Mercurial > prosody-modules
annotate mod_firewall/conditions.lib.lua @ 2670:6e01878103c0
mod_smacks: Ignore user when writing or reading session_cache on prosody 0.9
At least under some circumstances it seems that session.username is nil when
a user tries to resume his session in prosody 0.9.
The username is not relevant when no limiting is done (limiting the number of
entries in the session cache is only possible in prosody 0.10), so this
commit removes the usage of the username when accessing the prosody 0.9 session
cache.
author | tmolitor <thilo@eightysoft.de> |
---|---|
date | Thu, 06 Apr 2017 02:12:14 +0200 |
parents | c6652d055ba3 |
children | ff1666716d10 |
rev | line source |
---|---|
2125
edf5cf3c474b
mod_firewall: Move meta() function to main module, and make it a global so libs can use it
Matthew Wild <mwild1@gmail.com>
parents:
2119
diff
changeset
|
1 --luacheck: globals meta idsafe |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local condition_handlers = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local jid = require "util.jid"; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
2342
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
6 -- Helper to convert user-input strings (yes/true//no/false) to a bool |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
7 local function string_to_boolean(s) |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
8 s = s:lower(); |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
9 return s == "yes" or s == "true"; |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
10 end |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
11 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 -- Return a code string for a condition that checks whether the contents |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 -- of variable with the name 'name' matches any of the values in the |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 -- comma/space/pipe delimited list 'values'. |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local function compile_comparison_list(name, values) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local conditions = {}; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 for value in values:gmatch("[^%s,|]+") do |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 table.insert(conditions, ("%s == %q"):format(name, value)); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 return table.concat(conditions, " or "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 function condition_handlers.KIND(kind) |
2582
ac3140cd89a2
mod_firewall: Fix compilation error if TYPE/KIND had no parameter
Matthew Wild <mwild1@gmail.com>
parents:
2577
diff
changeset
|
24 assert(kind, "Expected stanza kind to match against"); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 return compile_comparison_list("name", kind), { "name" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 local wildcard_equivs = { ["*"] = ".*", ["?"] = "." }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local function compile_jid_match_part(part, match) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 if not match then |
2071
4161ff87e5a4
mod_firewall/conditions: Add semicolon
Kim Alvefur <zash@zash.se>
parents:
2070
diff
changeset
|
32 return part.." == nil"; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 end |
2072
eda5c54dfa30
mod_firewall: Anchor pattern at beginning and end
Kim Alvefur <zash@zash.se>
parents:
2071
diff
changeset
|
34 local pattern = match:match("^<(.*)>$"); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if pattern then |
962
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
36 if pattern == "*" then |
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
37 return part; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
2036
diff
changeset
|
39 if pattern:find("^<.*>$") then |
962
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
40 pattern = pattern:match("^<(.*)>$"); |
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
41 else |
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
42 pattern = pattern:gsub("%p", "%%%0"):gsub("%%(%p)", wildcard_equivs); |
93ffa3ffc66f
mod_firewall/conditions: Support Lua patterns in JID matching, and make <*>@example.com NOT match example.com
Matthew Wild <mwild1@gmail.com>
parents:
954
diff
changeset
|
43 end |
2074
86427261e3c4
mod_firewall: Use string.find in JID match, faster since the result is unused
Kim Alvefur <zash@zash.se>
parents:
2073
diff
changeset
|
44 return ("(%s and %s:find(%q))"):format(part, part, "^"..pattern.."$"); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 else |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 return ("%s == %q"):format(part, match); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 local function compile_jid_match(which, match_jid) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 local match_node, match_host, match_resource = jid.split(match_jid); |
963
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
52 local conditions = {}; |
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
53 conditions[#conditions+1] = compile_jid_match_part(which.."_node", match_node); |
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
54 conditions[#conditions+1] = compile_jid_match_part(which.."_host", match_host); |
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
