diff options
| -rw-r--r-- | .semgrep.yml | 9 | ||||
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | core/certmanager.lua | 4 | ||||
| -rw-r--r-- | core/modulemanager.lua | 1 | ||||
| -rw-r--r-- | core/usermanager.lua | 2 | ||||
| -rw-r--r-- | doc/doap.xml | 10 | ||||
| -rw-r--r-- | net/httpserver.lua | 17 | ||||
| -rw-r--r-- | plugins/mod_account_activity.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_admin_shell.lua | 55 | ||||
| -rw-r--r-- | plugins/mod_authz_internal.lua | 15 | ||||
| -rw-r--r-- | plugins/mod_cloud_notify.lua | 14 | ||||
| -rw-r--r-- | plugins/mod_cron.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_http_file_share.lua | 1 | ||||
| -rw-r--r-- | plugins/mod_invites.lua | 162 | ||||
| -rw-r--r-- | plugins/mod_presence.lua | 12 | ||||
| -rw-r--r-- | plugins/mod_s2s.lua | 8 | ||||
| -rw-r--r-- | plugins/muc/hats.lib.lua | 2 | ||||
| -rw-r--r-- | prosody.cfg.lua.dist | 6 | ||||
| -rw-r--r-- | util/prosodyctl/check.lua | 250 |
19 files changed, 503 insertions, 71 deletions
diff --git a/.semgrep.yml b/.semgrep.yml index 22bfcfea..c475859d 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -28,3 +28,12 @@ rules: message: Use :get_text() to read text, or pass a value here to add text severity: WARNING languages: [lua] +- id: require-unprefixed-module + patterns: + - pattern: require("$X") + - metavariable-regex: + metavariable: $X + regex: '^(core|net|util)\.' + message: Prefix required module path with 'prosody.' + severity: ERROR + languages: [lua] @@ -11,6 +11,7 @@ TRUNK - Add 'watch log' command to follow live debug logs at runtime (even if disabled) - mod_announce: Add shell commands to send messages to all users, online users, or limited by roles - New mod_account_activity plugin records last login/logout time of a user account +- New 'prosodyctl check features' recommends configuration improvements ### Networking @@ -82,6 +83,7 @@ TRUNK - Support for the roster *group* access_model in mod_pep - Support for systemd socket activation in server_epoll - mod_invites_adhoc gained a command for creating password resets +- mod_cloud_notify imported from community modules for push notification support ## Removed diff --git a/core/certmanager.lua b/core/certmanager.lua index 9e0ace6a..1c9cefed 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -189,10 +189,6 @@ local core_defaults = { single_ecdh_use = tls.features.options.single_ecdh_use; no_renegotiation = tls.features.options.no_renegotiation; }; - verifyext = { - "lsec_continue", -- Continue past certificate verification errors - "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates - }; curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1"; curveslist = { "X25519", diff --git a/core/modulemanager.lua b/core/modulemanager.lua index b8ba2f35..7295ba25 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -29,7 +29,6 @@ local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; local lua_version = _VERSION:match("5%.%d+$"); local autoload_modules = { - prosody.platform, "presence", "message", "iq", diff --git a/core/usermanager.lua b/core/usermanager.lua index 793e7af6..3cd6f16d 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -244,7 +244,7 @@ local function add_user_secondary_role(user, host, role_name) local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); if role then prosody.events.fire_event("user-role-added", { - username = user, host = host, role = role; + username = user, host = host, role_name = role_name, role = role; }); end return role, err; diff --git a/doc/doap.xml b/doc/doap.xml index edd924bf..9173a9cb 100644 --- a/doc/doap.xml +++ b/doc/doap.xml @@ -245,7 +245,7 @@ <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0090.html"/> <xmpp:version>1.2</xmpp:version> <xmpp:since>0.1.0</xmpp:since> - <xmpp:until>trunk</xmpp:until> + <xmpp:until>13.0.0</xmpp:until> <xmpp:status>removed</xmpp:status> <xmpp:note>mod_time</xmpp:note> </xmpp:SupportedXep> @@ -736,7 +736,7 @@ <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0357.html"/> <xmpp:version>0.4.1</xmpp:version> - <xmpp:since>trunk</xmpp:since> + <xmpp:since>13.0.0</xmpp:since> <xmpp:status>complete</xmpp:status> <xmpp:note>mod_cloud_notify</xmpp:note> </xmpp:SupportedXep> @@ -840,7 +840,7 @@ <implements> <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0421.html"/> - <xmpp:version>0.2.0</xmpp:version> + <xmpp:version>1.0.0</xmpp:version> <xmpp:since>0.12.0</xmpp:since> <xmpp:status>complete</xmpp:status> <xmpp:note>mod_muc</xmpp:note> @@ -857,7 +857,7 @@ <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0440.html"/> <xmpp:version>0.4.2</xmpp:version> - <xmpp:since>trunk</xmpp:since> + <xmpp:since>13.0.0</xmpp:since> <xmpp:status>complete</xmpp:status> </xmpp:SupportedXep> </implements> @@ -881,7 +881,7 @@ <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0478.html"/> <xmpp:version>0.2.0</xmpp:version> - <xmpp:since>trunk</xmpp:since> + <xmpp:since>13.0.0</xmpp:since> </xmpp:SupportedXep> </implements> </Project> diff --git a/net/httpserver.lua b/net/httpserver.lua deleted file mode 100644 index 0dfd862e..00000000 --- a/net/httpserver.lua +++ /dev/null @@ -1,17 +0,0 @@ --- COMPAT w/pre-0.9 -local log = require "prosody.util.logger".init("net.httpserver"); -local traceback = debug.traceback; - -local _ENV = nil; --- luacheck: std none - -local function fail() - log("error", "Attempt to use legacy HTTP API. For more info see https://prosody.im/doc/developers/legacy_http"); - log("error", "Legacy HTTP API usage, %s", traceback("", 2)); -end - -return { - new = fail; - new_from_config = fail; - set_default_handler = fail; -}; diff --git a/plugins/mod_account_activity.lua b/plugins/mod_account_activity.lua index 63a7fb39..1b1208e7 100644 --- a/plugins/mod_account_activity.lua +++ b/plugins/mod_account_activity.lua @@ -58,7 +58,7 @@ module:add_item("shell-command", { host_selector = "host"; handler = function(self, host, duration) --luacheck: ignore 212/self local um = require "prosody.core.usermanager"; - local duration_sec = require "prosody.util.human.io".parse_duration(duration); + local duration_sec = require "prosody.util.human.io".parse_duration(duration or ""); if not duration_sec then return false, ("Invalid duration %q - try something like \"30d\""):format(duration); end diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index fe231dca..3301ed9b 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -349,7 +349,7 @@ module:hook("admin/repl-input", function (event) return true; end); -local function describe_command(s) +local function describe_command(s, hidden) local section, name, args, desc = s:match("^([%w_]+):([%w_]+)%(([^)]*)%) %- (.+)$"); if not section then error("Failed to parse command description: "..s); @@ -360,9 +360,14 @@ local function describe_command(s) args = array.collect(args:gmatch("[%w_]+")):map(function (arg_name) return { name = arg_name }; end); + hidden = hidden; }; end +local function hidden_command(s) + return describe_command(s, true); +end + -- Console commands -- -- These are simple commands, not valid standalone in Lua @@ -455,10 +460,12 @@ def_env.help = setmetatable({}, { end for command, command_help in it.sorted_pairs(section_help.commands or {}) do - c = c + 1; - local args = array.pluck(command_help.args, "name"):concat(", "); - local desc = command_help.desc or command_help.module and ("Provided by mod_"..command_help.module) or ""; - print(("%s:%s(%s) - %s"):format(section_name, command, args, desc)); + if not command_help.hidden then + c = c + 1; + local args = array.pluck(command_help.args, "name"):concat(", "); + local desc = command_help.desc or command_help.module and ("Provided by mod_"..command_help.module) or ""; + print(("%s:%s(%s) - %s"):format(section_name, command, args, desc)); + end end elseif help_topics[section_name] then local topic = help_topics[section_name]; @@ -1800,9 +1807,8 @@ function def_env.user:password(jid, password) end); end -describe_command [[user:roles(jid, host) - Show current roles for an user]] +describe_command [[user:role(jid, host) - Show primary role for a user]] function def_env.user:role(jid, host) - local print = self.session.print; local username, userhost = jid_split(jid); if host == nil then host = userhost; end if not prosody.hosts[host] then @@ -1814,22 +1820,27 @@ function def_env.user:role(jid, host) local primary_role = um.get_user_role(username, host); local secondary_roles = um.get_user_secondary_roles(username, host); + local primary_role_desc = primary_role and primary_role.name or "<none>"; + print(primary_role and primary_role.name or "<none>"); - local count = primary_role and 1 or 0; + local n_secondary = 0; for role_name in pairs(secondary_roles or {}) do - count = count + 1; + n_secondary = n_secondary + 1; print(role_name.." (secondary)"); end - return true, count == 1 and "1 role" or count.." roles"; + if n_secondary > 0 then + return true, primary_role_desc.." (primary)"; + end + return true, primary_role_desc; end def_env.user.roles = def_env.user.role; -describe_command [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]] --- user:setrole("someone@example.com", "example.com", "prosody:admin") --- user:setrole("someone@example.com", "prosody:admin") -function