annotate mod_log_json/mod_log_json.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parents 807007913f67
children 0b347a7c5b5f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4974
807007913f67 mod_log_json: Prefer native Lua table.pack over Prosody util.table one
Kim Alvefur <zash@zash.se>
parents: 4462
diff changeset
1 local pack = table.pack or require "util.table".pack;
3732
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local json = require "util.json";
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local array = require "util.array";
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local datetime = require "util.datetime".datetime;
3746
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
5 local socket = require "socket";
3732
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 module:set_global();
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local function sink_maker(config)
3746
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
10 local send = function () end
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
11 if config.filename then
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
12 local logfile = io.open(config.filename, "a+");
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
13 logfile:setvbuf("no");
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
14 function send(payload)
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
15 logfile:write(payload, "\n");
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
16 end
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
17 elseif config.udp_host and config.udp_port then
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
18 local conn = socket.udp();
3748
27abf3b6819a mod_log_json: Use correct method to specify remote endpoint
Kim Alvefur <zash@zash.se>
parents: 3747
diff changeset
19 conn:setpeername(config.udp_host, config.udp_port);
3746
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
20 function send(payload)
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
21 conn:send(payload);
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
22 end
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
23 end
4462
4356088ad675 mod_log_json: allow logging of formatted message
Jonas Schäfer <jonas@wielicki.name>
parents: 3758
diff changeset
24 local format = require "util.format".format;
4356088ad675 mod_log_json: allow logging of formatted message
Jonas Schäfer <jonas@wielicki.name>
parents: 3758
diff changeset
25 local do_format = config.formatted_as or false;
3732
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 return function (source, level, message, ...)
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 local args = pack(...);
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 for i = 1, args.n do
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 if args[i] == nil then
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 args[i] = json.null;
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 elseif type(args[i]) ~= "string" or type(args[i]) ~= "number" then
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 args[i] = tostring(args[i]);
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 end
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 end
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 args.n = nil;
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 local payload = {
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 datetime = datetime(),
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 source = source,
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 level = level,
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 message = message,
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 args = array(args);
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 };
4462
4356088ad675 mod_log_json: allow logging of formatted message
Jonas Schäfer <jonas@wielicki.name>
parents: 3758
diff changeset
43 if do_format then
4356088ad675 mod_log_json: allow logging of formatted message
Jonas Schäfer <jonas@wielicki.name>
parents: 3758
diff changeset
44 payload[do_format] = format(message, ...)
4356088ad675 mod_log_json: allow logging of formatted message
Jonas Schäfer <jonas@wielicki.name>
parents: 3758
diff changeset
45 end
3746
bc865568ff02 mod_log_json: Add UDP support
Kim Alvefur <zash@zash.se>
parents: 3734
diff changeset
46 send(json.encode(payload));
3732
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 end
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49
3758
900ea02ab00b mod_log_json: Deregister log sink on unload
Kim Alvefur <zash@zash.se>
parents: 3748
diff changeset
50 function module.unload()
900ea02ab00b mod_log_json: Deregister log sink on unload
Kim Alvefur <zash@zash.se>
parents: 3748
diff changeset
51 -- deregister
900ea02ab00b mod_log_json: Deregister log sink on unload
Kim Alvefur <zash@zash.se>
parents: 3748
diff changeset
52 require"core.loggingmanager".register_sink_type("json", nil);
900ea02ab00b mod_log_json: Deregister log sink on unload
Kim Alvefur <zash@zash.se>
parents: 3748
diff changeset
53 end
900ea02ab00b mod_log_json: Deregister log sink on unload
Kim Alvefur <zash@zash.se>
parents: 3748
diff changeset
54
3732
21cfbdaac767 mod_log_json: JSON log sink
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 require"core.loggingmanager".register_sink_type("json", sink_maker);