55 if match_resource then |
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
56 conditions[#conditions+1] = compile_jid_match_part(which.."_resource", match_resource); |
c7fca2c9e24f
mod_firewall/conditions: Don't use table.insert, so things are happy when compile_jid_match() returns nil
Matthew Wild <mwild1@gmail.com>
parents:
962
diff
changeset
|
57 end |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 return table.concat(conditions, " and "); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 function condition_handlers.TO(to) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 return compile_jid_match("to", to), { "split_to" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 function condition_handlers.FROM(from) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 return compile_jid_match("from", from), { "split_from" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 |
2036
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
69 function condition_handlers.FROM_EXACTLY(from) |
2552
18b6a55dd5d6
mod_firewall: Support expressions in TO/FROM EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
2545
diff
changeset
|
70 local metadeps = {}; |
18b6a55dd5d6
mod_firewall: Support expressions in TO/FROM EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
2545
diff
changeset
|
71 return ("from == %s"):format(metaq(from, metadeps)), { "from", unpack(metadeps) }; |
2036
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
72 end |
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
73 |
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
74 function condition_handlers.TO_EXACTLY(to) |
2552
18b6a55dd5d6
mod_firewall: Support expressions in TO/FROM EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
2545
diff
changeset
|
75 local metadeps = {}; |
18b6a55dd5d6
mod_firewall: Support expressions in TO/FROM EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
2545
diff
changeset
|
76 return ("to == %s"):format(metaq(to, metadeps)), { "to", unpack(metadeps) }; |
2036
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
77 end |
7ba6ed553c93
mod_firewall/conditions: Add FROM_EXACTLY and TO_EXACTLY
Matthew Wild <mwild1@gmail.com>
parents:
997
diff
changeset
|
78 |
2465
bd69ffe071e6
mod_firewall: Add 'TO SELF' check ('NOT TO?' worked until commit 9159f9166893)
Matthew Wild <mwild1@gmail.com>
parents:
2403
diff
changeset
|
79 function condition_handlers.TO_SELF() |
2563
2f1e25706f81
mod_firewall: TO SELF: Use raw stanza.attr.to directly, as 'to' defaults to bare JID if nil
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
80 -- Intentionally not using 'to' here, as that defaults to bare JID when nil |
2f1e25706f81
mod_firewall: TO SELF: Use raw stanza.attr.to directly, as 'to' defaults to bare JID if nil
Matthew Wild <mwild1@gmail.com>
parents:
2555
diff
changeset
|
81 return ("stanza.attr.to == nil"); |
2465
bd69ffe071e6
mod_firewall: Add 'TO SELF' check ('NOT TO?' worked until commit 9159f9166893)
Matthew Wild <mwild1@gmail.com>
parents:
2403
diff
changeset
|
82 end |
bd69ffe071e6
mod_firewall: Add 'TO SELF' check ('NOT TO?' worked until commit 9159f9166893)
Matthew Wild <mwild1@gmail.com>
parents:
2403
diff
changeset
|
83 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 function condition_handlers.TYPE(type) |
2582
ac3140cd89a2
mod_firewall: Fix compilation error if TYPE/KIND had no parameter
Matthew Wild <mwild1@gmail.com>
parents:
2577
diff
changeset
|
85 assert(type, "Expected 'type' value to match against"); |
979
cec42f884475
mod_firewall: The default value of the 'type' attribute on message stanzas is 'normal'
Kim Alvefur <zash@zash.se>
parents:
971
diff
changeset
|
86 return compile_comparison_list("(type or (name == 'message' and 'normal') or (name == 'presence' and 'available'))", type), { "type", "name" }; |
964
04e85eb3dfef
mod_firewall/conditions: Default types for message and presence
Matthew Wild <mwild1@gmail.com>
parents:
963
diff
changeset
|
87 end |
965
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
88 |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
89 local function zone_check(zone, which) |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
90 local which_not = which == "from" and "to" or "from"; |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
91 return ("(zone_%s[%s_host] or zone_%s[%s] or zone_%s[bare_%s]) " |
2119
5f6c18fd0161
mod_firewall: Correct zone condition to check bare JID
Kim Alvefur <zash@zash.se>
parents:
2116
diff
changeset
|
92 .."and not(zone_%s[%s_host] or zone_%s[%s] or zone_%s[bare_%s])" |
965
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
93 ) |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
94 :format(zone, which, zone, which, zone, which, |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
95 zone, which_not, zone, which_not, zone, which_not), { |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
96 "split_to", "split_from", "bare_to", "bare_from", "zone:"..zone |
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
97 }; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 function condition_handlers.ENTERING(zone) |
965
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
101 return zone_check(zone, "to"); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 function condition_handlers.LEAVING(zone) |
965
d4e24fb289c0
mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone).
