Software /
code /
prosody-modules
Annotate
mod_http_logging/mod_http_logging.lua @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 03 Mar 2023 21:14:19 +0100 |
parent | 2971:c89be016a075 |
rev | line source |
---|---|
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_http_logging |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Copyright (C) 2015 Kim Alvefur |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
1883 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
7 -- | |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- Produces HTTP logs in the style of Apache |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 -- |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 -- TODO |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 -- * Configurable format? |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 module:set_global(); |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local server = require "net.http.server"; |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
2966
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
17 local function get_content_len(response, body) |
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
18 local len = response.headers.content_length; |
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
19 if len then return len; end |
2971
c89be016a075
mod_http_logging: Fix typo [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2969
diff
changeset
|
20 if not body then body = response.body; end |
2966
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
21 if body then return #tostring(body); end |
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
22 end |
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
23 |
2965
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
24 local function log_response(response, body) |
2966
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
25 local len = tostring(get_content_len(response, body) or "-"); |
2965
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
26 local request = response.request; |
2968
569b98d6fca1
mod_http_logging: Be robust against missing connection object
Kim Alvefur <zash@zash.se>
parents:
2967
diff
changeset
|
27 local ip = request.ip; |
569b98d6fca1
mod_http_logging: Be robust against missing connection object
Kim Alvefur <zash@zash.se>
parents:
2967
diff
changeset
|
28 if not ip and request.conn then |
569b98d6fca1
mod_http_logging: Be robust against missing connection object
Kim Alvefur <zash@zash.se>
parents:
2967
diff
changeset
|
29 ip = request.conn:ip(); |
569b98d6fca1
mod_http_logging: Be robust against missing connection object
Kim Alvefur <zash@zash.se>
parents:
2967
diff
changeset
|
30 end |
2965
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
31 local req = string.format("%s %s HTTP/%s", request.method, request.path, request.httpversion); |
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
32 local date = os.date("%d/%m/%Y:%H:%M:%S %z"); |
2966
678be8ea4d38
mod_http_logging: Factor out body length calculation
Kim Alvefur <zash@zash.se>
parents:
2965
diff
changeset
|
33 module:log("info", "%s - - [%s] \"%s\" %d %s", ip, date, req, response.status_code, len); |
2965
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
34 end |
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
35 |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 local send_response = server.send_response; |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 local function log_and_send_response(response, body) |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 if not response.finished then |
2965
557c976735e1
mod_http_logging: Factor out logging into a function for future reuse
Kim Alvefur <zash@zash.se>
parents:
2163
diff
changeset
|
39 log_response(response, body); |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 end |
2163
88fec2b2bd58
mod_http_logging: Fix endless loop on 0.9.x (Thanks Mint)
Kim Alvefur <zash@zash.se>
parents:
1883
diff
changeset
|
41 return send_response(response, body); |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 end |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
2969
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
44 local send_file = server.send_file; |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
45 local function log_and_send_file(response, f) |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
46 if not response.finished then |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
47 log_response(response); |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
48 end |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
49 return send_file(response, f); |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
50 end |
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
51 |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 if module.wrap_object_event then |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 -- Use object event wrapping, allows clean unloading of the module |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 if event_data.response then |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 event_data.response.send = log_and_send_response; |
2969
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
57 event_data.response.send_file = log_and_send_file; |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 end |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 return handlers(event_name, event_data); |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 end); |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 else |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 -- Fall back to monkeypatching, unlikely to behave nicely in the |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 -- presence of other modules also doing this |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 server.send_response = log_and_send_response; |
2969
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
65 server.send_file = log_and_send_file; |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 function module.unload() |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 server.send_response = send_response; |
2969
8681729a47d5
mod_http_logging: Wrap API for sending data from file handles
Kim Alvefur <zash@zash.se>
parents:
2968
diff
changeset
|
68 server.send_file = send_file; |
1882
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
99863a6a7b8c
mod_http_logging: Produce HTTP logs in the style of Apache
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 end |