prosody-modules
1c62edeb9147
mod_checkcerts/mod_checkcerts.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_checkcerts/mod_checkcerts.lua @ 6305:1c62edeb9147

mod_pastebin: Update Readme diff --git a/mod_pastebin/README.md b/mod_pastebin/README.md --- a/mod_pastebin/README.md +++ b/mod_pastebin/README.md @@ -37,12 +37,14 @@ For example: Pastes will be available by default at `http://<your-prosody>:5280/pastebin/` by default. -In Prosody 0.9 and later this can be changed with [HTTP -settings](https://prosody.im/doc/http). +Ports and path can be changed with [HTTP +settings](https://prosody.im/doc/http), for example like: -In 0.8 and older this can be changed with `pastebin_ports` (see below), -or you can forward another external URL from your web server to Prosody, -use `pastebin_url` to set that URL. +``` {.lua} + http_paths = { + pastebin = "/$host-paste"; + } +``` # Discovery @@ -82,27 +84,16 @@ The line and character tresholds are adv pastebin_line_threshold The maximum number of lines a message may have before it is sent to the pastebin. (default 4 lines) pastebin_trigger A string of characters (e.g. "!paste ") which if detected at the start of a message, always sends the message to the pastebin, regardless of length. (default: not set) pastebin_expire_after Number of hours after which to expire (remove) a paste, defaults to 24. Set to 0 to store pastes permanently on disk. - pastebin_ports List of ports to run the HTTP server on, same format as mod_httpserver's http_ports[^1] - pastebin_url Base URL to display for pastebin links, must end with / and redirect to Prosody's built-in HTTP server[^2] # Compatibility - ------ ------- - trunk Works + ------ --------------------- + trunk Works as of 25-06-13 + 13 Works 0.12 Works - 0.11 Works - 0.10 Works - 0.9 Works - 0.8 Works - ------ ------- + ------ --------------------- # Todo - Maximum paste length - Web interface to submit pastes? - -[^1]: As of Prosody 0.9, `pastebin_ports` is replaced by `http_ports`, - see [Prosody HTTP server documentation](https://prosody.im/doc/http) - -[^2]: See also - [http_external_url](https://prosody.im/doc/http#external_url)
author Menel <menel@snikket.de>
date Fri, 13 Jun 2025 11:39:58 +0200
parent 4607:c8ccaac78f64
line wrap: on
line source

local config = require "core.configmanager";
local ssl = require"ssl";
local datetime_parse = require"util.datetime".parse;
local load_cert = ssl.loadcertificate;
local st = require"util.stanza"

-- These are in days.
local nag_time = module:get_option_number("checkcerts_notify", 7) * 86400;

if not load_cert then
	module:log("error", "This version of LuaSec (%s) does not support certificate checking", ssl._VERSION);
	return
end

local pat = "^([JFMAONSD][ceupao][glptbvyncr])  ?(%d%d?) (%d%d):(%d%d):(%d%d) (%d%d%d%d) GMT$";
local months = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12};
local function parse_x509_datetime(s)
	local month, day, hour, min, sec, year = s:match(pat); month = months[month];
	return datetime_parse(("%04d-%02d-%02dT%02d:%02d:%02dZ"):format(year, month, day, hour, min, sec));
end

local timeunits = {"minute",60,"hour",3600,"day",86400,"week",604800,"month",2629746,"year",31556952,};
local function humantime(timediff)
	local ret = {};
	for i=#timeunits,2,-2 do
		if timeunits[i] < timediff then
			local n = math.floor(timediff / timeunits[i]);
			if n > 0 and #ret < 2 then
				ret[#ret+1] = ("%d %s%s"):format(n, timeunits[i-1], n ~= 1 and "s" or "");
				timediff = timediff - n*timeunits[i];
			end
		end
	end
	return table.concat(ret, " and ")
end

local function check_certs_validity()
	local now = os.time();

	-- First, let's find out what certificate this host uses.
	local ssl_config = config.rawget(module.host, "ssl");
	if not ssl_config or not ssl_config.certificate then
		ssl_config = config.get(module.host:match("%.(.*)"), "ssl");
	end
	if not ssl_config or not ssl_config.certificate then
		ssl_config = config.get("*", "ssl");
	end
	if not ssl_config or not ssl_config.certificate then
		module:log("warn", "Could not find a certificate to check");
		return;
	end

	local certfile = ssl_config.certificate;
	local fh, ferr = io.open(certfile); -- Load the file.
	if not fh then
		module:log("warn", "Could not open certificate %s", ferr);
		return;
	end
	local cert, lerr = load_cert(fh:read("*a")); -- And parse
	fh:close();
	if not cert then
		module:log("warn", "Could not parse certificate %s: %s", certfile, lerr or "");
		return;
	end

	local expires_at = parse_x509_datetime(cert:notafter());
	local expires_in = os.difftime(expires_at, now);
	local fmt =  "Certificate %s expires in %s"
	local nag_admin = expires_in < nag_time;
	local log_warn = expires_in < nag_time * 2;
	local timediff = expires_in;
	if expires_in < 0 then
		fmt =  "Certificate %s expired %s ago";
		timediff = -timediff;
	end
	timediff = humantime(timediff);
	module:log(log_warn and "warn" or "info", fmt, certfile, timediff);
	if nag_admin then
		local body = fmt:format("for host ".. module.host, timediff);
		for admin in module:get_option_inherited_set("admins", {}) do
			module:send(st.message({ from = module.host, to = admin, type = "chat" }, body));
		end
	end
	return math.max(86400, expires_in / 3);
end

module:add_timer(1, check_certs_validity);