# HG changeset patch # User Marco Cirillo # Date 1302635374 0 # Node ID 5d22ebcb9ec5769c6bd7d869d2af9eb9cd84701e # Parent 4483bb889d12acd2fbd8b96c5f24092640c2985b mod_register_json: Changed log levels, added a few primitive throttling/whitelist/blacklist options diff -r 4483bb889d12 -r 5d22ebcb9ec5 mod_register_json/mod_register_json.lua --- a/mod_register_json/mod_register_json.lua Tue Apr 12 17:47:47 2011 +0000 +++ b/mod_register_json/mod_register_json.lua Tue Apr 12 19:09:34 2011 +0000 @@ -10,7 +10,18 @@ module.host = "*" -- HTTP/BOSH Servlets need to be global. +-- Pick up configuration. + local set_realm_name = module:get_option("reg_servlet_realm") or "Restricted"; +local throttle_time = module:get_option("reg_servlet_ttime") or false; +local whitelist = module:get_option("reg_servlet_wl") or {}; +local blacklist = module:get_option("reg_servlet_bl") or {}; +local recent_ips = {}; + +-- Begin + +for _, ip in ipairs(whitelist) do whitelisted_ips[ip] = true; end +for _, ip in ipairs(blacklist) do blacklisted_ips[ip] = true; end local function http_response(code, message, extra_headers) local response = { @@ -36,23 +47,42 @@ local user_node, user_host = jid_split(user) if not hosts[user_host] then return http_response(401, "Negative."); end - module:log("debug", "%s is authing to submit a new user registration data", user) + module:log("warn", "%s is authing to submit a new user registration data", user) if not usermanager.test_password(user_node, user_host, password) then - module:log("debug", "%s failed authentication", user) + module:log("warn", "%s failed authentication", user) return http_response(401, "Who the hell are you?! Guards!"); end local req_body; pcall(function() req_body = json.decode(body) end); -- Check if user is an admin of said host if not usermanager.is_admin(user, req_body["host"]) then - module:log("debug", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) + module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) return http_response(401, "I obey only to my masters... Have a nice day."); else -- Various sanity checks. if req_body == nil then module:log("debug", "JSON data submitted for user registration by %s failed to Decode.", user); return http_response(400, "JSON Decoding failed."); end + + -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) + if blacklist[req_body["ip"]] then then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]); return http_response(403, "The specified address is blacklisted, sorry sorry."); end + if throttle_time and not whitelist[req_body["ip"]] then + if not recent_ips[req_body["ip"]] then + recent_ips[req_body["ip"]] = { time = os_time(), count = 1 }; + else + local ip = recent_ips[req_body["ip"]]; + ip.count = ip.count + 1; + + if os_time() - ip.time < throttle_time then + ip.time = os_time(); + module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]); + return http_response(503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again."); + end + ip.time = os_time(); + end + end + -- We first check if the supplied username for registration is already there. if not usermanager.user_exists(req_body["username"], req_body["host"]) then - usermanager.create_user(req_body["username"], req_body["password"], req_body["host]); + usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); module:log("debug", "%s registration data submission for %s is successful", user, req_body["user"]); return http_response(200, "Done."); else @@ -62,6 +92,7 @@ end end +-- Set it up! local function setup() local ports = module:get_option("reg_servlet_port") or { 9280 }; local base_name = module:get_option("reg_servlet_base") or "register_account";