Mercurial > prosody-modules
comparison mod_unified_push/mod_unified_push.lua @ 5147:658658ea9323
mod_unified_push: Add ACL option to restrict access
It defaults to the current host if on a VirtualHost, or parent host if a
component.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 13 Jan 2023 16:41:48 +0000 |
| parents | a86022d702b2 |
| children | bf42f1401f1c |
comparison
equal
deleted
inserted
replaced
| 5146:a86022d702b2 | 5147:658658ea9323 |
|---|---|
| 12 | 12 |
| 13 module:depends("http"); | 13 module:depends("http"); |
| 14 module:depends("disco"); | 14 module:depends("disco"); |
| 15 | 15 |
| 16 module:add_feature(xmlns_up); | 16 module:add_feature(xmlns_up); |
| 17 | |
| 18 local acl = module:get_option_set("unified_push_acl", { | |
| 19 module:get_host_type() == "local" and module.host or module.host:match("^[^%.]%.(.+)$") | |
| 20 }); | |
| 21 | |
| 22 local function is_jid_permitted(user_jid) | |
| 23 for acl_entry in acl do | |
| 24 if jid.compare(user_jid, acl_entry) then | |
| 25 return true; | |
| 26 end | |
| 27 end | |
| 28 return false; | |
| 29 end | |
| 17 | 30 |
| 18 local function check_sha256(s) | 31 local function check_sha256(s) |
| 19 if not s then return nil, "no value provided"; end | 32 if not s then return nil, "no value provided"; end |
| 20 local d = base64.decode(s); | 33 local d = base64.decode(s); |
| 21 if not d then return nil, "invalid base64"; end | 34 if not d then return nil, "invalid base64"; end |
| 42 end | 55 end |
| 43 | 56 |
| 44 -- Handle incoming registration from XMPP client | 57 -- Handle incoming registration from XMPP client |
| 45 function handle_register(event) | 58 function handle_register(event) |
| 46 local origin, stanza = event.origin, event.stanza; | 59 local origin, stanza = event.origin, event.stanza; |
| 60 if not is_jid_permitted(stanza.attr.from) then | |
| 61 return st.error_reply(stanza, "auth", "forbidden"); | |
| 62 end | |
| 47 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); | 63 local instance, instance_err = check_sha256(stanza.tags[1].attr.instance); |
| 48 if not instance then | 64 if not instance then |
| 49 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); | 65 return st.error_reply(stanza, "modify", "bad-request", "instance: "..instance_err); |
| 50 end | 66 end |
| 51 local application, application_err = check_sha256(stanza.tags[1].attr.application); | 67 local application, application_err = check_sha256(stanza.tags[1].attr.application); |
