Mercurial > prosody-modules

annotate mod_s2sout_override/mod_s2sout_override.lua @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents ae62d92506dc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5486
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 --% requires: s2sout-pre-connect-event
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local url = require"socket.url";
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local basic_resolver = require "net.resolvers.basic";
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local override_for = module:get_option(module.name, {}); -- map of host to "tcp://example.com:5269"
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 module:hook("s2sout-pre-connect", function(event)
5622
ae62d92506dc mod_s2sout_override: Add support for one-level wildcards (e.g. *.example.net)
Kim Alvefur <zash@zash.se>
parents: 5621
diff changeset
9 local override = override_for[event.session.to_host] or override_for[event.session.to_host:gsub("^[^.]+%.", "*.")] or override_for["*"];
5486
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 if type(override) == "string" then
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 override = url.parse(override);
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 end
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 if type(override) == "table" and override.scheme == "tcp" and type(override.host) == "string" then
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5269, override.scheme, {});
5487
6cf2f32dbf40 mod_s2sout_override: Add support for Direct TLS
Kim Alvefur <zash@zash.se>
parents: 5486
diff changeset
15 elseif type(override) == "table" and override.scheme == "tls" and type(override.host) == "string" then
6cf2f32dbf40 mod_s2sout_override: Add support for Direct TLS
Kim Alvefur <zash@zash.se>
parents: 5486
diff changeset
16 event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5270, "tcp",
6cf2f32dbf40 mod_s2sout_override: Add support for Direct TLS
Kim Alvefur <zash@zash.se>
parents: 5486
diff changeset
17 { servername = event.session.to_host; sslctx = event.session.ssl_ctx });
5486
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 end
71243bedb2b0 mod_s2sout_override: New module for overriding s2s connections
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 end);