local jid = require "util.jid"; local timer = require "util.timer"; local http = require "net.http"; local cache = require "util.cache"; local http_timeout = 30; local have_async, async = pcall(require, "util.async"); local http_headers = { ["User-Agent"] = "Prosody ("..prosody.version.."; "..prosody.platform..")" }; local muc_domain_prefix = module:get_option_string("muc_mapper_domain_prefix", "conference"); -- defaults to module.host, the module that uses the utility local muc_domain_base = module:get_option_string("muc_mapper_domain_base", module.host); -- The "real" MUC domain that we are proxying to local muc_domain = module:get_option_string("muc_mapper_domain", muc_domain_prefix.."."..muc_domain_base); local escaped_muc_domain_base = muc_domain_base:gsub("%p", "%%%1"); local escaped_muc_domain_prefix = muc_domain_prefix:gsub("%p", "%%%1"); -- The pattern used to extract the target subdomain -- (e.g. extract 'foo' from 'conference.foo.example.com') local target_subdomain_pattern = "^"..escaped_muc_domain_prefix..".([^%.]+)%."..escaped_muc_domain_base; -- table to store all incoming iqs without roomname in it, like discoinfo to the muc component local roomless_iqs = {}; local OUTBOUND_SIP_JIBRI_PREFIXES = { 'outbound-sip-jibri@', 'sipjibriouta@', 'sipjibrioutb@' }; local INBOUND_SIP_JIBRI_PREFIXES = { 'inbound-sip-jibri@', 'sipjibriina@', 'sipjibriina@' }; local split_subdomain_cache = cache.new(1000); local extract_subdomain_cache = cache.new(1000); local internal_room_jid_cache = cache.new(1000); local moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {}) local moderated_rooms = module:get_option_set("allowners_moderated_rooms", {}) -- Utility function to split room JID to include room name and subdomain -- (e.g. from room1@conference.foo.example.com/res returns (room1, example.com, res, foo)) local function room_jid_split_subdomain(room_jid) local ret = split_subdomain_cache:get(room_jid); if ret then return ret.node, ret.host, ret.resource, ret.subdomain; end local node, host, resource = jid.split(room_jid); local target_subdomain = host and host:match(target_subdomain_pattern); local cache_value = {node=node, host=host, resource=resource, subdomain=target_subdomain}; split_subdomain_cache:set(room_jid, cache_value); return node, host, resource, target_subdomain; end --- Utility function to check and convert a room JID from --- virtual room1@conference.foo.example.com to real [foo]room1@conference.example.com -- @param room_jid the room jid to match and rewrite if needed -- @param stanza the stanza -- @return returns room jid [foo]room1@conference.example.com when it has subdomain -- otherwise room1@conference.example.com(the room_jid value untouched) local function room_jid_match_rewrite(room_jid, stanza) local node, _, resource, target_subdomain = room_jid_split_subdomain(room_jid); if not target_subdomain then -- module:log("debug", "No need to rewrite out 'to' %s", room_jid); return room_jid; end -- Ok, rewrite room_jid address to new format local new_node, new_host, new_resource; if node then new_node, new_host, new_resource = "["..target_subdomain.."]"..node, muc_domain, resource; else -- module:log("debug", "No room name provided so rewriting only host 'to' %s", room_jid); new_host, new_resource = muc_domain, resource; if (stanza and stanza.attr and stanza.attr.id) then roomless_iqs[stanza.attr.id] = stanza.attr.to; end end return jid.join(new_node, new_host, new_resource); end -- Utility function to check and convert a room JID from real [foo]room1@muc.example.com to virtual room1@muc.foo.example.com local function internal_room_jid_match_rewrite(room_jid, stanza) -- first check for roomless_iqs if (stanza and stanza.attr and stanza.attr.id and roomless_iqs[stanza.attr.id]) then local result = roomless_iqs[stanza.attr.id]; roomless_iqs[stanza.attr.id] = nil; return result; end local ret = internal_room_jid_cache:get(room_jid); if ret then return ret; end local node, host, resource = jid.split(room_jid); if host ~= muc_domain or not node then -- module:log("debug", "No need to rewrite %s (not from the MUC host)", room_jid); internal_room_jid_cache:set(room_jid, room_jid); return room_jid; end local target_subdomain, target_node = extract_subdomain(node); if not (target_node and target_subdomain) then -- module:log("debug", "Not rewriting... unexpected node format: %s", node); internal_room_jid_cache:set(room_jid, room_jid); return room_jid; end -- Ok, rewrite room_jid address to pretty format ret = jid.join(target_node, muc_domain_prefix..".".. target_subdomain.."."..muc_domain_base, resource); internal_room_jid_cache:set(room_jid, ret); return ret; end --- Finds and returns room by its jid -- @param room_jid the room jid to search in the muc component -- @return returns room if found or nil function get_room_from_jid(room_jid) local _, host = jid.split(room_jid); local component = hosts[host]; if component then local muc = component.modules.muc if muc and rawget(muc,"rooms") then -- We're running 0.9.x or 0.10 (old MUC API) return muc.rooms[room_jid]; elseif muc and rawget(muc,"get_room_from_jid") then -- We're running >0.10 (new MUC API) return muc.get_room_from_jid(room_jid); else return end end end -- Returns the room if available, work and in multidomain mode -- @param room_name the name of the room -- @param group name of the group (optional) -- @return returns room if found or nil function get_room_by_name_and_subdomain(room_name, subdomain) local room_address; -- if there is a subdomain we are in multidomain mode and that subdomain is not our main host if subdomain and subdomain ~= "" and subdomain ~= muc_domain_base then room_address = jid.join("["..subdomain.."]"