prosody
efefdf71373b
plugins/mod_external_services.lua
Software / code / prosody
Comparison
plugins/mod_external_services.lua @ 11038:efefdf71373b
mod_external_services: Prepare to allow more credential algorithms
Not sure what algorithms might fit here. Separation makes some sense.
This is also a preparation for having a callback. (See next commit)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 25 Jul 2020 12:09:19 +0200 |
| parent | 11037:936ee55e1ae3 |
| child | 11039:ec6919401790 |
comparison
equal
deleted
inserted
replaced
| 11037:936ee55e1ae3 | 11038:efefdf71373b |
|---|---|
| 11 local default_ttl = module:get_option_number("external_service_ttl", 86400); | 11 local default_ttl = module:get_option_number("external_service_ttl", 86400); |
| 12 | 12 |
| 13 local configured_services = module:get_option_array("external_services", {}); | 13 local configured_services = module:get_option_array("external_services", {}); |
| 14 | 14 |
| 15 local access = module:get_option_set("external_service_access", {}); | 15 local access = module:get_option_set("external_service_access", {}); |
| 16 | |
| 17 -- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 | |
| 18 local function behave_turn_rest_credentials(srv, item, secret) | |
| 19 local ttl = default_ttl; | |
| 20 if type(item.ttl) == "number" then | |
| 21 ttl = item.ttl; | |
| 22 end | |
| 23 local expires = srv.expires or os.time() + ttl; | |
| 24 local username; | |
| 25 if type(item.username) == "string" then | |
| 26 username = string.format("%d:%s", expires, item.username); | |
| 27 else | |
| 28 username = string.format("%d", expires); | |
| 29 end | |
| 30 srv.username = username; | |
| 31 srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); | |
| 32 end | |
| 33 | |
| 34 local algorithms = { | |
| 35 turn = behave_turn_rest_credentials; | |
| 36 } | |
| 16 | 37 |
| 17 -- filter config into well-defined service records | 38 -- filter config into well-defined service records |
| 18 local function prepare(item) | 39 local function prepare(item) |
| 19 if type(item) ~= "table" then | 40 if type(item) ~= "table" then |
| 20 module:log("error", "Service definition is not a table: %q", item); | 41 module:log("error", "Service definition is not a table: %q", item); |
| 61 srv.expires = item.expires; | 82 srv.expires = item.expires; |
| 62 elseif type(item.ttl) == "number" then | 83 elseif type(item.ttl) == "number" then |
| 63 srv.expires = os.time() + item.ttl; | 84 srv.expires = os.time() + item.ttl; |
| 64 end | 85 end |
| 65 if (item.secret == true and default_secret) or type(item.secret) == "string" then | 86 if (item.secret == true and default_secret) or type(item.secret) == "string" then |
| 66 local ttl = default_ttl; | 87 local secret_cb = algorithms[item.algorithm] or algorithms[srv.type]; |
| 67 if type(item.ttl) == "number" then | |
| 68 ttl = item.ttl; | |
| 69 end | |
| 70 local expires = os.time() + ttl; | |
| 71 local secret = item.secret; | 88 local secret = item.secret; |
| 72 if secret == true then | 89 if secret == true then |
| 73 secret = default_secret; | 90 secret = default_secret; |
| 74 end | 91 end |
| 75 local username; | 92 if secret_cb then |
| 76 if type(item.username) == "string" then | 93 secret_cb(srv, item, secret); |
| 77 username = string.format("%d:%s", expires, item.username); | 94 srv.restricted = true; |
| 78 else | |
| 79 username = string.format("%d", expires); | |
| 80 end | 95 end |
| 81 srv.username = username; | |
| 82 srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); | |
| 83 srv.restricted = true; | |
| 84 end | 96 end |
| 85 return srv; | 97 return srv; |
| 86 end | 98 end |
| 87 | 99 |
| 88 function module.load() | 100 function module.load() |
