Mercurial > prosody-modules
view mod_addressing/mod_addressing.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | f66a08f208ad |
children |
line wrap: on
line source
-- TODO Querying other servers for support, needs to keep track of remote -- server disco features local xmlns_address = 'http://jabber.org/protocol/address'; local function handle_extended_addressing(data) local stanza = data.stanza; if stanza.attr.type == "error" then return -- so we don't process bounces end local orig_to = stanza.attr.to; local addresses = stanza:get_child("addresses", xmlns_address); if addresses then module:log("debug", "Extended addressing found"); local destinations = {}; addresses:maptags(function(address) if address.attr.xmlns == xmlns_address and address.name == "address" then local type, jid, delivered = address.attr.type, address.attr.jid, address.attr.delivered; if (type == "cc" or type == "bcc" or type == "to") and jid and not delivered then destinations[#destinations+1] = jid; module:log("debug", "%s to %s", type, jid) if type == "to" or type == "cc" then address.attr.delivered = "true"; return address; elseif type == "bcc" then return nil; end end end return address; -- unsupported stuff goes right back end); for i=1,#destinations do stanza.attr.to = destinations[i]; module:log("debug", "posting stanza to %s", destinations[i]) module:send(stanza); end stanza.attr.to = orig_to; return stanza.attr.to == module.host or nil; end end module:hook("message/host", handle_extended_addressing, 10); module:hook("message/bare", handle_extended_addressing, 10); module:hook("message/full", handle_extended_addressing, 10); module:hook("presence/host", handle_extended_addressing, 10); module:hook("presence/bare", handle_extended_addressing, 10); module:hook("presence/full", handle_extended_addressing, 10); -- IQ stanzas makes no sense module:add_feature(xmlns_address);