mod_invites_bootstrap: Module/API to create initial admin invite at startup
This commit is contained in:
parent
c4a8a88028
commit
36ffd5d4a0
|
@ -95,6 +95,7 @@ modules_enabled = {
|
||||||
"invites_register_api";
|
"invites_register_api";
|
||||||
"invites_tracking";
|
"invites_tracking";
|
||||||
"invites_default_group";
|
"invites_default_group";
|
||||||
|
"invites_boostrap";
|
||||||
|
|
||||||
"firewall";
|
"firewall";
|
||||||
|
|
||||||
|
@ -133,6 +134,9 @@ allow_contact_invites = false
|
||||||
invites_page = ENV_SNIKKET_INVITE_URL or ("https://"..DOMAIN.."/invite/{invite.token}/");
|
invites_page = ENV_SNIKKET_INVITE_URL or ("https://"..DOMAIN.."/invite/{invite.token}/");
|
||||||
invites_page_external = true
|
invites_page_external = true
|
||||||
|
|
||||||
|
invites_boostrap_index = tonumber(ENV_TWEAK_SNIKKET_BOOTSTRAP_INDEX)
|
||||||
|
invites_bootstrap_secret = ENV_TWEAK_SNIKKET_BOOTSTRAP_SECRET
|
||||||
|
|
||||||
c2s_require_encryption = true
|
c2s_require_encryption = true
|
||||||
s2s_require_encryption = true
|
s2s_require_encryption = true
|
||||||
s2s_secure_auth = true
|
s2s_secure_auth = true
|
||||||
|
|
|
@ -122,6 +122,7 @@
|
||||||
- mod_update_check
|
- mod_update_check
|
||||||
- mod_update_notify
|
- mod_update_notify
|
||||||
- mod_invites_default_group
|
- mod_invites_default_group
|
||||||
|
- mod_invites_bootstrap
|
||||||
|
|
||||||
- name: "Install lua-ossl for encrypted push notifications"
|
- name: "Install lua-ossl for encrypted push notifications"
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
--luacheck: ignore 143/module
|
||||||
|
|
||||||
|
local http_formdecode = require "net.http".formdecode;
|
||||||
|
|
||||||
|
local secret = module:get_option_string("invites_bootstrap_secret");
|
||||||
|
if not secret then return; end
|
||||||
|
|
||||||
|
local invites_bootstrap_store = module:open_store("invites_bootstrap");
|
||||||
|
local bootstrap_records = invites_bootstrap_store:get() or {};
|
||||||
|
|
||||||
|
local index = module:get_option_number("invites_bootstrap_index");
|
||||||
|
if #bootstrap_records > 0 and (index or -1) <= bootstrap_records[#bootstrap_records].index then
|
||||||
|
module:log("debug", "Already bootstrapped for index %d", index or 0);
|
||||||
|
return;
|
||||||
|
end
|
||||||
|
|
||||||
|
local invites = module:depends("invites");
|
||||||
|
module:depends("http");
|
||||||
|
|
||||||
|
local function handle_request(event)
|
||||||
|
local query_params = http_formdecode(event.request.url.query);
|
||||||
|
|
||||||
|
if not query_params.token or query_params.token ~= secret then
|
||||||
|
return 403;
|
||||||
|
end
|
||||||
|
|
||||||
|
local invite, err = invites.create_account(nil, {
|
||||||
|
roles = { ["prosody:admin"] = true };
|
||||||
|
source = "api/token/bootstrap";
|
||||||
|
});
|
||||||
|
if not invite then
|
||||||
|
module:log("error", "Failed to create bootstrap invite! %s", err);
|
||||||
|
return 500;
|
||||||
|
end
|
||||||
|
|
||||||
|
table.insert(bootstrap_records, {
|
||||||
|
index = index;
|
||||||
|
timestamp = os.time();
|
||||||
|
});
|
||||||
|
|
||||||
|
event.response.headers.Location = invite.landing_page or invite.uri;
|
||||||
|
|
||||||
|
return 201;
|
||||||
|
end
|
||||||
|
|
||||||
|
module:provides("http", {
|
||||||
|
route = {
|
||||||
|
GET = handle_request;
|
||||||
|
};
|
||||||
|
});
|
Loading…
Reference in New Issue