mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.

module:set_global();
local portmanager = require "core.portmanager";

local commands = module:shared("admin_shell/commands")

function commands.portcheck(session, line)
	for desc, interface, port in line:gmatch("%s(%[?([%x:.*]+)%]?:(%d+))") do
		assert(portmanager.get_service_at(interface, tonumber(port)), desc);
	end
	session.print "OK";
end

function module.unload()
	commands.portcheck = nil;
end