prosody-modules
17d9533f7596
mod_http_connect/mod_http_connect.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_http_connect/mod_http_connect.lua @ 6326:17d9533f7596

mod_http_oauth2: Reject invalid attempt to register client without credentials The implicit flow works without a client_secret since the token is delivered directly, but all other currently supported grant types require client to authenticate using credentials, so it makes no sense to not issue credentials then.
author Kim Alvefur <zash@zash.se>
date Thu, 03 Jul 2025 15:45:00 +0200
parent 6314:706867e05809
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
1 -- This feature was added after Prosody 13.0
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
2 --% requires: net-connect-filter
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
4 local hashes = require "prosody.util.hashes";
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local server = require "prosody.net.server";
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local connect = require"prosody.net.connect".connect;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local basic = require "prosody.net.resolvers.basic";
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
8 local new_ip = require "prosody.util.ip".new_ip;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
9
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
10 local b64_decode = require "prosody.util.encodings".base64.decode;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
11
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
12 local proxy_secret = module:get_option_string("http_proxy_secret", require "prosody.util.id".long());
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
13
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
14 local allow_private_ips = module:get_option_boolean("http_proxy_to_private_ips", false);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
15 local allow_all_ports = module:get_option_boolean("http_proxy_to_all_ports", false);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
16
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
17 local allowed_target_ports = module:get_option_set("http_proxy_to_ports", { "443", "5281", "5443", "7443" }) / tonumber;
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local sessions = {};
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local listeners = {};
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 function listeners.onconnect(conn)
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local event = sessions[conn];
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local response = event.response;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 response.status_code = 200;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 response:send("");
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 response.conn:onwritable();
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 response.conn:setlistener(listeners, event);
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 server.link(conn, response.conn);
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 server.link(response.conn, conn);
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 response.conn = nil;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 end
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 function listeners.onattach(conn, event)
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 sessions[conn] = event;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 function listeners.onfail(event, err)
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 local response = event.response;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 if assert(response) then
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 response.status_code = 500;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 response:send(err);
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 end
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
47 function listeners.ondisconnect(conn, err) --luacheck: ignore 212/conn 212/err
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
48 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
49
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
50 local function is_permitted_target(conn_type, ip, port)
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
51 if not (allow_all_ports or allowed_target_ports:contains(tonumber(port))) then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
52 module:log("warn", "Forbidding tunnel to %s:%d (forbidden port)", ip, port);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
53 return false;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
54 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
55 if not allow_private_ips then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
56 local family = (conn_type:byte(-1, -1) == 54) and "IPv6" or "IPv4";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
57 local parsed_ip = new_ip(ip, family);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
58 if parsed_ip.private then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
59 module:log("warn", "Forbidding tunnel to %s:%d (forbidden ip)", ip, port);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
60 return false;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
61 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
62 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
63 return true;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
64 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
65
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
66 local function verify_auth(user, password)
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
67 local expiry = tonumber(user, 10);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
68 if os.time() > expiry then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
69 module:log("warn", "Attempt to use expired credentials");
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
70 return nil;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
71 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
72 local expected_password = hashes.hmac_sha1(proxy_secret, user);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
73 if hashes.equals(b64_decode(password), expected_password) then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
74 return true;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
75 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
76 module:log("warn", "Credential mismatch for %s: expected '%q' got '%q'", user, expected_password, password);
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 end
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 module:depends("http");
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 module:provides("http", {
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 default_path = "/";
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 route = {
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 ["CONNECT /*"] = function(event)
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
84 local request, response = event.request, event.response;
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 local host, port = request.url.scheme, request.url.path;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 if port == "" then return 400 end
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
87
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
88 -- Auth check
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
89 local realm = host;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
90 local headers = request.headers;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
91 if not headers.proxy_authorization then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
92 response.headers.proxy_authenticate = ("Basic realm=%q"):format(realm);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
93 return 407
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
94 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
95 local user, password = b64_decode(headers.proxy_authorization:match"[^ ]*$"):match"([^:]*):(.*)";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
96 if not verify_auth(user, password) then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
97 response.headers.proxy_authenticate = ("Basic realm=%q"):format(realm);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
98 return 407
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
99 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
100
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
101 local resolve = basic.new(host, port, "tcp", {
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
102 filter = is_permitted_target;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
103 });
6313
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 connect(resolve, listeners, nil, event)
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 return true;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 end;
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 }
5bd4cbe2bfee mod_http_connect: HTTP CONNECT proxy
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 });
6314
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
109
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
110 local http_url = module:http_url();
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
111 local parsed_url = require "socket.url".parse(http_url);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
112
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
113 local proxy_host = parsed_url.host;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
114 local proxy_port = tonumber(parsed_url.port);
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
115
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
116 if not proxy_port then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
117 if parsed_url.scheme == "https" then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
118 proxy_port = 443;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
119 elseif parsed_url.scheme == "http" then
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
120 proxy_port = 80;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
121 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
122 end
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
123
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
124 module:depends "external_services";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
125
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
126 module:add_item("external_service", {
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
127 type = "http";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
128 transport = "tcp";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
129 host = proxy_host;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
130 port = proxy_port;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
131
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
132 secret = proxy_secret;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
133 algorithm = "turn";
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
134 ttl = 3600;
706867e05809 mod_http_connect: Add authentication, target filtering and advertisement via XEP-0215
Matthew Wild <mwild1@gmail.com>
parents: 6313
diff changeset
135 });