Software /
code /
prosody-modules
File
mod_register_dnsbl/mod_register_dnsbl.lua @ 5519:83ebfc367169
mod_http_oauth2: Return Authentication Time per OpenID Core Section 2
Mandatory To Implement, either MUST include or OPTIONAL depending on
things we don't look at, so might as well include it all the time.
Since we do not persist authentication state with cookies or such, the
authentication time will always be some point between the user being
sent to the authorization endpoint and the time they are sent back to
the client application.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 05 Jun 2023 22:32:44 +0200 |
parent | 4118:82482e7e92cb |
line wrap: on
line source
local adns = require "net.adns"; local async = require "util.async"; local inet_pton = require "util.net".pton; local to_hex = require "util.hex".to; local rbl = module:get_option_string("registration_rbl"); local function reverse(ip, suffix) local n, err = inet_pton(ip); if not n then return n, err end if #n == 4 then local a,b,c,d = n:byte(1,4); return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); elseif #n == 16 then return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; end end module:hook("user-registering", function (event) local session, ip = event.session, event.ip; local log = (session and session.log) or module._log; if not ip then log("debug", "Unable to check DNSBL when IP is unknown"); return; end local rbl_ip, err = reverse(ip, rbl); if not rbl_ip then log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); return; end local wait, done = async.waiter(); adns.lookup(function (reply) if reply and reply[1] and reply[1].a then log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); event.allowed = false; event.reason = "Blocked by DNSBL"; end done(); end, rbl_ip); wait(); end);