mirror of
https://github.com/processone/ejabberd.git
synced 2025-01-03 18:02:28 +01:00
912 lines
30 KiB
Erlang
912 lines
30 KiB
Erlang
%%%----------------------------------------------------------------------
|
|
%%% File : mod_privacy.erl
|
|
%%% Author : Alexey Shchepin <alexey@process-one.net>
|
|
%%% Purpose : jabber:iq:privacy support
|
|
%%% Created : 21 Jul 2003 by Alexey Shchepin <alexey@process-one.net>
|
|
%%%
|
|
%%%
|
|
%%% ejabberd, Copyright (C) 2002-2022 ProcessOne
|
|
%%%
|
|
%%% This program is free software; you can redistribute it and/or
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
%%% License, or (at your option) any later version.
|
|
%%%
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
%%% General Public License for more details.
|
|
%%%
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
%%%
|
|
%%%----------------------------------------------------------------------
|
|
|
|
-module(mod_privacy).
|
|
|
|
-author('alexey@process-one.net').
|
|
|
|
-protocol({xep, 16, '1.6'}).
|
|
|
|
-behaviour(gen_mod).
|
|
|
|
-export([start/2, stop/1, reload/3, process_iq/1, export/1,
|
|
c2s_copy_session/2, push_list_update/2, disco_features/5,
|
|
check_packet/4, remove_user/2, encode_list_item/1,
|
|
get_user_lists/2, get_user_list/3,
|
|
set_list/1, set_list/4, set_default_list/3,
|
|
user_send_packet/1, mod_doc/0,
|
|
import_start/2, import_stop/2, import/5, import_info/0,
|
|
mod_opt_type/1, mod_options/1, depends/2]).
|
|
|
|
-include("logger.hrl").
|
|
-include_lib("xmpp/include/xmpp.hrl").
|
|
-include("mod_privacy.hrl").
|
|
-include("translate.hrl").
|
|
|
|
-define(PRIVACY_CACHE, privacy_cache).
|
|
-define(PRIVACY_LIST_CACHE, privacy_list_cache).
|
|
|
|
-type c2s_state() :: ejabberd_c2s:state().
|
|
-callback init(binary(), gen_mod:opts()) -> any().
|
|
-callback import(#privacy{}) -> ok.
|
|
-callback set_default(binary(), binary(), binary()) ->
|
|
ok | {error, notfound | any()}.
|
|
-callback unset_default(binary(), binary()) -> ok | {error, any()}.
|
|
-callback remove_list(binary(), binary(), binary()) ->
|
|
ok | {error, notfound | conflict | any()}.
|
|
-callback remove_lists(binary(), binary()) -> ok | {error, any()}.
|
|
-callback set_lists(#privacy{}) -> ok | {error, any()}.
|
|
-callback set_list(binary(), binary(), binary(), [listitem()]) ->
|
|
ok | {error, any()}.
|
|
-callback get_list(binary(), binary(), binary() | default) ->
|
|
{ok, {binary(), [listitem()]}} | error | {error, any()}.
|
|
-callback get_lists(binary(), binary()) ->
|
|
{ok, #privacy{}} | error | {error, any()}.
|
|
-callback use_cache(binary()) -> boolean().
|
|
-callback cache_nodes(binary()) -> [node()].
|
|
|
|
-optional_callbacks([use_cache/1, cache_nodes/1]).
|
|
|
|
start(Host, Opts) ->
|
|
Mod = gen_mod:db_mod(Opts, ?MODULE),
|
|
Mod:init(Host, Opts),
|
|
init_cache(Mod, Host, Opts),
|
|
ejabberd_hooks:add(disco_local_features, Host, ?MODULE,
|
|
disco_features, 50),
|
|
ejabberd_hooks:add(c2s_copy_session, Host, ?MODULE,
|
|
c2s_copy_session, 50),
|
|
ejabberd_hooks:add(user_send_packet, Host, ?MODULE,
|
|
user_send_packet, 50),
|
|
ejabberd_hooks:add(privacy_check_packet, Host, ?MODULE,
|
|
check_packet, 50),
|
|
ejabberd_hooks:add(remove_user, Host, ?MODULE,
|
|
remove_user, 50),
|
|
gen_iq_handler:add_iq_handler(ejabberd_sm, Host,
|
|
?NS_PRIVACY, ?MODULE, process_iq).
|
|
|
|
stop(Host) ->
|
|
ejabberd_hooks:delete(disco_local_features, Host, ?MODULE,
|
|
disco_features, 50),
|
|
ejabberd_hooks:delete(c2s_copy_session, Host, ?MODULE,
|
|
c2s_copy_session, 50),
|
|
ejabberd_hooks:delete(user_send_packet, Host, ?MODULE,
|
|
user_send_packet, 50),
|
|
ejabberd_hooks:delete(privacy_check_packet, Host,
|
|
?MODULE, check_packet, 50),
|
|
ejabberd_hooks:delete(remove_user, Host, ?MODULE,
|
|
remove_user, 50),
|
|
gen_iq_handler:remove_iq_handler(ejabberd_sm, Host,
|
|
?NS_PRIVACY).
