Mercurial > prosody-modules
annotate mod_firewall/marks.lib.lua @ 5646:d67980d9e12d
mod_http_oauth2: Apply refresh token ttl to refresh token instead of grant
The intent in 59d5fc50f602 was for refresh tokens to extend the lifetime
of the grant, but the refresh token ttl was applied to the grant and
mod_tokenauth does not change it, leading to the grant expiring
regardless of refresh token usage.
This makes grant lifetimes unlimited, which seems to be standard
practice in the wild.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 11 Sep 2023 10:48:31 +0200 |
| parents | 048284447643 |
| children |
| rev | line source |
|---|---|
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local mark_storage = module:open_store("firewall_marks"); |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
2 local mark_map_storage = module:open_store("firewall_marks", "map"); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local user_sessions = prosody.hosts[module.host].sessions; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
6 module:hook("firewall/marked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
7 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
8 local marks = user and user.firewall_marks; |
|
5541
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
9 if user and not marks then |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
10 -- Load marks from storage to cache on the user object |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
11 marks = mark_storage:get(event.username) or {}; |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
12 user.firewall_marks = marks; --luacheck: ignore 122 |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
13 end |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
14 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
15 marks[event.mark] = event.timestamp; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
16 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
17 local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
18 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
19 module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
20 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
21 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
22 end, -1); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
24 module:hook("firewall/unmarked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
25 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
26 local marks = user and user.firewall_marks; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
27 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
28 marks[event.mark] = nil; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
29 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
30 local ok, err = mark_map_storage:set(event.username, event.mark, nil); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
31 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
32 module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
33 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
34 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
35 end, -1); |