1 |
|
-module(mod_domain_isolation). |
2 |
|
-behaviour(gen_mod). |
3 |
|
|
4 |
|
-include_lib("exml/include/exml.hrl"). |
5 |
|
-include_lib("jid/include/jid.hrl"). |
6 |
|
-include("mongoose_config_spec.hrl"). |
7 |
|
|
8 |
|
%% gen_mod handlers |
9 |
|
-export([start/2, stop/1]). |
10 |
|
-export([hooks/1]). |
11 |
|
-export([config_spec/0]). |
12 |
|
-export([supported_features/0]). |
13 |
|
|
14 |
|
%% hooks |
15 |
|
-export([filter_local_packet/3]). |
16 |
|
|
17 |
|
-spec config_spec() -> mongoose_config_spec:config_section(). |
18 |
|
config_spec() -> |
19 |
186 |
#section{items = #{}}. |
20 |
|
|
21 |
|
start(_HostType, _Opts) -> |
22 |
1 |
ok. |
23 |
|
|
24 |
|
stop(_HostType) -> |
25 |
1 |
ok. |
26 |
|
|
27 |
|
-spec hooks(mongooseim:host_type()) -> gen_hook:hook_list(). |
28 |
|
hooks(HostType) -> |
29 |
2 |
[{filter_local_packet, HostType, fun ?MODULE:filter_local_packet/3, #{}, 10}]. |
30 |
|
|
31 |
|
-spec supported_features() -> [atom()]. |
32 |
1 |
supported_features() -> [dynamic_domains]. |
33 |
|
|
34 |
|
-spec filter_local_packet(FPacketAcc, Params, Extra) -> {ok, FPacketAcc} | {stop, drop} when |
35 |
|
FPacketAcc :: mongoose_hooks:filter_packet_acc(), |
36 |
|
Params :: map(), |
37 |
|
Extra :: gen_hook:extra(). |
38 |
|
filter_local_packet(drop, _, _) -> |
39 |
:-( |
{ok, drop}; |
40 |
|
filter_local_packet({#jid{lserver = Server}, #jid{lserver = Server}, _Acc, _Packet} = FPacketAcc, _, _) -> |
41 |
38 |
{ok, FPacketAcc}; |
42 |
|
filter_local_packet({#jid{lserver = FromServer}, #jid{lserver = ToServer}, _Acc, _Packet} = FPacketAcc, _, _) -> |
43 |
8 |
FromHost = domain_to_host(FromServer), |
44 |
8 |
ToHost = domain_to_host(ToServer), |
45 |
8 |
case resolve_hosts(FromHost, ToHost, FPacketAcc) of |
46 |
|
drop -> |
47 |
3 |
{stop, drop}; |
48 |
|
FPacketAcc -> |
49 |
5 |
{ok, FPacketAcc} |
50 |
|
end. |
51 |
|
|
52 |
|
-spec resolve_hosts(Host, Host, FPacketAcc) -> FPacketAcc | drop when |
53 |
|
Host :: jid:lserver(), |
54 |
|
FPacketAcc :: mongoose_hooks:filter_packet_acc(). |
55 |
|
resolve_hosts(Host, Host, FPacketAcc) -> |
56 |
2 |
FPacketAcc; |
57 |
|
resolve_hosts(_FromHost, _ToHost, {From, To, Acc, _Packet} = FPacketAcc) -> |
58 |
|
%% Allow errors from this module to be passed |
59 |
6 |
case mongoose_acc:get(domain_isolation, ignore, false, Acc) of |
60 |
|
true -> |
61 |
3 |
FPacketAcc; |
62 |
|
false -> |
63 |
3 |
maybe_send_back_error(From, To, Acc, FPacketAcc), |
64 |
3 |
drop |
65 |
|
end. |
66 |
|
|
67 |
|
%% muc.localhost becomes localhost. |
68 |
|
%% localhost stays localhost. |
69 |
|
-spec domain_to_host(jid:lserver()) -> jid:lserver(). |
70 |
|
domain_to_host(Domain) -> |
71 |
16 |
case mongoose_domain_api:get_subdomain_info(Domain) of |
72 |
4 |
{ok, #{parent_domain := Parent}} when is_binary(Parent) -> Parent; |
73 |
12 |
_ -> Domain |
74 |
|
end. |
75 |
|
|
76 |
|
-spec maybe_send_back_error(From, To, Acc, FPacketAcc) -> FPacketAcc | drop when |
77 |
|
From :: jid:jid(), |
78 |
|
To :: jid:jid(), |
79 |
|
Acc :: mongoose_acc:t(), |
80 |
|
FPacketAcc :: mongoose_hooks:filter_packet_acc(). |
81 |
|
maybe_send_back_error(From, To, Acc, FPacketAcc) -> |
82 |
3 |
case mongoose_acc:stanza_type(Acc) of |
83 |
|
<<"error">> -> %% Never reply to the errors |
84 |
:-( |
FPacketAcc; |
85 |
|
_ -> |
86 |
3 |
Err = mongoose_xmpp_errors:service_unavailable(<<"en">>, |
87 |
|
<<"Filtered by the domain isolation">>), |
88 |
3 |
Acc2 = mongoose_acc:set_permanent(domain_isolation, ignore, true, Acc), |
89 |
3 |
send_back_error(Err, From, To, Acc2), |
90 |
3 |
drop |
91 |
|
end. |
92 |
|
|
93 |
|
-spec send_back_error(Etype, From, To, Acc) -> Acc when |
94 |
|
Etype :: exml:element(), |
95 |
|
From :: jid:jid(), |
96 |
|
To :: jid:jid(), |
97 |
|
Acc :: mongoose_acc:t(). |
98 |
|
send_back_error(Etype, From, To, Acc) -> |
99 |
3 |
{Acc1, Err} = jlib:make_error_reply(Acc, Etype), |
100 |
3 |
ejabberd_router:route(To, From, Acc1, Err). |