|
|
|
|
reload(Host, NewOpts, OldOpts) ->
|
|
NewMod = gen_mod:db_mod(NewOpts, ?MODULE),
|
|
OldMod = gen_mod:db_mod(OldOpts, ?MODULE),
|
|
if NewMod /= OldMod ->
|
|
NewMod:init(Host, NewOpts);
|
|
true ->
|
|
ok
|
|
end,
|
|
init_cache(NewMod, Host, NewOpts).
|
|
|
|
-spec disco_features({error, stanza_error()} | {result, [binary()]} | empty,
|
|
jid(), jid(), binary(), binary()) ->
|
|
{error, stanza_error()} | {result, [binary()]}.
|
|
disco_features({error, Err}, _From, _To, _Node, _Lang) ->
|
|
{error, Err};
|
|
disco_features(empty, _From, _To, <<"">>, _Lang) ->
|
|
{result, [?NS_PRIVACY]};
|
|
disco_features({result, Feats}, _From, _To, <<"">>, _Lang) ->
|
|
{result, [?NS_PRIVACY|Feats]};
|
|
disco_features(Acc, _From, _To, _Node, _Lang) ->
|
|
Acc.
|
|
|
|
-spec process_iq(iq()) -> iq().
|
|
process_iq(#iq{type = Type,
|
|
from = #jid{luser = U, lserver = S},
|
|
to = #jid{luser = U, lserver = S}} = IQ) ->
|
|
case Type of
|
|
get -> process_iq_get(IQ);
|
|
set -> process_iq_set(IQ)
|
|
end;
|
|
process_iq(#iq{lang = Lang} = IQ) ->
|
|
Txt = ?T("Query to another users is forbidden"),
|
|
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang)).
|
|
|
|
-spec process_iq_get(iq()) -> iq().
|
|
process_iq_get(#iq{lang = Lang,
|
|
sub_els = [#privacy_query{default = Default,
|
|
active = Active}]} = IQ)
|
|
when Default /= undefined; Active /= undefined ->
|
|
Txt = ?T("Only <list/> element is allowed in this query"),
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
|
|
process_iq_get(#iq{lang = Lang,
|
|
sub_els = [#privacy_query{lists = Lists}]} = IQ) ->
|
|
case Lists of
|
|
[] ->
|
|
process_lists_get(IQ);
|
|
[#privacy_list{name = ListName}] ->
|
|
process_list_get(IQ, ListName);
|
|
_ ->
|
|
Txt = ?T("Too many <list/> elements"),
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
|
|
end;
|
|
process_iq_get(#iq{lang = Lang} = IQ) ->
|
|
Txt = ?T("No module is handling this query"),
|
|
xmpp:make_error(IQ, xmpp:err_service_unavailable(Txt, Lang)).
|
|
|
|
-spec process_lists_get(iq()) -> iq().
|
|
process_lists_get(#iq{from = #jid{luser = LUser, lserver = LServer},
|
|
lang = Lang} = IQ) ->
|
|
case get_user_lists(LUser, LServer) of
|
|
{ok, #privacy{default = Default, lists = Lists}} ->
|
|
Active = xmpp:get_meta(IQ, privacy_active_list, none),
|
|
xmpp:make_iq_result(
|
|
IQ, #privacy_query{active = Active,
|
|
default = Default,
|
|
lists = [#privacy_list{name = Name}
|
|
|| {Name, _} <- Lists]});
|
|
error ->
|
|
xmpp:make_iq_result(
|
|
IQ, #privacy_query{active = none, default = none});
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(Txt, Lang))
|
|
end.
|
|
|
|
-spec process_list_get(iq(), binary()) -> iq().
|
|
process_list_get(#iq{from = #jid{luser = LUser, lserver = LServer},
|
|
lang = Lang} = IQ, Name) ->
|
|
case get_user_list(LUser, LServer, Name) of
|
|
{ok, {_, List}} ->
|
|
Items = lists:map(fun encode_list_item/1, List),
|
|
xmpp:make_iq_result(
|
|
IQ,
|
|
#privacy_query{
|
|
lists = [#privacy_list{name = Name, items = Items}]});
|
|
error ->
|
|
Txt = ?T("No privacy list with this name found"),
|
|
xmpp:make_error(IQ, xmpp:err_item_not_found(Txt, Lang));
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(Txt, Lang))
|
|
end.
|
|
|
|
-spec encode_list_item(listitem()) -> privacy_item().
|
|
encode_list_item(#listitem{action = Action,
|
|
order = Order,
|
|
type = Type,
|
|
match_all = MatchAll,
|
|
match_iq = MatchIQ,
|
|
match_message = MatchMessage,
|
|
match_presence_in = MatchPresenceIn,
|
|
match_presence_out = MatchPresenceOut,
|
|
value = Value}) ->
|
|
Item = #privacy_item{action = Action,
|
|
order = Order,
|
|
type = case Type of
|
|
none -> undefined;
|
|
Type -> Type
|
|
end,
|
|
value = encode_value(Type, Value)},
|
|
case MatchAll of
|
|
true ->
|
|
Item;
|
|
false ->
|
|
Item#privacy_item{message = MatchMessage,
|
|
iq = MatchIQ,
|
|
presence_in = MatchPresenceIn,
|
|
presence_out = MatchPresenceOut}
|
|
end.
|
|
|
|
-spec encode_value(listitem_type(), listitem_value()) -> binary().
