haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jiti-meet/resources/prosody-plugins/mod_muc_allowners.lua

185 lines
6.6 KiB
Lua
Raw Normal View History

feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
local filters = require 'util.filters';
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local jid = require "util.jid";
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
local jid_bare = require "util.jid".bare;
fix: Fixes lobby when allowners is enabled.
2021-03-25 18:18:19 +00:00
local jid_host = require "util.jid".host;
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
local st = require "util.stanza";
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local um_is_admin = require "core.usermanager".is_admin;
fix: Optimizes hot paths in prosody modules, string comparisons.
2020-11-05 20:30:06 +00:00
local util = module:require "util";
local is_healthcheck_room = util.is_healthcheck_room;
local extract_subdomain = util.extract_subdomain;
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
local get_room_from_jid = util.get_room_from_jid;
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
local presence_check_status = util.presence_check_status;
local MUC_NS = 'http://jabber.org/protocol/muc';
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other
2017-02-03 17:41:08 +00:00
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local moderated_subdomains;
local moderated_rooms;
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
local disable_revoke_owners;
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local function load_config()
moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {})
moderated_rooms = module:get_option_set("allowners_moderated_rooms", {})
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
disable_revoke_owners = module:get_option_boolean("allowners_disable_revoke_owners", false);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
end
load_config();
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
local function is_admin(_jid)
return um_is_admin(_jid, module.host);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
end
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
-- List of the bare_jids of all occupants that are currently joining (went through pre-join) and will be promoted
-- as moderators. As pre-join (where added) and joined event (where removed) happen one after another this list should
-- have length of 1
local joining_moderator_participants = {};
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
-- Checks whether the jid is moderated, the room name is in moderated_rooms
-- or if the subdomain is in the moderated_subdomains
-- @return returns on of the:
-- -> false
-- -> true, room_name, subdomain
-- -> true, room_name, nil (if no subdomain is used for the room)
local function is_moderated(room_jid)
fix: Fix module allowners and moderated rooms.
2020-11-10 16:06:13 +00:00
if moderated_subdomains:empty() and moderated_rooms:empty() then
fix: Optimizes hot paths in prosody modules, string comparisons.
2020-11-05 20:30:06 +00:00
return false;
end
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local room_node = jid.node(room_jid);
-- parses bare room address, for multidomain expected format is:
-- [subdomain]roomName@conference.domain
fix: Optimizes hot paths in prosody modules, string comparisons.
2020-11-05 20:30:06 +00:00
local target_subdomain, target_room_name = extract_subdomain(room_node);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
if target_subdomain then
if moderated_subdomains:contains(target_subdomain) then
return true, target_room_name, target_subdomain;
end
elseif moderated_rooms:contains(room_node) then
return true, room_node, nil;
end
return false;
end
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
module:hook("muc-occupant-pre-join", function (event)
Initial Lobby backend implementation.
2020-04-30 21:26:58 +00:00
local room, occupant = event.room, event.occupant;
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other
2017-02-03 17:41:08 +00:00
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
if is_healthcheck_room(room.jid) or is_admin(occupant.bare_jid) then
Initial Lobby backend implementation.
2020-04-30 21:26:58 +00:00
return;
end
Added a prosody plugin for making all users into muc owners in prosody Included a patch to prosody-trunk which allows owners to kick each other
2017-02-03 17:41:08 +00:00
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
local moderated, room_name, subdomain = is_moderated(room.jid);
if moderated then
local session = event.origin;
local token = session.auth_token;
if not token then
module:log('debug', 'skip allowners for non-auth user subdomain:%s room_name:%s', subdomain, room_name);
return;
end
feat: Allow star for room in moderated tenants.
2021-01-28 21:50:33 +00:00
if not (room_name == session.jitsi_meet_room or session.jitsi_meet_room == '*') then
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s',
room_name, session.jitsi_meet_room);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
return;
end
if not (subdomain == session.jitsi_meet_context_group) then
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s',
subdomain, session.jitsi_meet_context_group);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
return;
end
end
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
-- mark this participant that it will be promoted and is currently joining
joining_moderator_participants[occupant.bare_jid] = true;
end, 2);
module:hook("muc-occupant-joined", function (event)
local room, occupant = event.room, event.occupant;
local promote_to_moderator = joining_moderator_participants[occupant.bare_jid];
-- clear it
joining_moderator_participants[occupant.bare_jid] = nil;
if promote_to_moderator ~= nil then
room:set_affiliation(true, occupant.bare_jid, "owner");
end
Initial Lobby backend implementation.