def_env.user:setrole(jid, host, new_role) +describe_command [[user:set_role(jid, host, role) - Set primary role of a user (see 'help roles')]] +-- user:set_role("someone@example.com", "example.com", "prosody:admin") +-- user:set_role("someone@example.com", "prosody:admin") +function def_env.user:set_role(jid, host, new_role) local username, userhost = jid_split(jid); if new_role == nil then host, new_role = userhost, host; end if not prosody.hosts[host] then @@ -1844,7 +1855,7 @@ function def_env.user:setrole(jid, host, new_role) end end -describe_command [[user:addrole(jid, host, role) - Add a secondary role to a user]] +hidden_command [[user:addrole(jid, host, role) - Add a secondary role to a user]] function def_env.user:addrole(jid, host, new_role) local username, userhost = jid_split(jid); if new_role == nil then host, new_role = userhost, host; end @@ -1855,10 +1866,14 @@ function def_env.user:addrole(jid, host, new_role) elseif userhost ~= host then return nil, "Can't add roles outside users own host" end - return um.add_user_secondary_role(username, host, new_role); + local role, err = um.add_user_secondary_role(username, host, new_role); + if not role then + return nil, err; + end + return true, "Role added"; end -describe_command [[user:delrole(jid, host, role) - Remove a secondary role from a user]] +hidden_command [[user:delrole(jid, host, role) - Remove a secondary role from a user]] function def_env.user:delrole(jid, host, role_name) local username, userhost = jid_split(jid); if role_name == nil then host, role_name = userhost, host; end @@ -1869,7 +1884,11 @@ function def_env.user:delrole(jid, host, role_name) elseif userhost ~= host then return nil, "Can't remove roles outside users own host" end - return um.remove_user_secondary_role(username, host, role_name); + local ok, err = um.remove_user_secondary_role(username, host, role_name); + if not ok then + return nil, err; + end + return true, "Role removed"; end describe_command [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 7a06c904..f683d90c 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -161,7 +161,7 @@ end function set_user_role(user, role_name) local role = role_registry[role_name]; if not role then - return error("Cannot assign default user an unknown role: "..tostring(role_name)); + return error("Cannot assign user an unknown role: "..tostring(role_name)); end local keys_update = { _default = role_name; @@ -180,14 +180,19 @@ function set_user_role(user, role_name) end function add_user_secondary_role(user, role_name) - if not role_registry[role_name] then - return error("Cannot assign default user an unknown role: "..tostring(role_name)); + local role = role_registry[role_name]; + if not role then + return error("Cannot assign user an unknown role: "..tostring(role_name)); end - role_map_store:set(user, role_name, true); + local ok, err = role_map_store:set(user, role_name, true); + if not ok then + return nil, err; + end + return role; end function remove_user_secondary_role(user, role_name) - role_map_store:set(user, role_name, nil); + return role_map_store:set(user, role_name, nil); end function get_user_secondary_roles(user) diff --git a/plugins/mod_cloud_notify.lua b/plugins/mod_cloud_notify.lua index 987be84f..1c660e93 100644 --- a/plugins/mod_cloud_notify.lua +++ b/plugins/mod_cloud_notify.lua @@ -5,13 +5,13 @@ -- This file is MIT/X11 licensed. local os_time = os.time; -local st = require"util.stanza"; -local jid = require"util.jid"; -local dataform = require"util.dataforms".new; -local hashes = require"util.hashes"; -local random = require"util.random"; -local cache = require"util.cache"; -local watchdog = require "util.watchdog"; +local st = require"prosody.util.stanza"; +local jid = require"prosody.util.jid"; +local dataform = require"prosody.util.dataforms".new; +local hashes = require"prosody.util.hashes"; +local random = require"prosody.util.random"; +local cache = require"prosody.util.cache"; +local watchdog = require "prosody.util.watchdog"; local xmlns_push = "urn:xmpp:push:0"; diff --git a/plugins/mod_cron.lua b/plugins/mod_cron.lua index 67b68514..77bdd7e5 100644 --- a/plugins/mod_cron.lua +++ b/plugins/mod_cron.lua @@ -78,7 +78,7 @@ module:add_item("shell-command", { args = {}; handler = function(self, filter_host) local format_table = require("prosody.util.human.io").table; - local it = require("util.iterators"); + local it = require("prosody.util.iterators"); local row = format_table({ { title = "Host"; width = "2p" }; { title = "Task"; width = "3p" }; diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 