Mercurial > prosody-modules
annotate mod_presence_dedup/mod_presence_dedup.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | 19924a2c4a48 |
children |
rev | line source |
---|---|
2155
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local cache = require "util.cache"; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local add_filter = require "util.filters".add_filter; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local cache_size = module:get_option_number("presence_dedup_cache_size", 100); |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- stanza equality tests |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local function attr_eq(a, b) |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 if a == b then return true; end -- unlikely but not impossible |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 for k,v in pairs(a) do if b[k] ~= v then return false; end end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 for k,v in pairs(b) do if a[k] ~= v then return false; end end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 return true; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local function st_eq(a, b) |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 if a == b then return true; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 if type(b) ~= "table" then return false; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 if getmetatable(b) ~= st.stanza_mt then return false; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 if a.name ~= b.name then return false; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 if #a ~= #b then return false; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 if not attr_eq(a.attr, b.attr) then return false; end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 for i = 1, #a do if not st_eq(a[i], b[i]) then return false; end end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 return true; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 local function dedup_presence(stanza, session) |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 if session.presence_cache and session.presence |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 and getmetatable(stanza) == st.stanza_mt and stanza.name == "presence" |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 and stanza.attr.xmlns == nil and stanza.attr.from then |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 local cached = session.presence_cache:get(stanza.attr.from); |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 if st_eq(stanza, cached) then |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 return nil; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 else |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 session.presence_cache:set(stanza.attr.from, st.clone(stanza)); |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 return stanza; |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 module:hook("presence/initial", function (event) |
3445
19924a2c4a48
mod_presence_dedup: Remove unused variables [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2155
diff
changeset
|
41 local session = event.origin; |
2155
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 session.presence_cache = cache.new(cache_size); |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 add_filter(session, "stanzas/out", dedup_presence, 90); |
f24b02e0d706
mod_presence_dedup: Attempt at saving bandwith by deduplicating presence stanzas
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end); |