prosody-modules
94805a7e7b30
mod_limit_auth/mod_limit_auth.lua
Software / code / prosody-modules
File
mod_limit_auth/mod_limit_auth.lua @ 4421:94805a7e7b30
mod_invites: rework CLI parsing to support groups
To make this sensible, the code had to move from rather simple
parsing to something which looks more like getopt or your typical
shell script.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sun, 31 Jan 2021 19:16:36 +0100 |
| parent | 1941:2a5a44d5b935 |
line wrap: on
line source
-- mod_limit_auth local st = require"util.stanza"; local new_throttle = require "util.throttle".create; local period = math.max(module:get_option_number(module.name.."_period", 30), 0); local max = math.max(module:get_option_number(module.name.."_max", 5), 1); local tarpit_delay = module:get_option_number(module.name.."_tarpit_delay", nil); if tarpit_delay then local waiter = require "util.async".waiter; local delay = tarpit_delay; function tarpit_delay() local wait, done = waiter(); module:add_timer(delay, done); wait(); end else function tarpit_delay() end end local throttles = module:shared"throttles"; local reply = st.stanza("failure", { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):tag("temporary-auth-failure"); local function get_throttle(ip) local throttle = throttles[ip]; if not throttle then throttle = new_throttle(max, period); throttles[ip] = throttle; end return throttle; end module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function (event) local origin = event.origin; if origin.type ~= "c2s_unauthed" then return end if not get_throttle(origin.ip):peek(1) then origin.log("warn", "Too many authentication attepmts for ip %s", origin.ip); tarpit_delay(); origin.send(reply); return true; end end, 10); module:hook("authentication-failure", function (event) get_throttle(event.session.ip):poll(1); end); module:add_timer(14400, function (now) local old = now - 86400; for ip, throttle in pairs(throttles) do if throttle.t < old then throttles[ip] = nil; end end end);