48972067..705420d0 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -224,6 +224,7 @@ function handle_slot_request(event) end total_storage_usage = total_storage_usage + filesize; + persist_stats:set(nil, "total", total_storage_usage); module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit)); local cached_quota = quota_cache:get(uploader); diff --git a/plugins/mod_invites.lua b/plugins/mod_invites.lua index 1dfc8804..c93afaa8 100644 --- a/plugins/mod_invites.lua +++ b/plugins/mod_invites.lua @@ -6,8 +6,8 @@ local jid_split = require "prosody.util.jid".split; local argparse = require "prosody.util.argparse"; local human_io = require "prosody.util.human.io"; -local url_escape = require "util.http".urlencode; -local render_url = require "util.interpolation".new("%b{}", url_escape, { +local url_escape = require "prosody.util.http".urlencode; +local render_url = require "prosody.util.interpolation".new("%b{}", url_escape, { urlescape = url_escape; noscheme = function (urlstring) return (urlstring:gsub("^[^:]+:", "")); @@ -258,6 +258,24 @@ module:add_item("shell-command", { module:add_item("shell-command", { section = "invite"; section_desc = "Create and manage invitations"; + name = "create_reset"; + desc = "Create a password reset link for the specified user"; + args = { { name = "user_jid", type = "string" }, { name = "duration", type = "string" } }; + host_selector = "user_jid"; + + handler = function (self, user_jid, duration) --luacheck: ignore 212/self + local username = jid_split(user_jid); + local duration_sec = require "prosody.util.human.io".parse_duration(duration or "1d"); + local invite, err = create_account_reset(username, duration_sec); + if not invite then return nil, err; end + self.session.print(invite.landing_page or invite.uri); + return true, ("Password reset link for %s valid until %s"):format(user_jid, os.date("%Y-%m-%d %T", invite.expires)); + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; name = "create_contact"; desc = "Create an invitation to become contacts with the specified user"; args = { { name = "user_jid", type = "string" }, { name = "allow_registration" } }; @@ -271,6 +289,146 @@ module:add_item("shell-command", { end; }); +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "show"; + desc = "Show details of an account invitation token"; + args = { { name = "host", type = "string" }, { name = "token", type = "string" } }; + host_selector = "host"; + + handler = function (self, host, token) --luacheck: ignore 212/self 212/host + local invite, err = get_account_invite_info(token); + if not invite then return nil, err; end + + local print = self.session.print; + + if invite.type == "roster" then + print("Invitation to register and become a contact of "..invite.jid); + elseif invite.type == "register" then + local jid_user, jid_host = jid_split(invite.jid); + if invite.additional_data and invite.additional_data.allow_reset then + print("Password reset for "..invite.additional_data.allow_reset.."@"..jid_host); + elseif jid_user then + print("Invitation to register on "..jid_host.." with username '"..jid_user.."'"); + else + print("Invitation to register on "..jid_host); + end + else + print("Unknown invitation type"); + end + + if invite.inviter then + print("Creator:", invite.inviter); + end + + print("Created:", os.date("%Y-%m-%d %T", invite.created_at)); + print("Expires:", os.date("%Y-%m-%d %T", invite.expires)); + + print(""); + + if invite.uri then + print("XMPP URI:", invite.uri); + end + + if invite.landing_page then + print("Web link:", invite.landing_page); + end + + if invite.additional_data then + print(""); + if invite.additional_data.roles then + if invite.additional_data.roles[1] then + print("Role:", invite.additional_data.roles[1]); + end + if invite.additional_data.roles[2] then + print("Secondary roles:", table.concat(invite.additional_data.roles, ", ", 2, #invite.additional_data.roles)); + end + end + if invite.additional_data.groups then + print("Groups:", table.concat(invite.additional_data.groups, ", ")); + end + if invite.additional_data.note then + print("Comment:", invite.additional_data.note); + end + end + + return true, "Invitation valid"; + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "delete"; + desc = "Delete/revoke an invitation token"; + args = { { name = "host", type = "string" }, { name = "token", type = "string" } }; + host_selector = "host"; + + handler = function (self, host, token) --luacheck: ignore 212/self 212/host + local invite, err = delete_account_invite(token); + if not invite then return nil, err; end + return true, "Invitation