Mercurial > prosody-modules
annotate mod_component_roundrobin/mod_component_roundrobin.lua @ 5451:6705f2a09702
mod_http_oauth2: Reference grant by id instead of value
Fixes that the grant got mutated on use of refresh token, notably it
would gain 'id' and 'jid' properties set there by mod_tokenauth.
Previously also the secret token that we should not be remembering.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 12 May 2023 11:11:38 +0200 |
parents | 7dbde05b48a9 |
children |
rev | line source |
---|---|
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
4 -- |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 -- |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 if module:get_host_type() ~= "component" then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 local hosts = _G.hosts; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 local t_concat = table.concat; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 local sha1 = require "util.hashes".sha1; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 local st = require "util.stanza"; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 local log = module._log; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 |
1255
3c35283b6780
mod_component_roundrobin: Make sessions a shared table, like mod_component
Kim Alvefur <zash@zash.se>
parents:
1254
diff
changeset
|
22 local sessions = module:shared("sessions"); |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 |
1254
b0136968bef1
mod_component_roundrobin: Make sure we don’t try to use destroyed sessions.
Waqas Hussain <waqas20@gmail.com>
parents:
1253
diff
changeset
|
24 local last_session; |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 local function on_destroy(session, err) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 if sessions[session] then |
1254
b0136968bef1
mod_component_roundrobin: Make sure we don’t try to use destroyed sessions.
Waqas Hussain <waqas20@gmail.com>
parents:
1253
diff
changeset
|
27 if last_session == session then last_session = nil; end |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 sessions[session] = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 session.on_destroy = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 local function handle_stanza(event) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 local stanza = event.stanza; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
35 if next(sessions) then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 stanza.attr.xmlns = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 last_session = next(sessions, last_session) or next(sessions); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 last_session.send(stanza); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 else |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag()); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 |
1257
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
48 module:hook("iq/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
49 module:hook("message/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
50 module:hook("presence/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
51 module:hook("iq/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
52 module:hook("message/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
53 module:hook("presence/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
54 module:hook("iq/host", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
55 module:hook("message/host", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
56 module:hook("presence/host", handle_stanza, -0.5); |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 --- Handle authentication attempts by components |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
59 function handle_component_auth(event) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
60 local session, stanza = event.origin, event.stanza; |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
61 |
1252
08e50d742392
mod_component_roundrobin: Fix handshake (Thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
406
diff
changeset
|
62 if session.type ~= "component_unauthed" then return; end |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
63 if sessions[session] then return; end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
64 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
65 if (not session.host) or #stanza.tags > 0 then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
66 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
67 session:close("not-authorized"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
68 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
69 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
70 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
71 local secret = module:get_option("component_secret"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
72 if not secret then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
73 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
74 session:close("not-authorized"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
75 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
76 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
77 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
78 local supplied_token = t_concat(stanza); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
79 local calculated_token = sha1(session.streamid..secret, true); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
80 if supplied_token:lower() ~= calculated_token:lower() then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
81 log("info", "Component authentication failed for %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
82 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
83 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
84 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
85 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
86 -- Add session to sessions table |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
87 sessions[session] = true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
88 session.on_destroy = on_destroy; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
1253
19cf607111fb
mod_component_roundrobin: Mark authenticated sessions as such
Kim Alvefur <zash@zash.se>
parents:
1252
diff
changeset
|
90 session.type = "component"; |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
91 log("info", "Component successfully authenticated: %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
92 session.send(st.stanza("handshake")); |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
93 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
94 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
95 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
96 |
1252
08e50d742392
mod_component_roundrobin: Fix handshake (Thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
406
diff
changeset
|
97 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, 10); |