Mercurial > prosody-modules

view mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5243:d5dc8edb2695

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Use more compact IDs UUIDs are nice but so verbose! The reduction in entropy for the nonce should be fine since the timestamp is also counts towards this, and it changes every second (modulo clock shenanigans), so the chances of someone managing to get the same client_secret by registering with the same information at the same time as another entity should be negligible.
author Kim Alvefur <zash@zash.se>
date Sat, 11 Mar 2023 22:46:27 +0100
parents 7dbde05b48a9
children e79f9dec35c0
line wrap: on
line source

-- Clients Connection Throttler.
-- (C) 2012-2013, Marco Cirillo (LW.Org)

local time = os.time
local in_count = {}
local logins_count = module:get_option_number("cthrottler_logins_count", 3)
local throttle_time = module:get_option_number("cthrottler_time", 60)

local function handle_sessions(event)
	local session = event.origin

	if not in_count[session.ip] and session.type == "c2s_unauthed" then
		in_count[session.ip] = { t = time(), c = 1 }
	elseif in_count[session.ip] and session.type == "c2s_unauthed" then
		if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end

		if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then
			module:log("error", "Exceeded login count for %s, closing connection", session.ip)
			session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." }
			return true
		elseif time() - in_count[session.ip].t > throttle_time then
			in_count[session.ip] = nil ; return
		end
	end
end

local function check_starttls(event)
	local session = event.origin

	if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = 1
	elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1
	end
end

module:hook("stream-features", handle_sessions, 100)
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100)