prosody-modules: mod_s2s_blacklist/mod_s2s

annotate mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics

author	Kim Alvefur <zash@zash.se>
date	Sun, 23 Jul 2023 02:56:08 +0200
parents	d958558e0058
children

rev	line source
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 local st = require "util.stanza";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	3 local blacklist = module:get_option_inherited_set("s2s_blacklist", {});
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	4
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 module:hook("route/remote", function (event)
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	6 if blacklist:contains(event.to_host) then
2893 d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	7 if event.stanza.attr.type ~= "error" then
d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	8 module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	9 end
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 return true;
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 end
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 end, 100);
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 module:hook("s2s-stream-features", function (event)
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	15 if blacklist:contains(event.origin.from_host) then
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	16 event.origin:close({
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 condition = "policy-violation";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 text = "Communication with this domain is restricted";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 });
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 end
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 end, 1000);

Mercurial > prosody-modules

annotate mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5616:59d5fc50f602