Mercurial > prosody-modules

view mod_register_dnsbl/mod_register_dnsbl.lua @ 5186:fa3059e653fa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Implement the Implicit flow Everyone says this is insecure and bad, but it's also the only thing that makes sense for e.g. pure JavaScript clients, but hey implement this even more complicated thing instead!
author Kim Alvefur <zash@zash.se>
date Thu, 02 Mar 2023 22:06:50 +0100
parents 82482e7e92cb
children
line wrap: on
line source

local adns = require "net.adns";
local async = require "util.async";
local inet_pton = require "util.net".pton;
local to_hex = require "util.hex".to;

local rbl = module:get_option_string("registration_rbl");

local function reverse(ip, suffix)
	local n, err = inet_pton(ip);
	if not n then return n, err end
	if #n == 4 then
		local a,b,c,d = n:byte(1,4);
		return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
	elseif #n == 16 then
		return to_hex(n):reverse():gsub("%x", "%1.") .. suffix;
	end
end

module:hook("user-registering", function (event)
	local session, ip = event.session, event.ip;
	local log = (session and session.log) or module._log;
	if not ip then
		log("debug", "Unable to check DNSBL when IP is unknown");
		return;
	end
	local rbl_ip, err = reverse(ip, rbl);
	if not rbl_ip then
		log("debug", "Unable to check DNSBL for ip %s: %s", ip, err);
		return;
	end

	local wait, done = async.waiter();
	adns.lookup(function (reply)
		if reply and reply[1] and reply[1].a then
			log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a);
			log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username);
			event.allowed = false;
			event.reason = "Blocked by DNSBL";
		end
		done();
	end, rbl_ip);
	wait();
end);