Software / code / prosody-modules
Annotate
mod_http_health/mod_http_health.lua @ 5738:8488ebde5739
mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted
This follows the intent behind the OpenID Connect 'prompt' parameter
when it does not include the 'consent' keyword, that is the client
wishes to skip the consent screen. If the user has already granted the
exact same scopes to the exact same client in the past, then one can
assume that they may grant it again.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 14 Nov 2023 23:03:37 +0100 |
| parent | 5712:09233b625cb9 |
| rev | line source |
|---|---|
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 module:set_global(); |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
5712
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
3 local ip = require "util.ip"; |
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local modulemanager = require "core.modulemanager"; |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
5712
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
7 local permitted_ips = module:get_option_set("http_health_allow_ips", { "::1", "127.0.0.1" }); |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
8 local permitted_cidr = module:get_option_string("http_health_allow_cidr"); |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
9 |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
10 local function is_permitted(request) |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
11 local ip_raw = request.ip; |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
12 if permitted_ips:contains(ip_raw) or |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
13 (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
14 return true; |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
15 end |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
16 return false; |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
17 end |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
18 |
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 module:provides("http", { |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 route = { |
|
5712
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
21 GET = function(event) |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
22 local request = event.request; |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
23 if not is_permitted(request) then |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
24 return 403; -- Forbidden |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
25 end |
|
09233b625cb9
mod_http_health: Copypaste IP access control code
Kim Alvefur <zash@zash.se>
parents:
5690
diff
changeset
|
26 |
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 for host in pairs(prosody.hosts) do |
|
5690
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
28 local mods = modulemanager.get_modules(host); |
|
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
29 for _, mod in pairs(mods) do |
|
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
30 if mod.module.status_type == "error" then |
|
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
31 return { status_code = 500; headers = { content_type = "text/plain" }; body = "HAS ERRORS\n" }; |
|
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
32 end |
|
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
33 end |
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 end |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
|
5690
9bcd257dea4e
mod_http_health: Provide a health check HTTP endpoint
Kim Alvefur <zash@zash.se>
parents:
5161
diff
changeset
|
36 return { status_code = 200; headers = { content_type = "text/plain" }; body = "OK\n" }; |
|
5161
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end; |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 }; |
|
6af2d74daa15
mod_http_status: Report module statuses
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 }); |
