Mercurial > prosody-modules
changeset 5751:d563a6b0dfb7
mod_http_oauth2: Comment on authorization code storage
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 01 Dec 2023 21:35:25 +0100 |
| parents | c89077b4f46e |
| children | c27eaa7117d6 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Fri Dec 01 21:32:33 2023 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Dec 01 21:35:25 2023 +0100 @@ -215,12 +215,19 @@ return code_expires_in(code) < 0; end +-- LRU cache for short-term storage of authorization codes and device codes local codes = cache.new(10000, function (_, code) + -- If the cache is full and the oldest item hasn't expired yet then we + -- might be under some kind of DoS attack, so might as well reject further + -- entries for a bit. return code_expired(code) end); -- Clear out unredeemed codes so they don't linger in memory. module:daily("Clear expired authorization codes", function() + -- The tail should be the least recently touched item, and most likely to + -- have expired already, so check and remove that one until encountering + -- one that has not expired. local k, code = codes:tail(); while code and code_expired(code) do codes:set(k, nil);