Changeset

5287:4834eaf24fc1

mod_sasl2_fast: Add an API that allows modules to check if a client has FAST
author Matthew Wild <mwild1@gmail.com>
date Wed, 29 Mar 2023 16:13:42 +0100
parents 5286:a91adc164566
children 5289:308024be6d6f
files mod_sasl2_fast/mod_sasl2_fast.lua
diffstat 1 files changed, 17 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Wed Mar 29 16:13:00 2023 +0100
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Wed Mar 29 16:13:42 2023 +0100
@@ -228,3 +228,20 @@
 register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique");
 register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-server-end-point");
 register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter");
+
+-- Public API
+
+--luacheck: ignore 131
+function is_client_fast(username, client_id, last_password_change)
+	local client_id_hash = hash.sha256(client_id, true);
+	local curr_time = now();
+	local cur = token_store:get(username, client_id_hash.."-cur");
+	if cur and cur.expires_at >= curr_time and (not last_password_change or last_password_change < cur.issued_at) then
+		return true;
+	end
+	local new = token_store:get(username, client_id_hash.."-new");
+	if new and new.expires_at >= curr_time and (not last_password_change or last_password_change < new.issued_at) then
+		return true;
+	end
+	return false;
+end