2020-04-30 21:26:58 +00:00
end, 2);
Moderated rooms or subdomains (#6959) * fix: Fixes using token with no user context. * feat(moderated): Adds option to add moderated rooms and subdomains. When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room. * squash: Renames function. * ref: Removes filtering jicofo setting owners. This will be disabled on jicofo side and will greatly simplify logic. Also check the checks to avoid jwt for main domain to access subdomains and the other way around. * fix: Skips allowners logic for admins.
2020-06-05 12:57:49 +00:00
module:hook_global('config-reloaded', load_config);
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
-- Filters self-presences to a jid that exist in joining_participants array
-- We want to filter those presences where we send first `participant` and just after it `moderator`
function filter_stanza(stanza)
feat: Fixes filtering not needed presences. We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 18:00:52 +00:00
-- when joining_moderator_participants is empty there is nothing to filter
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
if next(joining_moderator_participants) == nil
or not stanza.attr
or not stanza.attr.to
or stanza.name ~= "presence" then
feat: Fixes filtering not needed presences. We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 18:00:52 +00:00
return stanza;
end
fix: Fixes lobby when allowners is enabled.
2021-03-25 18:18:19 +00:00
-- we want to filter presences only on this host for allowners and skip anything like lobby etc.
local host_from = jid_host(stanza.attr.from);
if host_from ~= module.host then
return stanza;
end
local bare_to = jid_bare(stanza.attr.to);
if stanza:get_error() and joining_moderator_participants[bare_to] then
-- pre-join succeeded but joined did not so we need to clear cache
joining_moderator_participants[bare_to] = nil;
return stanza;
end
feat: Fixes filtering not needed presences. We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 18:00:52 +00:00
local muc_x = stanza:get_child('x', MUC_NS..'#user');
if not muc_x then
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
return stanza;
end
feat: Fixes filtering not needed presences. We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 18:00:52 +00:00
if joining_moderator_participants[bare_to] and presence_check_status(muc_x, '110') then
-- skip the local presence for participant
return nil;
end
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
feat: Fixes filtering not needed presences. We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 18:00:52 +00:00
-- skip sending the 'participant' presences to all other people in the room
for item in muc_x:childtags('item') do
if joining_moderator_participants[jid_bare(item.attr.jid)] then
feat: Move checks for moderator in pre-join and filter extra presences. We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 20:10:59 +00:00
return nil;
end
end
return stanza;
end
function filter_session(session)
-- domain mapper is filtering on default priority 0, and we need it after that
filters.add_filter(session, 'stanzas/out', filter_stanza, -1);
end
-- enable filtering presences
filters.add_filter_hook(filter_session);
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
-- filters any attempt to revoke owner rights on non moderated rooms
function filter_admin_set_query(event)
local origin, stanza = event.origin, event.stanza;
local room_jid = jid_bare(stanza.attr.to);
local room = get_room_from_jid(room_jid);
local item = stanza.tags[1].tags[1];
local _aff = item.attr.affiliation;
-- if it is a moderated room we skip it
if is_moderated(room.jid) then
return nil;
end
fix: Fixes kick when allowners is enabled. Broken after ab18fa7 which disallows the kick as the affiliation attribute is missing in kick iq that is sent.
2021-10-20 05:51:35 +00:00
-- any revoking is disabled, everyone should be owners
if _aff == 'none' or _aff == 'outcast' or _aff == 'member' then
Adds new option to allowners module (#10207) * feat: Adds option to disable owner revoke in allowners module. * squash: Fixes few lua check warnings.
2021-10-19 23:52:16 +00:00
origin.send(st.error_reply(stanza, "auth", "forbidden"));
return true;
end
end
if not disable_revoke_owners then
-- default prosody priority for handling these is -2
module:hook("iq-set/bare/http://jabber.org/protocol/muc#admin:query", filter_admin_set_query, 5);
module:hook("iq-set/host/http://jabber.org/protocol/muc#admin:query", filter_admin_set_query, 5);
end