jiti-meet/prosody-plugins/mod_token_verification.lua

-- Token authentication
-- Copyright (C) 2015 Atlassian

local log = module._log;
local host = module.host;
local st = require "util.stanza";
local token_util = module:require("token/util");
local is_admin = require "core.usermanager".is_admin;


local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();
if parentHostName == nil then
	log("error", "Failed to start - unable to get parent hostname");
	return;
end

local parentCtx = module:context(parentHostName);
if parentCtx == nil then
	log("error", "Failed to start - unable to get parent context for host: %s", tostring(parentHostName));
	return;
end

local appId = parentCtx:get_option_string("app_id");
local appSecret = parentCtx:get_option_string("app_secret");

log("debug", "%s - starting MUC token verifier app_id: %s app_secret: %s",
	tostring(host), tostring(appId), tostring(appSecret));

local function handle_pre_create(event)

	local origin, stanza = event.origin, event.stanza;	
	local token = stanza:get_child("token", "http://jitsi.org/jitmeet/auth-token");

	-- token not required for admin users
	local user_jid = stanza.attr.from;	
	if is_admin(user_jid) then
		log("debug", "Token not required from admin user: %s", user_jid);
		return nil;
	end

	local room = string.match(stanza.attr.to, "^(%w+)@");
	log("debug", "Will verify token for user: %s, room: %s ", user_jid, room);
	if room == nil then
		log("error", "Unable to get name of the MUC room ? to: %s", stanza.attr.to);
		return nil;
	end

	if token ~= nil then
		token = token[1];
	end

	local result, msg = token_util.verify_password(token, appId, appSecret, room);
	if result ~= true then
		log("debug", "Token verification failed: %s", msg);
		origin.send(st.error_reply(stanza, "cancel", "not-allowed", msg));
		return true;
	end
end

module:hook("muc-room-pre-create", handle_pre_create);