prosody
b33558969b3e
plugins/mod_private.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_private.lua @ 12444:b33558969b3e 0.12

mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
author Matthew Wild <mwild1@gmail.com>
date Mon, 28 Mar 2022 14:53:24 +0100
parent 9228:e2e2aa76ea31
child 12977:74b9e05af71e
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--


local st = require "util.stanza"

local private_storage = module:open_store("private", "map");

module:add_feature("jabber:iq:private");

module:hook("iq/self/jabber:iq:private:query", function(event)
	local origin, stanza = event.origin, event.stanza;
	local query = stanza.tags[1];
	if #query.tags ~= 1 then
		origin.send(st.error_reply(stanza, "modify", "bad-format"));
		return true;
	end
	local tag = query.tags[1];
	local key = tag.name..":"..tag.attr.xmlns;
	if stanza.attr.type == "get" then
		local data, err = private_storage:get(origin.username, key);
		if data then
			origin.send(st.reply(stanza):query("jabber:iq:private"):add_child(st.deserialize(data)));
		elseif err then
			origin.send(st.error_reply(stanza, "wait", "internal-server-error", err));
		else
			origin.send(st.reply(stanza):add_child(query));
		end
		return true;
	else -- stanza.attr.type == "set"
		local data;
		if #tag ~= 0 then
			data = st.preserialize(tag);
		end
		-- TODO delete datastore if empty
		local ok, err = private_storage:set(origin.username, key, data);
		if not ok then
			origin.send(st.error_reply(stanza, "wait", "internal-server-error", err));
			return true;
		end
		origin.send(st.reply(stanza));
		return true;
	end
end);