prosody-modules
4c0e3fe57e92
mod_limit_auth/mod_limit_auth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_limit_auth/mod_limit_auth.lua @ 6112:4c0e3fe57e92

mod_compliance_latest: Gracefull error logging on missing dependency. diff --git a/mod_compliance_latest/README.md b/mod_compliance_latest/README.md --- a/mod_compliance_latest/README.md +++ b/mod_compliance_latest/README.md @@ -9,13 +9,15 @@ rockspec: # Introduction -This module will always require and load to the lastest compliance tester we have in the community modules. -Currently this is [mod_compliance_2023]. +This meta-module will always `require` (and therefore auto-load) the lastest compliance tester we have in the community modules. +Currently this is [mod_compliance_2023]. See the linked module for further details. + +If you do not use the *Prosody plugin installer* this module will likely have limited value to you. +You can also just install the current compliance tester manually. # Configuration -Just load this module as any other module and it will automatically install [mod_compliance_2023] if you use the Prosody plugin installer. -See the linked module for further details. +Just load this module as any other module and it will automatically install and load [mod_compliance_2023] if you use the *Prosody plugin installer*. # Compatibility diff --git a/mod_compliance_latest/mod_compliance_latest.lua b/mod_compliance_latest/mod_compliance_latest.lua --- a/mod_compliance_latest/mod_compliance_latest.lua +++ b/mod_compliance_latest/mod_compliance_latest.lua @@ -1,1 +1,6 @@ -module:depends("compliance_2023"); +local success, err = pcall(function() module:depends("compliance_2023") end) + +if not success then + module:log("error", "Error, can't load module: mod_compliance_2023. Is this module downloaded in a folder readable by prosody?") + return 1, "Error: Couldn't load dependency mod_compliance_2023." +end
author Menel <menel@snikket.de>
date Mon, 23 Dec 2024 12:58:03 +0100
parent 1941:2a5a44d5b935
line wrap: on
line source

-- mod_limit_auth

local st = require"util.stanza";
local new_throttle = require "util.throttle".create;

local period = math.max(module:get_option_number(module.name.."_period", 30), 0);
local max = math.max(module:get_option_number(module.name.."_max", 5), 1);

local tarpit_delay = module:get_option_number(module.name.."_tarpit_delay", nil);
if tarpit_delay then
	local waiter = require "util.async".waiter;
	local delay = tarpit_delay;
	function tarpit_delay()
		local wait, done = waiter();
		module:add_timer(delay, done);
		wait();
	end
else
	function tarpit_delay() end
end

local throttles = module:shared"throttles";

local reply = st.stanza("failure", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):tag("temporary-auth-failure");

local function get_throttle(ip)
	local throttle = throttles[ip];
	if not throttle then
		throttle = new_throttle(max, period);
		throttles[ip] = throttle;
	end
	return throttle;
end

module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event)
	local origin = event.origin;
	if origin.type ~= "c2s_unauthed" then return end
	if not get_throttle(origin.ip):peek(1) then
		origin.log("warn", "Too many authentication attepmts for ip %s", origin.ip);
		tarpit_delay();
		origin.send(reply);
		return true;
	end
end, 10);

module:hook("authentication-failure", function (event)
	get_throttle(event.session.ip):poll(1);
end);

module:add_timer(14400, function (now)
	local old = now - 86400;
	for ip, throttle in pairs(throttles) do
		if throttle.t < old then
			throttles[ip] = nil;
		end
	end
end);