Mercurial > prosody-modules
annotate mod_firewall/marks.lib.lua @ 5715:8488ebde5739
mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted
This follows the intent behind the OpenID Connect 'prompt' parameter
when it does not include the 'consent' keyword, that is the client
wishes to skip the consent screen. If the user has already granted the
exact same scopes to the exact same client in the past, then one can
assume that they may grant it again.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 14 Nov 2023 23:03:37 +0100 |
| parents | 048284447643 |
| children |
| rev | line source |
|---|---|
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local mark_storage = module:open_store("firewall_marks"); |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
2 local mark_map_storage = module:open_store("firewall_marks", "map"); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local user_sessions = prosody.hosts[module.host].sessions; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
6 module:hook("firewall/marked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
7 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
8 local marks = user and user.firewall_marks; |
|
5541
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
9 if user and not marks then |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
10 -- Load marks from storage to cache on the user object |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
11 marks = mark_storage:get(event.username) or {}; |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
12 user.firewall_marks = marks; --luacheck: ignore 122 |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
13 end |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
14 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
15 marks[event.mark] = event.timestamp; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
16 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
17 local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
18 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
19 module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
20 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
21 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
22 end, -1); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
24 module:hook("firewall/unmarked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
25 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
26 local marks = user and user.firewall_marks; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
27 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
28 marks[event.mark] = nil; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
29 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
30 local ok, err = mark_map_storage:set(event.username, event.mark, nil); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
31 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
32 module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
33 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
34 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
35 end, -1); |