From 329df3181143b0180b3ec73812b75f66785fbdbd Mon Sep 17 00:00:00 2001 From: damencho Date: Mon, 15 Sep 2025 14:26:31 -0500 Subject: [PATCH] feat: Requires a moderator to start a moderated room without a tenant. --- resources/prosody-plugins/mod_muc_allowners.lua | 16 ++++++++++++++++ .../prosody-plugins/mod_muc_wait_for_host.lua | 10 +++++++++- resources/prosody-plugins/token/util.lib.lua | 1 + 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/resources/prosody-plugins/mod_muc_allowners.lua b/resources/prosody-plugins/mod_muc_allowners.lua index 03e35bd0a9..54e7b9df96 100644 --- a/resources/prosody-plugins/mod_muc_allowners.lua +++ b/resources/prosody-plugins/mod_muc_allowners.lua @@ -14,6 +14,7 @@ local presence_check_status = util.presence_check_status; local MUC_NS = 'http://jabber.org/protocol/muc'; local disable_revoke_owners; +local allowner_issuers = module:get_option_set('allowner_issuers'); local function load_config() disable_revoke_owners = module:get_option_boolean("allowners_disable_revoke_owners", false); @@ -79,6 +80,21 @@ module:hook("muc-occupant-joined", function (event) end end, 2); +module:hook('room_has_host', function(event) + local room, session = event.room, event.session; + local moderated, _, tenant = is_moderated(room.jid); + + if not moderated then + return nil; + end + + if not tenant and allowner_issuers and not allowner_issuers:contains(session.jitsi_meet_auth_issuer) then + -- this will stop listeners execution and will return false, if we require a specific issuer for + -- a moderated room without a tenant and the issuer is not correct + return false; + end +end, 1); -- we want it executed before the one in wait_for_host module + module:hook_global('config-reloaded', load_config); -- Filters self-presences to a jid that exist in joining_participants array diff --git a/resources/prosody-plugins/mod_muc_wait_for_host.lua b/resources/prosody-plugins/mod_muc_wait_for_host.lua index 733ebe1de5..fcbfb007ea 100644 --- a/resources/prosody-plugins/mod_muc_wait_for_host.lua +++ b/resources/prosody-plugins/mod_muc_wait_for_host.lua @@ -62,7 +62,7 @@ module:hook('muc-occupant-pre-join', function (event) end if not room.has_host then - if session.auth_token or (session.username and jid.host(occupant.bare_jid) == muc_domain_base) then + if module:fire_event('room_has_host', { room = room; session = session; }) then -- the host is here, let's drop the lobby room:set_members_only(false); @@ -91,6 +91,14 @@ module:hook('muc-occupant-pre-join', function (event) end end); +module:hook('room_has_host', function(event) + local room, session = event.room, event.session; + if session.auth_token + or (session.username and jid.host(occupant.bare_jid) == muc_domain_base) then + return true; + end +end); + process_host_module(lobby_muc_component_config, function(host_module, host) -- lobby muc component created module:log('info', 'Lobby component loaded %s', host); diff --git a/resources/prosody-plugins/token/util.lib.lua b/resources/prosody-plugins/token/util.lib.lua index 739d985bb1..c473830ef1 100644 --- a/resources/prosody-plugins/token/util.lib.lua +++ b/resources/prosody-plugins/token/util.lib.lua @@ -320,6 +320,7 @@ function Util:process_and_verify_token(session) session.jitsi_meet_room = claims["room"]; -- Binds domain name to the session session.jitsi_meet_domain = claims["sub"]; + session.jitsi_meet_auth_issuer = claims["iss"]; -- Binds the user details to the session if available if claims["context"] ~= nil then