view mod_tlsfail/mod_tlsfail.lua @ 5256:44f7edd4f845

mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Mar 2023 17:52:10 +0100
parents 7009e16192fa
children
line wrap: on
line source

local st = require "util.stanza";

local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
local starttls_attr = { xmlns = xmlns_starttls };
local s2s_feature = st.stanza("starttls", starttls_attr);
local starttls_failure = st.stanza("failure", starttls_attr);

module:hook("stream-features", function(event)
	local features = event.features;
	features:add_child(s2s_feature);
end);

module:hook("s2s-stream-features", function(event)
	local features = event.features;
	features:add_child(s2s_feature);
end);

-- Hook <starttls/>
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
	local origin = event.origin;
	(origin.sends2s or origin.send)(starttls_failure);
	origin:close();
	return true;
end);