Annotate

mod_sentry/mod_sentry.lua @ 5193:2bb29ece216b

mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 21:14:19 +0100
parent 4995:cb3de818ff55
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4283
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 module:set_global();
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local sentry_lib = module:require "sentry";
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local hostname;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local have_pposix, pposix = pcall(require, "util.pposix");
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 if have_pposix and pposix.uname then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 hostname = pposix.uname().nodename;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local loggingmanager = require "core.loggingmanager";
4290
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
12 local errors = require "util.error";
4283
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local format = require "util.format".format;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local default_config = assert(module:get_option("sentry"), "Please provide a 'sentry' configuration option");
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 default_config.server_name = default_config.server_name or hostname or "prosody";
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local sentry = assert(sentry_lib.new(default_config));
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 local log_filters = {
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 source = function (filter_source, name)
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 local source = name:match(":(.+)$") or name;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 if filter_source == source then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return true;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 message_pattern = function (pattern, _, _, message)
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 return not not message:match(pattern);
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 end;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 };
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31
4995
cb3de818ff55 mod_sentry: Log warning when server returns unexpected response
Matthew Wild <mwild1@gmail.com>
parents: 4290
diff changeset
32 local serialize = require "util.serialization".serialize;
cb3de818ff55 mod_sentry: Log warning when server returns unexpected response
Matthew Wild <mwild1@gmail.com>
parents: 4290
diff changeset
33
4283
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 local function sentry_error_handler(e)
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 module:log("error", "Failed to submit event to sentry: %s", e);
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 local function sentry_log_sink_maker(sink_config)
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 local filters = sink_config.ignore or {};
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 local n_filters = #filters;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 local submitting;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 return function (name, level, message, ...)
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 -- Ignore any log messages that occur during sentry submission
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 -- to avoid loops
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 if submitting then return; end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 for i = 1, n_filters do
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 local filter = filters[i];
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 local matched;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 for filter_name, filter_value in pairs(filter) do
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 local f = log_filters[filter_name];
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 if f and f(filter_value, name, level, message) then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 matched = true;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 else
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 matched = nil;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 break;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 if matched then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 return;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 if level == "warn" then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 level = "warning";
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66
4290
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
67 local event = sentry:event(level, name):message(format(message, ...));
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
68
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
69 local params = { ... };
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
70 for i = 1, select("#", ...) do
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
71 if errors.is_error(params[i]) then
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
72 event:add_exception(params[i]);
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
73 end
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
74 end
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
75
4283
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 submitting = true;
4290
2c73544e33ea mod_sentry: Automatically attach exceptions for errors used in log parameters
Matthew Wild <mwild1@gmail.com>
parents: 4283
diff changeset
77 event:send():catch(sentry_error_handler);
4283
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 submitting = false;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 end;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 loggingmanager.register_sink_type("sentry", sentry_log_sink_maker);
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 function new(conf) --luacheck: ignore 131/new
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 conf = conf or {};
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 for k, v in pairs(default_config) do
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 if conf[k] == nil then
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 conf[k] = v;
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 end
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 return sentry_lib.new(conf);
2ae71126e379 mod_sentry: New module to forward errors to a Sentry server
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 end