Matthew Wild <mwild1@gmail.com>
parents:
964
diff
changeset
|
105 return zone_check(zone, "from"); |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 |
2537
acdc1767a715
mod_firewall: Make parameter to 'IN ROSTER' optional
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
108 -- IN ROSTER? (parameter is deprecated) |
2342
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
109 function condition_handlers.IN_ROSTER(yes_no) |
2537
acdc1767a715
mod_firewall: Make parameter to 'IN ROSTER' optional
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
110 local in_roster_requirement = string_to_boolean(yes_no or "yes"); -- COMPAT w/ older scripts |
2342
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
111 return "not "..(in_roster_requirement and "not" or "").." roster_entry", { "roster_entry" }; |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
112 end |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
113 |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
114 function condition_handlers.IN_ROSTER_GROUP(group) |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
115 return ("not not (roster_entry and roster_entry.groups[%q])"):format(group), { "roster_entry" }; |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
116 end |
6848297cf40a
mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group)
Matthew Wild <mwild1@gmail.com>
parents:
2128
diff
changeset
|
117 |
2403
f96bdfd81eba
mod_firewall: SUBSCRIBED - condition that is true if the receiver of a stanza is subscribed to the sender
Kim Alvefur <zash@zash.se>
parents:
2386
diff
changeset
|
118 function condition_handlers.SUBSCRIBED() |
2564
240985f7d1f7
mod_firewall: SUBSCRIBED: Only check roster if 'to' address has a nodepart (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
2563
diff
changeset
|
119 return "(to_node and rostermanager.is_contact_subscribed(to_node, to_host, bare_from))", |
2403
f96bdfd81eba
mod_firewall: SUBSCRIBED - condition that is true if the receiver of a stanza is subscribed to the sender
Kim Alvefur <zash@zash.se>
parents:
2386
diff
changeset
|
120 { "rostermanager", "split_to", "bare_from" }; |
f96bdfd81eba
mod_firewall: SUBSCRIBED - condition that is true if the receiver of a stanza is subscribed to the sender
Kim Alvefur <zash@zash.se>
parents:
2386
diff
changeset
|
121 end |
f96bdfd81eba
mod_firewall: SUBSCRIBED - condition that is true if the receiver of a stanza is subscribed to the sender
Kim Alvefur <zash@zash.se>
parents:
2386
diff
changeset
|
122 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 function condition_handlers.PAYLOAD(payload_ns) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 return ("stanza:get_child(nil, %q)"):format(payload_ns); |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
954
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
127 function condition_handlers.INSPECT(path) |
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
128 if path:find("=") then |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
129 local query, match_type, value = path:match("(.-)([~/$]*)=(.*)"); |
2362
c065ab67d807
mod_firewall: INSPECT: Emit compilation error when the given stanza path is used for comparison but doesn't return a string
Matthew Wild <mwild1@gmail.com>
parents:
2342
diff
changeset
|
130 if not(query:match("#$") or query:match("@[^/]+")) then |
c065ab67d807
mod_firewall: INSPECT: Emit compilation error when the given stanza path is used for comparison but doesn't return a string
Matthew Wild <mwild1@gmail.com>
parents:
2342
diff
changeset
|
131 error("Stanza path does not return a string (append # for text content or @name for value of named attribute)", 0); |
c065ab67d807
mod_firewall: INSPECT: Emit compilation error when the given stanza path is used for comparison but doesn't return a string
Matthew Wild <mwild1@gmail.com>
parents:
2342
diff
changeset
|
132 end |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
133 local meta_deps = {}; |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
134 local quoted_value = ("%q"):format(value); |
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
135 if match_type:find("$", 1, true) then |
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
136 match_type = match_type:gsub("%$", ""); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
137 quoted_value = meta(quoted_value, meta_deps); |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
138 end |
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
139 if match_type == "~" then -- Lua pattern match |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
140 return ("(stanza:find(%q) or ''):match(%s)"):format(query, quoted_value), meta_deps; |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
141 elseif match_type == "/" then -- find literal substring |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
142 return ("(stanza:find(%q) or ''):find(%s, 1, true)"):format(query, quoted_value), meta_deps; |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