deleted"; + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "list"; + desc = "List pending invitations which allow account registration"; + args = { { name = "host", type = "string" } }; + host_selector = "host"; + + handler = function (self, host) -- luacheck: ignore 212/host + local print_row = human_io.table({ + { + title = "Token"; + key = "invite"; + width = 24; + mapper = function (invite) + return invite.token; + end; + }; + { + title = "Expires"; + key = "invite"; + width = 20; + mapper = function (invite) + return os.date("%Y-%m-%dT%T", invite.expires); + end; + }; + { + title = "Description"; + key = "invite"; + width = "100%"; + mapper = function (invite) + if invite.type == "roster" then + return "Contact with "..invite.jid; + elseif invite.type == "register" then + local jid_user, jid_host = jid_split(invite.jid); + if invite.additional_data and invite.additional_data.allow_reset then + return "Password reset for "..invite.additional_data.allow_reset.."@"..jid_host; + end + if jid_user then + return "Register on "..jid_host.." with username "..jid_user; + end + return "Register on "..jid_host; + end + end; + }; + }, self.session.width); + + self.session.print(print_row()); + local count = 0; + for _, invite in pending_account_invites() do + count = count + 1; + self.session.print(print_row({ invite = invite })); + end + return true, ("%d pending invites"):format(count); + end; +}); + local subcommands = {}; --- prosodyctl command diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index f939fa00..c3d6bc04 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -54,11 +54,12 @@ function handle_normal_presence(origin, stanza) if priority < -128 then priority = -128 end if priority > 127 then priority = 127 end else priority = 0; end + + local node, host = origin.username, origin.host; + local roster = origin.roster; if full_sessions[origin.full_jid] then -- if user is still connected origin.send(stanza); -- reflect their presence back to them end - local roster = origin.roster; - local node, host = origin.username, origin.host; local user = bare_sessions[node.."@"..host]; for _, res in pairs(user and user.sessions or NULL) do -- broadcast to all resources if res ~= origin and res.presence then -- to resource @@ -72,6 +73,13 @@ function handle_normal_presence(origin, stanza) core_post_stanza(origin, stanza, true); end end + + -- It's possible that after the network activity above, the origin + -- has been disconnected (particularly if something happened while + -- sending the reflection). So we abort further presence processing + -- in that case. + if not origin.type then return; end + stanza.attr.to = nil; if stanza.attr.type == nil and not origin.presence then -- initial presence module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 8eb1565e..84ae34b5 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -1097,6 +1097,10 @@ module:provides("net", { -- FIXME This only applies to Direct TLS, which we don't use yet. -- This gets applied for real in mod_tls verify = { "peer", "client_once", }; + verifyext = { + "lsec_continue", -- Continue past certificate verification errors + "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates + }; }; multiplex = { protocol = "xmpp-server"; @@ -1111,6 +1115,10 @@ module:provides("net", { encryption = "ssl"; ssl_config = { verify = { "peer", "client_once", }; + verifyext = { + "lsec_continue", -- Continue past certificate verification errors + "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates + }; }; multiplex = { protocol = "xmpp-server"; diff --git a/plugins/muc/hats.lib.lua b/plugins/muc/hats.lib.lua index 7eb71eb4..7ccf194e 100644 --- a/plugins/muc/hats.lib.lua +++ b/plugins/muc/hats.lib.lua @@ -1,7 +1,7 @@ local st = require "prosody.util.stanza"; local muc_util = module:require "muc/util"; -local hats_compat = module:get_option_boolean("muc_hats_compat", true); -- COMPAT for pre-XEP namespace, TODO reconsider default for next release +local hats_compat = module:get_option_boolean("muc_hats_compat", false); -- COMPAT for pre-XEP namespace local xmlns_hats_legacy = "xmpp:prosody.im/protocol/hats:1"; local xmlns_hats = "urn:xmpp:hats:0"; diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index 267a650c..65eedc7d 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -9,6 +9,8 @@ -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- +-- Upgrading from a previous release? Check https://prosody.im/doc/upgrading +-- -- The only thing left to do is rename this file to remove the .dist ending, and fill in the -- blanks. Good luck, and happy Jabbering! @@ -51,6 +53,8 @@ modules_enabled = { "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard -- Nice to have + "account_activity"; -- Record time when an account was last used + "cloud_notify"; -- Push notifications for mobile devices "csi_simple"; -- Simple but effective traffic optimizations for mobile devices "invites"; -- Create and manage invites "invites_adhoc"; -- Allow admins/users to create invitations via their client @@ -75,7 +79,6 @@ modules_enabled = { -- Other specific functionality --"announce"; -- Send announcement to all online users --"groups"; -- Shared roster support - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"mimicking"; -- Prevent address spoofing --"motd"; -- Send a message to users when they log in --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use @@ -92,7 +95,6 @@ modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections - -- "posix"; -- POSIX functionality, sends server to background, etc. } diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index ac8cc9c1..a297fea5 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -325,7 +325,12 @@ local function check(arg) local ok = true; local function contains_match(hayset, needle) for member in hayset do if member:find(needle) then return true end end end local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end - local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end + local function is_user_host(host, conf) return host ~= "*" and conf.component_module == nil; end + local function is_component_host(host, conf) return host ~= "*" and conf.component_module ~= nil; end + local function enabled_hosts() return it.filter(disabled_hosts, it.sorted_pairs(configmanager.getconfig())); end + local function enabled_user_hosts() return it.filter(is_user_host, it.sorted_pairs(configmanager.getconfig())); end + local function enabled_components() return it.filter(is_component_host, it.sorted_pairs(configmanager.getconfig())); end + local checks = {}; function checks.disabled() local disabled_hosts_set = set.new(); @@ -632,6 +637,12 @@ local function check(arg) print(" Both mod_pep_simple and mod_pep are enabled but they conflict"); print(" with each other. Remove one."); end + if all_modules:contains("posix") then + print(""); + print(" mod_posix is loaded in your configuration file, but it has"); + print(" been deprecated. You can safely remove it."); + end + for host, host_config in pairs(config) do --luacheck: ignore 213/host if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then print(""); @@ -790,12 +801,28 @@ local function check(arg) if #invalid_hosts > 0 or #alabel_hosts > 0 then print(""); - print("WARNING: Changing the name of a VirtualHost in Prosody's config file"); - print(" WILL NOT migrate any existing data (user accounts, etc.) to the new name."); + print(" WARNING: Changing the name of a VirtualHost in Prosody's config file"); + print(" WILL NOT migrate any existing data (user accounts, etc.) to the new name."); ok = false; end end + -- Check features + do + local missing_features = {}; + for host in enabled_user_hosts() do + local all_features = checks.features(host, true); + if not all_features then + table.insert(missing_features, host); + end + end + if #missing_features > 0 then + print(""); + print(" Some of your hosts may be missing features due to a lack of configuration."); + print(" For more details, use the 'prosodyctl check features' command."); + end + end + print("Done.\n"); end function checks.dns() @@ -901,7 +928,11 @@ local function check(arg) local unknown_addresses = set.new(); - for jid in enabled_hosts() do + local function is_valid_domain(domain) + return idna.to_ascii(domain) ~= nil; + end + + for jid in it.filter(is_valid_domain, enabled_hosts()) do local all_targets_ok, some_targets_ok = true, false; local node, host = jid_split(jid); @@ -1444,6 +1475,217 @@ local function check(arg) end end end + + function checks.features(check_host, quiet) + if not quiet then + print("Feature report"); + end + + local common_subdomains = { + http_file_share = "share"; + muc = "groups"; + }; + + local function print_feature_status(feature, host) + if quiet then return; end + print("", feature.ok and "OK" or "(!)", feature.name); + if not feature.ok then + if feature.lacking_modules then + table.sort(feature.lacking_modules); + print("", "", "Suggested modules: "); + for _, module in ipairs(feature.lacking_modules) do + print("", "", (" - %s: https://prosody.im/doc/modules/mod_%s"):format(module, module)); + end + end + if feature.lacking_components then + table.sort(feature.lacking_components); + for _, component_module in ipairs(feature.lacking_components) do + local subdomain = common_subdomains[component_module]; + if subdomain then + print("", "", "Suggested component:"); + print(""); + print("", "", "", ("Component %q %q"):format(subdomain.."