Mercurial > prosody-modules
comparison mod_audit/mod_audit.lua @ 5251:f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 14 Mar 2023 18:59:39 +0000 |
| parents | d9577083c5f5 |
| children | 12f7d8b901e0 |
comparison
equal
deleted
inserted
replaced
| 5250:d9577083c5f5 | 5251:f3123cbbd894 |
|---|---|
| 1 module:set_global(); | 1 module:set_global(); |
| 2 | 2 |
| 3 local audit_log_limit = module:get_option_number("audit_log_limit", 10000); | 3 local audit_log_limit = module:get_option_number("audit_log_limit", 10000); |
| 4 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w"); | 4 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w"); |
| 5 | 5 |
| 6 local attach_ips = module:get_option_boolean("audit_log_ips", true); | |
| 7 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); | |
| 8 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); | |
| 9 | |
| 6 local time_now = os.time; | 10 local time_now = os.time; |
| 11 local ip = require "util.ip"; | |
| 7 local st = require "util.stanza"; | 12 local st = require "util.stanza"; |
| 8 local moduleapi = require "core.moduleapi"; | 13 local moduleapi = require "core.moduleapi"; |
| 9 | 14 |
| 10 local host_wide_user = "@"; | 15 local host_wide_user = "@"; |
| 11 | 16 |
| 21 return store; | 26 return store; |
| 22 end | 27 end |
| 23 | 28 |
| 24 setmetatable(stores, { __index = get_store }); | 29 setmetatable(stores, { __index = get_store }); |
| 25 | 30 |
| 31 local function get_ip_network(ip_addr) | |
| 32 local _ip = ip.new_ip(ip_addr); | |
| 33 local proto = _ip.proto; | |
| 34 local network; | |
| 35 if proto == "IPv4" and attach_ipv4_prefix then | |
| 36 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; | |
| 37 elseif proto == "IPv6" and attach_ipv6_prefix then | |
| 38 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; | |
| 39 end | |
| 40 return network; | |
| 41 end | |
| 26 | 42 |
| 27 local function session_extra(session) | 43 local function session_extra(session) |
| 28 local attr = { | 44 local attr = { |
| 29 xmlns = "xmpp:prosody.im/audit", | 45 xmlns = "xmpp:prosody.im/audit", |
| 30 }; | 46 }; |
| 33 end | 49 end |
| 34 if session.type then | 50 if session.type then |
| 35 attr.type = session.type; | 51 attr.type = session.type; |
| 36 end | 52 end |
| 37 local stanza = st.stanza("session", attr); | 53 local stanza = st.stanza("session", attr); |
| 38 if session.ip then | 54 if attach_ips and session.ip then |
| 39 stanza:text_tag("remote-ip", session.ip); | 55 local remote_ip, network = session.ip; |
| 56 if attach_ipv4_prefix or attach_ipv6_prefix then | |
| 57 network = get_ip_network(remote_ip); | |
| 58 end | |
| 59 stanza:text_tag("remote-ip", network or remote_ip); | |
| 40 end | 60 end |
| 41 if session.client_id then | 61 if session.client_id then |
| 42 stanza:text_tag("client", session.client_id); | 62 stanza:text_tag("client", session.client_id); |
| 43 end | 63 end |
| 44 return stanza | 64 return stanza |