Mercurial > prosody-modules
annotate mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5418:f2c7bb3af600
mod_http_oauth2: Add role selector to consent page
List includes all roles available to the user, if more than one.
Defaults to either the first role in the scope string or the users
primary role.
Earlier draft listed all roles, but having options that can't be
selected is bad UX and the entire list of all roles on the server could
be long, and perhaps even sensitive.
Allows e.g. picking a role with fewer permissions than what might
otherwise have been selected.
UX wise, doing this with more checkboxes or possibly radio buttons would
have been confusion and/or looked messier.
Fixes the previous situation where unselecting a role would default to
the primary role, which could be more permissions than requested.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 05 May 2023 01:23:13 +0200 |
| parents | 7dbde05b48a9 |
| children | e79f9dec35c0 |
| rev | line source |
|---|---|
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 -- Clients Connection Throttler. |
|
929
9eefbaba274d
mod_c2s_conn_throttle: shorten / update header, as wiki was added.
Marco Cirillo <maranda@lightwitch.org>
parents:
612
diff
changeset
|
2 -- (C) 2012-2013, Marco Cirillo (LW.Org) |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 local time = os.time |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 local in_count = {} |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 local throttle_time = module:get_option_number("cthrottler_time", 60) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 local function handle_sessions(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 if not in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 in_count[session.ip] = { t = time(), c = 1 } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
16 |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
18 module:log("error", "Exceeded login count for %s, closing connection", session.ip) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 return true |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 elseif time() - in_count[session.ip].t > throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 in_count[session.ip] = nil ; return |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 end |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
929
diff
changeset
|
24 end |
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 local function check_starttls(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 in_count[session.ip].starttls_c = 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
34 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
35 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
36 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
37 module:hook("stream-features", handle_sessions, 100) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
38 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |