Mercurial > prosody-modules
view mod_muc_media_metadata/mod_muc_media_metadata.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | d4537f045a78 |
children |
line wrap: on
line source
local async = require "util.async"; local promise = require "util.promise"; local http = require "net.http"; local st = require "util.stanza"; local xmlns_metadata = "xmpp:prosody.im/protocol/media-metadata#0" local fetch_headers = { bytes = "content-length"; type = "content-type"; etag = "etag"; blurhash = "blurhash"; }; local function fetch_media_metadata(url) return promise.new(function (resolve) http.request(url, { method = "HEAD" }, function (body, code, response) --luacheck: ignore 212/body if code == 200 then local metadata = {}; for metadata_name, header_name in pairs(fetch_headers) do metadata[metadata_name] = response.headers[header_name]; end resolve(metadata); else resolve(nil); end end); end); end local function metadata_to_tag(metadata) if not metadata then return; end local metadata_tag = st.stanza("metadata", { xmlns = xmlns_metadata }); for k, v in pairs(metadata) do metadata_tag:text_tag(k, v) end return metadata_tag; end module:hook("muc-occupant-groupchat", function (event) local stanza = event.stanza; local promises; for oob in stanza:childtags("x", "jabber:x:oob") do if not promises then promises = {}; end local url = oob:get_child_text("url"); local p = fetch_media_metadata(url) :next(metadata_to_tag) :next(function (metadata_tag) oob:add_child(metadata_tag); end); table.insert(promises, p); end if not promises then return; end async.wait(promise.all(promises)); end);