mod_restrict_xmpp

Introduction

This module enforces access policies using Prosody’s new roles and permissions framework. It can be used to grant restricted access to an XMPP account or services.

This module is still in its early stages, and prone to change. Feedback from testers is welcome. At this early stage, it should not be solely relied upon for account security purposes.

Configuration

There is no configuration, apart from Prosody’s normal roles and permissions configuration.

Permissions

xmpp:federate: Communicate with other users and services on other hosts on the XMPP network
xmpp:account:messages:read: Read incoming messages
xmpp:account:messages:write: Send outgoing messages
xmpp:account:presence:write: Update presence for the account
xmpp:account:contacts:read/xmpp:account:contacts:write: Controls access to the contact list (roster)
xmpp:account:bookmarks:read/xmpp:account:bookmarks:write: Controls access to the bookmarks (group chats list)
xmpp:account:profile:read/xmpp:account:profile:write: Controls access to the user’s profile (e.g. vCard/avatar)
xmpp:account:omemo:read/xmpp:account:omemo:write: Controls access to the user’s OMEMO data
xmpp:account:blocklist:read/xmpp:account:blocklist:write: Controls access to the user’s block list
xmpp:account:disco:read: Controls access to the user’s service discovery information

Compatibility

Requires Prosody trunk 72f431b4dc2c (build 1444) or later.

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_restrict_xmpp

For earlier versions see the documentation for installing 3rd party modules

Latest changes

Allow all XEP-0199 pings to self 2023-12-03
Fix definition list rendering 2023-12-03
Add vcard4 PEP node to profile permission 2023-12-02
Fix remaining hard-coded role name 2023-11-30
Multiple modules: Update for split prosody:user role (prosody 082c7d856e61) 2023-06-29