Mercurial > prosody-modules
view mod_auto156/mod_auto156.lua @ 5518:d87d0e4a8516
mod_http_oauth2: Validate the OpenID 'prompt' parameter
Without support for affecting the login and consent procedure, it seems
sensible to inform the client that they can't change anything with this
parameter.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 05 Jun 2023 22:19:17 +0200 |
parents | 5d494dba9c02 |
children |
line wrap: on
line source
-- Synthesize XEP-0156 JSON from DNS local array = require "util.array"; local encodings = require "util.encodings"; local json = require "util.json"; local promise = require "util.promise"; local dns = require"net.adns".resolver(); local function check_dns(domain) return dns:lookup_promise("_xmppconnect." .. domain, "TXT"); end local function check_domain(domain) return promise.resolve(domain):next(encodings.stringprep.nameprep):next(encodings.idna.to_ascii):next( function(domain_A) if not domain_A then return promise.reject(400); else return domain_A; end end):next(check_dns):next(function(txt) local uris = array(); for _, cm in ipairs(txt) do local kind, uri = tostring(cm.txt):match("^_xmpp%-client%-(%w+)=([hpstw]+s?://.*)"); if kind then uris:push({rel = "urn:xmpp:alt-connections:" .. kind, href = uri}); end end if #uris == 0 then return promise.reject(404); end return {links=uris}; end); end module:depends("http"); module:provides("http", { route = { ["GET /*"] = function(_, domain) return check_domain(domain):next(function(altmethods) return {headers = {content_type = "application/json"}, body = json.encode(altmethods)}; end); end, }, }); function module.command(args) local async = require "util.async"; for _, domain in ipairs(args) do print(assert(async.wait_for(check_domain(domain):next(json.encode)))); end end