Mercurial > prosody-modules

view mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5553:67152838afbc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Improve error messages for URI properties Since there are separate validation checks for URI properties, including that they should use https, with better and more specific error reporting. Reverts 'luaPattern' to 'pattern' which is not currently supported by util.jsonschema, but allows anything that retrieves the schema over http to validate against it, should they wish to do so.
author Kim Alvefur <zash@zash.se>
date Sat, 17 Jun 2023 18:15:00 +0200
parents 7dbde05b48a9
children e79f9dec35c0
line wrap: on
line source

-- Clients Connection Throttler.
-- (C) 2012-2013, Marco Cirillo (LW.Org)

local time = os.time
local in_count = {}
local logins_count = module:get_option_number("cthrottler_logins_count", 3)
local throttle_time = module:get_option_number("cthrottler_time", 60)

local function handle_sessions(event)
	local session = event.origin

	if not in_count[session.ip] and session.type == "c2s_unauthed" then
		in_count[session.ip] = { t = time(), c = 1 }
	elseif in_count[session.ip] and session.type == "c2s_unauthed" then
		if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end

		if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then
			module:log("error", "Exceeded login count for %s, closing connection", session.ip)
			session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." }
			return true
		elseif time() - in_count[session.ip].t > throttle_time then
			in_count[session.ip] = nil ; return
		end
	end
end

local function check_starttls(event)
	local session = event.origin

	if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = 1
	elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1
	end
end

module:hook("stream-features", handle_sessions, 100)
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100)