More prosody module tests.

resources/prosody-plugins/mod_auth_jitsi-shared-secret.lua

@@ -6,6 +6,10 @@ local saslprep = require "util.encodings".stringprep.saslprep;
 local secure_equals = require "util.hashes".equals;
 
 local shared_secret = module:get_option_string('shared_secret');
+-- TODO: shared_secret_prev is probably broken. get_sasl_handler() returns shared_secret
+-- from its plain callback, so Prosody rejects any password other than the current secret.
+-- provider.test_password() handles shared_secret_prev correctly but is not called in the
+-- PLAIN SASL flow. To fix, get_sasl_handler() should use a plain_test profile instead.
 local shared_secret_prev = module:get_option_string('shared_secret_prev');
 if shared_secret == nil then
     module:log('error', 'No shared_secret specified. No secret to operate on!');

resources/prosody-plugins/mod_av_moderation_component.lua

@@ -6,6 +6,7 @@ local room_jid_match_rewrite = util.room_jid_match_rewrite;
 local process_host_module = util.process_host_module;
 local table_shallow_copy = util.table_shallow_copy;
 local is_admin = util.is_admin;
+local is_focus = util.is_focus;
 local array = require "util.array";
 local json = require 'cjson.safe';
 local st = require 'util.stanza';
@@ -161,7 +162,7 @@ function start_av_moderation(room, mediaType, occupant)
 
     -- add all current moderators to the new whitelist
     for _, room_occupant in room:each_occupant() do
-        if room_occupant.role == 'moderator' and not ends_with(room_occupant.nick, '/focus') then
+        if room_occupant.role == 'moderator' and not is_focus(room_occupant.nick) then
             room.av_moderation[mediaType]:push(internal_room_jid_match_rewrite(room_occupant.nick));
         end
     end

resources/prosody-plugins/mod_conference_duration.lua

@@ -1,3 +1,6 @@
+-- Records the timestamp (ms since epoch) when a MUC room first reaches two
+-- occupants and exposes it as the muc#roominfo_created_timestamp field in
+-- disco#info responses, so clients can display how long the conference has run.
 local it = require "util.iterators";
 local process_host_module = module:require "util".process_host_module;
 

resources/prosody-plugins/mod_end_conference.lua

@@ -1,3 +1,10 @@
+-- Allows a conference moderator to destroy a MUC room by sending a message
+-- stanza containing an <end_conference/> child element to this component. The
+-- module looks up the room from the sender's jitsi_web_query_room / prefix
+-- session fields (set from the WebSocket URL query string by mod_jitsi_session),
+-- verifies the sender is an occupant with moderator role, and calls room:destroy().
+-- Must be loaded as a dedicated Prosody component (type "end_conference"); the
+-- muc_component option must point to the MUC component host.
 --
 -- Component "endconference.jitmeet.example.com" "end_conference"
 --     muc_component = muc.jitmeet.example.com

resources/prosody-plugins/mod_filter_iq_jibri.lua

@@ -1,4 +1,10 @@
--- This module is enabled under the main virtual host
+-- Filters Jibri recording/livestreaming IQ stanzas (http://jitsi.org/protocol/jibri)
+-- on the main VirtualHost. start/stop actions are allowed only when the sender's JWT
+-- token grants the required feature ('recording' for file mode, 'livestreaming' for
+-- stream mode), or, absent token features, when the sender holds moderator role in the
+-- room. status IQs are always passed through. Blocked stanzas receive an
+-- auth/forbidden error reply. Rate-limited per IP and per room.
+-- This module is enabled under the main virtual host.
 local cache = require 'util.cache';
 local new_throttle = require 'util.throttle'.create;
 local st = require "util.stanza";

resources/prosody-plugins/mod_filter_iq_rayo.lua

@@ -1,4 +1,10 @@
--- This module is enabled under the main virtual host
+-- Filters outbound-call and transcription IQ stanzas (Rayo dial, urn:xmpp:rayo:1)
+-- on the main VirtualHost. Allows a stanza through only when the sender's JWT token
+-- grants the required feature ('outbound-call' or 'transcription'), or, absent token
+-- features, when the sender holds owner affiliation in the room. Blocked stanzas
+-- receive an auth/forbidden error reply. Optionally rate-limits outgoing calls per
+-- session when max_number_outgoing_calls is configured.
+-- This module is enabled under the main virtual host.
 local new_throttle = require "util.throttle".create;
 local st = require "util.stanza";
 local jid = require "util.jid";

