Mercurial > prosody-modules
comparison mod_privilege/mod_privilege.lua @ 1661:69aa2b54ba8a
mod_privilege: implemented message privilege
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 02 Apr 2015 21:47:05 +0200 |
| parents | d1072db4db44 |
| children | d440a22fa0af |
comparison
equal
deleted
inserted
replaced
| 1660:d1072db4db44 | 1661:69aa2b54ba8a |
|---|---|
| 1 -- XEP-0356 (Privileged Entity) | 1 -- XEP-0356 (Privileged Entity) |
| 2 -- Copyright (C) 2015 Jérôme Poisson | 2 -- Copyright (C) 2015 Jérôme Poisson |
| 3 -- | 3 -- |
| 4 -- This module is MIT/X11 licensed. Please see the | 4 -- This module is MIT/X11 licensed. Please see the |
| 5 -- COPYING file in the source package for more information. | 5 -- COPYING file in the source package for more information. |
| 6 -- | 6 -- |
| 10 local jid = require("util/jid") | 10 local jid = require("util/jid") |
| 11 local set = require("util/set") | 11 local set = require("util/set") |
| 12 local st = require("util/stanza") | 12 local st = require("util/stanza") |
| 13 local roster_manager = require("core/rostermanager") | 13 local roster_manager = require("core/rostermanager") |
| 14 local user_manager = require("core/usermanager") | 14 local user_manager = require("core/usermanager") |
| 15 local hosts = prosody.hosts | |
| 15 | 16 |
| 16 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) | 17 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) |
| 17 local _ROSTER_GET_PERM = set.new({'get', 'both'}) | 18 local _ROSTER_GET_PERM = set.new({'get', 'both'}) |
| 18 local _ROSTER_SET_PERM = set.new({'set', 'both'}) | 19 local _ROSTER_SET_PERM = set.new({'set', 'both'}) |
| 19 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) | 20 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) |
| 20 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) | 21 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) |
| 21 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} | 22 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} |
| 22 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' | 23 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' |
| 24 local _FORWARDED_NS = 'urn:xmpp:forward:0' | |
| 23 | 25 |
| 24 | 26 |
| 25 module:log("debug", "Loading privileged entity module "); | 27 module:log("debug", "Loading privileged entity module "); |
| 26 | 28 |
| 27 --> Permissions management <-- | 29 --> Permissions management <-- |
| 221 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 223 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
| 222 end | 224 end |
| 223 | 225 |
| 224 return true | 226 return true |
| 225 end); | 227 end); |
| 228 | |
| 229 | |
| 230 --> message permission <-- | |
| 231 | |
| 232 module:hook("message/host", function(event) | |
| 233 local session, stanza = event.origin, event.stanza; | |
| 234 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS) | |
| 235 if privilege_elt==nil then return; end | |
| 236 if session.privileges and session.privileges.message=="outgoing" then | |
| 237 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" | |
| 238 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then | |
| 239 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') | |
| 240 if message_elt ~= nil then | |
| 241 local from_node, from_host, from_resource = jid.split(message_elt.attr.from) | |
| 242 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts | |
| 243 -- at this point everything should be alright, we can send the message | |
| 244 prosody.core_route_stanza(nil, message_elt) | |
| 245 else -- trying to send a message from a forbidden entity | |
| 246 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) | |
| 247 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | |
| 248 end | |
| 249 else -- incorrect message child | |
| 250 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element")); | |
| 251 end | |
| 252 else -- incorrect forwarded child | |
| 253 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element")); | |
| 254 end; | |
| 255 else -- The permission is not granted | |
| 256 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission") | |
| 257 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | |
| 258 end | |
| 259 | |
| 260 return true | |
| 261 end); |
