Mercurial > prosody-modules
annotate mod_log_http/mod_log_http.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | 3bd725430f40 |
children |
rev | line source |
---|---|
4977
3bd725430f40
mod_log_http: Undo mistake in 456b9f608fcf
Kim Alvefur <zash@zash.se>
parents:
4317
diff
changeset
|
1 module:set_global(); |
2700
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local http = require "net.http"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local codes = require "net.http.codes"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local json = require "util.json"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local log = assert(io.open(assert(module:get_option_string("log_http_file"), "Please supply log_http_file in the config"), "a+")); |
4317
456b9f608fcf
mod_log_http: Switch to line buffering (thanks Zash+Ge0rG)
Matthew Wild <mwild1@gmail.com>
parents:
2705
diff
changeset
|
8 log:setvbuf("line"); |
2700
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local function append_request(id, req) |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local headers = {}; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 for k, v in pairs(req.headers) do |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 table.insert(headers, { name = k, value = v }); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local queryString = {}; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if req.query then |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 for _, pair in ipairs(http.formdecode(req.query)) do |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 table.insert(queryString, pair); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 log:write("<<<", json.encode({ |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 id = id; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 type = "request"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 method = req.method; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 url = req.url; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 httpVersion = "HTTP/1.1"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 cookies = {}; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 headers = headers; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 queryString = queryString; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 postData = req.body and { |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 mimeType = req.headers["Content-Type"]; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 text = req.body; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 } or nil; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 headersSize = -1; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 bodySize = -1; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 }), "\n"); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 local function append_response(id, resp) |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 local headers = {}; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 for k, v in pairs(resp.headers) do |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 table.insert(headers, { name = k, value = v }); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 log:write(">>>", json.encode({ |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 id = id; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 type = "response"; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 status = resp.code; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 statusText = codes[resp.code]; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 httpVersion = resp.httpversion; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 cookies = {}; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 headers = headers; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 content = resp.body and { |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 size = #resp.body; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 mimeType = resp.headers.content_type; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 text = resp.body; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 } or nil; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 headersSize = -1; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 bodySize = -1; |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 }), "\n"); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 end |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 module:hook_object_event(http.events, "request", function (event) |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 module:log("warn", "Request to %s!", event.url); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 append_request(event.request.id, event.request); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 end); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 module:hook_object_event(http.events, "request-connection-error", function (event) |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 module:log("warn", "Failed to make request to %s!", event.url); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 end); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 module:hook_object_event(http.events, "response", function (event) |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 module:log("warn", "Received response %d from %s!", event.code, event.url); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 append_response(event.request.id, event.response); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 end); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 function module.unload() |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 log:close(); |
7a5dae85f26f
mod_log_http: Add new module for logging outgoing HTTP request
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 end |