|
|
encode_value(Type, Val) ->
|
|
case Type of
|
|
jid -> jid:encode(Val);
|
|
group -> Val;
|
|
subscription ->
|
|
case Val of
|
|
both -> <<"both">>;
|
|
to -> <<"to">>;
|
|
from -> <<"from">>;
|
|
none -> <<"none">>
|
|
end;
|
|
none -> <<"">>
|
|
end.
|
|
|
|
-spec decode_value(jid | subscription | group | undefined, binary()) ->
|
|
listitem_value().
|
|
decode_value(Type, Value) ->
|
|
case Type of
|
|
jid -> jid:tolower(jid:decode(Value));
|
|
subscription ->
|
|
case Value of
|
|
<<"from">> -> from;
|
|
<<"to">> -> to;
|
|
<<"both">> -> both;
|
|
<<"none">> -> none
|
|
end;
|
|
group when Value /= <<"">> -> Value;
|
|
undefined -> none
|
|
end.
|
|
|
|
-spec process_iq_set(iq()) -> iq().
|
|
process_iq_set(#iq{lang = Lang,
|
|
sub_els = [#privacy_query{default = Default,
|
|
active = Active,
|
|
lists = Lists}]} = IQ) ->
|
|
case Lists of
|
|
[#privacy_list{items = Items, name = ListName}]
|
|
when Default == undefined, Active == undefined ->
|
|
process_lists_set(IQ, ListName, Items);
|
|
[] when Default == undefined, Active /= undefined ->
|
|
process_active_set(IQ, Active);
|
|
[] when Active == undefined, Default /= undefined ->
|
|
process_default_set(IQ, Default);
|
|
_ ->
|
|
Txt = ?T("The stanza MUST contain only one <active/> element, "
|
|
"one <default/> element, or one <list/> element"),
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang))
|
|
end;
|
|
process_iq_set(#iq{lang = Lang} = IQ) ->
|
|
Txt = ?T("No module is handling this query"),
|
|
xmpp:make_error(IQ, xmpp:err_service_unavailable(Txt, Lang)).
|
|
|
|
-spec process_default_set(iq(), none | binary()) -> iq().
|
|
process_default_set(#iq{from = #jid{luser = LUser, lserver = LServer},
|
|
lang = Lang} = IQ, Value) ->
|
|
case set_default_list(LUser, LServer, Value) of
|
|
ok ->
|
|
xmpp:make_iq_result(IQ);
|
|
{error, notfound} ->
|
|
Txt = ?T("No privacy list with this name found"),
|
|
xmpp:make_error(IQ, xmpp:err_item_not_found(Txt, Lang));
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(Txt, Lang))
|
|
end.
|
|
|
|
-spec process_active_set(IQ, none | binary()) -> IQ.
|
|
process_active_set(IQ, none) ->
|
|
xmpp:make_iq_result(xmpp:put_meta(IQ, privacy_active_list, none));
|
|
process_active_set(#iq{from = #jid{luser = LUser, lserver = LServer},
|
|
lang = Lang} = IQ, Name) ->
|
|
case get_user_list(LUser, LServer, Name) of
|
|
{ok, _} ->
|
|
xmpp:make_iq_result(xmpp:put_meta(IQ, privacy_active_list, Name));
|
|
error ->
|
|
Txt = ?T("No privacy list with this name found"),
|
|
xmpp:make_error(IQ, xmpp:err_item_not_found(Txt, Lang));
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(Txt, Lang))
|
|
end.
|
|
|
|
-spec set_list(privacy()) -> ok | {error, any()}.
|
|
set_list(#privacy{us = {LUser, LServer}, lists = Lists} = Privacy) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
case Mod:set_lists(Privacy) of
|
|
ok ->
|
|
Names = [Name || {Name, _} <- Lists],
|
|
delete_cache(Mod, LUser, LServer, Names);
|
|
{error, _} = Err ->
|
|
Err
|
|
end.
|
|
|
|
-spec process_lists_set(iq(), binary(), [privacy_item()]) -> iq().
|
|
process_lists_set(#iq{from = #jid{luser = LUser, lserver = LServer},
|
|
lang = Lang} = IQ, Name, []) ->
|
|
case xmpp:get_meta(IQ, privacy_active_list, none) of
|
|
Name ->
|
|
Txt = ?T("Cannot remove active list"),
|
|
xmpp:make_error(IQ, xmpp:err_conflict(Txt, Lang));
|
|
_ ->
|
|
case remove_list(LUser, LServer, Name) of
|
|
ok ->
|
|
xmpp:make_iq_result(IQ);
|
|
{error, conflict} ->
|
|
Txt = ?T("Cannot remove default list"),
|
|
xmpp:make_error(IQ, xmpp:err_conflict(Txt, Lang));
|
|
{error, notfound} ->
|
|
Txt = ?T("No privacy list with this name found"),
|
|
xmpp:make_error(IQ, xmpp:err_item_not_found(Txt, Lang));
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
Err = xmpp:err_internal_server_error(Txt, Lang),
|
|
xmpp:make_error(IQ, Err)
|
|
end
|
|
end;
|
|
process_lists_set(#iq{from = #jid{luser = LUser, lserver = LServer} = From,
|
|
lang = Lang} = IQ, Name, Items) ->
|
|
case catch lists:map(fun decode_item/1, Items) of
|
|
{error, Why} ->
|
|
Txt = xmpp:io_format_error(Why),
|
|
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang));
|
|
List ->
|
|
case set_list(LUser, LServer, Name, List) of
|
|
ok ->
|
|
push_list_update(From, Name),
|
|
xmpp:make_iq_result(IQ);
|
|
{error, _} ->
|
|
Txt = ?T("Database failure"),
|
|
xmpp:make_error(IQ, xmpp:err_internal_server_error(Txt, Lang))
|
|
end
|
|
end.
