Mercurial > prosody-modules
annotate mod_firewall/marks.lib.lua @ 5593:6d0574bfbf5d
mod_client_management: Include software version in table (when known)
Showing software versions could be useful for statistical reasons, e.g.
determining how quickly (or not) users upgrade, but most importantly for
revoking vulnerable clients versions in case of a security issue.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 13 Jul 2023 23:26:02 +0200 |
| parents | 048284447643 |
| children |
| rev | line source |
|---|---|
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local mark_storage = module:open_store("firewall_marks"); |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
2 local mark_map_storage = module:open_store("firewall_marks", "map"); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local user_sessions = prosody.hosts[module.host].sessions; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
6 module:hook("firewall/marked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
7 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
8 local marks = user and user.firewall_marks; |
|
5541
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
9 if user and not marks then |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
10 -- Load marks from storage to cache on the user object |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
11 marks = mark_storage:get(event.username) or {}; |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
12 user.firewall_marks = marks; --luacheck: ignore 122 |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
13 end |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
14 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
15 marks[event.mark] = event.timestamp; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
16 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
17 local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
18 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
19 module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
20 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
21 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
22 end, -1); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
24 module:hook("firewall/unmarked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
25 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
26 local marks = user and user.firewall_marks; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
27 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
28 marks[event.mark] = nil; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
29 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
30 local ok, err = mark_map_storage:set(event.username, event.mark, nil); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
31 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
32 module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
33 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
34 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
35 end, -1); |