prosody-modules: mod_measure_client_identities/mod_measure_client

annotate mod_measure_client_identities/mod_measure_client_identities.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics

author	Kim Alvefur <zash@zash.se>
date	Sun, 23 Jul 2023 02:56:08 +0200
parents	fdbf7c2aed7b
children

rev	line source
3135 e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	1 module:set_global();
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	2
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	3 local measure = require"core.statsmanager".measure;
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	4
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	5 local counters = {
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	6 unknown = measure("amount", "client_identities.unknown"),
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	7 };
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	8
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	9 module:hook("stats-update", function ()
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	10 local buckets = {
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	11 unknown = 0,
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	12 };
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	13 for _, session in pairs(prosody.full_sessions) do
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	14 if session.caps_cache ~= nil then
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	15 local node_string = session.caps_cache.attr.node;
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	16 local node = node_string:match("([^#]+)");
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	17 if buckets[node] == nil then
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	18 buckets[node] = 0;
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	19 end
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	20 buckets[node] = buckets[node] + 1;
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	21 else
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	22 buckets.unknown = buckets.unknown + 1;
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	23 end
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	24 end
3136 fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	25 local visited = {};
3135 e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	26 for bucket, count in pairs(buckets) do
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	27 if counters[bucket] == nil then
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	28 counters[bucket] = measure("amount", "client_identities."..bucket);
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	29 end
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	30 counters[bucket](count);
3136 fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	31 visited[bucket] = true;
fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	32 end
fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	33 for bucket, counter in pairs(counters) do
fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	34 if not visited[bucket] then
fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	35 counter(0);
fdbf7c2aed7b mod_measure_client_identities: Report 0 instead of the previous value when no client with that identity is left. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 3135 diff changeset	36 end
3135 e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	37 end
e166ccc7a779 mod_measure_client_identities: Collect statistics about client identities. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: diff changeset	38 end)

Mercurial > prosody-modules

annotate mod_measure_client_identities/mod_measure_client_identities.lua @ 5616:59d5fc50f602