view mod_stanzadebug/mod_stanzadebug.lua @ 5956:97375a78d2b5

mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999) The LuaSocket parser supports these but they're deprecated without replacement by RFC 3986 > Use of the format "user:password" in the userinfo field is deprecated Allowing it in OAuth2 URLs is probably bad from a security perspective.
author Kim Alvefur <zash@zash.se>
date Thu, 29 Aug 2024 16:02:46 +0200
parents 590ac12b7671
children
line wrap: on
line source

module:set_global();

local tostring = tostring;
local filters = require "util.filters";

local function log_send(t, session)
	if t and t ~= "" and t ~= " " then
		session.log("debug", "SEND: %s", tostring(t));
	end
	return t;
end

local function log_recv(t, session)
	if t and t ~= "" and t ~= " " then
		session.log("debug", "RECV: %s", tostring(t));
	end
	return t;
end

local function init_raw_logging(session)
	filters.add_filter(session, "stanzas/in",  log_recv, -10000);
	filters.add_filter(session, "stanzas/out", log_send,  10000);
end

filters.add_filter_hook(init_raw_logging);

function module.unload() -- luacheck: ignore
	filters.remove_filter_hook(init_raw_logging);
end