..room_name, muc_domain); else room_address = jid.join(room_name, muc_domain); end return get_room_from_jid(room_address); end function async_handler_wrapper(event, handler) if not have_async then module:log("error", "requires a version of Prosody with util.async"); return nil; end local runner = async.runner; -- Grab a local response so that we can send the http response when -- the handler is done. local response = event.response; local async_func = runner( function (event) local result = handler(event) -- If there is a status code in the result from the -- wrapped handler then add it to the response. if tonumber(result.status_code) ~= nil then response.status_code = result.status_code end -- If there are headers in the result from the -- wrapped handler then add them to the response. if result.headers ~= nil then response.headers = result.headers end -- Send the response to the waiting http client with -- or without the body from the wrapped handler. if result.body ~= nil then response:send(result.body) else response:send(); end end ) async_func:run(event) -- return true to keep the client http connection open. return true; end --- Updates presence stanza, by adding identity node -- @param stanza the presence stanza -- @param user the user to which presence we are updating identity -- @param group the group of the user to which presence we are updating identity -- @param creator_user the user who created the user which presence we -- are updating (this is the poltergeist case, where a user creates -- a poltergeist), optional. -- @param creator_group the group of the user who created the user which -- presence we are updating (this is the poltergeist case, where a user creates -- a poltergeist), optional. function update_presence_identity( stanza, user, group, creator_user, creator_group) -- First remove any 'identity' element if it already -- exists, so it cannot be spoofed by a client stanza:maptags( function(tag) for k, v in pairs(tag) do if k == "name" and v == "identity" then return nil end end return tag end ) stanza:tag("identity"):tag("user"); for k, v in pairs(user) do v = tostring(v) stanza:tag(k):text(v):up(); end stanza:up(); -- Add the group information if it is present if group then stanza:tag("group"):text(group):up(); end -- Add the creator user information if it is present if creator_user then stanza:tag("creator_user"); for k, v in pairs(creator_user) do stanza:tag(k):text(v):up(); end stanza:up(); -- Add the creator group information if it is present if creator_group then stanza:tag("creator_group"):text(creator_group):up(); end end stanza:up(); -- Close identity tag end -- Utility function to check whether feature is present and enabled. Allow -- a feature if there are features present in the session(coming from -- the token) and the value of the feature is true. -- If features is not present in the token we skip feature detection and allow -- everything. function is_feature_allowed(features, ft) if (features == nil or features[ft] == "true" or features[ft] == true) then return true; else return false; end end --- Extracts the subdomain and room name from internal jid node [foo]room1 -- @return subdomain(optional, if extracted or nil), the room name function extract_subdomain(room_node) local ret = extract_subdomain_cache:get(room_node); if ret then return ret.subdomain, ret.room; end local subdomain, room_name = room_node:match("^%[([^%]]+)%](.+)$"); local cache_value = {subdomain=subdomain, room=room_name}; extract_subdomain_cache:set(room_node, cache_value); return subdomain, room_name; end function starts_with(str, start) if not str then return false; end return str:sub(1, #start) == start end function starts_with_one_of(str, prefixes) if not str then return false; end for i=1,#prefixes do if starts_with(str, prefixes[i]) then return prefixes[i]; end end return false end function ends_with(str, ending) return ending == "" or str:sub(-#ending) == ending end -- healthcheck rooms in jicofo starts with a string '__jicofo-health-check' function is_healthcheck_room(room_jid) return starts_with(room_jid, "__jicofo-health-check"); end --- Utility function to make an http get request and --- retry @param retry number of times -- @param url endpoint to be called -- @param retry nr of retries, if retry is -- @param auth_token value to be passed as auth Bearer -- nil there will be no retries -- @returns result of the http call or nil if -- the external call failed after the last retry function http_get_with_retry(url, retry, auth_token) local content, code, cache_for; local timeout_occurred; local wait, done = async.waiter(); local request_headers = http_headers or {} if auth_token ~= nil then request_headers['Authorization'] = 'Bearer ' .. auth_token end local function cb(content_, code_, response_, request_) if timeout_occurred == nil then code = code_; if code == 200 or code == 204 then -- module:log("debug", "External call was successful, content %s", content_); content = content_; -- if there is cache-control header, let's return the max-age value if response_ and response_.headers and response_.headers['cache-control'] then