Software / code / prosody-modules
Annotate
mod_audit_auth/mod_audit_auth.lua @ 6302:06fbbd45ba75
mod_cloud_notify: Readme: fix links and labels that were removed in the last commit
diff --git a/mod_cloud_notify/README.md b/mod_cloud_notify/README.md
--- a/mod_cloud_notify/README.md
+++ b/mod_cloud_notify/README.md
@@ -1,3 +1,9 @@
+----
+-labels:
+-- 'Stage-Beta'
+-summary: 'XEP-0357: Cloud push notifications'
+----
+
# Introduction
This module enables support for sending "push notifications" to clients
@@ -32,15 +38,15 @@ notification to your device. When your d
it will display it or wake up the app so it can connect to XMPP and
receive any pending messages.
-This protocol is described for developers in \[XEP-0357: Push
-Notifications\].
+This protocol is described for developers in [XEP-0357: Push
+Notifications].
-For this module to work reliably, you must have \[mod_smacks\],
-\[mod_mam\] and \[mod_carbons\] also enabled on your server.
+For this module to work reliably, you must have [mod_smacks],
+[mod_mam] and [mod_carbons] also enabled on your server.
Some clients, notably Siskin and Snikket iOS need some additional
extensions that are not currently defined in a standard XEP. To support
-these clients, see \[mod_cloud_notify_extensions\].
+these clients, see [mod_cloud_notify_extensions].
# Configuration
@@ -58,18 +64,18 @@ these clients, see \[mod_cloud_notify_ex
# Internal design notes
App servers are notified about offline messages, messages stored by
-\[mod_mam\] or messages waiting in the smacks queue. The business rules
+[mod_mam] or messages waiting in the smacks queue. The business rules
outlined
[here](//mail.jabber.org/pipermail/standards/2016-February/030925.html)
are all honored[^2].
-To cooperate with \[mod_smacks\] this module consumes some events:
+To cooperate with [mod_smacks] this module consumes some events:
`smacks-ack-delayed`, `smacks-hibernation-start` and
`smacks-hibernation-end`. These events allow this module to send out
notifications for messages received while the session is hibernated by
-\[mod_smacks\] or even when smacks acknowledgements for messages are
+[mod_smacks] or even when smacks acknowledgements for messages are
delayed by a certain amount of seconds configurable with the
-\[mod_smacks\] setting `smacks_max_ack_delay`.
+[mod_smacks] setting `smacks_max_ack_delay`.
The `smacks_max_ack_delay` setting allows to send out notifications to
clients which aren't already in smacks hibernation state (because the
| author | Menel <menel@snikket.de> |
|---|---|
| date | Fri, 13 Jun 2025 10:44:37 +0200 |
| parent | 5930:cc30c4b5f006 |
| rev | line source |
|---|---|
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
1 local cache = require "util.cache"; |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
2 local jid = require "util.jid"; |
|
5772
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
3 local st = require "util.stanza"; |
|
5735
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4933
diff
changeset
|
4 |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
5 module:depends("audit"); |
|
4933
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4932
diff
changeset
|
6 -- luacheck: read globals module.audit |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
7 |
|
5771
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5735
diff
changeset
|
8 local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true); |
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
9 local cache_size = module:get_option_number("audit_auth_cache_size", 128); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
10 local repeat_failure_timeout = module:get_option_number("audit_auth_repeat_failure_timeout"); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
11 local repeat_success_timeout = module:get_option_number("audit_auth_repeat_success_timeout"); |
|
5771
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5735
diff
changeset
|
12 |
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
13 local failure_cache = cache.new(cache_size); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 module:hook("authentication-failure", function(event) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 local session = event.session; |
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
16 |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
17 local username = session.sasl_handler.username; |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
18 if repeat_failure_timeout then |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
19 local cache_key = ("%s\0%s"):format(username, session.ip); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
20 local last_failure = failure_cache:get(cache_key); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
21 local now = os.time(); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
22 if last_failure and (now - last_failure) > repeat_failure_timeout then |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
23 return; |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
24 end |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
25 failure_cache:set(cache_key, now); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
26 end |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
27 |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
28 module:audit(jid.join(username, module.host), "authentication-failure", { |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
29 session = session; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
30 }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 end) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 |
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
33 local success_cache = cache.new(cache_size); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 module:hook("authentication-success", function(event) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 local session = event.session; |
|
5771
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5735
diff
changeset
|
36 if only_passwords and session.sasl_handler.fast then |
|
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5735
diff
changeset
|
37 return; |
|
dfbced5e54b9
mod_audit_auth: Ignore FAST authentication events by default
Matthew Wild <mwild1@gmail.com>
parents:
5735
diff
changeset
|
38 end |
|
5930
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
39 |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
40 local username = session.sasl_handler.username; |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
41 if repeat_success_timeout then |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
42 local cache_key = ("%s\0%s"):format(username, session.ip); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
43 local last_success = success_cache:get(cache_key); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
44 local now = os.time(); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
45 if last_success and (now - last_success) > repeat_success_timeout then |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
46 return; |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
47 end |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
48 success_cache:set(cache_key, now); |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
49 end |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
50 |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
51 module:audit(jid.join(username, module.host), "authentication-success", { |
|
cc30c4b5f006
mod_audit_auth: Allow suppressing repeated failure/success log entries from the same IP for a time
Matthew Wild <mwild1@gmail.com>
parents:
5803
diff
changeset
|
52 session = session; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
53 }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
54 end) |
|
5772
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
55 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
56 module:hook("client_management/new-client", function (event) |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
57 local session, client = event.session, event.client; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
58 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
59 local client_info = st.stanza("client", { id = client.id }); |
|
5803
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
60 |
|
5772
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
61 if client.user_agent then |
|
5803
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
62 local user_agent = st.stanza("user-agent", { xmlns = "urn:xmpp:sasl:2" }) |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
63 if client.user_agent.software then |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
64 user_agent:text_tag("software", client.user_agent.software, { id = client.user_agent.software_id; version = client.user_agent.software_version }); |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
65 end |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
66 if client.user_agent.device then |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
67 user_agent:text_tag("device", client.user_agent.device); |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
68 end |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
69 if client.user_agent.uri then |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
70 user_agent:text_tag("uri", client.user_agent.uri); |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
71 end |
|
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
72 client_info:add_child(user_agent); |
|
5772
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
73 end |
|
5803
f199bff16f1f
mod_audit_auth: Improve user-agent building (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents:
5772
diff
changeset
|
74 |
|
5772
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
75 if client.legacy then |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
76 client_info:text_tag("legacy"); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
77 end |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
78 |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
79 module:audit(jid.join(session.username, module.host), "new-client", { |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
80 session = session; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
81 custom = { |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
82 }; |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
83 }); |
|
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5771
diff
changeset
|
84 end); |
