Mercurial > prosody-modules
annotate mod_firewall/marks.lib.lua @ 5787:e79f9dec35c0
mod_c2s_conn_throttle: Reduce log level from error->info
Our general policy is that "error" should never be triggerable by remote
entities, and that it is always about something that requires admin
intervention. This satisfies neither condition.
The "warn" level can be used for unexpected events/behaviour triggered by
remote entities, and this could qualify. However I don't think failed auth
attempts are unexpected enough.
I selected "info" because it is what is also used for other notable session
lifecycle events.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 07 Dec 2023 15:46:50 +0000 |
| parents | 048284447643 |
| children |
| rev | line source |
|---|---|
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local mark_storage = module:open_store("firewall_marks"); |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
2 local mark_map_storage = module:open_store("firewall_marks", "map"); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local user_sessions = prosody.hosts[module.host].sessions; |
|
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
6 module:hook("firewall/marked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
7 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
8 local marks = user and user.firewall_marks; |
|
5541
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
9 if user and not marks then |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
10 -- Load marks from storage to cache on the user object |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
11 marks = mark_storage:get(event.username) or {}; |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
12 user.firewall_marks = marks; --luacheck: ignore 122 |
|
3804ee5117ca
mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents:
5536
diff
changeset
|
13 end |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
14 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
15 marks[event.mark] = event.timestamp; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
16 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
17 local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
18 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
19 module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
20 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
21 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
22 end, -1); |
|
2894
165d2877eeac
mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
5536
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
24 module:hook("firewall/unmarked/user", function (event) |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
25 local user = user_sessions[event.username]; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
26 local marks = user and user.firewall_marks; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
27 if marks then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
28 marks[event.mark] = nil; |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
29 end |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
30 local ok, err = mark_map_storage:set(event.username, event.mark, nil); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
31 if not ok then |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
32 module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err); |
|
96dec7681af8
mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents:
2894
diff
changeset
|
33 end |
|
5542
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
34 return true; |
|
048284447643
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents:
5541
diff
changeset
|
35 end, -1); |