Hey,
I'm creating a web site with XMPP based chat and I'd like some features (e.g. adding contacts) to be only allowed through the web app backend - user will make a request to the web app and it will make XMPP request to ejabberd server on behalf of the user. I was thinking about attaching an authorization token to every request sent by the web app and ejabberd would reject all requests of a specific type with missing/invalid token.
Is it possible?
Cheers,
Szymon
If you apply this change to
If you apply this change to ejabberd 2.1.x
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 7888256..4276ee6 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -1784,12 +1784,17 @@ presence_track(From, To, Packet, StateData) -> StateData#state{pres_i = I, pres_a = A}; "subscribe" -> + case xml:get_attr_s("subscribe-token", Attrs) of + "abcd" -> ejabberd_hooks:run(roster_out_subscription, Server, [User, Server, To, subscribe]), check_privacy_route(From, StateData, jlib:jid_remove_resource(From), To, Packet), StateData; + _ -> + StateData + end; "subscribed" -> ejabberd_hooks:run(roster_out_subscription, Server,When a client sends this, nothing happens:
When a client sends this, the subscription works as usual:
<presence subscribe-token="abcd" type='subscribe' to='badlop2@localhost'> <status>Me gustarÃa añadirte a mi lista de contactos.<status> <presence>