mod_http_file_share: Add basic access control

Partly lifted from mod_external_services
author: Kim Alvefur <zash@zash.se> 2021-01-26 14:39:11 +0100
committer: Kim Alvefur <zash@zash.se> 2021-01-26 14:39:11 +0100
commit: 112b174e2d4449c81ad51acad7db7a8057e95ab9 (patch)
tree: 5a9256c8b6d5e5d5d03c02de03b9afe074d383c3 /plugins/mod_http_file_share.lua
parent: c26e8b48981a515b9b0b081f37a8412f9558c894 (diff)
download: prosody-112b174e2d4449c81ad51acad7db7a8057e95ab9.tar.gz
prosody-112b174e2d4449c81ad51acad7db7a8057e95ab9.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index c6091bd0..8f230ef4 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -28,12 +28,18 @@ local uploads = module:open_store("uploads", "archive");
 local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
 local external_base_url = module:get_option_string(module.name .. "_base_url");
 
+local access = module:get_option_set(module.name .. "_access", {});
+
 if not external_base_url then
 	module:depends("http");
 end
 
 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
-	-- TODO authz
+	local uploader_host = jid.host(uploader);
+	if not ((access:empty() and prosody.hosts[uploader_host]) or access:contains(uploader) or access:contains(uploader_host)) then
+		return false;
+	end
+
 	return true;
 end
author	Kim Alvefur <zash@zash.se>	2021-01-26 14:39:11 +0100
committer	Kim Alvefur <zash@zash.se>	2021-01-26 14:39:11 +0100
commit	112b174e2d4449c81ad51acad7db7a8057e95ab9 (patch)
tree	5a9256c8b6d5e5d5d03c02de03b9afe074d383c3 /plugins/mod_http_file_share.lua
parent	c26e8b48981a515b9b0b081f37a8412f9558c894 (diff)
download	prosody-112b174e2d4449c81ad51acad7db7a8057e95ab9.tar.gz prosody-112b174e2d4449c81ad51acad7db7a8057e95ab9.zip