jiti-meet/resources/prosody-plugins/mod_muc_allowners.lua

local jid = require "util.jid";
local um_is_admin = require "core.usermanager".is_admin;
local is_healthcheck_room = module:require "util".is_healthcheck_room;

local moderated_subdomains;
local moderated_rooms;

local function load_config()
    moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {})
    moderated_rooms = module:get_option_set("allowners_moderated_rooms", {})
end
load_config();

local function is_admin(jid)
    return um_is_admin(jid, module.host);
end

-- Checks whether the jid is moderated, the room name is in moderated_rooms
-- or if the subdomain is in the moderated_subdomains
-- @return returns on of the:
--      -> false
--      -> true, room_name, subdomain
--      -> true, room_name, nil (if no subdomain is used for the room)
local function is_moderated(room_jid)
    local room_node = jid.node(room_jid);
    -- parses bare room address, for multidomain expected format is:
    -- [subdomain]roomName@conference.domain
    local target_subdomain, target_room_name = room_node:match("^%[([^%]]+)%](.+)$");

    if target_subdomain then
        if moderated_subdomains:contains(target_subdomain) then
            return true, target_room_name, target_subdomain;
        end
    elseif moderated_rooms:contains(room_node) then
        return true, room_node, nil;
    end

    return false;
end

module:hook("muc-occupant-joined", function (event)
    local room, occupant = event.room, event.occupant;

    if is_healthcheck_room(room.jid) or is_admin(occupant.jid) then
        return;
    end

    local moderated, room_name, subdomain = is_moderated(room.jid);
    if moderated then
        local session = event.origin;
        local token = session.auth_token;

        if not token then
            module:log('debug', 'skip allowners for non-auth user subdomain:%s room_name:%s', subdomain, room_name);
            return;
        end

        if not (room_name == session.jitsi_meet_room) then
            module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s', room_name, session.jitsi_meet_room);
            return;
        end

        if not (subdomain == session.jitsi_meet_context_group) then
            module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s', subdomain, session.jitsi_meet_context_group);
            return;
        end
    end

    room:set_affiliation(true, occupant.bare_jid, "owner");
end, 2);

module:hook("muc-occupant-left", function (event)
    local room, occupant = event.room, event.occupant;

    if is_healthcheck_room(room.jid) then
        return;
    end

    room:set_affiliation(true, occupant.bare_jid, nil);
end, 2);

module:hook_global('config-reloaded', load_config);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins. 2020-06-05 12:57:49 +00:00			`local jid = require "util.jid";`
			`local um_is_admin = require "core.usermanager".is_admin;`
Initial Lobby backend implementation. 2020-04-30 21:26:58 +00:00			`local is_healthcheck_room = module:require "util".is_healthcheck_room;`
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other 2017-02-03 17:41:08 +00:00
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins. 2020-06-05 12:57:49 +00:00			`local moderated_subdomains;`
			`local moderated_rooms;`

			`local function load_config()`
			`moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {})`
			`moderated_rooms = module:get_option_set("allowners_moderated_rooms", {})`
			`end`
			`load_config();`

			`local function is_admin(jid)`
			`return um_is_admin(jid, module.host);`
			`end`

			`-- Checks whether the jid is moderated, the room name is in moderated_rooms`
			`-- or if the subdomain is in the moderated_subdomains`
			`-- @return returns on of the:`
			`-- -> false`
			`-- -> true, room_name, subdomain`
			`-- -> true, room_name, nil (if no subdomain is used for the room)`
			`local function is_moderated(room_jid)`
			`local room_node = jid.node(room_jid);`
			`-- parses bare room address, for multidomain expected format is:`
			`-- [subdomain]roomName@conference.domain`
			`local target_subdomain, target_room_name = room_node:match("^%[([^%]]+)%](.+)$");`

			`if target_subdomain then`
			`if moderated_subdomains:contains(target_subdomain) then`
			`return true, target_room_name, target_subdomain;`
			`end`
			`elseif moderated_rooms:contains(room_node) then`
			`return true, room_node, nil;`
			`end`

			`return false;`
			`end`

Initial Lobby backend implementation. 2020-04-30 21:26:58 +00:00			`module:hook("muc-occupant-joined", function (event)`
			`local room, occupant = event.room, event.occupant;`
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other 2017-02-03 17:41:08 +00:00
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins. 2020-06-05 12:57:49 +00:00			`if is_healthcheck_room(room.jid) or is_admin(occupant.jid) then`
Initial Lobby backend implementation. 2020-04-30 21:26:58 +00:00			`return;`
			`end`
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other 2017-02-03 17:41:08 +00:00
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins. 2020-06-05 12:57:49 +00:00			`local moderated, room_name, subdomain = is_moderated(room.jid);`
			`if moderated then`
			`local session = event.origin;`
			`local token = session.auth_token;`

			`if not token then`
			`module:log('debug', 'skip allowners for non-auth user subdomain:%s room_name:%s', subdomain, room_name);`
			`return;`
			`end`

			`if not (room_name == session.jitsi_meet_room) then`
			`module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s', room_name, session.jitsi_meet_room);`
			`return;`
			`end`

			`if not (subdomain == session.jitsi_meet_context_group) then`
			`module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s', subdomain, session.jitsi_meet_context_group);`
			`return;`
			`end`
			`end`

Initial Lobby backend implementation. 2020-04-30 21:26:58 +00:00			`room:set_affiliation(true, occupant.bare_jid, "owner");`
			`end, 2);`

			`module:hook("muc-occupant-left", function (event)`
			`local room, occupant = event.room, event.occupant;`

ref: Make is_healthcheck_room more generic. 2020-05-12 21:40:39 +00:00			`if is_healthcheck_room(room.jid) then`
Initial Lobby backend implementation. 2020-04-30 21:26:58 +00:00			`return;`
			`end`

			`room:set_affiliation(true, occupant.bare_jid, nil);`
			`end, 2);`
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins. 2020-06-05 12:57:49 +00:00
			`module:hook_global('config-reloaded', load_config);`