do + local global_modules = set.new(config["*"].modules_enabled); + local registration_enabled_hosts = {}; + for host in enabled_hosts() do + local host_modules = set.new(config[host].modules_enabled) + global_modules; + local allow_registration = config[host].allow_registration; + local mod_register = host_modules:contains("register"); + local mod_register_ibr = host_modules:contains("register_ibr"); + local mod_invites_register = host_modules:contains("invites_register"); + local registration_invite_only = config[host].registration_invite_only; + local is_vhost = not config[host].component_module; + if is_vhost and (mod_register_ibr or (mod_register and allow_registration)) + and not (mod_invites_register and registration_invite_only) then + table.insert(registration_enabled_hosts, host); + end + end + if #registration_enabled_hosts > 0 then + table.sort(registration_enabled_hosts); + print(""); + print(" Public registration is enabled on:"); + print(" "..table.concat(registration_enabled_hosts, ", ")); + print(""); + print(" If this is intentional, review our guidelines on running a public server"); + print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to"); + print(" invite-based registration, which is more secure."); + end + end + print("Done.\n"); end if not what or what == "dns" then