prosody
db2a06b9ff98
plugins/mod_register_limits.lua
Software / code / prosody
Comparison
plugins/mod_register_limits.lua @ 10411:db2a06b9ff98
Merge 0.11->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 16 Nov 2019 16:52:31 +0100 |
| parent | 10364:66943afdd7f3 |
| child | 10765:294923f45e25 |
comparison
equal
deleted
inserted
replaced
| 10410:659b577f280c | 10411:db2a06b9ff98 |
|---|---|
| 11 local new_cache = require "util.cache".new; | 11 local new_cache = require "util.cache".new; |
| 12 local ip_util = require "util.ip"; | 12 local ip_util = require "util.ip"; |
| 13 local new_ip = ip_util.new_ip; | 13 local new_ip = ip_util.new_ip; |
| 14 local match_ip = ip_util.match; | 14 local match_ip = ip_util.match; |
| 15 local parse_cidr = ip_util.parse_cidr; | 15 local parse_cidr = ip_util.parse_cidr; |
| 16 local errors = require "util.error"; | |
| 16 | 17 |
| 17 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); | 18 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); |
| 18 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); | 19 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); |
| 19 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items; | 20 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items; |
| 20 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; | 21 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; |
| 52 end | 53 end |
| 53 end | 54 end |
| 54 return false; | 55 return false; |
| 55 end | 56 end |
| 56 | 57 |
| 58 local err_registry = { | |
| 59 blacklisted = { | |
| 60 text = "Your IP address is blacklisted"; | |
| 61 type = "auth"; | |
| 62 condition = "forbidden"; | |
| 63 }; | |
| 64 not_whitelisted = { | |
| 65 text = "Your IP address is not whitelisted"; | |
| 66 type = "auth"; | |
| 67 condition = "forbidden"; | |
| 68 }; | |
| 69 throttled = { | |
| 70 reason = "Too many registrations from this IP address recently"; | |
| 71 type = "wait"; | |
| 72 condition = "policy-violation"; | |
| 73 }; | |
| 74 } | |
| 75 | |
| 57 module:hook("user-registering", function (event) | 76 module:hook("user-registering", function (event) |
| 58 local session = event.session; | 77 local session = event.session; |
| 59 local ip = event.ip or session and session.ip; | 78 local ip = event.ip or session and session.ip; |
| 60 local log = session and session.log or module._log; | 79 local log = session and session.log or module._log; |
| 61 if not ip then | 80 if not ip then |
| 62 log("warn", "IP not known; can't apply blacklist/whitelist"); | 81 log("warn", "IP not known; can't apply blacklist/whitelist"); |
| 63 elseif ip_in_set(blacklisted_ips, ip) then | 82 elseif ip_in_set(blacklisted_ips, ip) then |
| 64 log("debug", "Registration disallowed by blacklist"); | 83 log("debug", "Registration disallowed by blacklist"); |
| 65 event.allowed = false; | 84 event.allowed = false; |
| 66 event.reason = "Your IP address is blacklisted"; | 85 event.error = errors.new("blacklisted", err_registry, event); |
| 67 elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then | 86 elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then |
| 68 log("debug", "Registration disallowed by whitelist"); | 87 log("debug", "Registration disallowed by whitelist"); |
| 69 event.allowed = false; | 88 event.allowed = false; |
| 70 event.reason = "Your IP address is not whitelisted"; | 89 event.error = errors.new("not_whitelisted", err_registry, event); |
| 71 elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then | 90 elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then |
| 72 if not check_throttle(ip) then | 91 if not check_throttle(ip) then |
| 73 log("debug", "Registrations over limit for ip %s", ip or "?"); | 92 log("debug", "Registrations over limit for ip %s", ip or "?"); |
| 74 event.allowed = false; | 93 event.allowed = false; |
| 75 event.reason = "Too many registrations from this IP address recently"; | 94 event.error = errors.new("throttle", err_registry, event); |
| 76 end | 95 end |
| 77 end | 96 end |
| 97 if event.error then | |
| 98 -- COMPAT pre-util.error | |
| 99 event.reason = event.error.text; | |
| 100 event.error_type = event.error.type; | |
| 101 event.error_condition = event.error.condition; | |
| 102 end | |
| 78 end); | 103 end); |
