prosody-modules
527c747711f3
mod_log_slow_events/mod_log_slow_events.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_log_slow_events/mod_log_slow_events.lua @ 5705:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parent 2850:3ba8fd1a297e
line wrap: on
line source

module:set_global();

local time = require "socket".gettime;
local base64_decode = require "util.encodings".base64.decode;

local max_seconds = module:get_option_number("log_slow_events_threshold", 0.5);

local measure_slow_event = module:measure("slow_events", "rate");

function event_wrapper(handlers, event_name, event_data)
	local start = time();
	local ret = handlers(event_name, event_data);
	local duration = time()-start;
	if duration > max_seconds then
		local data = {};
		if event_data then
			local function log_data(name, value)
				if value then
					table.insert(data, ("%s=%q"):format(name, value));
					return true;
				end
			end
			local sess = event_data.origin or event_data.session;
			if sess then
				log_data("ip", sess.ip);
				if not log_data("full_jid", sess.full_jid) then
					log_data("username", sess.username);
				end
				log_data("type", sess.type);
				log_data("host", sess.host);
			end
			local stanza = event_data.stanza;
			if stanza then
				log_data("stanza", tostring(stanza));
			else
				local request = event_data.request;
				if request then
					log_data("http_method", request.method);
					log_data("http_path", request.path);
					local auth = request.headers.authorization;
					if auth then
						local creds = auth:match("^Basic +(.+)$");
						if creds then
							local user = string.match(base64_decode(creds) or "", "^([^:]+):");
							log_data("http_user", user);
						end
					end
				end
			end
		end
		measure_slow_event();
		module:log("warn", "Slow event '%s' took %0.2fs: %s", event_name, duration, next(data) and table.concat(data, ", ") or "no recognised data");
	end
	return ret;
end

local http_events = require "net.http.server"._events;
module:wrap_object_event(http_events, false, event_wrapper);

module:wrap_event(false, event_wrapper);
function module.add_host(module)
	module:wrap_event(false, event_wrapper);
end