|
|
|
|
-spec push_list_update(jid(), binary()) -> ok.
|
|
push_list_update(From, Name) ->
|
|
BareFrom = jid:remove_resource(From),
|
|
lists:foreach(
|
|
fun(R) ->
|
|
To = jid:replace_resource(From, R),
|
|
IQ = #iq{type = set, from = BareFrom, to = To,
|
|
id = <<"push", (p1_rand:get_string())/binary>>,
|
|
sub_els = [#privacy_query{
|
|
lists = [#privacy_list{name = Name}]}]},
|
|
ejabberd_router:route(IQ)
|
|
end, ejabberd_sm:get_user_resources(From#jid.luser, From#jid.lserver)).
|
|
|
|
-spec decode_item(privacy_item()) -> listitem().
|
|
decode_item(#privacy_item{order = Order,
|
|
action = Action,
|
|
type = T,
|
|
value = V,
|
|
message = MatchMessage,
|
|
iq = MatchIQ,
|
|
presence_in = MatchPresenceIn,
|
|
presence_out = MatchPresenceOut}) ->
|
|
Value = try decode_value(T, V)
|
|
catch _:_ ->
|
|
throw({error, {bad_attr_value, <<"value">>,
|
|
<<"item">>, ?NS_PRIVACY}})
|
|
end,
|
|
Type = case T of
|
|
undefined -> none;
|
|
_ -> T
|
|
end,
|
|
ListItem = #listitem{order = Order,
|
|
action = Action,
|
|
type = Type,
|
|
value = Value},
|
|
if not (MatchMessage or MatchIQ or MatchPresenceIn or MatchPresenceOut) ->
|
|
ListItem#listitem{match_all = true};
|
|
true ->
|
|
ListItem#listitem{match_iq = MatchIQ,
|
|
match_message = MatchMessage,
|
|
match_presence_in = MatchPresenceIn,
|
|
match_presence_out = MatchPresenceOut}
|
|
end.
|
|
|
|
-spec c2s_copy_session(c2s_state(), c2s_state()) -> c2s_state().
|
|
c2s_copy_session(State, #{privacy_active_list := List}) ->
|
|
State#{privacy_active_list => List};
|
|
c2s_copy_session(State, _) ->
|
|
State.
|
|
|
|
%% Adjust the client's state, so next packets (which can be already queued)
|
|
%% will take the active list into account.
|
|
-spec update_c2s_state_with_privacy_list(stanza(), c2s_state()) -> c2s_state().
|
|
update_c2s_state_with_privacy_list(#iq{type = set,
|
|
to = #jid{luser = U, lserver = S,
|
|
lresource = <<"">>} = To} = IQ,
|
|
State) ->
|
|
%% Match a IQ set containing a new active privacy list
|
|
case xmpp:get_subtag(IQ, #privacy_query{}) of
|
|
#privacy_query{default = undefined, active = Active} ->
|
|
case Active of
|
|
none ->
|
|
?DEBUG("Removing active privacy list for user: ~ts",
|
|
[jid:encode(To)]),
|
|
State#{privacy_active_list => none};
|
|
undefined ->
|
|
State;
|
|
_ ->
|
|
case get_user_list(U, S, Active) of
|
|
{ok, _} ->
|
|
?DEBUG("Setting active privacy list '~ts' for user: ~ts",
|
|
[Active, jid:encode(To)]),
|
|
State#{privacy_active_list => Active};
|
|
_ ->
|
|
%% unknown privacy list name
|
|
State
|
|
end
|
|
end;
|
|
_ ->
|
|
State
|
|
end;
|
|
update_c2s_state_with_privacy_list(_Packet, State) ->
|
|
State.
|
|
|
|
%% Add the active privacy list to packet metadata
|
|
-spec user_send_packet({stanza(), c2s_state()}) -> {stanza(), c2s_state()}.
|
|
user_send_packet({#iq{type = Type,
|
|
to = #jid{luser = U, lserver = S, lresource = <<"">>},
|
|
from = #jid{luser = U, lserver = S},
|
|
sub_els = [_]} = IQ,
|
|
#{privacy_active_list := Name} = State})
|
|
when Type == get; Type == set ->
|
|
NewIQ = case xmpp:has_subtag(IQ, #privacy_query{}) of
|
|
true -> xmpp:put_meta(IQ, privacy_active_list, Name);
|
|
false -> IQ
|
|
end,
|
|
{NewIQ, update_c2s_state_with_privacy_list(IQ, State)};
|
|
%% For client with no active privacy list, see if there is
|
|
%% one about to be activated in this packet and update client state
|
|
user_send_packet({Packet, State}) ->
|
|
{Packet, update_c2s_state_with_privacy_list(Packet, State)}.
