mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-12 00:03:17 +02:00
212 lines
9.8 KiB
Lua
212 lines
9.8 KiB
Lua
-- Allows flipping device. When a presence contains flip_device tag
|
|
-- and the used jwt matches the id(session.jitsi_meet_context_user.id) of another user this is indication that the user
|
|
-- is moving from one device to another. The flip feature should be present and enabled in the token features.
|
|
-- Copyright (C) 2023-present 8x8, Inc.
|
|
|
|
local oss_util = module:require "util";
|
|
local is_healthcheck_room = oss_util.is_healthcheck_room;
|
|
local process_host_module = oss_util.process_host_module;
|
|
local um_is_admin = require "core.usermanager".is_admin;
|
|
local inspect = require('inspect');
|
|
local jid_bare = require "util.jid".bare;
|
|
local jid = require "util.jid";
|
|
local MUC_NS = "http://jabber.org/protocol/muc";
|
|
|
|
local lobby_host;
|
|
local lobby_muc_service;
|
|
|
|
local lobby_muc_component_config = 'lobby.' .. module:get_option_string("muc_mapper_domain_base");
|
|
if lobby_muc_component_config == nil then
|
|
module:log('error', 'lobby not enabled missing lobby_muc config');
|
|
return ;
|
|
end
|
|
|
|
local function is_admin(occupant_jid)
|
|
return um_is_admin(occupant_jid, module.host);
|
|
end
|
|
|
|
local function remove_flip_tag(stanza)
|
|
stanza:maptags(function(tag)
|
|
if tag and tag.name == "flip_device" then
|
|
-- module:log("debug", "Removing %s tag from presence stanza!", tag.name);
|
|
return nil;
|
|
else
|
|
return tag;
|
|
end
|
|
end)
|
|
end
|
|
|
|
-- Make user that switch devices bypass lobby or password.
|
|
-- A user is considered to join from another device if the
|
|
-- id from jwt is the same as another occupant and the presence
|
|
-- stanza has flip_device tag
|
|
module:hook("muc-occupant-pre-join", function(event)
|
|
local room, occupant = event.room, event.occupant;
|
|
local session = event.origin;
|
|
local stanza = event.stanza;
|
|
if is_healthcheck_room(room.jid) or is_admin(occupant.bare_jid) then
|
|
return ;
|
|
end
|
|
local flip_device_tag = stanza:get_child("flip_device");
|
|
if session.jitsi_meet_context_user and session.jitsi_meet_context_user.id then
|
|
local participants = room._data.participants_details or {};
|
|
local id = session.jitsi_meet_context_user.id;
|
|
local first_device_occ_nick = participants[id];
|
|
if flip_device_tag then
|
|
if first_device_occ_nick and session.jitsi_meet_context_features.flip and (session.jitsi_meet_context_features.flip == true or session.jitsi_meet_context_features.flip == "true") then
|
|
room._data.kicked_participant_nick = first_device_occ_nick;
|
|
room._data.flip_participant_nick = occupant.nick;
|
|
-- allow participant from flip device to bypass Lobby
|
|
local occupant_jid = stanza.attr.from;
|
|
local affiliation = room:get_affiliation(occupant_jid);
|
|
if not affiliation or affiliation == 'none' or affiliation == 'member' then
|
|
-- module:log("debug", "Bypass lobby invitee %s", occupant_jid)
|
|
occupant.role = "participant";
|
|
room:set_affiliation(true, jid_bare(occupant_jid), "member")
|
|
room:save_occupant(occupant);
|
|
end
|
|
|
|
if room:get_password() then
|
|
-- bypass password on the flip device
|
|
local join = stanza:get_child("x", MUC_NS);
|
|
if not join then
|
|
join = stanza:tag("x", { xmlns = MUC_NS });
|
|
end
|
|
local password = join:get_child("password", MUC_NS);
|
|
if password then
|
|
join:maptags(
|
|
function(tag)
|
|
for k, v in pairs(tag) do
|
|
if k == "name" and v == "password" then
|
|
return nil
|
|
end
|
|
end
|
|
return tag
|
|
end);
|
|
end
|
|
join:tag("password", { xmlns = MUC_NS }):text(room:get_password());
|
|
end
|
|
elseif not session.jitsi_meet_context_features.flip or session.jitsi_meet_context_features.flip == false or session.jitsi_meet_context_features.flip == "false" then
|
|
module:log("warn", "Flip device tag present without jwt permission")
|
|
--remove flip_device tag if somebody wants to abuse this feature
|
|
remove_flip_tag(stanza)
|
|
else
|
|
module:log("warn", "Flip device tag present without user from different device")
|
|
--remove flip_device tag if somebody wants to abuse this feature
|
|
remove_flip_tag(stanza)
|
|
end
|
|
end
|
|
-- update authenticated participant list
|
|
participants[id] = occupant.nick;
|
|
room._data.participants_details = participants
|
|
-- module:log("debug", "current details list %s", inspect(participants))
|
|
else
|
|
if flip_device_tag then
|
|
module:log("warn", "Flip device tag present for a guest user")
|
|
-- remove flip_device tag because a guest want to do a sneaky join
