Mercurial > prosody-modules
view mod_reload_modules/mod_reload_modules.lua @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | cc14bfec209b |
children |
line wrap: on
line source
local array, it, set = require "util.array", require "util.iterators", require "util.set"; local mm = require "core.modulemanager"; function reload_all() local modules = module:get_option_set("reload_modules", {}); if not modules then module:log("warn", "No modules listed in the config to reload - set reload_modules to a list"); return; end local configured_modules = module:get_option_inherited_set("modules_enabled", {}); local component_module = module:get_option_string("component_module"); if component_module then -- Ensure awareness of the component module so that it is not unloaded configured_modules:add(component_module); end -- ignore removed hosts if not prosody.hosts[module.host] then module:log("warn", "Ignoring host %s: host was removed...", module.host); return; end local loaded_modules = set.new(array.collect(it.keys(prosody.hosts[module.host].modules))); local need_to_load = set.intersection(configured_modules - loaded_modules, modules); local need_to_unload = set.intersection(loaded_modules - configured_modules, modules); for module_name in need_to_load do module:log("debug", "Loading %s", module_name); mm.load(module.host, module_name); end for module_name in need_to_unload do module:log("debug", "Unloading %s", module_name); mm.unload(module.host, module_name); end modules:exclude(need_to_load+need_to_unload) for module_name in set.intersection(modules,configured_modules) do module:log("debug", "Reloading %s", module_name); mm.reload(module.host, module_name); end local global_modules = module:get_option_set("reload_global_modules", {}); for module_name in global_modules do module:log("debug", "Global reload of mod_%s", module_name); mm.reload("*", module_name); end end if module.hook_global then module:hook_global("config-reloaded", reload_all); else -- COMPAT w/pre-0.9 function module.load() prosody.events.add_handler("config-reloaded", reload_all); end function module.unload() prosody.events.remove_handler("config-reloaded", reload_all); end end