prosody-modules: mod_c2s_limit_sessions/mod_c2s_limit

annotate mod_c2s_limit_sessions/mod_c2s_limit_sessions.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics

author	Kim Alvefur <zash@zash.se>
date	Sun, 23 Jul 2023 02:56:08 +0200
parents	f581210093a7
children

rev	line source
1365 ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	1 -- mod_c2s_limit_sessions
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	2
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	3 local next, count = next, require "util.iterators".count;
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	4
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	5 local max_resources = module:get_option_number("max_resources", 10);
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	6
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	7 local sessions = hosts[module.host].sessions;
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	8 module:hook("resource-bind", function(event)
1366 f581210093a7 mod_c2s_limit_sessions: Fix global access Kim Alvefur <zash@zash.se> parents: 1365 diff changeset	9 local session = event.session;
f581210093a7 mod_c2s_limit_sessions: Fix global access Kim Alvefur <zash@zash.se> parents: 1365 diff changeset	10 if count(next, sessions[session.username].sessions) > max_resources then
1365 ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	11 session:close{ condition = "policy-violation", text = "Too many resources" };
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	12 return false
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	13 end
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect Kim Alvefur <zash@zash.se> parents: diff changeset	14 end, -1);

Mercurial > prosody-modules

annotate mod_c2s_limit_sessions/mod_c2s_limit_sessions.lua @ 5616:59d5fc50f602