# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1680102822 -3600
# Node ID 4834eaf24fc1353142feb12119c9d4222cf33e10
# Parent  a91adc164566f410d976234fb3f45790e6256531
mod_sasl2_fast: Add an API that allows modules to check if a client has FAST

diff -r a91adc164566 -r 4834eaf24fc1 mod_sasl2_fast/mod_sasl2_fast.lua
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Wed Mar 29 16:13:00 2023 +0100
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Wed Mar 29 16:13:42 2023 +0100
@@ -228,3 +228,20 @@
 register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique");
 register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-server-end-point");
 register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter");
+
+-- Public API
+
+--luacheck: ignore 131
+function is_client_fast(username, client_id, last_password_change)
+	local client_id_hash = hash.sha256(client_id, true);
+	local curr_time = now();
+	local cur = token_store:get(username, client_id_hash.."-cur");
+	if cur and cur.expires_at >= curr_time and (not last_password_change or last_password_change < cur.issued_at) then
+		return true;
+	end
+	local new = token_store:get(username, client_id_hash.."-new");
+	if new and new.expires_at >= curr_time and (not last_password_change or last_password_change < new.issued_at) then
+		return true;
+	end
+	return false;
+end