Diff

plugins/mod_tokenauth.lua @ 12980:6ebad8e16b3b

mod_tokenauth: Track last access time (last time a token was used)
author Matthew Wild <mwild1@gmail.com>
date Fri, 24 Mar 2023 12:59:47 +0000
parent 12977:74b9e05af71e
child 12996:e8716515405e
line wrap: on
line diff
--- a/plugins/mod_tokenauth.lua	Thu Mar 23 13:36:52 2023 +0100
+++ b/plugins/mod_tokenauth.lua	Fri Mar 24 12:59:47 2023 +0000
@@ -8,6 +8,8 @@
 
 local token_store = module:open_store("auth_tokens", "map");
 
+local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60);
+
 local function select_role(username, host, role)
 	if role then
 		return prosody.hosts[host].authz.get_role_by_name(role);
@@ -33,12 +35,15 @@
 
 	local token_id = id.short();
 
+	local now = os.time();
+
 	local token_info = {
 		id = token_id;
 
 		owner = actor_jid;
-		created = os.time();
-		expires = token_ttl and (os.time() + token_ttl) or nil;
+		created = now;
+		expires = token_ttl and (now + token_ttl) or nil;
+		accessed = now;
 		jid = token_jid;
 		purpose = token_purpose;
 
@@ -92,7 +97,8 @@
 
 	local token_info = token.token_info;
 
-	if token_info.expires and token_info.expires < os.time() then
+	local now = os.time();
+	if token_info.expires and token_info.expires < now then
 		token_store:set(token_user, token_id, nil);
 		return nil, "not-authorized";
 	end
@@ -104,6 +110,12 @@
 		return nil, "not-authorized";
 	end
 
+	local last_accessed = token_info.accessed;
+	if not last_accessed or (now - last_accessed) > access_time_granularity then
+		token_info.accessed = now;
+		token_store:set(token_user, token_id, token_info);
+	end
+
 	return token_info
 end