From 6fbba52c6d93cf5566cd111851b1efb925ba2094 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Fri, 19 Jun 2020 14:50:31 -0500
Subject: [PATCH] feat: Adds a new option to disable lobby for guests. (#7094)

* feat: Adds a new option to disable lobby for guests.

* squash: Rename config option.

* squash: Comment update.
---
 .../mod_token_verification.lua                | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/resources/prosody-plugins/mod_token_verification.lua b/resources/prosody-plugins/mod_token_verification.lua
index 1c75441e3..b9e459ba6 100644
--- a/resources/prosody-plugins/mod_token_verification.lua
+++ b/resources/prosody-plugins/mod_token_verification.lua
@@ -33,6 +33,13 @@ log("debug",
 	tostring(host), tostring(token_util.appId), tostring(token_util.appSecret),
 	tostring(token_util.allowEmptyToken));
 
+-- option to disable room modification (sending muc config form) for guest that do not provide token
+local require_token_for_moderation;
+local function load_config()
+    require_token_for_moderation = module:get_option_boolean("token_verification_require_token_for_moderation");
+end
+load_config();
+
 local function verify_user(session, stanza)
 	log("debug", "Session token: %s, session room: %s",
 		tostring(session.auth_token),
@@ -70,3 +77,30 @@ module:hook("muc-occupant-pre-join", function(event)
 	log("debug", "pre join: %s %s", tostring(room), tostring(stanza));
 	return verify_user(origin, stanza);
 end);
+
+for event_name, method in pairs {
+    -- Normal room interactions
+    ["iq-set/bare/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;
+    -- Host room
+    ["iq-set/host/http://jabber.org/protocol/muc#owner:query"] = "handle_owner_query_set_to_room" ;
+} do
+    module:hook(event_name, function (event)
+        local session, stanza = event.origin, event.stanza;
+
+        -- if we do not require token we pass it through(default behaviour)
+        -- or the request is coming from admin (focus)
+        if not require_token_for_moderation or is_admin(stanza.attr.from) then
+            return;
+        end
+
+        if not session.auth_token then
+            session.send(
+                st.error_reply(
+                    stanza, "cancel", "not-allowed", "Room modification disabled for guests"));
+            return true;
+        end
+
+    end, -1);  -- the default prosody hook is on -2
+end
+
+module:hook_global('config-reloaded', load_config);