resources/prosody-plugins/mod_fmuc.lua

@@ -26,6 +26,7 @@ local is_vpaas = util.is_vpaas;
 local room_jid_match_rewrite = util.room_jid_match_rewrite;
 local get_room_from_jid = util.get_room_from_jid;
 local get_focus_occupant = util.get_focus_occupant;
+local is_focus_jid = util.is_focus_jid;
 local internal_room_jid_match_rewrite = util.internal_room_jid_match_rewrite;
 local presence_check_status = util.presence_check_status;
 local respond_iq_result = util.respond_iq_result;
@@ -817,7 +818,7 @@ function filter_stanza(stanza, session)
         local f_st = st.clone(stanza);
         f_st.skipMapping = true;
         return f_st;
-    elseif stanza.name == 'presence' and session.type == 'c2s' and jid.node(stanza.attr.to) == 'focus' then
+    elseif stanza.name == 'presence' and session.type == 'c2s' and is_focus_jid(stanza.attr.to) then
         local x = stanza:get_child('x', 'http://jabber.org/protocol/muc#user');
         if presence_check_status(x, '110') then
             return stanza; -- no filter

resources/prosody-plugins/mod_jitsi_permissions.lua

@@ -7,7 +7,7 @@ local is_admin = util.is_admin;
 local get_room_from_jid = util.get_room_from_jid;
 local is_healthcheck_room = util.is_healthcheck_room;
 local room_jid_match_rewrite = util.room_jid_match_rewrite;
-local ends_with = util.ends_with;
+local is_focus = util.is_focus;
 local presence_check_status = util.presence_check_status;
 
 local MUC_NS = 'http://jabber.org/protocol/muc';
@@ -105,7 +105,7 @@ end
 -- using token that has features pre-defined (authentication is 'token').
 function filter_stanza(stanza, session)
     if not stanza.attr or not stanza.attr.to or stanza.name ~= 'presence'
-        or stanza.attr.type == 'unavailable' or ends_with(stanza.attr.from, '/focus') then
+        or stanza.attr.type == 'unavailable' or is_focus(stanza.attr.from) then
         return stanza;
     end
 

resources/prosody-plugins/mod_jitsi_session.lua

@@ -1,12 +1,28 @@
 -- Jitsi session information
 -- Copyright (C) 2021-present 8x8, Inc.
+--
+-- Hooks the BOSH and WebSocket session-init events to extract Jitsi-specific
+-- parameters from the URL query string and request headers, then stores them
+-- on the session object for use by other modules:
+--
+--   session.previd              -- ?previd=   for smacks session resumption; lets
+--                               --            mod_auth_jitsi-anonymous re-use the same
+--                               --            anonymous JID after a reconnect
+--   session.customusername      -- ?customusername=  pre-set JID, used with the
+--                               --                   "pre-jitsi-authentication" event
+--   session.jitsi_web_query_room   -- ?room=   Jitsi conference room name
+--   session.jitsi_web_query_prefix -- ?prefix= optional tenant prefix (defaults to "")
+--   session.auth_token          -- ?token= or Authorization: Bearer <token> header;
+--                               --         populated without validation — downstream
+--                               --         modules (mod_auth_token, etc.) validate it
+--   session.user_region         -- value of the configurable proxy header
+--                               --   (region_header_name option, default x_proxy_region)
+--   session.user_agent_header   -- User-Agent request header
 module:set_global();
 
 local formdecode = require "util.http".formdecode;
 local region_header_name = module:get_option_string('region_header_name', 'x_proxy_region');
 
--- Extract the following parameters from the URL and set them in the session:
--- * previd: for session resumption
 function init_session(event)
     local session, request = event.session, event.request;
     local query = request.url.query;

resources/prosody-plugins/mod_limits_exception.lua

@@ -1,7 +1,5 @@
--- we use async to detect Prosody 0.10 and earlier
-local have_async = pcall(require, 'util.async');
-
-if not have_async then
+if not pcall(require, 'util.async') then
+	module:log('warn', 'util.async not available; mod_limits_exception requires Prosody 0.11+, not loading');
 	return;
 end
 
