Builtin Prosody modules:

* initialize prosody modules folder
* comment on prosody modules licensing
* use mod_muc_http_defaults to set rooms properties and prevent unauthorized room creation WIP

prosody-modules/mod_muc_http_defaults/README.markdown

@@ -0,0 +1,191 @@
+---
+summary: Seed MUC configuration from JSON REST API
+---
+
+# Introduction
+
+This module fetches configuration for MUC rooms from an API when rooms
+are created.
+
+# Requirements
+
+Should work with Prosody 0.11.
+
+# Configuration
+
+`muc_create_api_url`
+:   URL template for the API endpoint to get settings. `{room.jid}` is
+    replaced by the address of the room in question.
+
+`muc_create_api_auth`
+:   The value of the Authorization header to authenticate against the
+    API. E.g. `"Bearer /rXU4tkQTYQMgdHfMLH6"`{.lua}
+
+In the URL template variable, the room JID is available as `{room.jid}`,
+which would be turned into `room@muc.host`. To only get the room
+localpart, `{room.jid|jid_node}` can be used, and `{room.jid|jid_host}`
+splits out the `muc.host` part.
+
+## Example
+
+``` {.lua}
+Component "channels.example.net" "muc"
+modules_enabled = { "muc_http_defaults" }
+muc_create_api_url = "https://api.example.net/muc/config?jid={room.jid}"
+```
+
+# API
+
+A RESTful JSON API is used. Any error causes the room to be destroyed.
+
+The returned JSON consists of two main parts, the room configuration and
+the affiliations (member list).
+
+## Room Configuration
+
+The top level `config` field contains a map of properties corresponding
+to the fields in the room configuration dialog, named similarly to the
+[room configuration default][doc:modules:mod_muc#room-configuration-defaults] in
+Prosodys config file.
+
+| Property               | Type    | Description                                                               |
+|------------------------|---------|---------------------------------------------------------------------------|
+| `name`                 | string  | Name of the chat                                                          |
+| `description`          | string  | Longer description of the chat                                            |
+| `language`             | string  | Language code                                                             |
+| `persistent`           | boolean | Whether the room should keep existing if it becomes empty                 |
+| `public`               | boolean | `true` to include in public listing                                       |
+| `members_only`         | boolean | Membership or open                                                        |
+| `allow_member_invites` | boolean | If members can invite others into members-only rooms                      |
+| `public_jids`          | boolean | If everyone or only moderators should see real identities                 |
+| `subject`              | string  | In-room subject or topic message                                          |
+| `changesubject`        | boolean | If `true` then everyone can change the subject, otherwise only moderators |
+| `historylength`        | integer | Number of messages to keep in memory (legacy method)                      |
+| `moderated`            | boolean | New participants start without voice privileges if set to `true`          |
+| `archiving`            | boolean | Whether [archiving][doc:modules:mod_muc_mam] is enabled                   |
+
+## Affiliations
+
+The list of members go in `affiliations` which is either an object
+mapping addresses to affiliations (e.g. `{"user@host":"admin"}`{.json}),
+or it can be an array of address, affiliation and optionally a reserved
+nickname (e.g.
+`[{"jid":"user@host","affiliation":"member","nick":"joe"}]`{.json}).
+
+## Schema
+
+Here's a JSON Schema in YAML format describing the expected JSON
+response data:
+
+``` {.yaml}
+---
+type: object
+properties:
+  config:
+    type: object
+    properties:
+      name:
+        type: string
+      description:
+        type: string
+      language:
+        type: string
+      persistent:
+        type: boolean
+      public:
+        type: boolean
+      members_only:
+        type: boolean
+      allow_member_invites:
+        type: boolean
+      public_jids:
+        type: boolean
+      subject:
+        type: string
+      changesubject:
+        type: boolean
+      historylength:
+        type: integer
+      moderated:
+        type: boolean
+      archiving:
+        type: boolean
+  affiliations:
+    oneOf:
+    - type: array
+      items:
+        type: object
+        required:
+        - jid
+        - affiliation
+        properties:
+          jid:
+            type: string
+            pattern: ^[^@/]+@[^/]+$
+          affiliation:
+            $ref: '#/definitions/affiliation'
+          nick:
+            type: string
+    - type: object
+      additionalProperties:
+        $ref: '#/definitions/affiliation'
+definitions:
+  affiliation:
+    type: string
+    enum:
+    - owner
+    - admin
+    - member
+    - none
+    - outcast
+...
+```
+
+## Example
+
+A basic example with some config settings and a few affiliations:
+
+``` {.json}
+GET /muc/config?jid=place@channels.example.net
+Accept: application/json
+
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+   "affiliations" : [
+      {
+         "affiliation" : "owner",
+         "jid" : "bosmang@example.net",
+         "nick" : "bosmang"
+      },
+      {
+         "affiliation" : "admin",
+         "jid" : "xo@example.net",
+         "nick" : "xo"
+      },
+      {
+         "affiliation" : "member",
+         "jid" : "john@example.net"
+      }
+   ],
+   "config" : {
+      "archiving" : true,
+      "description" : "This is the place",
+      "members_only" : true,
+      "moderated" : false,
+      "name" : "The Place",
+      "persistent" : true,
+      "public" : false,
+      "subject" : "Discussions regarding The Place"
+   }
+}
+```
+
+To allow the creation without making any changes, letting whoever
+created it be the owner, just return an empty JSON object:
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+
+    {}