|
|
|
|
-spec set_list(binary(), binary(), binary(), [listitem()]) -> ok | {error, any()}.
|
|
set_list(LUser, LServer, Name, List) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
case Mod:set_list(LUser, LServer, Name, List) of
|
|
ok ->
|
|
delete_cache(Mod, LUser, LServer, [Name]);
|
|
{error, _} = Err ->
|
|
Err
|
|
end.
|
|
|
|
-spec remove_list(binary(), binary(), binary()) ->
|
|
ok | {error, conflict | notfound | any()}.
|
|
remove_list(LUser, LServer, Name) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
case Mod:remove_list(LUser, LServer, Name) of
|
|
ok ->
|
|
delete_cache(Mod, LUser, LServer, [Name]);
|
|
Err ->
|
|
Err
|
|
end.
|
|
|
|
-spec get_user_lists(binary(), binary()) -> {ok, privacy()} | error | {error, any()}.
|
|
get_user_lists(User, Server) ->
|
|
LUser = jid:nodeprep(User),
|
|
LServer = jid:nameprep(Server),
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
case use_cache(Mod, LServer) of
|
|
true ->
|
|
ets_cache:lookup(
|
|
?PRIVACY_CACHE, {LUser, LServer},
|
|
fun() -> Mod:get_lists(LUser, LServer) end);
|
|
false ->
|
|
Mod:get_lists(LUser, LServer)
|
|
end.
|
|
|
|
-spec get_user_list(binary(), binary(), binary() | default) ->
|
|
{ok, {binary(), [listitem()]}} | error | {error, any()}.
|
|
get_user_list(LUser, LServer, Name) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
case use_cache(Mod, LServer) of
|
|
true ->
|
|
ets_cache:lookup(
|
|
?PRIVACY_LIST_CACHE, {LUser, LServer, Name},
|
|
fun() ->
|
|
case ets_cache:lookup(
|
|
?PRIVACY_CACHE, {LUser, LServer}) of
|
|
{ok, Privacy} ->
|
|
get_list_by_name(Privacy, Name);
|
|
error ->
|
|
Mod:get_list(LUser, LServer, Name)
|
|
end
|
|
end);
|
|
false ->
|
|
Mod:get_list(LUser, LServer, Name)
|
|
end.
|
|
|
|
-spec get_list_by_name(#privacy{}, binary() | default) ->
|
|
{ok, {binary(), [listitem()]}} | error.
|
|
get_list_by_name(#privacy{default = Default} = Privacy, default) ->
|
|
get_list_by_name(Privacy, Default);
|
|
get_list_by_name(#privacy{lists = Lists}, Name) ->
|
|
case lists:keyfind(Name, 1, Lists) of
|
|
{_, List} -> {ok, {Name, List}};
|
|
false -> error
|
|
end.
|
|
|
|
-spec set_default_list(binary(), binary(), binary() | none) ->
|
|
ok | {error, notfound | any()}.
|
|
set_default_list(LUser, LServer, Name) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
Res = case Name of
|
|
none -> Mod:unset_default(LUser, LServer);
|
|
_ -> Mod:set_default(LUser, LServer, Name)
|
|
end,
|
|
case Res of
|
|
ok ->
|
|
delete_cache(Mod, LUser, LServer, []);
|
|
Err ->
|
|
Err
|
|
end.
|
|
|
|
-spec check_packet(allow | deny, c2s_state() | jid(), stanza(), in | out) -> allow | deny.
|
|
check_packet(Acc, #{jid := JID} = State, Packet, Dir) ->
|
|
case maps:get(privacy_active_list, State, none) of
|
|
none ->
|
|
check_packet(Acc, JID, Packet, Dir);
|
|
ListName ->
|
|
#jid{luser = LUser, lserver = LServer} = JID,
|
|
case get_user_list(LUser, LServer, ListName) of
|
|
{ok, {_, List}} ->
|
|
do_check_packet(JID, List, Packet, Dir);
|
|
_ ->
|
|
?DEBUG("Non-existing active list '~ts' is set "
|
|
"for user '~ts'", [ListName, jid:encode(JID)]),
|
|
check_packet(Acc, JID, Packet, Dir)
|
|
end
|
|
end;
|
|
check_packet(_, JID, Packet, Dir) ->
|
|
#jid{luser = LUser, lserver = LServer} = JID,
|
|
case get_user_list(LUser, LServer, default) of
|
|
{ok, {_, List}} ->
|
|
do_check_packet(JID, List, Packet, Dir);
|
|
_ ->
|
|
allow
|
|
end.
|
|
|
|
%% From is the sender, To is the destination.
|
|
%% If Dir = out, User@Server is the sender account (From).
|
|
%% If Dir = in, User@Server is the destination account (To).
|
|
-spec do_check_packet(jid(), [listitem()], stanza(), in | out) -> allow | deny.
