Mercurial > prosody-modules
view mod_measure_message_e2ee/mod_measure_message_e2ee.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 70e5bab388d8 |
| children |
line wrap: on
line source
local count_message = module:measure("message", "rate"); local count_plain = module:measure("plain", "rate"); local count_openpgp = module:measure("openpgp", "rate"); local count_otr = module:measure("otr", "rate"); local count_ox = module:measure("ox", "rate"); local count_omemo = module:measure("omemo", "rate"); local count_encrypted = module:measure("encrypted", "rate"); local function message_handler(event) local origin, stanza = event.origin, event.stanza; -- This counts every message, even those with no body-like content. count_message(); -- Annotates that a message is encrypted, using any of the following methods. if stanza:get_child("encryption", "urn:xmpp:eme:0") then count_encrypted(); end if stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then count_ox(); return; end if stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") then count_omemo(); return; end if stanza:get_child("x", "jabber:x:encrypted") then count_openpgp(); return; end local body = stanza:get_child_text("body"); if body then if body:sub(1,4) == "?OTR" then count_otr(); return; end count_plain(); end end module:hook("pre-message/host", message_handler, 2); module:hook("pre-message/bare", message_handler, 2); module:hook("pre-message/full", message_handler, 2);