prosody
e901a0709005
plugins/mod_register.lua
Software / code / prosody
Comparison
plugins/mod_register.lua @ 690:e901a0709005
Added rate limiting to in-band registration, and added IP [black/white]lists
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 11 Jan 2009 07:09:25 +0000 |
| parent | 665:09e0e9c722a3 |
| child | 691:406b070b5d3e |
comparison
equal
deleted
inserted
replaced
| 689:94b043fbaf33 | 690:e901a0709005 |
|---|---|
| 21 | 21 |
| 22 local st = require "util.stanza"; | 22 local st = require "util.stanza"; |
| 23 local usermanager_user_exists = require "core.usermanager".user_exists; | 23 local usermanager_user_exists = require "core.usermanager".user_exists; |
| 24 local usermanager_create_user = require "core.usermanager".create_user; | 24 local usermanager_create_user = require "core.usermanager".create_user; |
| 25 local datamanager_store = require "util.datamanager".store; | 25 local datamanager_store = require "util.datamanager".store; |
| 26 local os_time = os.time; | |
| 26 | 27 |
| 27 module:add_feature("jabber:iq:register"); | 28 module:add_feature("jabber:iq:register"); |
| 28 | 29 |
| 29 module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) | 30 module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) |
| 30 if stanza.tags[1].name == "query" then | 31 if stanza.tags[1].name == "query" then |
| 91 else | 92 else |
| 92 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); | 93 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
| 93 end; | 94 end; |
| 94 end); | 95 end); |
| 95 | 96 |
| 97 local recent_ips = {}; | |
| 98 local min_seconds_between_registrations = config.get(module.host, "core", "min_seconds_between_registrations"); | |
| 99 local whitelisted_ips = config.get(module.host, "core", "registration_whitelist") or { "127.0.0.1" }; | |
| 100 local blacklisted_ips = config.get(module.host, "core", "registration_blacklist") or {}; | |
| 101 | |
| 102 for _, ip in ipairs(whitelisted_ips) do whitelisted_ips[ip] = true; end | |
| 103 for _, ip in ipairs(blacklisted_ips) do blacklisted_ips[ip] = true; end | |
| 104 | |
| 96 module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, stanza) | 105 module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, stanza) |
| 97 if config.get(module.host, "core", "allow_registration") == false then | 106 if config.get(module.host, "core", "allow_registration") == false then |
| 98 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); | 107 session.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
| 99 elseif stanza.tags[1].name == "query" then | 108 elseif stanza.tags[1].name == "query" then |
| 100 local query = stanza.tags[1]; | 109 local query = stanza.tags[1]; |
| 110 session.send(st.error_reply(stanza, "auth", "registration-required")); | 119 session.send(st.error_reply(stanza, "auth", "registration-required")); |
| 111 else | 120 else |
| 112 local username = query:child_with_name("username"); | 121 local username = query:child_with_name("username"); |
| 113 local password = query:child_with_name("password"); | 122 local password = query:child_with_name("password"); |
| 114 if username and password then | 123 if username and password then |
| 124 -- Check that the user is not blacklisted or registering too often | |
| 125 if blacklisted_ips[session.ip] then | |
| 126 session.send(st.error_reply(stanza, "cancel", "not-acceptable")); | |
| 127 return; | |
| 128 elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then | |
| 129 if not recent_ips[session.ip] then | |
| 130 recent_ips[session.ip] = { time = os_time(), count = 1 }; | |
| 131 else | |
| 132 | |
| 133 local ip = recent_ips[session.ip]; | |
| 134 ip.count = ip.count + 1; | |
| 135 | |
| 136 if os_time() - ip.time < min_seconds_between_registrations then | |
| 137 ip.time = os_time(); | |
| 138 session.send(st.error_reply(stanza, "cancel", "not-acceptable")); | |
| 139 return; | |
| 140 end | |
| 141 ip.time = os_time(); | |
| 142 end | |
| 143 end | |
| 115 -- FIXME shouldn't use table.concat | 144 -- FIXME shouldn't use table.concat |
| 116 username = table.concat(username); | 145 username = table.concat(username); |
| 117 password = table.concat(password); | 146 password = table.concat(password); |
| 118 if usermanager_user_exists(username, session.host) then | 147 if usermanager_user_exists(username, session.host) then |
| 119 session.send(st.error_reply(stanza, "cancel", "conflict")); | 148 session.send(st.error_reply(stanza, "cancel", "conflict")); |
