"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-7693/resources/prosody-plugins/mod_auth_token.lua" (8 Dec 2023, 4600 Bytes) of package /linux/misc/jitsi-meet-7693.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Lua source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. 
    1 -- Token authentication
    2 -- Copyright (C) 2021-present 8x8, Inc.
    3 
    4 local formdecode = require "util.http".formdecode;
    5 local generate_uuid = require "util.uuid".generate;
    6 local new_sasl = require "util.sasl".new;
    7 local sasl = require "util.sasl";
    8 local token_util = module:require "token/util".new(module);
    9 local sessions = prosody.full_sessions;
   10 
   11 -- no token configuration
   12 if token_util == nil then
   13     return;
   14 end
   15 
   16 module:depends("jitsi_session");
   17 
   18 -- define auth provider
   19 local provider = {};
   20 
   21 local host = module.host;
   22 
   23 -- Extract 'token' param from URL when session is created
   24 function init_session(event)
   25     local session, request = event.session, event.request;
   26     local query = request.url.query;
   27 
   28     if query ~= nil then
   29         local params = formdecode(query);
   30 
   31         -- The following fields are filled in the session, by extracting them
   32         -- from the query and no validation is being done.
   33         -- After validating auth_token will be cleaned in case of error and few
   34         -- other fields will be extracted from the token and set in the session
   35 
   36         session.auth_token = query and params.token or nil;
   37     end
   38 end
   39 
   40 module:hook_global("bosh-session", init_session);
   41 module:hook_global("websocket-session", init_session);
   42 
   43 function provider.test_password(username, password)
   44     return nil, "Password based auth not supported";
   45 end
   46 
   47 function provider.get_password(username)
   48     return nil;
   49 end
   50 
   51 function provider.set_password(username, password)
   52     return nil, "Set password not supported";
   53 end
   54 
   55 function provider.user_exists(username)
   56     return nil;
   57 end
   58 
   59 function provider.create_user(username, password)
   60     return nil;
   61 end
   62 
   63 function provider.delete_user(username)
   64     return nil;
   65 end
   66 
   67 function provider.get_sasl_handler(session)
   68 
   69     local function get_username_from_token(self, message)
   70 
   71         -- retrieve custom public key from server and save it on the session
   72         local pre_event_result = prosody.events.fire_event("pre-jitsi-authentication-fetch-key", session);
   73         if pre_event_result ~= nil and pre_event_result.res == false then
   74             module:log("warn",
   75                 "Error verifying token on pre authentication stage:%s, reason:%s", pre_event_result.error, pre_event_result.reason);
   76             session.auth_token = nil;
   77             return pre_event_result.res, pre_event_result.error, pre_event_result.reason;
   78         end
   79 
   80         local res, error, reason = token_util:process_and_verify_token(session);
   81         if res == false then
   82             module:log("warn",
   83                 "Error verifying token err:%s, reason:%s", error, reason);
   84             session.auth_token = nil;
   85             return res, error, reason;
   86         end
   87 
   88         local shouldAllow = prosody.events.fire_event("jitsi-access-ban-check", session);
   89         if shouldAllow == false then
   90             module:log("warn", "user is banned")
   91             return false, "not-allowed", "user is banned";
   92         end
   93 
   94         local customUsername
   95             = prosody.events.fire_event("pre-jitsi-authentication", session);
   96 
   97         if (customUsername) then
   98             self.username = customUsername;
   99         elseif (session.previd ~= nil) then
  100             for _, session1 in pairs(sessions) do
  101                 if (session1.resumption_token == session.previd) then
  102                     self.username = session1.username;
  103                     break;
  104                 end
  105             end
  106         else
  107             self.username = message;
  108         end
  109 
  110         local post_event_result = prosody.events.fire_event("post-jitsi-authentication", session);
  111         if post_event_result ~= nil and post_event_result.res == false then
  112             module:log("warn",
  113                 "Error verifying token on post authentication stage :%s, reason:%s", post_event_result.error, post_event_result.reason);
  114             session.auth_token = nil;
  115             return post_event_result.res, post_event_result.error, post_event_result.reason;
  116         end
  117 
  118         return res;
  119     end
  120 
  121     return new_sasl(host, { anonymous = get_username_from_token });
  122 end
  123 
  124 module:provides("auth", provider);
  125 
  126 local function anonymous(self, message)
  127 
  128     local username = generate_uuid();
  129 
  130     -- This calls the handler created in 'provider.get_sasl_handler(session)'
  131     local result, err, msg = self.profile.anonymous(self, username, self.realm);
  132 
  133     if result == true then
  134         if (self.username == nil) then
  135             self.username = username;
  136         end
  137         return "success";
  138     else
  139         return "failure", err, msg;
  140     end
  141     end
  142 
  143 sasl.registerMechanism("ANONYMOUS", {"anonymous"}, anonymous);