mirror of
https://git.phreedom.club/localhost_frssoft/fediauth.git
synced 2025-01-07 00:24:32 +00:00
improved checks for input fedi handle and support instances restrictions
This commit is contained in:
parent
51b89003f6
commit
6b95a65a08
|
@ -228,7 +228,17 @@ function fediauth.give_code(secret_b32, time)
|
|||
return codeseq
|
||||
end
|
||||
|
||||
function fediauth.str_repeats(s,c)
|
||||
local _,n = s:gsub(c,"")
|
||||
return n
|
||||
function fediauth.check_for_restricted_instance(domain)
|
||||
local restricted_instances = minetest.settings:get("fediauth.restricted_instances") or {}
|
||||
if type(restricted_instances) == "string" then
|
||||
restricted_instances = restricted_instances:split(",")
|
||||
end
|
||||
for _, instance in ipairs(restricted_instances) do
|
||||
if instance == domain then
|
||||
minetest.log("action", "[fediauth] domain restricted: '" .. domain .. "'")
|
||||
return true
|
||||
end
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
|
|
13
join.lua
13
join.lua
|
@ -124,11 +124,22 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||
-- check for new player or doesn't have fedi account
|
||||
if fields.fediverse_account_url then
|
||||
-- basic prevent mention spam and limit length
|
||||
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 or fediauth.str_repeats(fields.fediverse_account_url, "@") > 2 then
|
||||
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect"))
|
||||
minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd)
|
||||
return
|
||||
end
|
||||
fedihandle = fields.fediverse_account_url:split("@")
|
||||
if #fedihandle ~= 2 then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Incorrect format"))
|
||||
minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd)
|
||||
return
|
||||
end
|
||||
if fediauth.check_for_restricted_instance(fedihandle[2]) then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", fedihandle[2] .. "has restricted, try another..."))
|
||||
minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd)
|
||||
return
|
||||
end
|
||||
local secret_b32 = fediauth.get_player_secret_b32(playername)
|
||||
local codeseq = fediauth.give_code(secret_b32)
|
||||
fediauth.send_code(codeseq[1], fields.fediverse_account_url)
|
||||
|
|
22
onboard.lua
22
onboard.lua
|
@ -39,12 +39,22 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||
return
|
||||
end
|
||||
|
||||
if fields.fediverse_account_url then
|
||||
if fields.fediverse_account_url then
|
||||
local playername = player:get_player_name()
|
||||
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect"))
|
||||
return
|
||||
end
|
||||
-- basic prevent mention spam and limit length
|
||||
if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect"))
|
||||
return
|
||||
end
|
||||
fedihandle = fields.fediverse_account_url:split("@")
|
||||
if #fedihandle ~= 2 then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Incorrect format"))
|
||||
return
|
||||
end
|
||||
if fediauth.check_for_restricted_instance(fedihandle[2]) then
|
||||
minetest.chat_send_player(playername, minetest.colorize("#ff0000", fedihandle[2] .. "has restricted, try another..."))
|
||||
return
|
||||
end
|
||||
local secret_b32 = fediauth.get_player_secret_b32(playername)
|
||||
local codeseq = fediauth.give_code(secret_b32)
|
||||
fediauth.send_code(codeseq[1], fields.fediverse_account_url)
|
||||
|
@ -56,7 +66,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||
|
||||
minetest.show_formspec(playername, FORMNAME, formspec)
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
if fields.code then
|
||||
local playername = player:get_player_name()
|
||||
|
|
|
@ -7,3 +7,7 @@ fediauth.api_token (Token for account) string
|
|||
|
||||
# If no fediverse account - no access to server
|
||||
fediauth.fedi_required (Require Fediverse account for each user) bool false
|
||||
|
||||
# Useful if remote instance blocked on service account server or any other reasons
|
||||
# Separated by comma
|
||||
fediauth.restricted_instances (Restrict instance domains) string example.com,another.example.com,
|
||||
|
|
Loading…
Reference in a new issue