annotate mod_c2s_limit_sessions/mod_c2s_limit_sessions.lua @ 5406:b86d80e21c60

mod_http_oauth2: Validate consistency of response and grant types Ensure that these correlated fields make sense per RFC 7591 ยง 2.1, even though we currently only check the response type during authorization. This could probably all be deleted if (when!) we remove the implicit grant, since then these things don't make any sense anymore.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:34:31 +0200
parents f581210093a7
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1365
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- mod_c2s_limit_sessions
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local next, count = next, require "util.iterators".count;
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local max_resources = module:get_option_number("max_resources", 10);
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local sessions = hosts[module.host].sessions;
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 module:hook("resource-bind", function(event)
1366
f581210093a7 mod_c2s_limit_sessions: Fix global access
Kim Alvefur <zash@zash.se>
parents: 1365
diff changeset
9 local session = event.session;
f581210093a7 mod_c2s_limit_sessions: Fix global access
Kim Alvefur <zash@zash.se>
parents: 1365
diff changeset
10 if count(next, sessions[session.username].sessions) > max_resources then
1365
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 session:close{ condition = "policy-violation", text = "Too many resources" };
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 return false
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 end
ecc948f8d47d mod_c2s_limit_sessions: Limit number of resources a user may connect
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 end, -1);