143 elseif match_type == "" then -- exact match |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
144 return ("stanza:find(%q) == %s"):format(query, quoted_value), meta_deps; |
2109
9db4113d0cb5
mod_firewall: INSPECT: Support for pattern matches (confusingly using ~= instead of =)
Matthew Wild <mwild1@gmail.com>
parents:
2107
diff
changeset
|
145 else |
2386
00eed68f63bf
mod_firewall: INSPECT: support for literal substring search and expressions
Matthew Wild <mwild1@gmail.com>
parents:
2363
diff
changeset
|
146 error("Unrecognised comparison '"..match_type.."='", 0); |
2109
9db4113d0cb5
mod_firewall: INSPECT: Support for pattern matches (confusingly using ~= instead of =)
Matthew Wild <mwild1@gmail.com>
parents:
2107
diff
changeset
|
147 end |
954
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
148 end |
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
149 return ("stanza:find(%q)"):format(path); |
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
150 end |
bec5b6e2eab8
mod_firewall: Add INSPECT conditional, for deeper inspection of stanzas
Kim Alvefur <zash@zash.se>
parents:
947
diff
changeset
|
151 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 function condition_handlers.FROM_GROUP(group_name) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 return ("group_contains(%q, bare_from)"):format(group_name), { "group_contains", "bare_from" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 function condition_handlers.TO_GROUP(group_name) |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 return ("group_contains(%q, bare_to)"):format(group_name), { "group_contains", "bare_to" }; |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
2594
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
160 function condition_handlers.CROSSING_GROUPS(group_names) |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
161 local code = {}; |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
162 for group_name in group_names:gmatch("([^, ][^,]+)") do |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
163 group_name = group_name:match("^%s*(.-)%s*$"); -- Trim leading/trailing whitespace |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
164 -- Just check that's it is crossing from outside group to inside group |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
165 table.insert(code, ("(group_contains(%q, bare_to) and group_contains(%q, bare_from))"):format(group_name, group_name)) |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
166 end |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
167 return "not "..table.concat(code, " or "), { "group_contains", "bare_to", "bare_from" }; |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
168 end |
1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
Matthew Wild <mwild1@gmail.com>
parents:
2584
diff
changeset
|
169 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 function condition_handlers.FROM_ADMIN_OF(host) |
2577
00cef058df8d
mod_firewall: TO/FROM ADMIN OF: Fix string quoting
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
171 return ("is_admin(bare_from, %s)"):format(host ~= "*" and metaq(host) or nil), { "is_admin", "bare_from" }; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 function condition_handlers.TO_ADMIN_OF(host) |
2577
00cef058df8d
mod_firewall: TO/FROM ADMIN OF: Fix string quoting
Matthew Wild <mwild1@gmail.com>
parents:
2575
diff
changeset
|
175 return ("is_admin(bare_to, %s)"):format(host ~= "*" and metaq(host) or nil), { "is_admin", "bare_to" }; |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 end |
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 |
2553
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
178 function condition_handlers.FROM_ADMIN() |
2575
214b49d05ea1
mod_firewall: Fix TO/FROM ADMIN to use current (module) host
Matthew Wild <mwild1@gmail.com>
parents:
2564
diff
changeset
|
179 return ("is_admin(bare_from, current_host)"), { "is_admin", "bare_from", "current_host" }; |
2553
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
180 end |
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
181 |
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
182 function condition_handlers.TO_ADMIN() |
2575
214b49d05ea1
mod_firewall: Fix TO/FROM ADMIN to use current (module) host
Matthew Wild <mwild1@gmail.com>
parents:
2564
diff
changeset
|
183 return ("is_admin(bare_to, current_host)"), { "is_admin", "bare_to", "current_host" }; |
2553
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
184 end |
7ed2a66bfabd
mod_firewall: Add TO/FROM ADMIN
Matthew Wild <mwild1@gmail.com>
parents:
2552
diff
changeset
|
185 |
968
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
186 local day_numbers = { sun = 0, mon = 2, tue = 3, wed = 4, thu = 5, fri = 6, sat = 7 }; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
187 |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
