prosody-modules
527c747711f3
mod_graceful_shutdown/mod_graceful_shutdown.lua
- Annotate
- comparison
- diff
Software / code / prosody-modules
Annotate
mod_graceful_shutdown/mod_graceful_shutdown.lua @ 5705:527c747711f3
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 29 Oct 2023 11:30:49 +0100 |
| parent | 4893:d4ce29c772ac |
| rev | line source |
|---|---|
|
2170
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- luacheck: ignore 122/prosody 113/prosody |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local timer = require "util.timer"; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local portman = require "core.portmanager"; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local server = require "net.server"; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 module:set_global(); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local orig_shutdown = prosody.shutdown; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local pause = module:get_option_number("shutdown_pause", 1); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 function module.unload() |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 prosody.shutdown = orig_shutdown; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 end |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 prosody.shutdown = coroutine.wrap(function (reason, code) |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 prosody.shutdown_reason = reason; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 prosody.shutdown_code = code; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 timer.add_task(pause, prosody.shutdown); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 coroutine.yield(true, "shutdown initiated"); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 -- Close c2s ports, stop accepting new connections |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 portman.deactivate("c2s"); |
|
4892
8dbaa5e753f3
mod_graceful_shutdown: Deactivate direct TLS c2s along with plain c2s
Kim Alvefur <zash@zash.se>
parents:
2170
diff
changeset
|
23 portman.deactivate("legacy_ssl"); |
|
8dbaa5e753f3
mod_graceful_shutdown: Deactivate direct TLS c2s along with plain c2s
Kim Alvefur <zash@zash.se>
parents:
2170
diff
changeset
|
24 portman.deactivate("c2s_direct_tls"); |
|
8dbaa5e753f3
mod_graceful_shutdown: Deactivate direct TLS c2s along with plain c2s
Kim Alvefur <zash@zash.se>
parents:
2170
diff
changeset
|
25 |
|
4893
d4ce29c772ac
mod_graceful_shutdown: Close multiplex ports
Kim Alvefur <zash@zash.se>
parents:
4892
diff
changeset
|
26 -- Close multiplexing ports to ensure c2s is not reachable via those either |
|
d4ce29c772ac
mod_graceful_shutdown: Close multiplex ports
Kim Alvefur <zash@zash.se>
parents:
4892
diff
changeset
|
27 portman.deactivate("multiplex"); |
|
d4ce29c772ac
mod_graceful_shutdown: Close multiplex ports
Kim Alvefur <zash@zash.se>
parents:
4892
diff
changeset
|
28 portman.deactivate("multiplex_ssl"); |
|
d4ce29c772ac
mod_graceful_shutdown: Close multiplex ports
Kim Alvefur <zash@zash.se>
parents:
4892
diff
changeset
|
29 portman.deactivate("proxy"); -- mod_net_proxy |
|
d4ce29c772ac
mod_graceful_shutdown: Close multiplex ports
Kim Alvefur <zash@zash.se>
parents:
4892
diff
changeset
|
30 |
|
2170
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 -- Close all c2s sessions |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 for _, sess in pairs(prosody.full_sessions) do |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 sess:close{ condition = "system-shutdown", text = reason } |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 end |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 -- Wait for notifications to be sent |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 coroutine.yield(pause); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 -- Event for everything else to shut down |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 prosody.events.fire_event("server-stopping", { |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 reason = reason; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 code = code; |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 }); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 -- And wait |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 coroutine.yield(pause); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 -- And stop main event loop |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 server.setquitting(true); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 -- And wait for death |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 coroutine.yield(pause * 3); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 -- you came back? die zombie! |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 os.exit(1); |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end); |
