jiti-meet/resources/prosody-plugins/mod_token_verification.lua

-- Token authentication
-- Copyright (C) 2015 Atlassian

local log = module._log;
local host = module.host;
local st = require "util.stanza";
local is_admin = require "core.usermanager".is_admin;


local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();
if parentHostName == nil then
	log("error", "Failed to start - unable to get parent hostname");
	return;
end

local parentCtx = module:context(parentHostName);
if parentCtx == nil then
	log("error",
		"Failed to start - unable to get parent context for host: %s",
		tostring(parentHostName));
	return;
end

local appId = parentCtx:get_option_string("app_id");
local appSecret = parentCtx:get_option_string("app_secret");
local allowEmptyToken = parentCtx:get_option_boolean("allow_empty_token");
local disableRoomNameConstraints = parentCtx:get_option_boolean("disable_room_name_constraints")

log("debug",
	"%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",
	tostring(host), tostring(appId), tostring(appSecret),
	tostring(allowEmptyToken));

local function verify_user(session, stanza)
	log("debug", "Session token: %s, session room: %s",
		tostring(session.auth_token),
		tostring(session.jitsi_meet_room));

	-- token not required for admin users
	local user_jid = stanza.attr.from;
	if is_admin(user_jid) then
		log("debug", "Token not required from admin user: %s", user_jid);
		return nil;
	end

	if allowEmptyToken and session.auth_token == nil then
		module:log(
			"debug",
			"Skipped room token verification - empty tokens are allowed");
		return nil;
	end

	local room = string.match(stanza.attr.to, "^(%w+)@");
	log("debug", "Will verify token for user: %s, room: %s ", user_jid, room);
	if room == nil then
		log("error",
			"Unable to get name of the MUC room ? to: %s", stanza.attr.to);
		return nil;
	end

	local token = session.auth_token;
	local auth_room = session.jitsi_meet_room;
	if disableRoomNameConstraints ~= true and room ~= string.lower(auth_room) then
		log("error", "Token %s not allowed to join: %s",
			tostring(token), tostring(auth_room));
		session.send(
			st.error_reply(
				stanza, "cancel", "not-allowed", "Room and token mismatched"));
		return true;
	end
	log("debug", "allowed: %s to enter/create room: %s", user_jid, room);
end

module:hook("muc-room-pre-create", function(event)
	local origin, stanza = event.origin, event.stanza;
	log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));
	return verify_user(origin, stanza);
end);

module:hook("muc-occupant-pre-join", function(event)
	local origin, room, stanza = event.origin, event.room, event.stanza;
	log("debug", "pre join: %s %s", tostring(room), tostring(stanza));
	return verify_user(origin, stanza);
end);
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`-- Token authentication`
			`-- Copyright (C) 2015 Atlassian`

			`local log = module._log;`
			`local host = module.host;`
			`local st = require "util.stanza";`
			`local is_admin = require "core.usermanager".is_admin;`


			`local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();`
			`if parentHostName == nil then`
			`log("error", "Failed to start - unable to get parent hostname");`
			`return;`
			`end`

			`local parentCtx = module:context(parentHostName);`
			`if parentCtx == nil then`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("error",`
			`"Failed to start - unable to get parent context for host: %s",`
			`tostring(parentHostName));`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`return;`
			`end`

			`local appId = parentCtx:get_option_string("app_id");`
			`local appSecret = parentCtx:get_option_string("app_secret");`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local allowEmptyToken = parentCtx:get_option_boolean("allow_empty_token");`
JWT client support 2016-06-13 21:11:44 +00:00			`local disableRoomNameConstraints = parentCtx:get_option_boolean("disable_room_name_constraints")`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("debug",`
			`"%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",`
			`tostring(host), tostring(appId), tostring(appSecret),`
			`tostring(allowEmptyToken));`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local function verify_user(session, stanza)`
			`log("debug", "Session token: %s, session room: %s",`
			`tostring(session.auth_token),`
			`tostring(session.jitsi_meet_room));`
Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`-- token not required for admin users`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local user_jid = stanza.attr.from;`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`if is_admin(user_jid) then`
			`log("debug", "Token not required from admin user: %s", user_jid);`
			`return nil;`
			`end`
Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00
JWT client support 2016-06-13 21:11:44 +00:00			`if allowEmptyToken and session.auth_token == nil then`
			`module:log(`
			`"debug",`
			`"Skipped room token verification - empty tokens are allowed");`
			`return nil;`
			`end`

Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00			`local room = string.match(stanza.attr.to, "^(%w+)@");`
			`log("debug", "Will verify token for user: %s, room: %s ", user_jid, room);`
			`if room == nil then`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("error",`
			`"Unable to get name of the MUC room ? to: %s", stanza.attr.to);`
Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00			`return nil;`
			`end`

New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local token = session.auth_token;`
			`local auth_room = session.jitsi_meet_room;`
Updates tokens room name verification to be case insensitive. Room names used inside prosody are all lower case, when verify with room name from token make sure we use the room name in lower case. 2016-09-28 16:29:59 +00:00			`if disableRoomNameConstraints ~= true and room ~= string.lower(auth_room) then`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("error", "Token %s not allowed to join: %s",`
			`tostring(token), tostring(auth_room));`
			`session.send(`
			`st.error_reply(`
			`stanza, "cancel", "not-allowed", "Room and token mismatched"));`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`return true;`
			`end`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("debug", "allowed: %s to enter/create room: %s", user_jid, room);`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`end`

New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`module:hook("muc-room-pre-create", function(event)`
			`local origin, stanza = event.origin, event.stanza;`
			`log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));`
			`return verify_user(origin, stanza);`
			`end);`

			`module:hook("muc-occupant-pre-join", function(event)`
			`local origin, room, stanza = event.origin, event.room, event.stanza;`
			`log("debug", "pre join: %s %s", tostring(room), tostring(stanza));`
			`return verify_user(origin, stanza);`
			`end);`