jiti-meet/resources/prosody-plugins/mod_token_verification.lua

-- Token authentication
-- Copyright (C) 2015 Atlassian

local log = module._log;
local host = module.host;
local st = require "util.stanza";
local is_admin = require "core.usermanager".is_admin;


local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();
if parentHostName == nil then
	log("error", "Failed to start - unable to get parent hostname");
	return;
end

local parentCtx = module:context(parentHostName);
if parentCtx == nil then
	log("error",
		"Failed to start - unable to get parent context for host: %s",
		tostring(parentHostName));
	return;
end

local token_util = module:require "token/util".new(parentCtx);

-- no token configuration
if token_util == nil then
    return;
end

log("debug",
	"%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",
	tostring(host), tostring(token_util.appId), tostring(token_util.appSecret),
	tostring(token_util.allowEmptyToken));

local function verify_user(session, stanza)
	log("debug", "Session token: %s, session room: %s",
		tostring(session.auth_token),
		tostring(session.jitsi_meet_room));

	-- token not required for admin users
	local user_jid = stanza.attr.from;
	if is_admin(user_jid) then
		log("debug", "Token not required from admin user: %s", user_jid);
		return nil;
	end

    log("debug",
        "Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);
    if not token_util:verify_room(session, stanza.attr.to) then
        log("error", "Token %s not allowed to join: %s",
            tostring(session.auth_token), tostring(stanza.attr.to));
        session.send(
            st.error_reply(
                stanza, "cancel", "not-allowed", "Room and token mismatched"));
        return false; -- we need to just return non nil
    end
	log("debug",
        "allowed: %s to enter/create room: %s", user_jid, stanza.attr.to);
end

module:hook("muc-room-pre-create", function(event)
	local origin, stanza = event.origin, event.stanza;
	log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));
	return verify_user(origin, stanza);
end);

module:hook("muc-occupant-pre-join", function(event)
	local origin, room, stanza = event.origin, event.room, event.stanza;
	log("debug", "pre join: %s %s", tostring(room), tostring(stanza));
	return verify_user(origin, stanza);
end);
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`-- Token authentication`
			`-- Copyright (C) 2015 Atlassian`

			`local log = module._log;`
			`local host = module.host;`
			`local st = require "util.stanza";`
			`local is_admin = require "core.usermanager".is_admin;`


			`local parentHostName = string.gmatch(tostring(host), "%w+.(%w.+)")();`
			`if parentHostName == nil then`
			`log("error", "Failed to start - unable to get parent hostname");`
			`return;`
			`end`

			`local parentCtx = module:context(parentHostName);`
			`if parentCtx == nil then`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("error",`
			`"Failed to start - unable to get parent context for host: %s",`
			`tostring(parentHostName));`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`return;`
			`end`

Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00			`local token_util = module:require "token/util".new(parentCtx);`

			`-- no token configuration`
			`if token_util == nil then`
			`return;`
			`end`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`log("debug",`
			`"%s - starting MUC token verifier app_id: %s app_secret: %s allow empty: %s",`
Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00			`tostring(host), tostring(token_util.appId), tostring(token_util.appSecret),`
			`tostring(token_util.allowEmptyToken));`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local function verify_user(session, stanza)`
			`log("debug", "Session token: %s, session room: %s",`
			`tostring(session.auth_token),`
			`tostring(session.jitsi_meet_room));`
Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`-- token not required for admin users`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`local user_jid = stanza.attr.from;`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`if is_admin(user_jid) then`
			`log("debug", "Token not required from admin user: %s", user_jid);`
			`return nil;`
			`end`
Uses JWT for token generation in prosody plugin. 2015-11-18 18:49:36 +00:00
Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00			`log("debug",`
			`"Will verify token for user: %s, room: %s ", user_jid, stanza.attr.to);`
			`if not token_util:verify_room(session, stanza.attr.to) then`
			`log("error", "Token %s not allowed to join: %s",`
Handles '' as room name in jwt. Allows '' in jwt to allow connecting to any room. 2017-06-20 18:48:47 +00:00			`tostring(session.auth_token), tostring(stanza.attr.to));`
Moves token related code into util so it can be reused. 2017-05-03 21:48:49 +00:00			`session.send(`
			`st.error_reply(`
			`stanza, "cancel", "not-allowed", "Room and token mismatched"));`
			`return false; -- we need to just return non nil`
			`end`
			`log("debug",`
			`"allowed: %s to enter/create room: %s", user_jid, stanza.attr.to);`
Adds Prosody plugin for token authentication. 2015-11-02 21:02:50 +00:00			`end`

New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 18:51:43 +00:00			`module:hook("muc-room-pre-create", function(event)`
			`local origin, stanza = event.origin, event.stanza;`
			`log("debug", "pre create: %s %s", tostring(origin), tostring(stanza));`
			`return verify_user(origin, stanza);`
			`end);`

			`module:hook("muc-occupant-pre-join", function(event)`
			`local origin, room, stanza = event.origin, event.room, event.stanza;`
			`log("debug", "pre join: %s %s", tostring(room), tostring(stanza));`
			`return verify_user(origin, stanza);`
			`end);`