Mercurial > prosody-modules
view mod_s2s_status/mod_s2s_status.lua @ 5448:9d542e86e19a
mod_http_oauth2: Allow requesting a subset of scopes on token refresh
This enables clients to request access tokens with fewer permissions
than the grant they were given, reducing impact of token leak. Clients
could e.g. request access tokens with some privileges and immediately
revoke them after use, or other strategies.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 11 May 2023 21:40:09 +0200 |
parents | b86282953663 |
children | 31c331d05a75 |
line wrap: on
line source
local status_out = module:shared("out"); local errors = require "util.error"; local function get_session_info(session) local direction, peer_host = session.direction; if direction == "outgoing" then peer_host = session.to_host; elseif direction == "incoming" then peer_host = session.from_host; end return peer_host, direction, session.id; end local function get_domain_log_out(peer_domain) local domain_log = status_out[peer_domain]; if not domain_log then domain_log = {}; status_out[peer_domain] = domain_log; end end local function get_connection_record(domain_log, id) for _, record in ipairs(domain_log) do if record.id == id then return record; end end -- No record for this connection yet, create it local record = { id = id }; table.insert(domain_log, 1, record); return record; end local function log_new_connection_out(peer_domain, id) local domain_log = get_domain_log_out(peer_domain); local record = get_connection_record(domain_log, id); record.status, record.time_started = "connecting", os.time(); end local function log_successful_connection_out(peer_domain, id) local domain_log = get_domain_log_out(peer_domain); local record = get_connection_record(domain_log, id); record.status, record.time_connected = "connected", os.time(); end local function log_ended_connection_out(peer_domain, id, reason) local domain_log = get_domain_log_out(peer_domain); local record = get_connection_record(domain_log, id); if record.status == "connecting" then record.status = "failed"; elseif record.status == "connected" then record.status = "disconnected"; end if reason then local e_reason = errors.new(reason); record.error = { type = e_reason.type; condition = e_reason.condition; text = e_reason.text; }; if not record.error.text and type(reason) == "string" then record.error.text = reason; end end local now = os.time(); record.time_ended = now; end local function s2sout_established(event) local peer_domain, _, id = get_session_info(event.session); log_successful_connection_out(peer_domain, id); end local function s2sout_destroyed(event) local peer_domain, _, id = get_session_info(event.session); log_ended_connection_out(peer_domain, id); end local function s2s_created(event) local peer_domain, direction, id = get_session_info(event.session); if direction == "outgoing" then log_new_connection_out(peer_domain, id); end end module:hook("s2s-created", s2s_created); module:hook("s2sout-established", s2sout_established); module:hook("s2sout-destroyed", s2sout_destroyed);