Mercurial > prosody-modules
comparison mod_ogp/mod_ogp.lua @ 4598:09f0911c735d
mod_ogp: Add the ability to block OGP fetching for certain domains
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Tue, 22 Jun 2021 12:25:36 +0200 |
| parents | 0136c98f574c |
| children |
comparison
equal
deleted
inserted
replaced
| 4597:c858c76d0845 | 4598:09f0911c735d |
|---|---|
| 3 local st = require "util.stanza" | 3 local st = require "util.stanza" |
| 4 local url_pattern = [[https?://%S+]] | 4 local url_pattern = [[https?://%S+]] |
| 5 local domain_pattern = '^%w+://([^/]+)' | 5 local domain_pattern = '^%w+://([^/]+)' |
| 6 local xmlns_fasten = "urn:xmpp:fasten:0" | 6 local xmlns_fasten = "urn:xmpp:fasten:0" |
| 7 local xmlns_xhtml = "http://www.w3.org/1999/xhtml" | 7 local xmlns_xhtml = "http://www.w3.org/1999/xhtml" |
| 8 local whitelist = module:get_option_set("ogp_domain_whitelist", {}) | 8 local allowlist = module:get_option_set("ogp_domain_allowlist", module:get_option_set("ogp_domain_whitelist", {})) |
| 9 local denylist = module:get_option_set("ogp_domain_denylist", {}) | |
| 9 | 10 |
| 10 | 11 |
| 11 local function is_whitelisted(url) | 12 local function is_allowed(domain) |
| 12 if whitelist:empty() then | 13 if allowlist:empty() then |
| 13 return true | 14 return true |
| 14 end | 15 end |
| 15 local domain = url:match(domain_pattern) | 16 if allowlist:contains(domain) then |
| 16 if whitelist:contains(domain) then | 17 return true |
| 17 return true; | 18 end |
| 19 return false | |
| 20 end | |
| 21 | |
| 22 local function is_denied(domain) | |
| 23 if denylist:empty() then | |
| 24 return false | |
| 25 end | |
| 26 if denylist:contains(domain) then | |
| 27 return true | |
| 18 end | 28 end |
| 19 return false | 29 return false |
| 20 end | 30 end |
| 21 | 31 |
| 22 | 32 |
| 23 local function fetch_ogp_data(room, url, origin_id) | 33 local function fetch_ogp_data(room, url, origin_id) |
| 24 if not url or not is_whitelisted(url) then | 34 if not url then |
| 35 return; | |
| 36 end | |
| 37 | |
| 38 local domain = url:match(domain_pattern); | |
| 39 if is_denied(domain) or not is_allowed(domain) then | |
| 25 return; | 40 return; |
| 26 end | 41 end |
| 27 | 42 |
| 28 http.request( | 43 http.request( |
| 29 url, | 44 url, |