@@ -14,6 +12,8 @@ if unlimited_jids:empty() then
 	return;
 end
 
+module:log('info', 'loaded; unlimited_jids=%s unlimited_size=%d', tostring(unlimited_jids), unlimited_stanza_size_limit);
+
 module:hook("authentication-success", function (event)
 	local session = event.session;
 	local jid = session.username .. "@" .. session.host;

resources/prosody-plugins/mod_log_ringbuffer.lua

@@ -1,3 +1,7 @@
+-- Registers a custom Prosody log sink that buffers recent log lines in memory
+-- using a ringbuffer (or a fixed-line queue) and dumps the buffer to a file
+-- when triggered by a configured OS signal or Prosody event.
+-- Source: https://hg.prosody.im/prosody-modules/file/tip/mod_log_ringbuffer/mod_log_ringbuffer.lua
 module:set_global();
 
 local loggingmanager = require "core.loggingmanager";

resources/prosody-plugins/mod_measure_message_count.lua

@@ -1,5 +1,9 @@
--- Measure the number of messages used in a meeting. Sends amplitude event.
--- Needs to be activated under the muc component where the limit needs to be applied (main muc and breakout muc)
+-- Counts messages and polls per conference and reports the totals to Amplitude
+-- when the main room is destroyed. Loaded on both the main MUC and breakout MUC
+-- components; in both cases messages are accumulated on the main room object
+-- (session.jitsi_web_query_room always refers to the main conference), so
+-- breakout messages are included in the main room's totals. The Amplitude event
+-- is only sent when the main room is destroyed (skipped for breakout rooms).
 -- Copyright (C) 2023-present 8x8, Inc.
 
 local jid = require 'util.jid';

resources/prosody-plugins/mod_muc_census.lua

@@ -83,9 +83,9 @@ function handle_get_room_census(event)
         end
     end
 
-    census_resp = json.encode({
-        room_census = room_data;
-    });
+    -- cjson encodes an empty Lua table as {} (object); force array literal.
+    local rc_json = #room_data == 0 and "[]" or json.encode(room_data);
+    census_resp = '{"room_census":' .. rc_json .. '}';
     return { status_code = 200; body = census_resp }
 end
 

resources/prosody-plugins/mod_muc_displayname.lua

@@ -10,7 +10,7 @@ local util = module:require 'util';
 local filter_identity_from_presence = util.filter_identity_from_presence;
 local get_room_by_name_and_subdomain = util.get_room_by_name_and_subdomain;
 local is_admin = util.is_admin;
-local ends_with = util.ends_with;
+local is_focus = util.is_focus;
 local internal_room_jid_match_rewrite = util.internal_room_jid_match_rewrite;
 local NICK_NS = 'http://jabber.org/protocol/nick';
 local DISPLAY_NAME_NS = 'http://jitsi.org/protocol/display-name';
@@ -26,7 +26,7 @@ local joining_moderator_participants = module:shared('moderators/joining_moderat
 --- Filter presence sent to non-moderator members of a room when the hideDisplayNameForGuests option is set.
 function filter_stanza_out(stanza, session)
     if stanza.name ~= 'presence' or stanza.attr.type == 'error'
-        or stanza.attr.type == 'unavailable' or ends_with(stanza.attr.from, '/focus') then
+        or stanza.attr.type == 'unavailable' or is_focus(stanza.attr.from) then
         return stanza;
     end
 
@@ -60,7 +60,7 @@ function filter_stanza_in(stanza, session)
     end
 
     if stanza.name ~= 'presence' or stanza.attr.type == 'error'
-        or stanza.attr.type == 'unavailable' or ends_with(stanza.attr.from, '/focus') then
+        or stanza.attr.type == 'unavailable' or is_focus(stanza.attr.from) then
         return stanza;
     end
 

