prosody
f5295e59ca78
plugins/mod_register_limits.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_register_limits.lua @ 11807:f5295e59ca78

mod_register_limits: Reword some options Remember to remove the compatibility things in some future version
author Kim Alvefur <zash@zash.se>
date Sun, 19 Sep 2021 15:52:07 +0200
parent 10768:55a9e9bf6abb
child 12977:74b9e05af71e
comparison
equal deleted inserted replaced
11806:6f7d6712e250 11807:f5295e59ca78
13 local new_ip = ip_util.new_ip; 13 local new_ip = ip_util.new_ip;
14 local match_ip = ip_util.match; 14 local match_ip = ip_util.match;
15 local parse_cidr = ip_util.parse_cidr; 15 local parse_cidr = ip_util.parse_cidr;
16 local errors = require "util.error"; 16 local errors = require "util.error";
17 17
18 -- COMPAT drop old option names
18 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); 19 local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations");
19 local whitelist_only = module:get_option_boolean("whitelist_registration_only"); 20 local allowlist_only = module:get_option_boolean("allowlist_registration_only", module:get_option_boolean("whitelist_registration_only"));
20 local whitelisted_ips = module:get_option_set("registration_whitelist", { "127.0.0.1", "::1" })._items; 21 local allowlisted_ips = module:get_option_set("registration_allowlist", module:get_option("registration_whitelist", { "127.0.0.1", "::1" }))._items;
21 local blacklisted_ips = module:get_option_set("registration_blacklist", {})._items; 22 local blocklisted_ips = module:get_option_set("registration_blocklist", module:get_option_set("registration_blacklist", {}))._items;
22 23
23 local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1); 24 local throttle_max = module:get_option_number("registration_throttle_max", min_seconds_between_registrations and 1);
24 local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations); 25 local throttle_period = module:get_option_number("registration_throttle_period", min_seconds_between_registrations);
25 local throttle_cache_size = module:get_option_number("registration_throttle_cache_size", 100); 26 local throttle_cache_size = module:get_option_number("registration_throttle_cache_size", 100);
26 local blacklist_overflow = module:get_option_boolean("blacklist_on_registration_throttle_overload", false); 27 local blocklist_overflow = module:get_option_boolean("blocklist_on_registration_throttle_overload",
28 module:get_option_boolean("blacklist_on_registration_throttle_overload", false));
27 29
28 local throttle_cache = new_cache(throttle_cache_size, blacklist_overflow and function (ip, throttle) 30 local throttle_cache = new_cache(throttle_cache_size, blocklist_overflow and function (ip, throttle)
29 if not throttle:peek() then 31 if not throttle:peek() then
30 module:log("info", "Adding ip %s to registration blacklist", ip); 32 module:log("info", "Adding ip %s to registration blocklist", ip);
31 blacklisted_ips[ip] = true; 33 blocklisted_ips[ip] = true;
32 end 34 end
33 end or nil); 35 end or nil);
34 36
35 local function check_throttle(ip) 37 local function check_throttle(ip)
36 if not throttle_max then return true end 38 if not throttle_max then return true end
54 end 56 end
55 return false; 57 return false;
56 end 58 end
57 59
58 local err_registry = { 60 local err_registry = {
59 blacklisted = { 61 blocklisted = {
60 text = "Your IP address is blacklisted"; 62 text = "Your IP address is blocklisted";
61 type = "auth"; 63 type = "auth";
62 condition = "forbidden"; 64 condition = "forbidden";
63 }; 65 };
64 not_whitelisted = { 66 not_allowlisted = {
65 text = "Your IP address is not whitelisted"; 67 text = "Your IP address is not allowlisted";
66 type = "auth"; 68 type = "auth";
67 condition = "forbidden"; 69 condition = "forbidden";
68 }; 70 };
69 throttled = { 71 throttled = {
70 text = "Too many registrations from this IP address recently"; 72 text = "Too many registrations from this IP address recently";
76 module:hook("user-registering", function (event) 78 module:hook("user-registering", function (event)
77 local session = event.session; 79 local session = event.session;
78 local ip = event.ip or session and session.ip; 80 local ip = event.ip or session and session.ip;
79 local log = session and session.log or module._log; 81 local log = session and session.log or module._log;
80 if not ip then 82 if not ip then
81 log("warn", "IP not known; can't apply blacklist/whitelist"); 83 log("warn", "IP not known; can't apply blocklist/allowlist");
82 elseif ip_in_set(blacklisted_ips, ip) then 84 elseif ip_in_set(blocklisted_ips, ip) then
83 log("debug", "Registration disallowed by blacklist"); 85 log("debug", "Registration disallowed by blocklist");
84 event.allowed = false; 86 event.allowed = false;
85 event.error = errors.new("blacklisted", event, err_registry); 87 event.error = errors.new("blocklisted", event, err_registry);
86 elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then 88 elseif (allowlist_only and not ip_in_set(allowlisted_ips, ip)) then
87 log("debug", "Registration disallowed by whitelist"); 89 log("debug", "Registration disallowed by allowlist");
88 event.allowed = false; 90 event.allowed = false;
89 event.error = errors.new("not_whitelisted", event, err_registry); 91 event.error = errors.new("not_allowlisted", event, err_registry);
90 elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then 92 elseif throttle_max and not ip_in_set(allowlisted_ips, ip) then
91 if not check_throttle(ip) then 93 if not check_throttle(ip) then
92 log("debug", "Registrations over limit for ip %s", ip or "?"); 94 log("debug", "Registrations over limit for ip %s", ip or "?");
93 event.allowed = false; 95 event.allowed = false;
94 event.error = errors.new("throttled", event, err_registry); 96 event.error = errors.new("throttled", event, err_registry);
95 end 97 end