annotate mod_firewall/marks.lib.lua @ 5668:ecfd7aece33b

mod_measure_modules: Report module statuses via OpenMetrics Someone in the chat asked about a health check endpoint, which reminded me of mod_http_status, which provides access to module statuses with full details. After that, this idea came about, which seems natural. As noted in the README, it could be used to monitor that critical modules are in fact loaded correctly. As more modules use the status API, the more useful this module and mod_http_status becomes.
author Kim Alvefur <zash@zash.se>
date Fri, 06 Oct 2023 18:34:39 +0200
parents 048284447643
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local mark_storage = module:open_store("firewall_marks");
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
2 local mark_map_storage = module:open_store("firewall_marks", "map");
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local user_sessions = prosody.hosts[module.host].sessions;
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
6 module:hook("firewall/marked/user", function (event)
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
7 local user = user_sessions[event.username];
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
8 local marks = user and user.firewall_marks;
5541
3804ee5117ca mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents: 5536
diff changeset
9 if user and not marks then
3804ee5117ca mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents: 5536
diff changeset
10 -- Load marks from storage to cache on the user object
3804ee5117ca mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents: 5536
diff changeset
11 marks = mark_storage:get(event.username) or {};
3804ee5117ca mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents: 5536
diff changeset
12 user.firewall_marks = marks; --luacheck: ignore 122
3804ee5117ca mod_firewall: Load marks from storage on demand rather than at login
Matthew Wild <mwild1@gmail.com>
parents: 5536
diff changeset
13 end
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
14 if marks then
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
15 marks[event.mark] = event.timestamp;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
16 end
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
17 local ok, err = mark_map_storage:set(event.username, event.mark, event.timestamp);
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
18 if not ok then
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
19 module:log("error", "Failed to mark user %q with %q: %s", event.username, event.mark, err);
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
20 end
5542
048284447643 mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents: 5541
diff changeset
21 return true;
048284447643 mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents: 5541
diff changeset
22 end, -1);
2894
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
5536
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
24 module:hook("firewall/unmarked/user", function (event)
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
25 local user = user_sessions[event.username];
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
26 local marks = user and user.firewall_marks;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
27 if marks then
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
28 marks[event.mark] = nil;
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
29 end
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
30 local ok, err = mark_map_storage:set(event.username, event.mark, nil);
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
31 if not ok then
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
32 module:log("error", "Failed to unmark user %q with %q: %s", event.username, event.mark, err);
96dec7681af8 mod_firewall: Update user marks to store instantly via map store
Matthew Wild <mwild1@gmail.com>
parents: 2894
diff changeset
33 end
5542
048284447643 mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents: 5541
diff changeset
34 return true;
048284447643 mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com>
parents: 5541
diff changeset
35 end, -1);