Search code examples
xmppejabberdrostering

Manage roster modifictions true external webapp and disable for users?


I have a webapp that's a game, and only after certain score people can become friends and should be automatically added to each other friendlist.

Trying to figure out how to handle rosters in Ejabberd like this

  • prevent any user from adding anyone else by him/herself
  • only let webapp handle modifications to rosters ( buddylist )

Using a client JS library like strophe would not be secure I need serverside method of adding users to each others roster. Any thoughts ideas on how to do this with Ejabberd?

EDIT: Ok, it seems mod_rest for ejabberd gives restfull access to (all?) the ejabbard methods


Solution

  • Ok so after I was on the right track I managed to figure it out in an hour..

    • install ejabberd
    • install mod_rest
    • install mod_admin_extra

    command:

    ejabberdctl help process_rosteritems
    

    :

    Command Name: process_rosteritems
    
      Arguments: action::string
                 subs::string
                 asks::string
                 users::string
                 contacts::string
    
      Returns: res::rescode
    
      Tags: roster 
    
      Description: List or delete rosteritems that match filtering options 
    
    Explanation of each argument:
     - action: what to do with each rosteritem that matches all the filtering options
     - subs: subscription type
     - asks: pending subscription
     - users: the JIDs of the local user
     - contacts: the JIDs of the contact in the roster
    
    Allowed values in the arguments:
     ACTION = list | delete
     SUBS = SUB[:SUB]* | any
     SUB = none | from | to | both
     ASKS = ASK[:ASK]* | any
     ASK = none | out | in
     USERS = JID[:JID]* | any
     CONTACTS = JID[:JID]* | any
     JID = characters valid in a JID, and can use the globs: *, ?, ! and [...]
    
    This example will list roster items with subscription 'none', 'from' or 'to' that have any ask property, of local users which JID is in the virtual host 'example.org' 
    and that the contact JID is either a bare server name (without user part) or that has a user part and the server part contains the word 'icq':
     list none:from:to any *@example.org *:*@*icq*