Mercurial > prosody-modules
changeset 723:c26652d055b5
mod_register_json: moved throttling logic so that if there's a failure during nick registration the user can retry and referenced usermanager from prosody's _G instead of req. it.
author | Marco Cirillo <maranda@lightwitch.org> |
---|---|
date | Mon, 25 Jun 2012 22:20:27 +0000 |
parents | 5c7175be532b |
children | b94010de43f6 |
files | mod_register_json/mod_register_json.lua |
diffstat | 1 files changed, 16 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_register_json/mod_register_json.lua Mon Jun 25 22:17:40 2012 +0000 +++ b/mod_register_json/mod_register_json.lua Mon Jun 25 22:20:27 2012 +0000 @@ -6,7 +6,7 @@ local jid_prep = require "util.jid".prep local jid_split = require "util.jid".split -local usermanager = require "core.usermanager" +local usermanager = usermanager local b64_decode = require "util.encodings".base64.decode local json_decode = require "util.json".decode local os_time = os.time @@ -78,20 +78,8 @@ module:log("warn", "%s tried to submit registration data for %s but he's not an admin", user, req_body["host"]) return http_response(event, 401, "I obey only to my masters... Have a nice day.") else - -- Checks for both Throttling/Whitelist and Blacklist (basically copycatted from prosody's register.lua code) + -- Blacklist can be checked here. if blacklist:contains(req_body["ip"]) then module:log("warn", "Attempt of reg. submission to the JSON servlet from blacklisted address: %s", req_body["ip"]) ; return http_response(403, "The specified address is blacklisted, sorry sorry.") end - if throttle_time and not whitelist:contains(req_body["ip"]) then - if not recent_ips[req_body["ip"]] then - recent_ips[req_body["ip"]] = os_time() - else - if os_time() - recent_ips[req_body["ip"]] < throttle_time then - recent_ips[req_body["ip"]] = os_time() - module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) - return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") - end - recent_ips[req_body["ip"]] = os_time() - end - end -- We first check if the supplied username for registration is already there. -- And nodeprep the username @@ -101,6 +89,20 @@ return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") else if not usermanager.user_exists(username, req_body["host"]) then + -- if username fails to register successive requests shouldn't be throttled until one is successful. + if throttle_time and not whitelist:contains(req_body["ip"]) then + if not recent_ips[req_body["ip"]] then + recent_ips[req_body["ip"]] = os_time() + else + if os_time() - recent_ips[req_body["ip"]] < throttle_time then + recent_ips[req_body["ip"]] = os_time() + module:log("warn", "JSON Registration request from %s has been throttled.", req_body["ip"]) + return http_response(event, 503, "Woah... How many users you want to register..? Request throttled, wait a bit and try again.") + end + recent_ips[req_body["ip"]] = os_time() + end + end + local ok, error = usermanager.create_user(username, req_body["password"], req_body["host"]) if ok then hosts[req_body["host"]].events.fire_event("user-registered", { username = username, host = req_body["host"], source = "mod_register_json", session = { ip = req_body["ip"] } })