|
|
remove_flip_tag(stanza)
|
|
end
|
|
end
|
|
end)
|
|
|
|
-- Kick participant from the the first device from the main room and lobby if applies
|
|
-- and transfer role from the previous participant, this will take care of the grant
|
|
-- moderation case
|
|
module:hook("muc-occupant-joined", function(event)
|
|
local room, occupant = event.room, event.occupant;
|
|
if is_healthcheck_room(room.jid) or is_admin(occupant.bare_jid) then
|
|
return;
|
|
end
|
|
|
|
if room._data.flip_participant_nick and occupant.nick == room._data.flip_participant_nick then
|
|
-- make joining participant from flip device have the same role and affiliation as for the previous device
|
|
local kicked_occupant = room:get_occupant_by_nick(room._data.kicked_participant_nick);
|
|
|
|
if not kicked_occupant then
|
|
module:log("info", "Kick participant not found, nick %s from main room jid %s",
|
|
room._data.kicked_participant_nick, room.jid)
|
|
return;
|
|
end
|
|
|
|
local initial_affiliation = room:get_affiliation(kicked_occupant.jid) or "member";
|
|
-- module:log("debug", "Transfer affiliation %s to occupant jid %s", initial_affiliation, occupant.jid)
|
|
room:set_affiliation(true, occupant.bare_jid, initial_affiliation)
|
|
if initial_affiliation == "owner" then
|
|
event.occupant.role = "moderator";
|
|
elseif initial_affiliation == "member" then
|
|
event.occupant.role = "participant";
|
|
end
|
|
-- Kick participant from the first device from the main room
|
|
local kicked_participant_node_jid = jid.split(kicked_occupant.jid);
|
|
module:log("info", "Kick participant jid %s nick %s from main room jid %s", kicked_occupant.jid, room._data.kicked_participant_nick, room.jid)
|
|
room:set_role(true, room._data.kicked_participant_nick, 'none')
|
|
room:save_occupant(occupant);
|
|
-- Kick participant from the first device from the lobby room
|
|
if room._data.lobbyroom then
|
|
local lobby_room_jid = room._data.lobbyroom;
|
|
local lobby_room = lobby_muc_service.get_room_from_jid(lobby_room_jid)
|
|
for _, occupant in lobby_room:each_occupant() do
|
|
local node = jid.split(occupant.jid);
|
|
if kicked_participant_node_jid == node then
|
|
module:log("info", "Kick participant from lobby %s", occupant.jid)
|
|
lobby_room:set_role(true, occupant.nick, 'none')
|
|
end
|
|
end
|
|
end
|
|
event.room._data.flip_participant_nick = nil
|
|
event.room._data.kicked_participant_nick = nil;
|
|
end
|
|
end,-2)
|
|
|
|
-- Update the local table after a participant leaves
|
|
module:hook("muc-occupant-left", function(event)
|
|
local occupant = event.occupant;
|
|
local session = event.origin;
|
|
if is_healthcheck_room(event.room.jid) or is_admin(occupant.bare_jid) then
|
|
return ;
|
|
end
|
|
if session and session.jitsi_meet_context_user and session.jitsi_meet_context_user.id then
|
|
local id = session.jitsi_meet_context_user.id
|
|
local participants = event.room._data.participants_details or {};
|
|
local occupant_left_nick = participants[id]
|
|
if occupant_left_nick == occupant.nick then
|
|
participants[id] = nil
|
|
event.room._data.participants_details = participants
|
|
end
|
|
end
|
|
end)
|
|
|
|
-- Add a flip_device tag on the unavailable presence from the kicked participant in order to silent the notifications
|
|
module:hook('muc-broadcast-presence', function(event)
|
|
local kicked_participant_nick = event.room._data.kicked_participant_nick
|
|
local stanza = event.stanza;
|
|
if kicked_participant_nick and stanza.attr.from == kicked_participant_nick and stanza.attr.type == 'unavailable' then
|
|
-- module:log("debug", "Add flip_device tag for presence unavailable from occupant nick %s", kicked_participant_nick)
|
|
stanza:tag("flip_device"):up();
|
|
end
|
|
end)
|
|
|
|
function process_lobby_muc_loaded(lobby_muc, host_module)
|
|
module:log('info', 'Lobby muc loaded');
|
|
lobby_muc_service = lobby_muc;
|
|
lobby_host = module:context(host_module);
|
|
end
|
|
|
|
-- process or waits to process the lobby muc component
|
|
process_host_module(lobby_muc_component_config, function(host_module, host)
|
|
-- lobby muc component created
|
|
module:log('info', 'Lobby component loaded %s', host);
|
|
|
|
local muc_module = prosody.hosts[host].modules.muc;
|
|
if muc_module then
|
|
process_lobby_muc_loaded(muc_module, host_module);
|
|
else
|
|
module:log('debug', 'Will wait for muc to be available');
|
|
prosody.hosts[host].events.add_handler('module-loaded', function(event)
|
|
if (event.module == 'muc') then
|
|
process_lobby_muc_loaded(prosody.hosts[host].modules.muc, host_module);
|
|
end
|
|
end);
|
|
end
|
|
end);
|