."..host, component_module)); + print("", "", "", ("-- Documentation: https://prosody.im/doc/modules/mod_%s"):format(component_module)); + else + print("", "", ("Suggested component: %s"):format(component_module)); + end + end + print(""); + print("", "", "If you have already configured any these components, they may not be"); + print("", "", "linked correctly to "..host..". For more info see https://prosody.im/doc/components"); + end + end + print(""); + end + + local all_ok = true; + + local config = configmanager.getconfig(); + + local f, s, v; + if check_host then + f, s, v = it.values({ check_host }); + else + f, s, v = enabled_user_hosts(); + end + + for host in f, s, v do + local modules_enabled = set.new(config["*"].modules_enabled); + modules_enabled:include(set.new(config[host].modules_enabled)); + + -- { [component_module] = { hostname1, hostname2, ... } } + local host_components = setmetatable({}, { __index = function (t, k) return rawset(t, k, {})[k]; end }); + + do + local hostapi = api(host); + + -- Find implicitly linked components + for other_host in enabled_components() do + local parent_host = other_host:match("^[^.]+%.(.+)$"); + if parent_host == host then + local component_module = configmanager.get(other_host, "component_module"); + if component_module then + table.insert(host_components[component_module], other_host); + end + end + end + + -- And components linked explicitly + for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do + local other_host = disco_item[1]; + local component_module = configmanager.get(other_host, "component_module"); + if component_module then + table.insert(host_components[component_module], other_host); + end + end + end + + local current_feature; + + local function check_module(suggested, alternate, ...) + if set.intersection(modules_enabled, set.new({suggested, alternate, ...})):empty() then + current_feature.lacking_modules = current_feature.lacking_modules or {}; + table.insert(current_feature.lacking_modules, suggested); + end + end + + local function check_component(suggested, alternate, ...) + local found; + for _, component_module in ipairs({ suggested, alternate, ... }) do + found = #host_components[component_module] > 0; + if found then break; end + end + if not found then + current_feature.lacking_components = current_feature.lacking_components or {}; + table.insert(current_feature.lacking_components, suggested); + end + end + + local features = { + { + name = "Basic functionality"; + check = function () + check_module("disco"); + check_module("roster"); + check_module("saslauth"); + check_module("tls"); + check_module("pep"); + end; + }; + { + name = "Multi-device sync"; + check = function () + check_module("carbons"); + check_module("mam"); + check_module("bookmarks"); + end; + }; + { + name = "Mobile optimizations"; + check = function () + check_module("smacks"); + check_module("csi_simple", "csi_battery_saver"); + end; + }; + { + name = "Web connections"; + check = function () + check_module("bosh"); + check_module("websocket"); + end; + }; + { + name = "User profiles"; + check = function () + check_module("vcard_legacy", "vcard"); + end; + }; + { + name = "Blocking"; + check = function () + check_module("blocklist"); + end; + }; + { + name = "Push notifications"; + check = function () + check_module("cloud_notify"); + end; + }; + { + name = "Audio/video calls"; + check = function () + check_module( + "turn_external", + "external_services", + "turncredentials", + "extdisco" + ); + end; + }; + { + name = "File sharing"; + check = function () + check_component("http_file_share", "http_upload"); + end; + }; + { + name = "Group chats"; + check = function () + check_component("muc"); + end; + }; + }; + + if not quiet then + print(host); + end + + for _, feature in ipairs(features) do + current_feature = feature; + feature.check(); + feature.ok = not feature.lacking_modules and not feature.lacking_components; + -- For improved presentation, we group the (ok) and (not ok) features + if feature.ok then + print_feature_status(feature, host); + end + end + + for _, feature in ipairs(features) do + if not feature.ok then + all_ok = false; + print_feature_status(feature, host); + end + end + + if not quiet then + print(""); + end + end + + return all_ok; + end + if what == nil or what == "all" then local ret; ret = checks.disabled(); |