Mercurial > prosody-modules
annotate mod_component_roundrobin/mod_component_roundrobin.lua @ 5424:b45d9a81b3da
mod_http_oauth2: Revert role selector, going to try something else
Back out f2c7bb3af600
Allowing only a single role to be encoded into the grant takes away the
possibility of having multiple roles in the grant, one of which is
selected when issuing an access token. It also takes away the ability to
have zero roles granted, which could be useful e.g. when you only need
OIDC scopes.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 07 May 2023 19:40:57 +0200 |
parents | 7dbde05b48a9 |
children |
rev | line source |
---|---|
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
4 -- |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 -- |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 if module:get_host_type() ~= "component" then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 local hosts = _G.hosts; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 local t_concat = table.concat; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 local sha1 = require "util.hashes".sha1; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 local st = require "util.stanza"; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 local log = module._log; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 |
1255
3c35283b6780
mod_component_roundrobin: Make sessions a shared table, like mod_component
Kim Alvefur <zash@zash.se>
parents:
1254
diff
changeset
|
22 local sessions = module:shared("sessions"); |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 |
1254
b0136968bef1
mod_component_roundrobin: Make sure we don’t try to use destroyed sessions.
Waqas Hussain <waqas20@gmail.com>
parents:
1253
diff
changeset
|
24 local last_session; |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 local function on_destroy(session, err) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 if sessions[session] then |
1254
b0136968bef1
mod_component_roundrobin: Make sure we don’t try to use destroyed sessions.
Waqas Hussain <waqas20@gmail.com>
parents:
1253
diff
changeset
|
27 if last_session == session then last_session = nil; end |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
28 sessions[session] = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 session.on_destroy = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 local function handle_stanza(event) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 local stanza = event.stanza; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
35 if next(sessions) then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 stanza.attr.xmlns = nil; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
37 last_session = next(sessions, last_session) or next(sessions); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
38 last_session.send(stanza); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
39 else |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
40 log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag()); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
47 |
1257
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
48 module:hook("iq/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
49 module:hook("message/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
50 module:hook("presence/bare", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
51 module:hook("iq/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
52 module:hook("message/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
53 module:hook("presence/full", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
54 module:hook("iq/host", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
55 module:hook("message/host", handle_stanza, -0.5); |
a02fbed74487
mod_component_roundrobin: Increase priority of stanza hooks above mod_component (thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
1255
diff
changeset
|
56 module:hook("presence/host", handle_stanza, -0.5); |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
57 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
58 --- Handle authentication attempts by components |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
59 function handle_component_auth(event) |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
60 local session, stanza = event.origin, event.stanza; |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
61 |
1252
08e50d742392
mod_component_roundrobin: Fix handshake (Thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
406
diff
changeset
|
62 if session.type ~= "component_unauthed" then return; end |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
63 if sessions[session] then return; end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
64 |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
65 if (not session.host) or #stanza.tags > 0 then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
66 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
67 session:close("not-authorized"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
68 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
69 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
70 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
71 local secret = module:get_option("component_secret"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
72 if not secret then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
73 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
74 session:close("not-authorized"); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
75 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
76 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
77 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
78 local supplied_token = t_concat(stanza); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
79 local calculated_token = sha1(session.streamid..secret, true); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
80 if supplied_token:lower() ~= calculated_token:lower() then |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
81 log("info", "Component authentication failed for %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
82 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
83 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
84 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
85 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
86 -- Add session to sessions table |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
87 sessions[session] = true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
88 session.on_destroy = on_destroy; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
1253
19cf607111fb
mod_component_roundrobin: Mark authenticated sessions as such
Kim Alvefur <zash@zash.se>
parents:
1252
diff
changeset
|
90 session.type = "component"; |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
91 log("info", "Component successfully authenticated: %s", session.host); |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
92 session.send(st.stanza("handshake")); |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1257
diff
changeset
|
93 |
406
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
94 return true; |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
95 end |
a6d215c73c47
mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
96 |
1252
08e50d742392
mod_component_roundrobin: Fix handshake (Thanks Julien)
Kim Alvefur <zash@zash.se>
parents:
406
diff
changeset
|
97 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, 10); |