Mercurial > prosody-modules
view mod_s2s_idle_timeout/mod_s2s_idle_timeout.lua @ 5390:f2363e6d9a64
mod_http_oauth2: Advertise the currently supported id_token signing algorithm
This field is REQUIRED. The algorithm RS256 MUST be included, but isn't
because we don't implement it, as that would require implementing a pile
of additional cryptography and JWT stuff. Instead the id_token is
signed using the client secret, which allows verification by the client,
since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under
Symmetric Signatures.
OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that
are not supported here, but that's okay because this is served from the
RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 30 Apr 2023 16:13:40 +0200 |
parents | 4e235e565693 |
children |
line wrap: on
line source
local now = os.time; local s2smanager = require "core.s2smanager"; local timer = require "util.timer"; local s2s_sessions = setmetatable({}, { __mode = "kv" }); local idle_timeout = module:get_option("s2s_idle_timeout") or 300; local check_interval = math.ceil(idle_timeout * 0.75); local function install_checks(session) if not session.last_received_time then session.last_received_time = now(); if session.direction == "incoming" then local _data = session.data; function session.data(conn, data) session.last_received_time = now(); return _data(conn, data); end else local _sends2s = session.sends2s; function session.sends2s(data) session.last_received_time = now(); return _sends2s(data); end end s2s_sessions[session] = true; end end module:hook("s2s-authenticated", function (event) install_checks(event.session); end); function check_idle_sessions(time) time = time or now(); for session in pairs(s2s_sessions) do local last_received_time = session.last_received_time; if last_received_time and time - last_received_time > idle_timeout then module:log("debug", "Closing idle connection %s->%s", session.from_host or "(unknown)", session.to_host or "(unknown)"); session:close(); -- Close-on-idle isn't an error s2s_sessions[session] = nil; end end return check_interval; end timer.add_task(check_interval, check_idle_sessions); function module.save() return { s2s_sessions = s2s_sessions }; end function module.restore(data) s2s_sessions = setmetatable(data.s2s_sessions or {}, { __mode = "kv" }); end