Skip to content

Latest commit

 

History

History

token_no_wildcard

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
mod_token_no_wildcard.lua
mod_token_no_wildcard.lua
 
 

README.md

Token No Wildcard

This plugin pre-validates tokens and rejects any token that uses wildcards ('*') for room or sub claim, or if regex-based matching is requested.

In effect, it insists that all tokens can only be used for one specific room thus reducing the blast radius should someone accidentally share their token.

Installation

  • Prerequisites:

    • Set up JWT auth and check that it works before proceeding.

  • Copy this script to the Prosody plugins folder. It's the following folder on Debian:

    cd /usr/share/jitsi-meet/prosody-plugins/
wget -O mod_token_no_wildcard.lua https://raw.githubusercontent.com/jitsi-contrib/prosody-plugins/main/token_no_wildcard/mod_token_no_wildcard.lua

  • Enable the module in your prosody config

    /etc/prosody/conf.d/meet.mydomain.com.cfg.lua

    Component "conference.meet.mydomain.com" "muc"
  modules_enabled = {
    -- ... existing modules
    "token_no_wildcard";
  }

  • Restart the services

    systemctl restart prosody.service