resources/prosody-plugins/mod_muc_end_meeting.lua

@@ -1,5 +1,25 @@
--- A global module which can be used as http endpoint to end meetings. The provided token
---- in the request is verified whether it has the right to do so.
+-- Global HTTP module that exposes a POST /end-meeting endpoint for terminating
+-- MUC rooms via an authenticated API call.  Intended for internal system use
+-- (e.g. by a backend service), not for end-user clients.
+--
+-- Authentication uses a SEPARATE ASAP key pair from the one used for login
+-- tokens (mod_auth_token).  The key server URL is read from
+-- prosody_password_public_key_repo_url (not asap_key_server), so login tokens
+-- are not accepted.
+--
+-- Request format:
+--   POST /end-meeting?conference=<room-jid>[&silent-reconnect=true]
+--   Authorization: Bearer <system-token>
+--
+-- Responses:
+--   200  Room destroyed.
+--   400  Missing or invalid query parameters.
+--   401  Missing, malformed, or unverifiable token.
+--   404  Room not found.
+--
+-- When silent-reconnect=true the room is destroyed with an alternate-venue JID
+-- so clients silently reconnect rather than showing a "meeting ended" screen.
+--
 -- Copyright (C) 2023-present 8x8, Inc.
 
 module:set_global();
@@ -11,8 +31,7 @@ local room_jid_match_rewrite = util.room_jid_match_rewrite;
 local get_room_from_jid = util.get_room_from_jid;
 local starts_with = util.starts_with;
 
-local neturl = require "net.url";
-local parse = neturl.parseQuery;
+local parse = require "util.http".formdecode;
 
 -- will be initialized once the main virtual host module is initialized
 local token_util;

resources/prosody-plugins/mod_muc_hide_all.lua

@@ -1,4 +1,7 @@
--- This module makes all MUCs in Prosody unavailable on disco#items query
+-- Hides all MUC rooms from disco#items queries on the MUC component, so that
+-- room enumeration by external clients is prevented. Rooms are still joinable
+-- by full JID; they simply do not appear in the public room list.
+-- This module is enabled under the MUC component.
 -- Copyright (C) 2023-present 8x8, Inc.
 local jid = require 'util.jid';
 local st = require 'util.stanza';

resources/prosody-plugins/mod_muc_jigasi_invite.lua

@@ -1,14 +1,42 @@
--- A http endpoint to invite jigasi to a meeting via http endpoint
--- jwt is used to validate access
+-- HTTP module that exposes a POST /invite-jigasi endpoint for inviting a Jigasi
+-- SIP gateway instance to dial out to a phone number and connect it to a
+-- conference. Intended for internal system use (e.g. by a backend service),
+-- not for end-user clients.
+--
+-- Authentication uses a SEPARATE ASAP key pair from the one used for login
+-- tokens (mod_auth_token). The key server URL is read from
+-- prosody_password_public_key_repo_url (not asap_key_server), so login tokens
+-- are not accepted.
+--
+-- Request format:
+--   POST /invite-jigasi
+--   Content-Type: application/json
+--   Authorization: Bearer <system-token>
+--   Body: { "conference": "<room-jid>", "phoneNo": "<dial-target>" }
+--
+-- The module selects a Jigasi instance from the brewery room
+-- (muc_jigasi_brewery_jid, default: [email protected].<base>):
+--   1. Iterates brewery occupants, skips focus.
+--   2. Filters for occupants with supports_sip=true in their colibri stats.
+--   3. Among those, picks the one with the lowest stress_level.
+--   4. Sends a Rayo <dial> IQ to that occupant (impersonating focus) with
+--      phoneNo as the dial target and conference as JvbRoomName.
+--
+-- Responses:
+--   200  Jigasi invited successfully.
+--   400  Missing or invalid parameters / wrong Content-Type.
+--   401  Missing, malformed, or unverifiable token.
+--   404  Brewery room not found, or no SIP-capable Jigasi available.
+--
 -- Copyright (C) 2023-present 8x8, Inc.
 
