prosody-modules
59d5fc50f602
mod_map/mod_map.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_map/mod_map.lua @ 5623:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parent 3652:d0c2f001735f
line wrap: on
line source


local st = require "util.stanza";
local jid_bare = require "util.jid".bare;
local rsm = require "util.rsm";
local dataform = require "util.dataforms".new;
local datetime = require "util.datetime".datetime;

local archive = module:open_store("archive", "archive");

local query_form = dataform {
	{ name = "with"; type = "jid-single"; };
	{ name = "start"; type = "text-single" };
	{ name = "end"; type = "text-single"; };
};

if not archive.summary then
	module:log("error", "The archive:summary() API is not supported by %s", archive._provided_by);
	return
end

module:hook("iq-get/self/xmpp:prosody.im/mod_map:summary", function(event)
	local origin, stanza = event.origin, event.stanza;

	local query = stanza.tags[1];

	-- Search query parameters
	local qwith, qstart, qend;
	local form = query:get_child("x", "jabber:x:data");
	if form then
		local err;
		form, err = query_form:data(form);
		if err then
			origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));
			return true;
		end
		qwith, qstart, qend = form["with"], form["start"], form["end"];
		qwith = qwith and jid_bare(qwith); -- dataforms does jidprep
	end

	local qset = rsm.get(query);
	local qmax = qset and qset.max;
	local before, after = qset and qset.before, qset and qset.after;
	if type(before) ~= "string" then before = nil; end

	local summary = archive:summary(origin.username, {
		start = qstart; ["end"] = qend; -- Time range
		with = qwith;
		limit = qmax;
		before = before; after = after;
	});
	if not summary then
		module:send(st.error_reply(stanza, "wait", "internal-server-error"));
		return true;
	end

	local reply = st.reply(stanza);
	reply:tag("summary", { xmlns = "xmpp:prosody.im/mod_map" });
	for jid, count in pairs(summary.counts) do
		reply:tag("item", { jid = jid });
		if type(count) == "number" then
			reply:text_tag("count", ("%d"):format(count));
		end
		if summary.earliest and summary.earliest[jid] then
			reply:text_tag("start", datetime(summary.earliest[jid]));
		end
		if summary.latest and summary.latest[jid] then
			reply:text_tag("end", datetime(summary.latest[jid]));
		end
		if summary.body and summary.body[jid] then
			reply:text_tag("body", summary.body[jid]);
		end
		reply:up();
	end

	module:send(reply);
	return true;
end);