Software / code / prosody
Annotate
plugins/mod_watchregistrations.lua @ 13289:38c95544b7ee
mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 26 Oct 2023 15:14:39 +0100 |
| parent | 13202:173038306750 |
| rev | line source |
|---|---|
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1654
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1654
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5014
diff
changeset
|
4 -- |
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
6 -- COPYING file in the source package for more information. |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
7 -- |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1251
diff
changeset
|
8 |
|
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
|
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local host = module:get_host(); |
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
8812
diff
changeset
|
11 local jid_prep = require "prosody.util.jid".prep; |
|
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
|
4909
01bfb9a76660
mod_watchregistrations: Convert JID list to a set, and prep before use to fix traceback on invalid JIDs (thanks sMi)
Matthew Wild <mwild1@gmail.com>
parents:
4453
diff
changeset
|
13 local registration_watchers = module:get_option_set("registration_watchers", module:get_option("admins", {})) / jid_prep; |
|
7860
49ff363f3a3d
mod_watchregistrations: add a "registration_from" option
mathieui
parents:
7268
diff
changeset
|
14 local registration_from = module:get_option_string("registration_from", host); |
|
7268
29861845e0e0
mod_watchregistrations: Use type-specific config API for 'registration_notification'
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
15 local registration_notification = module:get_option_string("registration_notification", "User $username just registered on $host from $ip"); |
|
13202
173038306750
plugins: Use get_option_enum where appropriate
Kim Alvefur <zash@zash.se>
parents:
12977
diff
changeset
|
16 local msg_type = module:get_option_enum("registration_notification_type", "chat", "normal", "headline"); |
|
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
8812
diff
changeset
|
18 local st = require "prosody.util.stanza"; |
|
1201
9d5c1b2cf89c
mod_watchregistrations: New plugin to send a message to admins when a new user registers
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
20 module:hook("user-registered", function (user) |
|
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
21 module:log("debug", "Notifying of new registration"); |
|
8812
3d7fceaff230
mod_watchregistrations: Allow making the message type configurable
Kim Alvefur <zash@zash.se>
parents:
8154
diff
changeset
|
22 local message = st.message{ type = msg_type, from = registration_from } |
|
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
23 :tag("body") |
|
4453
7dc743378e1e
mod_watchregistrations: Fixed an undefined global access (thanks Medics).
Waqas Hussain <waqas20@gmail.com>
parents:
4391
diff
changeset
|
24 :text(registration_notification:gsub("%$(%w+)", function (v) |
|
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
25 return user[v] or user.session and user.session[v] or nil; |
|
8152
8e26672df704
mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
5014
diff
changeset
|
26 end)) |
|
8e26672df704
mod_watchregistrations: Return the pointer to the root of the stanza, fixes #922.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
5014
diff
changeset
|
27 :up(); |
|
4909
01bfb9a76660
mod_watchregistrations: Convert JID list to a set, and prep before use to fix traceback on invalid JIDs (thanks sMi)
Matthew Wild <mwild1@gmail.com>
parents:
4453
diff
changeset
|
28 for jid in registration_watchers do |
|
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
29 module:log("debug", "Notifying %s", jid); |
|
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
30 message.attr.to = jid; |
|
5014
b2006c1cfa85
mod_announce, mod_motd, mod_pubsub, mod_register, mod_watchregistrations, mod_welcome: Use module:send() instead of core_*_stanza()
Kim Alvefur <zash@zash.se>
parents:
4909
diff
changeset
|
31 module:send(message); |
|
4391
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
32 end |
|
71083327f608
mod_watchregistrations: Update to pass default options to module:get_option(), and reformat the code a little
Matthew Wild <mwild1@gmail.com>
parents:
3540
diff
changeset
|
33 end); |