prosody-modules/mod_muc_http_defaults/mod_muc_http_defaults.lua

@@ -0,0 +1,150 @@
+-- Copyright (C) 2021 Kim Alvefur
+--
+-- This file is MIT licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local http = require "net.http";
+local async = require "util.async";
+local uh = require "util.http";
+local jid = require "util.jid";
+local json = require "util.json";
+local st = require "util.stanza";
+
+local funcs = {jid_bare = jid.bare; jid_host = jid.host; jid_node = jid.node};
+local render = require"util.interpolation".new("%b{}", uh.urlencode, funcs);
+
+module:depends"muc";
+
+local url_template = assert(module:get_option_string("muc_create_api_url", nil), "'muc_create_api_url' is a required option");
+local apiauth = module:get_option_string("muc_create_api_auth", nil);
+
+local ex = {
+	headers = {
+		accept = "application/json";
+		authorization = apiauth;
+	}
+};
+
+local problems = {
+		format = "API server returned invalid data, see logs",
+		config = "A problem occured while creating the room, see logs",
+};
+
+local function apply_config(room, settings)
+	local affiliations = settings.affiliations;
+	if type(affiliations) == "table" then
+
+		-- COMPAT the room creator is unconditionally made 'owner'
+		-- clear existing affiliation
+		for existing_affiliation in pairs(room._affiliations) do
+			room:set_affiliation(true, existing_affiliation, "none");
+		end
+
+		if affiliations[1] ~= nil then -- array of ( jid, affiliation, nick )
+			for _, aff in ipairs(affiliations) do
+				if type(aff) == "table" and type(aff.jid) == "string" and (aff.nick == nil or type(aff.nick) == "string") then
+					local prepped_jid = jid.prep(aff.jid);
+					if prepped_jid then
+						local ok, err = room:set_affiliation(true, prepped_jid, aff.affiliation, aff.nick and { nick = aff.nick });
+						if not ok then
+							module:log("error", "Could not set affiliation in %s: %s", room.jid, err);
+							return nil, "config";
+						end
+					else
+						module:log("error", "Invalid JID returned from API for %s: %q", room.jid, aff.jid);
+						return nil, "format";
+					end
+				else
+					module:log("error", "Invalid affiliation item returned from API for %s: %q", room.jid, aff);
+					return nil, "format";
+				end
+			end
+		else -- map of jid : affiliation
+			for user_jid, aff in pairs(affiliations) do
+				if type(user_jid) == "string" and type(aff) == "string" then
+					local prepped_jid = jid.prep(user_jid);
+					if prepped_jid then
+						local ok, err = room:set_affiliation(true, prepped_jid, aff);
+						if not ok then
+							module:log("error", "Could not set affiliation in %s: %s", room.jid, err);
+							return nil, "config";
+						end
+					else
+						module:log("error", "Invalid JID returned from API: %q", aff.jid);
+						return nil, "format";
+					end
+				end
+			end
+		end
+	elseif affiliations ~= nil then
+		module:log("error", "Invalid affiliations returned from API for %s: %q", room.jid, affiliations);
+		return nil, "format", { field = "affiliations" };
+	end
+
+	local config = settings.config;
+	if type(config) == "table" then
+		-- TODO reject invalid fields instead of ignoring them
+		if type(config.name) == "string" then room:set_name(config.name); end
+		if type(config.description) == "string" then room:set_description(config.description); end
+		if type(config.language) == "string" then room:set_language(config.language); end
+		if type(config.password) == "string" then room:set_password(config.password); end
+		if type(config.subject) == "string" then room:set_subject(config.subject); end
+
+		if type(config.public) == "boolean" then room:set_public(config.public); end
+		if type(config.members_only) == "boolean" then room:set_members_only(config.members_only); end
+		if type(config.allow_member_invites) == "boolean" then room:set_allow_member_invites(config.allow_member_invites); end
+		if type(config.moderated) == "boolean" then room:set_moderated(config.moderated); end
+		if type(config.persistent) == "boolean" then room:set_persistent(config.persistent); end
+		if type(config.changesubject) == "boolean" then room:set_changesubject(config.changesubject); end
+
+		if type(config.historylength) == "number" then room:set_historylength(config.historylength); end
+		if type(config.public_jids) == "boolean" then room:set_whois(config.public_jids and "anyone" or "moderators"); end
+		-- Leaving out presence_broadcast for now
+
+		-- mod_muc_mam
+		if type(config.archiving) == "boolean" then room._config.archiving = config.archiving; end
+	elseif config ~= nil then
+		module:log("error", "Invalid config returned from API for %s: %q", room.jid, config);
+		return nil, "format", { field = "config" };
+	end
+	return true;
+end
+
+module:hook("muc-room-pre-create", function(event)
+	local url = render(url_template, event);
+	module:log("debug", "Calling API at %q for room %s", url, event.room.jid);
+	local wait, done = async.waiter();
+
+	local ret, err;
+	http.request(url, ex, function (body, code)
+		if math.floor(code / 100) == 2 then
+			local parsed, parse_err = json.decode(body);
+			if not parsed then
+				module:log("debug", "Got invalid JSON from %s: %s", url, parse_err);
+				err = problems.format;
+			else
+				ret = parsed;
+			end
+		else
+			module:log("debug", "Rejected by API: ", body);
+			err = "Rejected by API";
+		end
+
+		done()
+	end);
+
+	wait();
+	if not ret then
+		event.room:destroy();
+		event.origin.send(st.error_reply(event.stanza, "cancel", "internal-server-error", err, module.host));
+		return true;
+	end
+
+	local configured, err = apply_config(event.room, ret);
+	if not configured then
+		event.room:destroy();
+		event.origin.send(st.error_reply(event.stanza, "cancel", "internal-server-error", err, event.room.jid or module.host));
+		return true;
+	end
+end, -2);