Annotate

mod_statsd/mod_statsd.lua @ 5623:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parent 2875:c3a039972b74
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
1 -- Log common stats to statsd
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
2 --
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
3 -- Copyright (C) 2014 Daurnimator
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
4 --
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
5 -- This module is MIT/X11 licensed.
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
6
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
7 local socket = require "socket"
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
8 local iterators = require "util.iterators"
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
9 local jid = require "util.jid"
2425
26c68a5f432f mod_statsd: Import bare_sessions from the prosody global, using it as a global directly is deprecated
Kim Alvefur <zash@zash.se>
parents: 1451
diff changeset
10 local bare_sessions = prosody.bare_sessions;
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
11
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
12 local options = module:get_option("statsd") or {}
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
13
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
14 -- Create UDP socket to statsd server
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
15 local sock = socket.udp()
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
16 sock:setpeername(options.hostname or "127.0.0.1", options.port or 8125)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
17
2875
c3a039972b74 mod_statsd: Fix typo in comment [codespell]
Kim Alvefur <zash@zash.se>
parents: 2425
diff changeset
18 -- Metrics are namespaced by ".", and separated by newline
1447
e96ac4291b36 mod_statsd: Clean off colons (:)
daurnimator <quae@daurnimator.com>
parents: 1443
diff changeset
19 function clean(s) return (s:gsub("[%.:\n]", "_")) end
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
20
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
21 -- A 'safer' send function to expose
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
22 function send(s) return sock:send(s) end
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
23
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
24 -- prefix should end in "."
1448
d722a4defea7 mod_statsd: Optionally include host in prefix
daurnimator <quae@daurnimator.com>
parents: 1447
diff changeset
25 local prefix = (options.prefix or "prosody") .. "."
d722a4defea7 mod_statsd: Optionally include host in prefix
daurnimator <quae@daurnimator.com>
parents: 1447
diff changeset
26 if not options.no_host then
d722a4defea7 mod_statsd: Optionally include host in prefix
daurnimator <quae@daurnimator.com>
parents: 1447
diff changeset
27 prefix = prefix .. clean(module.host) .. "."
d722a4defea7 mod_statsd: Optionally include host in prefix
daurnimator <quae@daurnimator.com>
parents: 1447
diff changeset
28 end
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
29
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
30 -- Track users as they bind/unbind
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
31 -- count bare sessions every time, as we have no way to tell if it's a new bare session or not
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
32 module:hook("resource-bind", function(event)
1451
d31ace5b1175 mod_statsd: Add missing `pairs` call
daurnimator <quae@daurnimator.com>
parents: 1449
diff changeset
33 send(prefix.."bare_sessions:"..iterators.count(pairs(bare_sessions)).."|g")
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
34 send(prefix.."full_sessions:+1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
35 end, 1)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
36 module:hook("resource-unbind", function(event)
1451
d31ace5b1175 mod_statsd: Add missing `pairs` call
daurnimator <quae@daurnimator.com>
parents: 1449
diff changeset
37 send(prefix.."bare_sessions:"..iterators.count(pairs(bare_sessions)).."|g")
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
38 send(prefix.."full_sessions:-1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
39 end, 1)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
40
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
41 -- Track MUC occupants as they join/leave
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
42 module:hook("muc-occupant-joined", function(event)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
43 send(prefix.."n_occupants:+1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
44 local room_node = jid.split(event.room.jid)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
45 send(prefix..clean(room_node)..".occupants:+1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
46 end)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
47 module:hook("muc-occupant-left", function(event)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
48 send(prefix.."n_occupants:-1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
49 local room_node = jid.split(event.room.jid)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
50 send(prefix..clean(room_node)..".occupants:-1|g")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
51 end)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
52
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
53 -- Misc other MUC
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
54 module:hook("muc-broadcast-message", function(event)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
55 send(prefix.."broadcast-message:1|c")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
56 local room_node = jid.split(event.room.jid)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
57 send(prefix..clean(room_node)..".broadcast-message:1|c")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
58 end)
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
59 module:hook("muc-invite", function(event)
1449
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
60 -- Total count
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
61 send(prefix.."invite:1|c")
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
62 local room_node = jid.split(event.room.jid)
1449
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
63 -- Counts per room
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
64 send(prefix..clean(room_node)..".invite:1|c")
1449
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
65 -- Counts per recipient
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
66 send(prefix..clean(event.stanza.attr.to)..".invited:1|c")
1443
faf1a5d89cd7 mod_statsd: First commit
daurnimator <quae@daurnimator.com>
parents:
diff changeset
67 end)
1449
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
68 module:hook("muc-decline", function(event)
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
69 -- Total count
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
70 send(prefix.."decline:1|c")
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
71 local room_node = jid.split(event.room.jid)
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
72 -- Counts per room
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
73 send(prefix..clean(room_node)..".decline:1|c")
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
74 -- Counts per sender
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
75 send(prefix..clean(event.incoming.attr.from)..".declined:1|c")
365f6db9531a mod_statsd: Better accounting for invites, add declines
daurnimator <quae@daurnimator.com>
parents: 1448
diff changeset
76 end)