annotate mod_http_status/mod_http_status.lua @ 5715:8488ebde5739

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parents e274431bf4ce
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5161
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 module:set_global();
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local json = require "util.json";
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local datetime = require "util.datetime".datetime;
5679
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
5 local ip = require "util.ip";
5161
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local modulemanager = require "core.modulemanager";
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
5679
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
9 local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" });
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
10 local permitted_cidr = module:get_option_string("http_status_allow_cidr");
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
11
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
12 local function is_permitted(request)
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
13 local ip_raw = request.ip;
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
14 if permitted_ips:contains(ip_raw) or
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
15 (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
16 return true;
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
17 end
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
18 return false;
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
19 end
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
20
5161
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 module:provides("http", {
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 route = {
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 GET = function(event)
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local request, response = event.request, event.response;
5679
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
25 if not is_permitted(request) then
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
26 return 403; -- Forbidden
e274431bf4ce mod_http_status: Add IP allowlisting capabilities
Kim Alvefur <zash@zash.se>
parents: 5161
diff changeset
27 end
5161
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 response.headers.content_type = "application/json";
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 local resp = { ["*"] = true };
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 for host in pairs(prosody.hosts) do
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 resp[host] = true;
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 end
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 for host in pairs(resp) do
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 local hostmods = {};
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 local mods = modulemanager.get_modules(host);
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 for mod_name, mod in pairs(mods) do
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 hostmods[mod_name] = {
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 type = mod.module.status_type;
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 message = mod.module.status_message;
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 time = datetime(math.floor(mod.module.status_time));
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 };
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 resp[host] = hostmods;
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 return json.encode(resp);
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 end;
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 };
6af2d74daa15 mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 });