Mercurial > prosody-modules
view mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5646:d67980d9e12d
mod_http_oauth2: Apply refresh token ttl to refresh token instead of grant
The intent in 59d5fc50f602 was for refresh tokens to extend the lifetime
of the grant, but the refresh token ttl was applied to the grant and
mod_tokenauth does not change it, leading to the grant expiring
regardless of refresh token usage.
This makes grant lifetimes unlimited, which seems to be standard
practice in the wild.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 11 Sep 2023 10:48:31 +0200 |
parents | 7dbde05b48a9 |
children | e79f9dec35c0 |
line wrap: on
line source
-- Clients Connection Throttler. -- (C) 2012-2013, Marco Cirillo (LW.Org) local time = os.time local in_count = {} local logins_count = module:get_option_number("cthrottler_logins_count", 3) local throttle_time = module:get_option_number("cthrottler_time", 60) local function handle_sessions(event) local session = event.origin if not in_count[session.ip] and session.type == "c2s_unauthed" then in_count[session.ip] = { t = time(), c = 1 } elseif in_count[session.ip] and session.type == "c2s_unauthed" then if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then module:log("error", "Exceeded login count for %s, closing connection", session.ip) session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } return true elseif time() - in_count[session.ip].t > throttle_time then in_count[session.ip] = nil ; return end end end local function check_starttls(event) local session = event.origin if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then in_count[session.ip].starttls_c = 1 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 end end module:hook("stream-features", handle_sessions, 100) module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100)