From a28c769e1af28d7fdae6b6b65f456bcfd7504ea8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Jan 2021 14:39:11 +0100 Subject: mod_http_file_share: Add basic access control Partly lifted from mod_external_services --- plugins/mod_http_file_share.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index c6091bd0..8f230ef4 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -28,12 +28,18 @@ local uploads = module:open_store("uploads", "archive"); local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); local external_base_url = module:get_option_string(module.name .. "_base_url"); +local access = module:get_option_set(module.name .. "_access", {}); + if not external_base_url then module:depends("http"); end function may_upload(uploader, filename, filesize, filetype) -- > boolean, error - -- TODO authz + local uploader_host = jid.host(uploader); + if not ((access:empty() and prosody.hosts[uploader_host]) or access:contains(uploader) or access:contains(uploader_host)) then + return false; + end + return true; end -- cgit v1.2.3