188 local function current_time_check(op, hour, minute) |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
189 hour, minute = tonumber(hour), tonumber(minute); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
190 local adj_op = op == "<" and "<" or ">="; -- Start time inclusive, end time exclusive |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
191 if minute == 0 then |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
192 return "(current_hour"..adj_op..hour..")"; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
193 else |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
194 return "((current_hour"..op..hour..") or (current_hour == "..hour.." and current_minute"..adj_op..minute.."))"; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
195 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
196 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
197 |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
198 local function resolve_day_number(day_name) |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
199 return assert(day_numbers[day_name:sub(1,3):lower()], "Unknown day name: "..day_name); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
200 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
201 |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
202 function condition_handlers.DAY(days) |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
203 local conditions = {}; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
204 for day_range in days:gmatch("[^,]+") do |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
205 local day_start, day_end = day_range:match("(%a+)%s*%-%s*(%a+)"); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
206 if day_start and day_end then |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
207 local day_start_num, day_end_num = resolve_day_number(day_start), resolve_day_number(day_end); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
208 local op = "and"; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
209 if day_end_num < day_start_num then |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
210 op = "or"; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
211 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
212 table.insert(conditions, ("current_day >= %d %s current_day <= %d"):format(day_start_num, op, day_end_num)); |
2070
2356114ff505
mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned
Kim Alvefur <zash@zash.se>
parents:
2036
diff
changeset
|
213 elseif day_range:find("%a") then |
968
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
214 local day = resolve_day_number(day_range:match("%a+")); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
215 table.insert(conditions, "current_day == "..day); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
216 else |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
217 error("Unable to parse day/day range: "..day_range); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
218 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
219 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
220 assert(#conditions>0, "Expected a list of days or day ranges"); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
221 return "("..table.concat(conditions, ") or (")..")", { "time:day" }; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
222 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
223 |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
224 function condition_handlers.TIME(ranges) |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
225 local conditions = {}; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
226 for range in ranges:gmatch("([^,]+)") do |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
227 local clause = {}; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
228 range = range:lower() |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
229 :gsub("(%d+):?(%d*) *am", function (h, m) return tostring(tonumber(h)%12)..":"..(tonumber(m) or "00"); end) |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
230 :gsub("(%d+):?(%d*) *pm", function (h, m) return tostring(tonumber(h)%12+12)..":"..(tonumber(m) or "00"); end); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
231 local start_hour, start_minute = range:match("(%d+):(%d+) *%-"); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
232 local end_hour, end_minute = range:match("%- *(%d+):(%d+)"); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
233 local op = tonumber(start_hour) > tonumber(end_hour) and " or " or " and "; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
234 if start_hour and end_hour then |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
235 table.insert(clause, current_time_check(">", start_hour, start_minute)); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
236 table.insert(clause, current_time_check("<", end_hour, end_minute)); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
237 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
