jfinn
/
jitsi_corner8
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8789 Commit
3 Rami (Branch)
Ramo (Branch): master
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'master'
${ noResults }
jitsi_corner8/resources/prosody-plugins/mod_auth_token.lua

mod_auth_token.lua 4.1KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. -- Token authentication

  2. -- Copyright (C) 2021-present 8x8, Inc.

  3. 

  4. local formdecode = require "util.http".formdecode;

  5. local generate_uuid = require "util.uuid".generate;

  6. local new_sasl = require "util.sasl".new;

  7. local sasl = require "util.sasl";

  8. local token_util = module:require "token/util".new(module);

  9. local sessions = prosody.full_sessions;

  10. 

  11. -- no token configuration

  12. if token_util == nil then

  13.     return;

  14. end

  15. 

  16. module:depends("jitsi_session");

  17. 

  18. -- define auth provider

  19. local provider = {};

  20. 

  21. local host = module.host;

  22. 

  23. -- Extract 'token' param from URL when session is created

  24. function init_session(event)

  25. 	local session, request = event.session, event.request;

  26. 	local query = request.url.query;

  27. 

  28. 	if query ~= nil then

  29.         local params = formdecode(query);

  30. 

  31.         -- The following fields are filled in the session, by extracting them

  32.         -- from the query and no validation is beeing done.

  33.         -- After validating auth_token will be cleaned in case of error and few

  34.         -- other fields will be extracted from the token and set in the session

  35. 

  36.         session.auth_token = query and params.token or nil;

  37.     end

  38. end

  39. 

  40. module:hook_global("bosh-session", init_session);

  41. module:hook_global("websocket-session", init_session);

  42. 

  43. function provider.test_password(username, password)

  44. 	return nil, "Password based auth not supported";

  45. end

  46. 

  47. function provider.get_password(username)

  48. 	return nil;

  49. end

  50. 

  51. function provider.set_password(username, password)

  52. 	return nil, "Set password not supported";

  53. end

  54. 

  55. function provider.user_exists(username)

  56. 	return nil;

  57. end

  58. 

  59. function provider.create_user(username, password)

  60. 	return nil;

  61. end

  62. 

  63. function provider.delete_user(username)

  64. 	return nil;

  65. end

  66. 

  67. function provider.get_sasl_handler(session)

  68. 

  69. 	local function get_username_from_token(self, message)

  70. 

  71.         -- retrieve custom public key from server and save it on the session

  72.         local pre_event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);

  73.         if pre_event_result ~= nil and pre_event_result.res == false then

  74.             log("warn",

  75.                 "Error verifying token on pre authentication stage:%s, reason:%s", pre_event_result.error, pre_event_result.reason);

  76.             session.auth_token = nil;

  77.             return pre_event_result.res, pre_event_result.error, pre_event_result.reason;

  78.         end

  79. 

  80.         local res, error, reason = token_util:process_and_verify_token(session);

  81.         if res == false then

  82.             log("warn",

  83.                 "Error verifying token err:%s, reason:%s", error, reason);

  84.             session.auth_token = nil;

  85.             return res, error, reason;

  86.         end

  87. 

  88.         local customUsername

  89.             = prosody.events.fire_event("pre-jitsi-authentication", session);

  90. 

  91.         if (customUsername) then

  92.             self.username = customUsername;

  93.         elseif (session.previd ~= nil) then

  94.             for _, session1 in pairs(sessions) do

  95.                 if (session1.resumption_token == session.previd) then

  96.                     self.username = session1.username;

  97.                     break;

  98.                 end

  99.         	end

  100.         else

  101.             self.username = message;

  102.         end

  103. 

  104.         local post_event_result = prosody.events.fire_event("post-jitsi-authentication", session);

  105.         if post_event_result ~= nil and post_event_result.res == false then

  106.             log("warn",

  107.                 "Error verifying token on post authentication stage :%s, reason:%s", post_event_result.error, post_event_result.reason);

  108.             session.auth_token = nil;

  109.             return post_event_result.res, post_event_result.error, post_event_result.reason;

  110.         end

  111. 

  112.         return res;

  113. 	end

  114. 

  115. 	return new_sasl(host, { anonymous = get_username_from_token });

  116. end

  117. 

  118. module:provides("auth", provider);

  119. 

  120. local function anonymous(self, message)

  121. 

  122. 	local username = generate_uuid();

  123. 

  124. 	-- This calls the handler created in 'provider.get_sasl_handler(session)'

  125. 	local result, err, msg = self.profile.anonymous(self, username, self.realm);

  126. 

  127. 	if result == true then

  128. 		if (self.username == nil) then

  129. 			self.username = username;

  130. 		end

  131. 		return "success";

  132. 	else

  133. 		return "failure", err, msg;

  134. 	end

  135. end

  136. 

  137. sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);