local vals = {}; for k, v in response_.headers['cache-control']:gmatch('(%w+)=(%w+)') do vals[k] = v; end -- max-age=123 will be parsed by the regex ^ to age=123 cache_for = vals.age; end else module:log("warn", "Error on GET request: Code %s, Content %s", code_, content_); end done(); else module:log("warn", "External call reply delivered after timeout from: %s", url); end end local function call_http() return http.request(url, { headers = request_headers, method = "GET" }, cb); end local request = call_http(); local function cancel() -- TODO: This check is racey. Not likely to be a problem, but we should -- still stick a mutex on content / code at some point. if code == nil then timeout_occurred = true; module:log("warn", "Timeout %s seconds making the external call to: %s", http_timeout, url); -- no longer present in prosody 0.11, so check before calling if http.destroy_request ~= nil then http.destroy_request(request); end if retry == nil then module:log("debug", "External call failed and retry policy is not set"); done(); elseif retry ~= nil and retry < 1 then module:log("debug", "External call failed after retry") done(); else module:log("debug", "External call failed, retry nr %s", retry) retry = retry - 1; request = call_http() return http_timeout; end end end timer.add_task(http_timeout, cancel); wait(); return content, code, cache_for; end -- Checks whether there is status in the false -- -> true, room_name, subdomain -- -> true, room_name, nil (if no subdomain is used for the room) function is_moderated(room_jid) if moderated_subdomains:empty() and moderated_rooms:empty() then return false; end local room_node = jid.node(room_jid); -- parses bare room address, for multidomain expected format is: -- [subdomain]roomName@conference.domain local target_subdomain, target_room_name = extract_subdomain(room_node); if target_subdomain then if moderated_subdomains:contains(target_subdomain) then return true, target_room_name, target_subdomain; end elseif moderated_rooms:contains(room_node) then return true, room_node, nil; end return false; end -- check if the room tenant starts with vpaas-magic-cookie- -- @param room the room to check function is_vpaas(room) if not room then return false; end -- stored check in room object if it exist if room.is_vpaas ~= nil then return room.is_vpaas; end room.is_vpaas = false; local node, host = jid.split(room.jid); if host ~= muc_domain or not node then return false; end local tenant, conference_name = node:match('^%[([^%]]+)%](.+)$'); if not (tenant and conference_name) then return false; end if not starts_with(tenant, 'vpaas-magic-cookie-') then return false; end room.is_vpaas = true; return true; end -- Returns the initiator extension if the stanza is coming from a sip jigasi function is_sip_jigasi(stanza) return stanza:get_child('initiator', 'http://jitsi.org/protocol/jigasi'); end function get_sip_jibri_email_prefix(email) if not email then return nil; elseif starts_with_one_of(email, INBOUND_SIP_JIBRI_PREFIXES) then return starts_with_one_of(email, INBOUND_SIP_JIBRI_PREFIXES); elseif starts_with_one_of(email, OUTBOUND_SIP_JIBRI_PREFIXES) then return starts_with_one_of(email, OUTBOUND_SIP_JIBRI_PREFIXES); else return nil; end end function is_sip_jibri_join(stanza) if not stanza then return false; end local features = stanza:get_child('features'); local email = stanza:get_child_text('email'); if not features or not email then return false; end for i = 1, #features do local feature = features[i]; if feature.attr and feature.attr.var and feature.attr.var == "http://jitsi.org/protocol/jibri" then if get_sip_jibri_email_prefix(email) then module:log("debug", "Occupant with email %s is a sip jibri ", email); return true; end end end return false end -- process a host module directly if loaded or hooks to wait for its load function process_host_module(name, callback) local function process_host(host) if host == name then callback(module:context(host), host); end end if prosody.hosts[name] == nil then module:log('info', 'No host/component found, will wait for it: %s', name) -- when a host or component is added prosody.events.add_handler('host-activated', process_host); else process_host(name); end end function table_shallow_copy(t) local t2 = {} for k, v in pairs(t) do t2[k] = v end return t2 end return { OUTBOUND_SIP_JIBRI_PREFIXES = OUTBOUND_SIP_JIBRI_PREFIXES; INBOUND_SIP_JIBRI_PREFIXES = INBOUND_SIP_JIBRI_PREFIXES; extract_subdomain = extract_subdomain; is_feature_allowed = is_feature_allowed; is_healthcheck_room = is_healthcheck_room; is_moderated = is_moderated; is_sip_jibri_join = is_sip_jibri_join; is_sip_jigasi = is_sip_jigasi; is_vpaas = is_vpaas; get_focus_occupant = get_focus_occupant; get_room_from_jid = get_room_from_jid; get_room_by_name_and_subdomain = get_room_by_name_and_subdomain; get_sip_jibri_email_prefix = get_sip_jibri_email_prefix; async_handler_wrapper = async_handler_wrapper; presence_check_status = presence_check_status; process_host_module = process_host_module; room_jid_match_rewrite = room_jid_match_rewrite; room_jid_split_subdomain = room_jid_split_subdomain; internal_room_jid_match_rewrite = internal_room_jid_match_rewrite; update_presence_identity = update_presence_identity; http_get_with_retry = http_get_with_retry; ends_with = ends_with; starts_with = starts_with; starts_with_one_of = starts_with_one_of; table_shallow_copy = table_shallow_copy; };