238 if #clause == 0 then |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
239 error("Unable to parse time range: "..range); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
240 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
241 table.insert(conditions, "("..table.concat(clause, " "..op.." ")..")"); |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
242 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
243 return table.concat(conditions, " or "), { "time:hour,min" }; |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
244 end |
f3b0ddeebd9d
mod_firewall/conditions: Add DAY and TIME conditions
Matthew Wild <mwild1@gmail.com>
parents:
965
diff
changeset
|
245 |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
246 function condition_handlers.LIMIT(spec) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
247 local name, param = spec:match("^(%w+) on (.+)$"); |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
248 local meta_deps = {}; |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
249 |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
250 if not name then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
251 name = spec:match("^%w+$"); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
252 if not name then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
253 error("Unable to parse LIMIT specification"); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
254 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
255 else |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
256 param = meta(("%q"):format(param), meta_deps); |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
257 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
258 |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
259 if not param then |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
260 return ("not global_throttle_%s:poll(1)"):format(name), { "globalthrottle:"..name, unpack(meta_deps) }; |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2127
diff
changeset
|
261 end |
2519
d4bc434a60a4
mod_firewall: Update functions that use meta() to allow functions with deps inside expressions
Matthew Wild <mwild1@gmail.com>
parents:
2465
diff
changeset
|
262 return ("not multi_throttle_%s:poll_on(%s, 1)"):format(name, param), { "multithrottle:"..name, unpack(meta_deps) }; |
971
53e158e44a44
mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables
Matthew Wild <mwild1@gmail.com>
parents:
968
diff
changeset
|
263 end |
53e158e44a44
mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables
Matthew Wild <mwild1@gmail.com>
parents:
968
diff
changeset
|
264 |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
265 function condition_handlers.ORIGIN_MARKED(name_and_time) |
2127
59023dffbdd4
mod_firewall: Allow underscore in mark names (thanks Ge0rG)
Matthew Wild <mwild1@gmail.com>
parents:
2125
diff
changeset
|
266 local name, time = name_and_time:match("^%s*([%w_]+)%s+%(([^)]+)s%)%s*$"); |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
267 if not name then |
2127
59023dffbdd4
mod_firewall: Allow underscore in mark names (thanks Ge0rG)
Matthew Wild <mwild1@gmail.com>
parents:
2125
diff
changeset
|
268 name = name_and_time:match("^%s*([%w_]+)%s*$"); |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
269 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
270 if not name then |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
271 error("Error parsing mark name, see documentation for usage examples"); |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
272 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
273 if time then |
2116
2bb42ba342f3
mod_firewall: Fix usage of incorrect variable current_time in ORIGIN_MARKED condition (thanks Ge0rG)
Matthew Wild <mwild1@gmail.com>
parents:
2109
diff
changeset
|
274 return ("(current_timestamp - (session.firewall_marked_%s or 0)) < %d"):format(idsafe(name), tonumber(time)), { "timestamp" }; |
2107
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
275 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
276 return ("not not session.firewall_marked_"..idsafe(name)); |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
277 end |
f445f43b9ba1
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
Matthew Wild <mwild1@gmail.com>
parents:
2075
diff
changeset
|
278 |
2554
19bb4606013f
mod_firewall: Fix everything wrong with SENT_DIRECTED_PRESENCE_TO_SENDER
Matthew Wild <mwild1@gmail.com>
parents:
2553
diff
changeset
|
279 function condition_handlers.SENT_DIRECTED_PRESENCE_TO_SENDER() |
19bb4606013f
mod_firewall: Fix everything wrong with SENT_DIRECTED_PRESENCE_TO_SENDER
Matthew Wild <mwild1@gmail.com>
parents:
2553
diff
changeset
|
280 return "not not session.directed[from]", { "from" }; |
2529
3fe4ca2b55c2
mod_firewall: Add 'SENT DIRECTED PRESENCE TO SENDER?'
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
281 end |
3fe4ca2b55c2
mod_firewall: Add 'SENT DIRECTED PRESENCE TO SENDER?'
