"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-5186/resources/prosody-plugins/mod_token_verification.lua" (30 Jul 2021, 4074 Bytes) of package /linux/misc/jitsi-meet-5186.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Lua source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 -- Token authentication
    2 -- Copyright (C) 2015 Atlassian
    3 
    4 local log = module._log;
    5 local host = module.host;
    6 local st = require "util.stanza";
    7 local um_is_admin = require "core.usermanager".is_admin;
    8 
    9 
   10 local function is_admin(jid)
   11     return um_is_admin(jid, host);
   12 end
   13 
   14 local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();
   15 if parentHostName == nil then
   16     log("error", "Failed to start - unable to get parent hostname");
   17     return;
   18 end
   19 
   20 local parentCtx = module:context(parentHostName);
   21 if parentCtx == nil then
   22     log("error",
   23         "Failed to start - unable to get parent context for host: %s",
   24         tostring(parentHostName));
   25     return;
   26 end
   27 
   28 local token_util = module:require "token/util".new(parentCtx);
   29 
   30 -- no token configuration
   31 if token_util == nil then
   32     return;
   33 end
   34 
   35 log("debug",
   36     "%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",
   37     tostring(host), tostring(token_util.appId), tostring(token_util.appSecret),
   38     tostring(token_util.allowEmptyToken));
   39 
   40 -- option to disable room modification (sending muc config form) for guest that do not provide token
   41 local require_token_for_moderation;
   42 local function load_config()
   43     require_token_for_moderation = module:get_option_boolean("token_verification_require_token_for_moderation");
   44 end
   45 load_config();
   46 
   47 -- verify user and whether he is allowed to join a room based on the token information
   48 local function verify_user(session, stanza)
   49     log("debug", "Session token: %s, session room: %s",
   50         tostring(session.auth_token),
   51         tostring(session.jitsi_meet_room));
   52 
   53     -- token not required for admin users
   54     local user_jid = stanza.attr.from;
   55     if is_admin(user_jid) then
   56         log("debug", "Token not required from admin user: %s", user_jid);
   57         return true;
   58     end
   59 
   60     log("debug",
   61         "Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);
   62     if not token_util:verify_room(session, stanza.attr.to) then
   63         log("error", "Token %s not allowed to join: %s",
   64             tostring(session.auth_token), tostring(stanza.attr.to));
   65         session.send(
   66             st.error_reply(
   67                 stanza, "cancel", "not-allowed", "Room and token mismatched"));
   68         return false; -- we need to just return non nil
   69     end
   70     log("debug",
   71         "allowed: %s to enter/create room: %s", user_jid, stanza.attr.to);
   72     return true;
   73 end
   74 
   75 module:hook("muc-room-pre-create", function(event)
   76     local origin, stanza = event.origin, event.stanza;
   77     log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));
   78     if not verify_user(origin, stanza) then
   79         return true; -- Returning any value other than nil will halt processing of the event
   80     end
   81 end);
   82 
   83 module:hook("muc-occupant-pre-join", function(event)
   84     local origin, room, stanza = event.origin, event.room, event.stanza;
   85     log("debug", "pre join: %s %s", tostring(room), tostring(stanza));
   86     if not verify_user(origin, stanza) then
   87         return true; -- Returning any value other than nil will halt processing of the event
   88     end
   89 end);
   90 
   91 for event_name, method in pairs {
   92     -- Normal room interactions
   93     ["iq-set/bare/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;
   94     -- Host room
   95     ["iq-set/host/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;
   96 } do
   97     module:hook(event_name, function (event)
   98         local session, stanza = event.origin, event.stanza;
   99 
  100         -- if we do not require token we pass it through(default behaviour)
  101         -- or the request is coming from admin (focus)
  102         if not require_token_for_moderation or is_admin(stanza.attr.from) then
  103             return;
  104         end
  105 
  106         -- jitsi_meet_room is set after the token had been verified
  107         if not session.auth_token or not session.jitsi_meet_room then
  108             session.send(
  109                 st.error_reply(
  110                     stanza, "cancel", "not-allowed", "Room modification disabled for guests"));
  111             return true;
  112         end
  113 
  114     end, -1);  -- the default prosody hook is on -2
  115 end
  116 
  117 module:hook_global('config-reloaded', load_config);