prosody-modules: mod_s2s_blacklist/mod_s2s

annotate mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5617:d8622797e315

mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.

author	Kim Alvefur <zash@zash.se>
date	Mon, 24 Jul 2023 01:30:14 +0200
parents	d958558e0058
children

rev	line source
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 local st = require "util.stanza";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	3 local blacklist = module:get_option_inherited_set("s2s_blacklist", {});
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	4
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 module:hook("route/remote", function (event)
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	6 if blacklist:contains(event.to_host) then
2893 d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	7 if event.stanza.attr.type ~= "error" then
d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	8 module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
d958558e0058 mod_s2s_blacklist: Don't send error replies for error stanzas Kim Alvefur <zash@zash.se> parents: 1325 diff changeset	9 end
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 return true;
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 end
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 end, 100);
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 module:hook("s2s-stream-features", function (event)
1325 b21236b6b8d8 Backed out changeset 853a382c9bd6 Kim Alvefur <zash@zash.se> parents: 1324 diff changeset	15 if blacklist:contains(event.origin.from_host) then
1179 27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	16 event.origin:close({
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 condition = "policy-violation";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 text = "Communication with this domain is restricted";
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 });
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 end
27b4e01ddbc4 mod_s2s_blacklist: A new _simple_ s2s blacklist module Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 end, 1000);

Mercurial > prosody-modules

annotate mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5617:d8622797e315