Software /
code /
prosody
Comparison
plugins/mod_tokenauth.lua @ 12980:6ebad8e16b3b
mod_tokenauth: Track last access time (last time a token was used)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 24 Mar 2023 12:59:47 +0000 |
parent | 12977:74b9e05af71e |
child | 12996:e8716515405e |
comparison
equal
deleted
inserted
replaced
12979:fbbf4f0db8f0 | 12980:6ebad8e16b3b |
---|---|
5 local random = require "prosody.util.random"; | 5 local random = require "prosody.util.random"; |
6 local usermanager = require "prosody.core.usermanager"; | 6 local usermanager = require "prosody.core.usermanager"; |
7 local generate_identifier = require "prosody.util.id".short; | 7 local generate_identifier = require "prosody.util.id".short; |
8 | 8 |
9 local token_store = module:open_store("auth_tokens", "map"); | 9 local token_store = module:open_store("auth_tokens", "map"); |
10 | |
11 local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60); | |
10 | 12 |
11 local function select_role(username, host, role) | 13 local function select_role(username, host, role) |
12 if role then | 14 if role then |
13 return prosody.hosts[host].authz.get_role_by_name(role); | 15 return prosody.hosts[host].authz.get_role_by_name(role); |
14 end | 16 end |
31 return nil, "bad-request"; | 33 return nil, "bad-request"; |
32 end | 34 end |
33 | 35 |
34 local token_id = id.short(); | 36 local token_id = id.short(); |
35 | 37 |
38 local now = os.time(); | |
39 | |
36 local token_info = { | 40 local token_info = { |
37 id = token_id; | 41 id = token_id; |
38 | 42 |
39 owner = actor_jid; | 43 owner = actor_jid; |
40 created = os.time(); | 44 created = now; |
41 expires = token_ttl and (os.time() + token_ttl) or nil; | 45 expires = token_ttl and (now + token_ttl) or nil; |
46 accessed = now; | |
42 jid = token_jid; | 47 jid = token_jid; |
43 purpose = token_purpose; | 48 purpose = token_purpose; |
44 | 49 |
45 resource = token_resource; | 50 resource = token_resource; |
46 role = token_role; | 51 role = token_role; |
90 return nil, "not-authorized"; | 95 return nil, "not-authorized"; |
91 end | 96 end |
92 | 97 |
93 local token_info = token.token_info; | 98 local token_info = token.token_info; |
94 | 99 |
95 if token_info.expires and token_info.expires < os.time() then | 100 local now = os.time(); |
101 if token_info.expires and token_info.expires < now then | |
96 token_store:set(token_user, token_id, nil); | 102 token_store:set(token_user, token_id, nil); |
97 return nil, "not-authorized"; | 103 return nil, "not-authorized"; |
98 end | 104 end |
99 | 105 |
100 local account_info = usermanager.get_account_info(token_user, module.host); | 106 local account_info = usermanager.get_account_info(token_user, module.host); |
101 local password_updated_at = account_info and account_info.password_updated; | 107 local password_updated_at = account_info and account_info.password_updated; |
102 if password_updated_at and password_updated_at > token_info.created then | 108 if password_updated_at and password_updated_at > token_info.created then |
103 token_store:set(token_user, token_id, nil); | 109 token_store:set(token_user, token_id, nil); |
104 return nil, "not-authorized"; | 110 return nil, "not-authorized"; |
111 end | |
112 | |
113 local last_accessed = token_info.accessed; | |
114 if not last_accessed or (now - last_accessed) > access_time_granularity then | |
115 token_info.accessed = now; | |
116 token_store:set(token_user, token_id, token_info); | |
105 end | 117 end |
106 | 118 |
107 return token_info | 119 return token_info |
108 end | 120 end |
109 | 121 |