annotate mod_s2s_idle_timeout/mod_s2s_idle_timeout.lua @ 5448:9d542e86e19a

mod_http_oauth2: Allow requesting a subset of scopes on token refresh This enables clients to request access tokens with fewer permissions than the grant they were given, reducing impact of token leak. Clients could e.g. request access tokens with some privileges and immediately revoke them after use, or other strategies.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:40:09 +0200
parents 4e235e565693
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
127
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local now = os.time;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local s2smanager = require "core.s2smanager";
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local timer = require "util.timer";
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local s2s_sessions = setmetatable({}, { __mode = "kv" });
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local idle_timeout = module:get_option("s2s_idle_timeout") or 300;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local check_interval = math.ceil(idle_timeout * 0.75);
932
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
10
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
11 local function install_checks(session)
127
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 if not session.last_received_time then
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 session.last_received_time = now();
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 if session.direction == "incoming" then
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local _data = session.data;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 function session.data(conn, data)
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 session.last_received_time = now();
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 return _data(conn, data);
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 else
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 local _sends2s = session.sends2s;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 function session.sends2s(data)
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 session.last_received_time = now();
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return _sends2s(data);
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 s2s_sessions[session] = true;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30
932
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
31 module:hook("s2s-authenticated", function (event)
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
32 install_checks(event.session);
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
33 end);
4e235e565693 mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents: 127
diff changeset
34
127
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 function check_idle_sessions(time)
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 time = time or now();
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 for session in pairs(s2s_sessions) do
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 local last_received_time = session.last_received_time;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if last_received_time and time - last_received_time > idle_timeout then
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 module:log("debug", "Closing idle connection %s->%s",
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 session.from_host or "(unknown)", session.to_host or "(unknown)");
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 session:close(); -- Close-on-idle isn't an error
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 s2s_sessions[session] = nil;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 return check_interval;
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 timer.add_task(check_interval, check_idle_sessions);
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 function module.save()
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 return { s2s_sessions = s2s_sessions };
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 end
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 function module.restore(data)
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 s2s_sessions = setmetatable(data.s2s_sessions or {}, { __mode = "kv" });
6c454d7208ae mod_s2s_idle_timeout: Close idle connections after s2s_idle_timeout seconds, default 300s
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 end