prosody-modules
d3ebaef1ea7a
mod_register_dnsbl/mod_register_dnsbl.lua
Software / code / prosody-modules
File
mod_register_dnsbl/mod_register_dnsbl.lua @ 5264:d3ebaef1ea7a
mod_http_oauth2: Correctly verify OAuth client credentials on revocation
Makes no sense to validate against username and password here, or using
a token to revoke another token, or itself?
In fact, upon further discussion, why do you need credentials to revoke
a token? If you are not supposed to have the token, revoking it seems
the most responsible thing to do with it, so it should be allowed, while
if you are supposed to have it, you should be allowed to revoke it.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 21 Mar 2023 21:57:18 +0100 |
| parent | 4118:82482e7e92cb |
line wrap: on
line source
local adns = require "net.adns"; local async = require "util.async"; local inet_pton = require "util.net".pton; local to_hex = require "util.hex".to; local rbl = module:get_option_string("registration_rbl"); local function reverse(ip, suffix) local n, err = inet_pton(ip); if not n then return n, err end if #n == 4 then local a,b,c,d = n:byte(1,4); return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); elseif #n == 16 then return to_hex(n):reverse():gsub("%x", "%1.") .. suffix; end end module:hook("user-registering", function (event) local session, ip = event.session, event.ip; local log = (session and session.log) or module._log; if not ip then log("debug", "Unable to check DNSBL when IP is unknown"); return; end local rbl_ip, err = reverse(ip, rbl); if not rbl_ip then log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); return; end local wait, done = async.waiter(); adns.lookup(function (reply) if reply and reply[1] and reply[1].a then log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); event.allowed = false; event.reason = "Blocked by DNSBL"; end done(); end, rbl_ip); wait(); end);