|
|
do_check_packet(_, [], _, _) ->
|
|
allow;
|
|
do_check_packet(#jid{luser = LUser, lserver = LServer}, List, Packet, Dir) ->
|
|
From = xmpp:get_from(Packet),
|
|
To = xmpp:get_to(Packet),
|
|
case {From, To} of
|
|
{#jid{luser = <<"">>, lserver = LServer},
|
|
#jid{lserver = LServer}} when Dir == in ->
|
|
%% Allow any packets from local server
|
|
allow;
|
|
{#jid{lserver = LServer},
|
|
#jid{luser = <<"">>, lserver = LServer}} when Dir == out ->
|
|
%% Allow any packets to local server
|
|
allow;
|
|
{#jid{luser = LUser, lserver = LServer, lresource = <<"">>},
|
|
#jid{luser = LUser, lserver = LServer}} when Dir == in ->
|
|
%% Allow incoming packets from user's bare jid to his full jid
|
|
allow;
|
|
{#jid{luser = LUser, lserver = LServer},
|
|
#jid{luser = LUser, lserver = LServer, lresource = <<"">>}} when Dir == out ->
|
|
%% Allow outgoing packets from user's full jid to his bare JID
|
|
allow;
|
|
_ ->
|
|
PType = case Packet of
|
|
#message{} -> message;
|
|
#iq{} -> iq;
|
|
#presence{type = available} -> presence;
|
|
#presence{type = unavailable} -> presence;
|
|
_ -> other
|
|
end,
|
|
PType2 = case {PType, Dir} of
|
|
{message, in} -> message;
|
|
{iq, in} -> iq;
|
|
{presence, in} -> presence_in;
|
|
{presence, out} -> presence_out;
|
|
{_, _} -> other
|
|
end,
|
|
LJID = case Dir of
|
|
in -> jid:tolower(From);
|
|
out -> jid:tolower(To)
|
|
end,
|
|
check_packet_aux(List, PType2, LJID, [LUser, LServer])
|
|
end.
|
|
|
|
-spec check_packet_aux([listitem()],
|
|
message | iq | presence_in | presence_out | other,
|
|
ljid(), [binary()] | {none | both | from | to, [binary()]}) ->
|
|
allow | deny.
|
|
%% Ptype = message | iq | presence_in | presence_out | other
|
|
check_packet_aux([], _PType, _JID, _RosterInfo) ->
|
|
allow;
|
|
check_packet_aux([Item | List], PType, JID, RosterInfo) ->
|
|
#listitem{type = Type, value = Value, action = Action} =
|
|
Item,
|
|
case is_ptype_match(Item, PType) of
|
|
true ->
|
|
case is_type_match(Type, Value, JID, RosterInfo) of
|
|
{true, _} -> Action;
|
|
{false, RI} ->
|
|
check_packet_aux(List, PType, JID, RI)
|
|
end;
|
|
false ->
|
|
check_packet_aux(List, PType, JID, RosterInfo)
|
|
end.
|
|
|
|
-spec is_ptype_match(listitem(),
|
|
message | iq | presence_in | presence_out | other) ->
|
|
boolean().
|
|
is_ptype_match(Item, PType) ->
|
|
case Item#listitem.match_all of
|
|
true -> true;
|
|
false ->
|
|
case PType of
|
|
message -> Item#listitem.match_message;
|
|
iq -> Item#listitem.match_iq;
|
|
presence_in -> Item#listitem.match_presence_in;
|
|
presence_out -> Item#listitem.match_presence_out;
|
|
other -> false
|
|
end
|
|
end.
|
|
|
|
-spec is_type_match(none | jid | subscription | group, listitem_value(),
|
|
ljid(), [binary()] | {none | both | from | to, [binary()]}) ->
|
|
{boolean(), [binary()] | {none | both | from | to, [binary()]}}.
|
|
is_type_match(none, _Value, _JID, RosterInfo) ->
|
|
{true, RosterInfo};
|
|
is_type_match(jid, Value, JID, RosterInfo) ->
|
|
case Value of
|
|
{<<"">>, Server, <<"">>} ->
|
|
case JID of
|
|
{_, Server, _} -> {true, RosterInfo};
|
|
_ -> {false, RosterInfo}
|
|
end;
|
|
{User, Server, <<"">>} ->
|
|
case JID of
|
|
{User, Server, _} -> {true, RosterInfo};
|
|
_ -> {false, RosterInfo}
|
|
end;
|
|
{<<"">>, Server, Resource} ->
|
|
case JID of
|
|
{_, Server, Resource} -> {true, RosterInfo};
|
|
_ -> {false, RosterInfo}
|
|
end;
|
|
_ -> {Value == JID, RosterInfo}
|
|
end;
|
|
is_type_match(subscription, Value, JID, RosterInfo) ->
|
|
{Subscription, _} = RI = resolve_roster_info(JID, RosterInfo),
|
|
{Value == Subscription, RI};
|
|
is_type_match(group, Group, JID, RosterInfo) ->
|
|
{_, Groups} = RI = resolve_roster_info(JID, RosterInfo),
|
|
{lists:member(Group, Groups), RI}.
|
|
|
|
-spec resolve_roster_info(ljid(), [binary()] | {none | both | from | to, [binary()]}) ->
|
|
{none | both | from | to, [binary()]}.
|
|
resolve_roster_info(JID, [LUser, LServer]) ->
|
|
{Subscription, _Ask, Groups} =
|
|
ejabberd_hooks:run_fold(
|
|
roster_get_jid_info, LServer,
|
|
{none, none, []},
|
|
[LUser, LServer, JID]),
|
|
{Subscription, Groups};
|
|
resolve_roster_info(_, RosterInfo) ->
|
|
RosterInfo.
