Comparison

mod_audit/mod_audit.lua @ 5251:f3123cbbd894

mod_audit: Allow disabling IP logging, or limiting it to a prefix
author Matthew Wild <mwild1@gmail.com>
date Tue, 14 Mar 2023 18:59:39 +0000
parent 5250:d9577083c5f5
child 5298:12f7d8b901e0
comparison
equal deleted inserted replaced
5250:d9577083c5f5 5251:f3123cbbd894
1 module:set_global(); 1 module:set_global();
2 2
3 local audit_log_limit = module:get_option_number("audit_log_limit", 10000); 3 local audit_log_limit = module:get_option_number("audit_log_limit", 10000);
4 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w"); 4 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w");
5 5
6 local attach_ips = module:get_option_boolean("audit_log_ips", true);
7 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil);
8 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil);
9
6 local time_now = os.time; 10 local time_now = os.time;
11 local ip = require "util.ip";
7 local st = require "util.stanza"; 12 local st = require "util.stanza";
8 local moduleapi = require "core.moduleapi"; 13 local moduleapi = require "core.moduleapi";
9 14
10 local host_wide_user = "@"; 15 local host_wide_user = "@";
11 16
21 return store; 26 return store;
22 end 27 end
23 28
24 setmetatable(stores, { __index = get_store }); 29 setmetatable(stores, { __index = get_store });
25 30
31 local function get_ip_network(ip_addr)
32 local _ip = ip.new_ip(ip_addr);
33 local proto = _ip.proto;
34 local network;
35 if proto == "IPv4" and attach_ipv4_prefix then
36 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix;
37 elseif proto == "IPv6" and attach_ipv6_prefix then
38 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix;
39 end
40 return network;
41 end
26 42
27 local function session_extra(session) 43 local function session_extra(session)
28 local attr = { 44 local attr = {
29 xmlns = "xmpp:prosody.im/audit", 45 xmlns = "xmpp:prosody.im/audit",
30 }; 46 };
33 end 49 end
34 if session.type then 50 if session.type then
35 attr.type = session.type; 51 attr.type = session.type;
36 end 52 end
37 local stanza = st.stanza("session", attr); 53 local stanza = st.stanza("session", attr);
38 if session.ip then 54 if attach_ips and session.ip then
39 stanza:text_tag("remote-ip", session.ip); 55 local remote_ip, network = session.ip;
56 if attach_ipv4_prefix or attach_ipv6_prefix then
57 network = get_ip_network(remote_ip);
58 end
59 stanza:text_tag("remote-ip", network or remote_ip);
40 end 60 end
41 if session.client_id then 61 if session.client_id then
42 stanza:text_tag("client", session.client_id); 62 stanza:text_tag("client", session.client_id);
43 end 63 end
44 return stanza 64 return stanza