aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-03-02 15:22:12 +0000
committerMatthew Wild <mwild1@gmail.com>2022-03-02 15:22:12 +0000
commit0fe2f4a5270b7980cb25ec19a75441ebe994fa55 (patch)
tree3d9ebaf49db50ce410a5226b3fb574857356d5aa
parentaf95bb77e6932b17c1ad1e3f334595e52113d142 (diff)
downloadprosody-0fe2f4a5270b7980cb25ec19a75441ebe994fa55.tar.gz
prosody-0fe2f4a5270b7980cb25ec19a75441ebe994fa55.zip
util.prosodyctl: Warn about enabled public registration in 'check config'
-rw-r--r--util/prosodyctl/check.lua28
1 files changed, 28 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index b4e38056..09d787ec 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -403,6 +403,34 @@ local function check(arg)
ok = false;
end
+ do
+ local global_modules = set.new(config["*"].modules_enabled);
+ local registration_enabled_hosts = {};
+ for host in enabled_hosts() do
+ local host_modules = set.new(config[host].modules_enabled) + global_modules;
+ local allow_registration = config[host].allow_registration;
+ local mod_register = host_modules:contains("register");
+ local mod_register_ibr = host_modules:contains("register_ibr");
+ local mod_invites_register = host_modules:contains("invites_register");
+ local registration_invite_only = config[host].registration_invite_only;
+ local is_vhost = not config[host].component_module;
+ if is_vhost and (mod_register_ibr or (mod_register and allow_registration))
+ and not (mod_invites_register and registration_invite_only) then
+ table.insert(registration_enabled_hosts, host);
+ end
+ end
+ if #registration_enabled_hosts > 0 then
+ table.sort(registration_enabled_hosts);
+ print("");
+ print(" Public registration is enabled on:");
+ print(" "..table.concat(registration_enabled_hosts, ", "));
+ print("");
+ print(" If this is intentional, review our guidelines on running a public server");
+ print(" at https://prosody.im/doc/public_servers - otherwise, consider switching to");
+ print(" invite-based registration, which is more secure.");
+ end
+ end
+
print("Done.\n");
end
if not what or what == "dns" then