prosody
236e8d1ee96c
plugins/mod_register.lua
Software / code / prosody
Comparison
plugins/mod_register.lua @ 7025:236e8d1ee96c
mod_register: Switch to using util.throttle for limiting registrations per ip per time
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 23 Dec 2015 08:57:12 +0100 |
| parent | 7018:5c3d4254d415 |
| child | 7026:f0dc5cc11d0e |
comparison
equal
deleted
inserted
replaced
| 7024:8ce592e376ff | 7025:236e8d1ee96c |
|---|---|
| 11 local dataform_new = require "util.dataforms".new; | 11 local dataform_new = require "util.dataforms".new; |
| 12 local usermanager_user_exists = require "core.usermanager".user_exists; | 12 local usermanager_user_exists = require "core.usermanager".user_exists; |
| 13 local usermanager_create_user = require "core.usermanager".create_user; | 13 local usermanager_create_user = require "core.usermanager".create_user; |
| 14 local usermanager_set_password = require "core.usermanager".set_password; | 14 local usermanager_set_password = require "core.usermanager".set_password; |
| 15 local usermanager_delete_user = require "core.usermanager".delete_user; | 15 local usermanager_delete_user = require "core.usermanager".delete_user; |
| 16 local os_time = os.time; | |
| 17 local nodeprep = require "util.encodings".stringprep.nodeprep; | 16 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 18 local jid_bare = require "util.jid".bare; | 17 local jid_bare = require "util.jid".bare; |
| 18 local create_throttle = require "util.throttle".create; | |
| 19 | 19 |
| 20 local compat = module:get_option_boolean("registration_compat", true); | 20 local compat = module:get_option_boolean("registration_compat", true); |
| 21 local allow_registration = module:get_option_boolean("allow_registration", false); | 21 local allow_registration = module:get_option_boolean("allow_registration", false); |
| 22 local additional_fields = module:get_option("additional_registration_fields", {}); | 22 local additional_fields = module:get_option("additional_registration_fields", {}); |
| 23 | 23 |
| 174 local recent_ips = {}; | 174 local recent_ips = {}; |
| 175 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); | 175 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); |
| 176 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); | 176 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); |
| 177 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1" })._items; | 177 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1" })._items; |
| 178 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; | 178 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; |
| 179 | |
| 180 local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1); | |
| 181 local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations); | |
| 182 | |
| 183 local function check_throttle(ip) | |
| 184 if not throttle_max then return true end | |
| 185 local throttle = recent_ips[ip]; | |
| 186 if not throttle then | |
| 187 throttle = create_throttle(throttle_max, throttle_period); | |
| 188 recent_ips[ip] = throttle; | |
| 189 end | |
| 190 return throttle:poll(1); | |
| 191 end | |
| 179 | 192 |
| 180 module:hook("stanza/iq/jabber:iq:register:query", function(event) | 193 module:hook("stanza/iq/jabber:iq:register:query", function(event) |
| 181 local session, stanza = event.origin, event.stanza; | 194 local session, stanza = event.origin, event.stanza; |
| 182 local log = session.log or module._log; | 195 local log = session.log or module._log; |
| 183 | 196 |
| 202 log("debug", "User's IP not known; can't apply blacklist/whitelist"); | 215 log("debug", "User's IP not known; can't apply blacklist/whitelist"); |
| 203 elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then | 216 elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then |
| 204 session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); | 217 session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); |
| 205 return true; | 218 return true; |
| 206 elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then | 219 elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then |
| 207 if not recent_ips[session.ip] then | 220 if check_throttle(session.ip) then |
| 208 recent_ips[session.ip] = { time = os_time(), count = 1 }; | 221 session.send(st.error_reply(stanza, "wait", "not-acceptable")); |
| 209 else | 222 return true; |
| 210 local ip = recent_ips[session.ip]; | |
| 211 ip.count = ip.count + 1; | |
| 212 | |
| 213 if os_time() - ip.time < min_seconds_between_registrations then | |
| 214 ip.time = os_time(); | |
| 215 session.send(st.error_reply(stanza, "wait", "not-acceptable")); | |
| 216 return true; | |
| 217 end | |
| 218 ip.time = os_time(); | |
| 219 end | 223 end |
| 220 end | 224 end |
| 221 local username, password = nodeprep(data.username), data.password; | 225 local username, password = nodeprep(data.username), data.password; |
| 222 data.username, data.password = nil, nil; | 226 data.username, data.password = nil, nil; |
| 223 local host = module.host; | 227 local host = module.host; |