|
|
|
|
-spec remove_user(binary(), binary()) -> ok.
|
|
remove_user(User, Server) ->
|
|
LUser = jid:nodeprep(User),
|
|
LServer = jid:nameprep(Server),
|
|
Privacy = get_user_lists(LUser, LServer),
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
Mod:remove_lists(LUser, LServer),
|
|
case Privacy of
|
|
{ok, #privacy{lists = Lists}} ->
|
|
Names = [Name || {Name, _} <- Lists],
|
|
delete_cache(Mod, LUser, LServer, Names);
|
|
_ ->
|
|
ok
|
|
end.
|
|
|
|
-spec init_cache(module(), binary(), gen_mod:opts()) -> ok.
|
|
init_cache(Mod, Host, Opts) ->
|
|
case use_cache(Mod, Host) of
|
|
true ->
|
|
CacheOpts = cache_opts(Opts),
|
|
ets_cache:new(?PRIVACY_CACHE, CacheOpts),
|
|
ets_cache:new(?PRIVACY_LIST_CACHE, CacheOpts);
|
|
false ->
|
|
ets_cache:delete(?PRIVACY_CACHE),
|
|
ets_cache:delete(?PRIVACY_LIST_CACHE)
|
|
end.
|
|
|
|
-spec cache_opts(gen_mod:opts()) -> [proplists:property()].
|
|
cache_opts(Opts) ->
|
|
MaxSize = mod_privacy_opt:cache_size(Opts),
|
|
CacheMissed = mod_privacy_opt:cache_missed(Opts),
|
|
LifeTime = mod_privacy_opt:cache_life_time(Opts),
|
|
[{max_size, MaxSize}, {cache_missed, CacheMissed}, {life_time, LifeTime}].
|
|
|
|
-spec use_cache(module(), binary()) -> boolean().
|
|
use_cache(Mod, Host) ->
|
|
case erlang:function_exported(Mod, use_cache, 1) of
|
|
true -> Mod:use_cache(Host);
|
|
false -> mod_privacy_opt:use_cache(Host)
|
|
end.
|
|
|
|
-spec cache_nodes(module(), binary()) -> [node()].
|
|
cache_nodes(Mod, Host) ->
|
|
case erlang:function_exported(Mod, cache_nodes, 1) of
|
|
true -> Mod:cache_nodes(Host);
|
|
false -> ejabberd_cluster:get_nodes()
|
|
end.
|
|
|
|
-spec delete_cache(module(), binary(), binary(), [binary()]) -> ok.
|
|
delete_cache(Mod, LUser, LServer, Names) ->
|
|
case use_cache(Mod, LServer) of
|
|
true ->
|
|
Nodes = cache_nodes(Mod, LServer),
|
|
ets_cache:delete(?PRIVACY_CACHE, {LUser, LServer}, Nodes),
|
|
lists:foreach(
|
|
fun(Name) ->
|
|
ets_cache:delete(
|
|
?PRIVACY_LIST_CACHE,
|
|
{LUser, LServer, Name},
|
|
Nodes)
|
|
end, [default|Names]);
|
|
false ->
|
|
ok
|
|
end.
|
|
|
|
numeric_to_binary(<<0, 0, _/binary>>) ->
|
|
<<"0">>;
|
|
numeric_to_binary(<<0, _, _:6/binary, T/binary>>) ->
|
|
Res = lists:foldl(
|
|
fun(X, Sum) ->
|
|
Sum*10000 + X
|
|
end, 0, [X || <<X:16>> <= T]),
|
|
integer_to_binary(Res).
|
|
|
|
bool_to_binary(<<0>>) -> <<"0">>;
|
|
bool_to_binary(<<1>>) -> <<"1">>.
|
|
|
|
prepare_list_data(mysql, [ID|Row]) ->
|
|
[binary_to_integer(ID)|Row];
|
|
prepare_list_data(pgsql, [<<ID:64>>,
|
|
SType, SValue, SAction, SOrder, SMatchAll,
|
|
SMatchIQ, SMatchMessage, SMatchPresenceIn,
|
|
SMatchPresenceOut]) ->
|
|
[ID, SType, SValue, SAction,
|
|
numeric_to_binary(SOrder),
|
|
bool_to_binary(SMatchAll),
|
|
bool_to_binary(SMatchIQ),
|
|
bool_to_binary(SMatchMessage),
|
|
bool_to_binary(SMatchPresenceIn),
|
|
bool_to_binary(SMatchPresenceOut)].
|
|
|
|
prepare_id(mysql, ID) ->
|
|
binary_to_integer(ID);
|
|
prepare_id(pgsql, <<ID:32>>) ->
|
|
ID.
|
|
|
|
import_info() ->
|
|
[{<<"privacy_default_list">>, 2},
|
|
{<<"privacy_list_data">>, 10},
|
|
{<<"privacy_list">>, 4}].
|
|
|
|
import_start(LServer, DBType) ->
|
|
ets:new(privacy_default_list_tmp, [private, named_table]),
|
|
ets:new(privacy_list_data_tmp, [private, named_table, bag]),
|
|
ets:new(privacy_list_tmp, [private, named_table, bag,
|
|
{keypos, #privacy.us}]),
|
|
Mod = gen_mod:db_mod(DBType, ?MODULE),
|
|
Mod:init(LServer, []).
