jfinn
/
jitsi_corner8
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
2012 提交
3 分支
目录树: 8deb003ef6
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '8deb003ef6'
${ noResults }
jitsi_corner8/prosody-plugins/mod_auth_token.lua

mod_auth_token.lua 3.1KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. -- Token authentication

  2. -- Copyright (C) 2015 Atlassian

  3. 

  4. local generate_uuid = require "util.uuid".generate;

  5. local new_sasl = require "util.sasl".new;

  6. local sasl = require "util.sasl";

  7. local formdecode = require "util.http".formdecode;

  8. local token_util = module:require "token/util";

  9. 

  10. -- define auth provider

  11. local provider = {};

  12. 

  13. local host = module.host;

  14. 

  15. local appId = module:get_option_string("app_id");

  16. local appSecret = module:get_option_string("app_secret");

  17. local allowEmptyToken = module:get_option_boolean("allow_empty_token");

  18. local disableRoomNameConstraints = module:get_option_boolean("disable_room_name_constraints");

  19. 

  20. if allowEmptyToken == true then

  21. 	module:log("warn", "WARNING - empty tokens allowed");

  22. end

  23. 

  24. if appId == nil then

  25. 	module:log("error", "'app_id' must not be empty");

  26. 	return;

  27. end

  28. 

  29. if appSecret == nil then

  30. 	module:log("error", "'app_secret' must not be empty");

  31. 	return;

  32. end

  33. 

  34. -- Extract 'token' param from BOSH URL when session is created

  35. module:hook("bosh-session", function(event)

  36. 	local session, request = event.session, event.request;

  37. 	local query = request.url.query;

  38. 	if query ~= nil then

  39. 		session.auth_token = query and formdecode(query).token or nil;

  40. 	end

  41. end)

  42. 

  43. function provider.test_password(username, password)

  44. 	return nil, "Password based auth not supported";

  45. end

  46. 

  47. function provider.get_password(username)

  48. 	return nil;

  49. end

  50. 

  51. function provider.set_password(username, password)

  52. 	return nil, "Set password not supported";

  53. end

  54. 

  55. function provider.user_exists(username)

  56. 	return nil;

  57. end

  58. 

  59. function provider.create_user(username, password)

  60. 	return nil;

  61. end

  62. 

  63. function provider.delete_user(username)

  64. 	return nil;

  65. end

  66. 

  67. function provider.get_sasl_handler(session)

  68. 	-- JWT token extracted from BOSH URL

  69. 	local token = session.auth_token;

  70. 

  71. 	local function get_username_from_token(self, message)

  72. 

  73. 		if token == nil then

  74. 			if allowEmptyToken == true then

  75. 				return true;

  76. 			else

  77. 				return false, "not-allowed", "token required";

  78. 			end

  79. 		end

  80. 

  81. 		-- here we check if 'room' claim exists

  82. 		local room, roomErr = token_util.get_room_name(token, appSecret);

  83. 		if room == nil and disableRoomNameConstraints ~= true then

  84.             if roomErr == nil then

  85.                 roomErr = "'room' claim is missing";

  86.             end

  87. 			return false, "not-allowed", roomErr;

  88. 		end

  89. 

  90. 		-- now verify the whole token

  91. 		local result, msg

  92. 		= token_util.verify_token(token, appId, appSecret, room, disableRoomNameConstraints);

  93. 		if result == true then

  94. 			-- Binds room name to the session which is later checked on MUC join

  95. 			session.jitsi_meet_room = room;

  96. 			return true

  97. 		else

  98. 			return false, "not-allowed", msg

  99. 		end

  100. 	end

  101. 

  102. 	return new_sasl(host, { anonymous = get_username_from_token });

  103. end

  104. 

  105. module:provides("auth", provider);

  106. 

  107. local function anonymous(self, message)

  108. 

  109. 	local username = generate_uuid();

  110. 

  111. 	-- This calls the handler created in 'provider.get_sasl_handler(session)'

  112. 	local result, err, msg = self.profile.anonymous(self, username, self.realm);

  113. 

  114. 	self.username = username;

  115. 

  116. 	if result == true then

  117. 		return "success"

  118. 	else

  119. 

  120. 		return "failure", err, msg

  121. 	end

  122. end

  123. 

  124. sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);