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
282 |
2618
c6652d055ba3
mod_firewall: Add some more comments
Matthew Wild <mwild1@gmail.com>
parents:
2594
diff
changeset
|
283 -- TO FULL JID? |
2555
a9eb4d5566f3
mod_firewall: Add TO FULL JID
Matthew Wild <mwild1@gmail.com>
parents:
2554
diff
changeset
|
284 function condition_handlers.TO_FULL_JID() |
a9eb4d5566f3
mod_firewall: Add TO FULL JID
Matthew Wild <mwild1@gmail.com>
parents:
2554
diff
changeset
|
285 return "not not full_sessions[to]", { "to" }; |
a9eb4d5566f3
mod_firewall: Add TO FULL JID
Matthew Wild <mwild1@gmail.com>
parents:
2554
diff
changeset
|
286 end |
a9eb4d5566f3
mod_firewall: Add TO FULL JID
Matthew Wild <mwild1@gmail.com>
parents:
2554
diff
changeset
|
287 |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
288 -- CHECK LIST: spammers contains $<@from> |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
289 function condition_handlers.CHECK_LIST(list_condition) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
290 local list_name, expr = list_condition:match("(%S+) contains (.+)$"); |
2521
66b81e144ded
mod_firewall: Fix CHECK LIST syntax check
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
291 if not (list_name and expr) then |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
292 error("Error parsing list check, syntax: LISTNAME contains EXPRESSION"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
293 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
294 local meta_deps = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
295 expr = meta(("%q"):format(expr), meta_deps); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
296 return ("list_%s:contains(%s) == true"):format(list_name, expr), { "list:"..list_name, unpack(meta_deps) }; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
297 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2519
diff
changeset
|
298 |
2528
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
299 -- SCAN: body for word in badwords |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
300 function condition_handlers.SCAN(scan_expression) |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
301 local search_name, pattern_name, list_name = scan_expression:match("(%S+) for (%S+) in (%S+)$"); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
302 if not (search_name) then |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
303 error("Error parsing SCAN expression, syntax: SEARCH for PATTERN in LIST"); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
304 end |
2584
d64fc9c3cffd
mod_firewall: Remove ambiguity from tokens dep parameter
Matthew Wild <mwild1@gmail.com>
parents:
2582
diff
changeset
|
305 return ("scan_list(list_%s, %s)"):format(list_name, "tokens_"..search_name.."_"..pattern_name), { "scan_list", "tokens:"..search_name.."-"..pattern_name, "list:"..list_name }; |
2528
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
306 end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2521
diff
changeset
|
307 |
2618
c6652d055ba3
mod_firewall: Add some more comments
Matthew Wild <mwild1@gmail.com>
parents:
2594
diff
changeset
|
308 -- COUNT: lines in body < 10 |
2545
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
309 local valid_comp_ops = { [">"] = ">", ["<"] = "<", ["="] = "==", ["=="] = "==", ["<="] = "<=", [">="] = ">=" }; |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
310 function condition_handlers.COUNT(count_expression) |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
311 local pattern_name, search_name, comparator_expression = count_expression:match("(%S+) in (%S+) (.+)$"); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
312 if not (pattern_name) then |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
313 error("Error parsing COUNT expression, syntax: PATTERN in SEARCH COMPARATOR"); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
314 end |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
315 local value; |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
316 comparator_expression = comparator_expression:gsub("%d+", function (value_string) |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
317 value = tonumber(value_string); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
318 return ""; |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
319 end); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
320 if not value then |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
321 error("Error parsing COUNT expression, expected value"); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
322 end |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
323 local comp_op = comparator_expression:gsub("%s+", ""); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
324 assert(valid_comp_ops[comp_op], "Error parsing COUNT expression, unknown comparison operator: "..comp_op); |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
325 return ("it_count(search_%s:gmatch(pattern_%s)) %s %d"):format(search_name, pattern_name, comp_op, value), { "it_count", "search:"..search_name, "pattern:"..pattern_name }; |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
326 end |
9b46d24edf0d
mod_firewall: Add and document COUNT condition
Matthew Wild <mwild1@gmail.com>
parents:
2537
diff
changeset
|
327 |
947
c91cac3b823f
mod_firewall: General stanza filtering plugin with a declarative rule-based syntax
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
328 return condition_handlers; |