Mercurial > prosody-modules
annotate mod_mamsub/mod_mamsub.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 0697fbef9134 |
| children |
| rev | line source |
|---|---|
|
1747
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- MAM Subscriptions prototype |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- Copyright (C) 2015 Kim Alvefur |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- This file is MIT/X11 licensed. |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local mt = require"util.multitable"; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local st = require"util.stanza"; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 local xmlns_mamsub = "http://prosody.im/protocol/mamsub"; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 module:add_feature(xmlns_mamsub); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local host_sessions = prosody.hosts[module.host].sessions; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local weak = { __mode = "k" }; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 module:hook("iq-set/self/"..xmlns_mamsub..":subscribe", function (event) |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local origin, stanza = event.origin, event.stanza; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 if origin.mamsub ~= nil then |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 origin.send(st.error_reply(stanza, "modify", "conflict")); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 return true; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 origin.mamsub = xmlns_mamsub; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local mamsub_sessions = host_sessions[origin.username].mamsub_sessions; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 if not mamsub_sessions then |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 mamsub_sessions = setmetatable({}, weak); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 host_sessions[origin.username].mamsub_sessions = mamsub_sessions; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 mamsub_sessions[origin] = true; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 origin.send(st.reply(stanza)); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 return true; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 end); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 module:hook("iq-set/self/"..xmlns_mamsub..":unsubscribe", function (event) |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local origin, stanza = event.origin, event.stanza; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 if origin.mamsub ~= xmlns_mamsub then |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 origin.send(st.error_reply(stanza, "modify", "conflict")); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 return true; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 origin.mamsub = nil; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 local mamsub_sessions = host_sessions[origin.username].mamsub_sessions; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 if mamsub_sessions then |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 mamsub_sessions[origin] = nil; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 origin.send(st.reply(stanza)); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 return true; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 end); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 module:hook("archive-message-added", function (event) |
|
1748
0697fbef9134
mod_mamsub: Prevent nil indexing if message is added to archive of an offline user
Kim Alvefur <zash@zash.se>
parents:
1747
diff
changeset
|
50 local user_session = host_sessions[event.for_user]; |
|
0697fbef9134
mod_mamsub: Prevent nil indexing if message is added to archive of an offline user
Kim Alvefur <zash@zash.se>
parents:
1747
diff
changeset
|
51 local mamsub_sessions = user_session and user_session.mamsub_sessions; |
|
1747
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 if not mamsub_sessions then return end; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 local for_broadcast = st.message():tag("mamsub", { xmlns = xmlns_mamsub }) |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 :tag("forwarded", { xmlns = "urn:xmpp:forward:0" }) |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 :add_child(event.stanza); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 for session in pairs(mamsub_sessions) do |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 if session.mamsub == xmlns_mamsub then |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 for_broadcast.attr.to = session.full_jid; |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 session.send(for_broadcast); |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 end |
|
985e05ac833b
mod_mamsub: Experimental implementation of MAM subscriptions
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 end); |