mix: Implement access control for channel creation

Oh, and create the messages node on room creation
This commit is contained in:
PapaTutuWawa 2020-10-29 18:10:08 +01:00
parent 8f26efc94d
commit 08fd566334

View File

@ -22,7 +22,7 @@ local persistent_channel_data = module:open_store("mix_data", "keyval");
-- Configuration
local default_channel_description = module:get_option("default_description", "A MIX channel for chatting");
local default_channel_name = module:get_option("default_name", "MIX channel");
local restrict_local_channel_creation = module:get_option("restrict_local_channels", true);
local restrict_channel_creation = module:get_option("restrict_local_channels", "local");
module:depends("disco");
-- module:depends("mam"); TODO: Once message sending works
@ -185,6 +185,24 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve
return true;
end);
function can_create_channels(user)
-- Returns true when the jid is allowed to create MIX channels. False otherwise.
if restrict_channel_creation == "local" then
-- NOTE: Taken from plugins/muc/mod_muc.lua
local host_suffix = host:gsub("^[^%.]+%.", "");
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(user), host_suffix);
if jid.host(user) == host_suffix then
return true;
else
return false;
end
end
-- TODO: Handle also true/"admin" (See mod_muc)
return true;
end
module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
module:log("debug", "IQ-GET host disco#info");
@ -196,14 +214,8 @@ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(
:tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up()
:tag("feature", { var = mix_core_xmlns }):up();
-- TODO: This should also check for admin and an array
if restrict_channel_creation == "local" then
-- NOTE: Taken from plugins/muc/mod_muc.lua
local host_suffix = host:gsub("^[^%.]+%.", "");
module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(stanza.attr.from), host_suffix);
if jid.host(stanza.attr.from) == host_suffix then
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
end
if can_create_channels(stanza.attr.from) then
reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up();
end
end);
@ -409,6 +421,7 @@ function create_channel(node, creator, adhoc)
channel:publish_info(srv);
-- TODO: This seems bad
srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"});
srv:create("urn:xmpp:mix:nodes:messages", true, { ["access_model"] = "open"});
table.insert(channels, channel);
end
@ -417,6 +430,12 @@ module:hook("iq-set/host/"..mix_core_xmlns..":create", function(event)
local origin, stanza = event.origin, event.stanza;
local from = jid.bare(stanza.attr.from);
-- Check permissions
if not can_create_channels(from) then
origin.send(st.error_reply(stanza, "cancel", "forbidden", "Not authorized to create channels"));
return;
end
local create = stanza:get_child("create", mix_core_xmlns);
local node;
if create.attr.channel ~= nil then
@ -465,7 +484,7 @@ module:hook("iq-set/host/"..mix_core_xmlns..":destroy", function(event)
origin.send(channel_not_found(stanza));
return;
end
-- TODO: Check permissions
-- TODO: Check permissions: can_create_channels and maybe compare to the contact JIDs
-- Remove all registered nodes
local srv = pep.get_pep_service(node);