Mercurial > prosody-modules
annotate mod_ping_muc/mod_ping_muc.lua @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parents | 0772facc786f |
| children | d6a695abb33c |
| rev | line source |
|---|---|
|
4804
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local id = require "util.id"; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local jid = require "util.jid"; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local set = require "util.set"; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local st = require "util.stanza"; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
5130
0772facc786f
mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents:
4887
diff
changeset
|
6 if module:get_host_type() ~= "local" then |
|
0772facc786f
mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents:
4887
diff
changeset
|
7 module:log("error", "mod_%s must be loaded as a regular module, not on Components", module.name); |
|
0772facc786f
mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents:
4887
diff
changeset
|
8 return |
|
0772facc786f
mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents:
4887
diff
changeset
|
9 end |
|
0772facc786f
mod_ping_muc: Error out if loaded on Components
Kim Alvefur <zash@zash.se>
parents:
4887
diff
changeset
|
10 |
|
4804
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 module:depends "track_muc_joins"; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 module:add_feature("https://modules.prosody.im/mod_" .. module.name); |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local local_sessions = prosody.hosts[module.host].sessions; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 module:hook_global("s2s-destroyed", function(event) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local s2s_session = event.session; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 if s2s_session.direction == "outgoing" and s2s_session.from_host ~= module.host then |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 return |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 elseif s2s_session.direction == "incoming" and s2s_session.to_host ~= module.host then |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 return |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local related_hosts = set.new({ s2s_session.direction == "outgoing" and s2s_session.to_host or s2s_session.from_host }); |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 if s2s_session.hosts then |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 -- While rarely used, multiplexing is still supported |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 for host, state in pairs(s2s_session.hosts) do if state.authed then related_hosts:add(host); end end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 for _, user_session in pairs(local_sessions) do |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 for _, session in pairs(user_session.sessions) do |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 if session.rooms_joined then |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 for room, info in pairs(session.rooms_joined) do |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local nick = info.nick or info; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 local room_nick = room .. "/" .. nick; |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 if related_hosts:contains(jid.host(room)) then |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 -- User is in a MUC room for which the s2s connection was lost. Now what? |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 -- Self-ping |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 -- ========= |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 -- |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 -- Response of <iq type=result> means the user is still in the room |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 -- (and self-ping is supported), so we do nothing. |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 -- |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 -- An error reply either means the user has fallen out of the room, |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 -- or that self-ping is unsupported. In the later case, whether the |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 -- user is still joined is indeterminate and we might as well |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 -- pretend they fell out. |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 module:send_iq(st.iq({ type = "get"; id = id.medium(); from = session.full_jid; to = room_nick }) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 :tag("ping", { xmlns = "urn:xmpp:ping"; })) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 :catch(function(err) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 module:send( |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 st.presence({ type = "unavailable"; id = id.medium(); to = session.full_jid; from = room_nick }) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 :tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 :tag("item", { affiliation = "none"; role = "none" }) |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 :text_tag("reason", err.text or "Connection to remote server lost") |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 :up() |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 :tag("status", { code = "110" }):up() |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 :tag("status", { code = "333" }):up() |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 :reset()); |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end); |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 -- TODO do this with some delay? |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
|
a7c0c70e64b6
mod_ping_muc: Yet another attempt to improve MUC reliability
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 end); |