Mercurial > prosody-modules
annotate mod_addressing/mod_addressing.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | f66a08f208ad |
| children |
| rev | line source |
|---|---|
|
415
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- TODO Querying other servers for support, needs to keep track of remote |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- server disco features |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local xmlns_address = 'http://jabber.org/protocol/address'; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local function handle_extended_addressing(data) |
| 935 | 7 local stanza = data.stanza; |
|
415
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 if stanza.attr.type == "error" then |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 return -- so we don't process bounces |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local orig_to = stanza.attr.to; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local addresses = stanza:get_child("addresses", xmlns_address); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if addresses then |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 module:log("debug", "Extended addressing found"); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local destinations = {}; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 addresses:maptags(function(address) |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 if address.attr.xmlns == xmlns_address and address.name == "address" then |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local type, jid, delivered = address.attr.type, address.attr.jid, address.attr.delivered; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 if (type == "cc" or type == "bcc" or type == "to") |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 and jid and not delivered then |
| 935 | 21 destinations[#destinations+1] = jid; |
|
415
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 module:log("debug", "%s to %s", type, jid) |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 if type == "to" or type == "cc" then |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 address.attr.delivered = "true"; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 return address; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 elseif type == "bcc" then |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 return nil; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 return address; -- unsupported stuff goes right back |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 end); |
| 935 | 33 for i=1,#destinations do |
| 34 stanza.attr.to = destinations[i]; | |
| 35 module:log("debug", "posting stanza to %s", destinations[i]) | |
|
760
442f88b49d9b
mod_addressing: Replace use of core_post_stanza() with module:send()
Kim Alvefur <zash@zash.se>
parents:
415
diff
changeset
|
36 module:send(stanza); |
|
415
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 stanza.attr.to = orig_to; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 return stanza.attr.to == module.host or nil; |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 end |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 module:hook("message/host", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 module:hook("message/bare", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 module:hook("message/full", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 module:hook("presence/host", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 module:hook("presence/bare", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 module:hook("presence/full", handle_extended_addressing, 10); |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 -- IQ stanzas makes no sense |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
|
3ba1a5b9d657
mod_addressing: Add partial implementation of Extended Stanza Addressing, XEP-33.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 module:add_feature(xmlns_address); |