jfinn
/
jitsi_corner8
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8789 Commits
3 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
jitsi_corner8/resources/prosody-plugins/mod_token_verification.lua

mod_token_verification.lua 4.0KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 
  1. -- Token authentication

  2. -- Copyright (C) 2015 Atlassian

  3. 

  4. local log = module._log;

  5. local host = module.host;

  6. local st = require "util.stanza";

  7. local um_is_admin = require "core.usermanager".is_admin;

  8. 

  9. 

  10. local function is_admin(jid)

  11.     return um_is_admin(jid, host);

  12. end

  13. 

  14. local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();

  15. if parentHostName == nil then

  16. 	log("error", "Failed to start - unable to get parent hostname");

  17. 	return;

  18. end

  19. 

  20. local parentCtx = module:context(parentHostName);

  21. if parentCtx == nil then

  22. 	log("error",

  23. 		"Failed to start - unable to get parent context for host: %s",

  24. 		tostring(parentHostName));

  25. 	return;

  26. end

  27. 

  28. local token_util = module:require "token/util".new(parentCtx);

  29. 

  30. -- no token configuration

  31. if token_util == nil then

  32.     return;

  33. end

  34. 

  35. log("debug",

  36. 	"%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",

  37. 	tostring(host), tostring(token_util.appId), tostring(token_util.appSecret),

  38. 	tostring(token_util.allowEmptyToken));

  39. 

  40. -- option to disable room modification (sending muc config form) for guest that do not provide token

  41. local require_token_for_moderation;

  42. local function load_config()

  43.     require_token_for_moderation = module:get_option_boolean("token_verification_require_token_for_moderation");

  44. end

  45. load_config();

  46. 

  47. -- verify user and whether he is allowed to join a room based on the token information

  48. local function verify_user(session, stanza)

  49. 	log("debug", "Session token: %s, session room: %s",

  50. 		tostring(session.auth_token),

  51. 		tostring(session.jitsi_meet_room));

  52. 

  53. 	-- token not required for admin users

  54. 	local user_jid = stanza.attr.from;

  55. 	if is_admin(user_jid) then

  56. 		log("debug", "Token not required from admin user: %s", user_jid);

  57. 		return true;

  58. 	end

  59. 

  60.     log("debug",

  61.         "Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);

  62.     if not token_util:verify_room(session, stanza.attr.to) then

  63.         log("error", "Token %s not allowed to join: %s",

  64.             tostring(session.auth_token), tostring(stanza.attr.to));

  65.         session.send(

  66.             st.error_reply(

  67.                 stanza, "cancel", "not-allowed", "Room and token mismatched"));

  68.         return false; -- we need to just return non nil

  69.     end

  70. 	log("debug",

  71.         "allowed: %s to enter/create room: %s", user_jid, stanza.attr.to);

  72.     return true;

  73. end

  74. 

  75. module:hook("muc-room-pre-create", function(event)

  76. 	local origin, stanza = event.origin, event.stanza;

  77. 	log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));

  78.     if not verify_user(origin, stanza) then

  79.         return true; -- Returning any value other than nil will halt processing of the event

  80.     end

  81. end);

  82. 

  83. module:hook("muc-occupant-pre-join", function(event)

  84. 	local origin, room, stanza = event.origin, event.room, event.stanza;

  85. 	log("debug", "pre join: %s %s", tostring(room), tostring(stanza));

  86.     if not verify_user(origin, stanza) then

  87.         return true; -- Returning any value other than nil will halt processing of the event

  88.     end

  89. end);

  90. 

  91. for event_name, method in pairs {

  92.     -- Normal room interactions

  93.     ["iq-set/bare/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;

  94.     -- Host room

  95.     ["iq-set/host/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;

  96. } do

  97.     module:hook(event_name, function (event)

  98.         local session, stanza = event.origin, event.stanza;

  99. 

  100.         -- if we do not require token we pass it through(default behaviour)

  101.         -- or the request is coming from admin (focus)

  102.         if not require_token_for_moderation or is_admin(stanza.attr.from) then

  103.             return;

  104.         end

  105. 

  106.         -- jitsi_meet_room is set after the token had been verified

  107.         if not session.auth_token or not session.jitsi_meet_room then

  108.             session.send(

  109.                 st.error_reply(

  110.                     stanza, "cancel", "not-allowed", "Room modification disabled for guests"));

  111.             return true;

  112.         end

  113. 

  114.     end, -1);  -- the default prosody hook is on -2

  115. end

  116. 

  117. module:hook_global('config-reloaded', load_config);