Mercurial > prosody-modules
view mod_couchdb/couchdb/couchdb.lib.lua @ 5682:527c747711f3
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 29 Oct 2023 11:30:49 +0100 |
parents | 316d7c8e1fb0 |
children |
line wrap: on
line source
local http = require "socket.http"; local url = require "socket.url"; local couchapi = module:require("couchdb/couchapi"); local json = module:require("couchdb/json"); local couchdb_url = assert(module:get_option("couchdb_url"), "Option couchdb_url not specified"); local db = couchapi.db(couchdb_url); local function couchdb_get(key) local a,b = db:doc(key):get() print(json.encode(a)); if b == 404 then return nil; end if b == 200 then b = nil; end return a.payload,b; end local function couchdb_put(key, value) local a,b = db:doc(key):get(); return db:doc(key):put({ payload = value, _rev = a and a._rev }); end local st = require "util.stanza"; local handlers = {}; handlers.accounts = { get = function(self, user) return couchdb_get(self.host.."/"..user.."/account"); end; set = function(self, user, data) return couchdb_put(self.host.."/"..user.."/account", data); end; }; handlers.vcard = { get = function(self, user) return couchdb_get(self.host.."/"..user.."/vcard"); end; set = function(self, user, data) return couchdb_put(self.host.."/"..user.."/vcard", data); end; }; handlers.private = { get = function(self, user) return couchdb_get(self.host.."/"..user.."/private"); end; set = function(self, user, data) return couchdb_put(self.host.."/"..user.."/private", data); end; }; handlers.roster = { get = function(self, user) return couchdb_get(self.host.."/"..user.."/roster"); end; set = function(self, user, data) return couchdb_put(self.host.."/"..user.."/roster", data); end; }; ----------------------------- local driver = {}; driver.__index = driver; function driver:open(host, datastore, typ) local cache_key = host.." "..datastore; if self.ds_cache[cache_key] then return self.ds_cache[cache_key]; end local instance = setmetatable({}, self); instance.host = host; instance.datastore = datastore; local handler = handlers[datastore]; if not handler then return nil; end for key,val in pairs(handler) do instance[key] = val; end if instance.init then instance:init(); end self.ds_cache[cache_key] = instance; return instance; end ----------------------------- local _M = {}; function _M.new() local instance = setmetatable({}, driver); instance.__index = instance; instance.ds_cache = {}; return instance; end return _M;