|
|
|
|
import(LServer, {sql, _}, _DBType, <<"privacy_default_list">>, [LUser, Name]) ->
|
|
US = {LUser, LServer},
|
|
ets:insert(privacy_default_list_tmp, {US, Name}),
|
|
ok;
|
|
import(LServer, {sql, SQLType}, _DBType, <<"privacy_list_data">>, Row1) ->
|
|
[ID|Row] = prepare_list_data(SQLType, Row1),
|
|
case mod_privacy_sql:raw_to_item(Row) of
|
|
[Item] ->
|
|
IS = {ID, LServer},
|
|
ets:insert(privacy_list_data_tmp, {IS, Item}),
|
|
ok;
|
|
[] ->
|
|
ok
|
|
end;
|
|
import(LServer, {sql, SQLType}, _DBType, <<"privacy_list">>,
|
|
[LUser, Name, ID, _TimeStamp]) ->
|
|
US = {LUser, LServer},
|
|
IS = {prepare_id(SQLType, ID), LServer},
|
|
Default = case ets:lookup(privacy_default_list_tmp, US) of
|
|
[{_, Name}] -> Name;
|
|
_ -> none
|
|
end,
|
|
case [Item || {_, Item} <- ets:lookup(privacy_list_data_tmp, IS)] of
|
|
[_|_] = Items ->
|
|
Privacy = #privacy{us = {LUser, LServer},
|
|
default = Default,
|
|
lists = [{Name, Items}]},
|
|
ets:insert(privacy_list_tmp, Privacy),
|
|
ets:delete(privacy_list_data_tmp, IS),
|
|
ok;
|
|
_ ->
|
|
ok
|
|
end.
|
|
|
|
import_stop(_LServer, DBType) ->
|
|
import_next(DBType, ets:first(privacy_list_tmp)),
|
|
ets:delete(privacy_default_list_tmp),
|
|
ets:delete(privacy_list_data_tmp),
|
|
ets:delete(privacy_list_tmp),
|
|
ok.
|
|
|
|
import_next(_DBType, '$end_of_table') ->
|
|
ok;
|
|
import_next(DBType, US) ->
|
|
[P|_] = Ps = ets:lookup(privacy_list_tmp, US),
|
|
Lists = lists:flatmap(
|
|
fun(#privacy{lists = Lists}) ->
|
|
Lists
|
|
end, Ps),
|
|
Privacy = P#privacy{lists = Lists},
|
|
Mod = gen_mod:db_mod(DBType, ?MODULE),
|
|
Mod:import(Privacy),
|
|
import_next(DBType, ets:next(privacy_list_tmp, US)).
|
|
|
|
export(LServer) ->
|
|
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
|
Mod:export(LServer).
|
|
|
|
depends(_Host, _Opts) ->
|
|
[].
|
|
|
|
mod_opt_type(db_type) ->
|
|
econf:db_type(?MODULE);
|
|
mod_opt_type(use_cache) ->
|
|
econf:bool();
|
|
mod_opt_type(cache_size) ->
|
|
econf:pos_int(infinity);
|
|
mod_opt_type(cache_missed) ->
|
|
econf:bool();
|
|
mod_opt_type(cache_life_time) ->
|
|
econf:timeout(second, infinity).
|
|
|
|
mod_options(Host) ->
|
|
[{db_type, ejabberd_config:default_db(Host, ?MODULE)},
|
|
{use_cache, ejabberd_option:use_cache(Host)},
|
|
{cache_size, ejabberd_option:cache_size(Host)},
|
|
{cache_missed, ejabberd_option:cache_missed(Host)},
|
|
{cache_life_time, ejabberd_option:cache_life_time(Host)}].
|
|
|
|
mod_doc() ->
|
|
#{desc =>
|
|
[?T("This module implements "
|
|
"https://xmpp.org/extensions/xep-0016.html"
|
|
"[XEP-0016: Privacy Lists]."), "",
|
|
?T("NOTE: Nowadays modern XMPP clients rely on "
|
|
"https://xmpp.org/extensions/xep-0191.html"
|
|
"[XEP-0191: Blocking Command] which is implemented by "
|
|
"'mod_blocking' module. However, you still need "
|
|
"'mod_privacy' loaded in order for _`mod_blocking`_ to work.")],
|
|
opts =>
|
|
[{db_type,
|
|
#{value => "mnesia | sql",
|
|
desc =>
|
|
?T("Same as top-level _`default_db`_ option, but applied to this module only.")}},
|
|
{use_cache,
|
|
#{value => "true | false",
|
|
desc =>
|
|
?T("Same as top-level _`use_cache`_ option, but applied to this module only.")}},
|
|
{cache_size,
|
|
#{value => "pos_integer() | infinity",
|
|
desc =>
|
|
?T("Same as top-level _`cache_size`_ option, but applied to this module only.")}},
|
|
{cache_missed,
|
|
#{value => "true | false",
|
|
desc =>
|
|
?T("Same as top-level _`cache_missed`_ option, but applied to this module only.")}},
|
|
{cache_life_time,
|
|
#{value => "timeout()",
|
|
desc =>
|
|
?T("Same as top-level _`cache_life_time`_ option, but applied to this module only.")}}]}.
|