-local jid = require "util.jid";
 local hashes = require "util.hashes";
 local random = require "util.random";
 local st = require("util.stanza");
 local json = require 'cjson.safe';
 local util = module:require "util";
 local async_handler_wrapper = util.async_handler_wrapper;
+local is_focus = util.is_focus;
 local process_host_module = util.process_host_module;
 
 local muc_domain_base = module:get_option_string("muc_mapper_domain_base");
@@ -44,8 +72,7 @@ local function invite_jigasi(conference, phone_no)
     local least_stressed_value = math.huge;
     local least_stressed_jigasi_occupant;
     for occupant_jid, occupant in jigasi_brewery_room:each_occupant() do
-        local _, _, resource = jid.split(occupant_jid);
-        if resource ~= 'focus' then
+        if not is_focus(occupant_jid) then
             local occ = occupant:get_presence();
             local stats_child = occ:get_child("stats", "http://jitsi.org/protocol/colibri")
 

resources/prosody-plugins/mod_muc_kick_participant.lua

@@ -1,9 +1,32 @@
--- http endpoint to kick participants, access is based on provided jwt token
--- the correct jigasi we fined based on the display name and the number provided
+-- HTTP module that exposes a PUT /kick-participant endpoint for removing a
+-- specific participant from a MUC room via an authenticated API call.
+-- Intended for internal system use (e.g. by a backend service), not for
+-- end-user clients.
+--
+-- Authentication uses a SEPARATE ASAP key pair from the one used for login
+-- tokens (mod_auth_token).  The key server URL is read from
+-- prosody_password_public_key_repo_url (not asap_key_server), so login tokens
+-- are not accepted.
+--
+-- Request format:
+--   PUT /kick-participant?room=<room-name>[&prefix=<subdomain>]
+--   Content-Type: application/json
+--   Authorization: Bearer <system-token>
+--   Body: { "participantId": "<occupant-nick>" }
+--     OR: { "number": "<phone-prefix>" }   (matches SIP Jigasi by display name)
+-- Exactly one of participantId or number must be provided.
+--
+-- Responses:
+--   200  Participant kicked.
+--   400  Missing or invalid parameters / wrong Content-Type.
+--   403  Missing, malformed, or unverifiable token.
+--   404  Room not found, or no matching participant found.
+--
 -- Copyright (C) 2023-present 8x8, Inc.
 
 local util = module:require "util";
 local async_handler_wrapper = util.async_handler_wrapper;
+local get_room_from_jid = util.get_room_from_jid;
 local is_sip_jigasi = util.is_sip_jigasi;
 local starts_with = util.starts_with;
 local formdecode = require "util.http".formdecode;
@@ -126,7 +149,7 @@ function handle_kick_participant (event)
 
     if error_code and error_code ~= 200 then
         module:log("error", "Error validating %s", error_code);
-        return { error_code = 400; }
+        return { status_code = error_code; }
     end
 
     if not room then

resources/prosody-plugins/mod_muc_lobby_rooms.lua

@@ -46,7 +46,8 @@ local NOTIFY_LOBBY_ACCESS_GRANTED = 'LOBBY-ACCESS-GRANTED';
 local NOTIFY_LOBBY_ACCESS_DENIED = 'LOBBY-ACCESS-DENIED';
 
 local util = module:require "util";
-local ends_with = util.ends_with;
+local is_focus = util.is_focus;
+local is_focus_jid = util.is_focus_jid;
 local get_room_by_name_and_subdomain = util.get_room_by_name_and_subdomain;
 local internal_room_jid_match_rewrite = util.internal_room_jid_match_rewrite;
 local get_room_from_jid = util.get_room_from_jid;
@@ -490,8 +491,7 @@ process_host_module(main_muc_component_config, function(host_module, host)
     -- hooks when lobby is enabled to create its room, only done here or by admin
     host_module:hook('muc-config-submitted', function(event)
         local actor, room = event.actor, event.room;
-        local actor_node = jid_split(actor);
-        if actor_node == 'focus' then
+        if is_focus_jid(actor) then
             return;
         end
         local members_only = event.fields['muc#roomconfig_membersonly'] and true or nil;
@@ -541,7 +541,7 @@ process_host_module(main_muc_component_config, function(host_module, host)
     host_module:hook('muc-occupant-pre-join', function (event)
         local occupant, room, stanza = event.occupant, event.room, event.stanza;
 
-        if is_healthcheck_room(room.jid) or not room:get_members_only() or ends_with(occupant.nick, '/focus') then
+        if is_healthcheck_room(room.jid) or not room:get_members_only() or is_focus(occupant.nick) then
             return;
         end