annotate mod_pinger/mod_pinger.lua @ 5448:9d542e86e19a

mod_http_oauth2: Allow requesting a subset of scopes on token refresh This enables clients to request access tokens with fewer permissions than the grant they were given, reducing impact of token leak. Clients could e.g. request access tokens with some privileges and immediately revoke them after use, or other strategies.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:40:09 +0200
parents 8298b06e6603
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2034
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local new_watchdog = require "util.watchdog".new;
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local filters = require "util.filters";
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local st = require "util.stanza";
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local idle_timeout = module:get_option_number("c2s_idle_timeout", 300);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local ping_timeout = module:get_option_number("c2s_ping_timeout", 30);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 function update_watchdog(data, session)
3113
8298b06e6603 mod_pinger: work around updates on stale sessions
Georg Lukas <georg@op-co.de>
parents: 3103
diff changeset
9 if session.idle_watchdog then
8298b06e6603 mod_pinger: work around updates on stale sessions
Georg Lukas <georg@op-co.de>
parents: 3103
diff changeset
10 session.idle_watchdog:reset();
8298b06e6603 mod_pinger: work around updates on stale sessions
Georg Lukas <georg@op-co.de>
parents: 3103
diff changeset
11 session.idle_pinged = nil;
8298b06e6603 mod_pinger: work around updates on stale sessions
Georg Lukas <georg@op-co.de>
parents: 3103
diff changeset
12 end
2034
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 return data;
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 function check_session(watchdog)
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local session = watchdog.session;
3103
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
18 if session.smacks then
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
19 unwatch_session(session);
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
20 return;
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
21 end
2034
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 if not session.idle_pinged then
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 session.idle_pinged = true;
3103
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
24 session.send(st.iq({ type = "get", from = module.host, id = "idle-check" })
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
25 :tag("ping", { xmlns = "urn:xmpp:ping" }));
2034
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 return ping_timeout; -- Call us again after ping_timeout
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 else
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 module:log("info", "Client %q silent for too long, closing...", session.full_jid);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 session:close("connection-timeout");
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 function watch_session(session)
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 if not session.idle_watchdog
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 and not session.requests then -- Don't watch BOSH connections (BOSH already has timeouts)
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 session.idle_watchdog = new_watchdog(idle_timeout, check_session);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 session.idle_watchdog.session = session;
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 filters.add_filter(session, "bytes/in", update_watchdog);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 function unwatch_session(session)
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 if session.idle_watchdog then
3103
5bf79bb3cf7e Neuter 0198 from mod_pinger, fix #712
Georg Lukas <georg@op-co.de>
parents: 2674
diff changeset
45 filters.remove_filter(session, "bytes/in", update_watchdog);
2034
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 session.idle_watchdog:cancel();
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 session.idle_watchdog = nil;
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 module:hook("resource-bind", function (event) watch_session(event.session); end);
256a5e3591db mod_pinger: Added from /files/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 module:hook("resource-unbind", function (event) unwatch_session(event.session); end);